商城项目七、用户模块开发
1.功能介绍
1.1登录功能
1.2用户名验证
1.3注册
1.4忘记密码
1.5提交问题答案
1.6重置密码
1.7获取用户信息
1.8更新用户信息
1.9退出登录
2.学习目标
2.1横向越权、纵向越权安全漏洞
横向越权:攻击者尝试访问与他拥有相同权限的用户的资源
纵向越权:低级别攻击者尝试访问高级别用户的资源
2.2MD5明文加密级增加salt值
2.3Guava缓存的使用
2.4高复用服务响应对象的设计思想及抽象封装
2.5Mybatis-plugin使用技巧
点击左侧箭头
2.6Session的使用
2.7方法局部演进
3.接口设计
3.1前台用户接口设计
3.1.1登录
/user/login.do post(代码需要post方式请求),开放get,方便调试
request
username,password
response
fail
{
"status": 1,
"msg": "密码错误"
}
success
{
"status": 0,
"data": {
"id": 12,
"username": "aaa",
"email": "aaa@163.com",
"phone": null,
"role": 0,
"createTime": 1479048325000,
"updateTime": 1479048325000
}
}
3.1.2注册 /user/register.do
request
username,password,email,phone,question,answer
response
success
{
"status": 0,
"msg": "校验成功"
}
fail
{
"status": 1,
"msg": "用户已存在"
}
3.1.3检查用户名是否有效 /user/check_valid.do
/check_valid.do?str=admin&type=username就是检查用户名。
request
str,type
str可以是用户名也可以是email。对应的type是username和email
response
success
{
"status": 0,
"msg": "校验成功"
}
fail
{
"status": 1,
"msg": "用户已存在"
}
3.1.4获取登录用户信息 /user/get_user_info.do
request
无参数
response
success
{
"status": 0,
"data": {
"id": 12,
"username": "aaa",
"email": "aaa@163.com",
"phone": null,
"role": 0,
"createTime": 1479048325000,
"updateTime": 1479048325000
}
}
fail
{
"status": 1,
"msg": "用户未登录,无法获取当前用户信息"
}
3.1.5忘记密码 /user/forget_get_question.do
localhost:8080/user/forget_get_question.do?username=geely
request
username
response
success
{
"status": 0,
"data": "这里是问题"
}
fail
{
"status": 1,
"msg": "该用户未设置找回密码问题"
}
3.1.6提交问题答案 /user/forget_check_answer.do
localhost:8080/user/forget_check_answer.do?username=aaa&question=aa&answer=sss
request
username,question,answer
response
正确的返回值里面有一个token,修改密码的时候需要用这个。传递给下一个接口
success
{
"status": 0,
"data": "531ef4b4-9663-4e6d-9a20-fb56367446a5"
}
fail
{
"status": 1,
"msg": "问题答案错误"
}
3.1.7忘记密码的重设密码 /user/forget_reset_password.do
localhost:8080/user/forget_reset_password.do?username=aaa&passwordNew=xxx&forgetToken=531ef4b4-9663-4e6d-9a20-fb56367446a5
request
username,passwordNew,forgetToken
response
success
{
"status": 0,
"msg": "修改密码成功"
}
fail
{
"status": 1,
"msg": "修改密码操作失效"
}
或
{
"status": 1,
"msg": "token已经失效"
}
3.1.8登录中状态重置密码 /user/reset_password.do
request
passwordOld,passwordNew
response
success
{
"status": 0,
"msg": "修改密码成功"
}
fail
{
"status": 1,
"msg": "旧密码输入错误"
}
3.1.9登录状态更新个人信息 /user/update_information.do
request
email,phone,question,answer
response
success
{
"status": 0,
"msg": "更新个人信息成功"
}
fail
{
"status": 1,
"msg": "用户未登录"
}
3.1.10获取当前登录用户的详细信息,并强制登录 /user/get_information.do
request
无参数
response
success
{
"status": 0,
"data": {
"id": 1,
"username": "admin",
"password": "",
"email": "admin@163.com",
"phone": "13800138000",
"question": "question",
"answer": "answer",
"role": 1,
"createTime": 1478422605000,
"updateTime": 1491305256000
}
}
fail
{
"status": 10,
"msg": "用户未登录,无法获取当前用户信息,status=10,强制登录"
}
3.1.11退出登录 /user/logout.do
request
无
response
success
{
"status": 0,
"msg": "退出成功"
}
fail
{
"status": 1,
"msg": "服务端异常"
}
3.1.12模板 /user/.do
request
k
response
success
k
fail
k
3.2后台用户接口设计
3.2.1后台管理员登录 /manage/user/login.do
request
String username,
String password
response
success
{
"status": 0,
"data": {
"id": 12,
"username": "aaa",
"email": "aaa@163.com",
"phone": null,
"role": 0,
"createTime": 1479048325000,
"updateTime": 1479048325000
}
}
fail
{
"status": 1,
"msg": "密码错误"
}
3.2.2模板 /REPLACE/.do
request
k
response
success
k
fail
k
3.2.3模板 /REPLACE/.do
request
k
response
success
k
fail
k
浙公网安备 33010602011771号