微信小程序登录状态java后台解密

dologin:function(callback = () =>{}){

let that = this ;

wx.login({

  success:function(loginres){

   if (loginres){

    //获取用户信息

    wx.getuserinfo({

     withcredentials: true , //非必填 默认为true

     success:function(infores){

      console.log(infores, '>>>' );

      //请求服务端的登录接口

      wx.request({

       url: api.loginurl,

       data:{

        code:loginres.code, //临时登录凭证

        rawdata:infores.rawdata, //用户非敏感信息

        signature:infores.signature, //签名

        encryptedata:infores.encrypteddata, //用户敏感信息

        iv:infores.iv //解密算法的向量

       },

       success:function(res){

        console.log( 'login success' );

        res = res.data;

        if (res.result== 0 ){

         that.globaldata.userinfo = res.userinfo;

         wx.setstoragesync( 'userinfo' ,json.stringify(res.userinfo));

         wx.setstoragesync( 'loginflag' ,res.skey);

         console.log( "skey=" +res.skey);

         callback();

        } else {

         that.showinfo( 'res.errmsg' );

        }

       },

       fail:function(error){

        //调用服务端登录接口失败

        // that.showinfo('调用接口失败');

        console.log(error);

       }

      });

     }

    });

   } else {

   }

  }

});

}

code:loginres.code, //临时登录凭证

rawdata:infores.rawdata, //用户非敏感信息

signature:infores.signature, //签名

encryptedata:infores.encrypteddata, //用户敏感信息

iv:infores.iv //解密算法的向量

@responsebody

@requestmapping ( "/login" )

public map<string,object> dologin(model model,

                  @requestparam (value = "code" ,required = false ) string code,

                  @requestparam (value = "rawdata" ,required = false ) string rawdata,

                  @requestparam (value = "signature" ,required = false ) string signature,

                  @requestparam (value = "encryptedata" ,required = false ) string encryptedata,

                  @requestparam (value = "iv" ,required = false ) string iv){

   log.info( "start get sessionkey" );

   map<string,object> map = new hashmap<string, object>( );

   system.out.println( "用户非敏感信息" +rawdata);

   jsonobject rawdatajson = json.parseobject( rawdata );

   system.out.println( "签名" +signature);

   jsonobject sessionkeyopenid = getsessionkeyoropenid( code );

   system.out.println( "post请求获取的sessionandopenid=" +sessionkeyopenid);

   string openid = sessionkeyopenid.getstring( "openid" );

   string sessionkey = sessionkeyopenid.getstring( "session_key" );

   system.out.println( "openid=" +openid+ ",session_key=" +sessionkey);

   user user = userservice.findbyopenid( openid );

   //uuid生成唯一key

   string skey = uuid.randomuuid().tostring();

   if (user== null ){

     //入库

     string nickname = rawdatajson.getstring( "nickname" );

     string avatarurl = rawdatajson.getstring( "avatarurl" );

     string gender = rawdatajson.getstring( "gender" );

     string city = rawdatajson.getstring( "city" );

     string country = rawdatajson.getstring( "country" );

     string province = rawdatajson.getstring( "province" );

     user = new user();

     user.setuid( openid );

     user.setcreatetime( new date( ) );

     user.setsessionkey( sessionkey );

     user.setubalance( 0 );

     user.setskey( skey );

     user.setuaddress( country+ " " +province+ " " +city );

     user.setuavatar( avatarurl );

     user.setugender( integer.parseint( gender ) );

     user.setuname( nickname );

     user.setupdatetime( new date( ) );

     userservice.insert( user );

   } else {

     //已存在

     log.info( "用户openid已存在,不需要插入" );

   }

   //根据openid查询skey是否存在

   string skey_redis = (string) redistemplate.opsforvalue().get( openid );

   if (stringutils.isnotblank( skey_redis )){

     //存在 删除 skey 重新生成skey 将skey返回

     redistemplate.delete( skey_redis );

   }

     // 缓存一份新的

     jsonobject sessionobj = new jsonobject( );

     sessionobj.put( "openid" ,openid );

     sessionobj.put( "sessionkey" ,sessionkey );

     redistemplate.opsforvalue().set( skey,sessionobj.tojsonstring() );

     redistemplate.opsforvalue().set( openid,skey );

     //把新的sessionkey和oppenid返回给小程序

     map.put( "skey" ,skey );

   map.put( "result" , "0" );

   jsonobject userinfo = getuserinfo( encryptedata, sessionkey, iv );

   system.out.println( "根据解密算法获取的userinfo=" +userinfo);

   userinfo.put( "balance" ,user.getubalance() );

   map.put( "userinfo" ,userinfo );

   return map;

}

public static jsonobject getsessionkeyoropenid(string code){

   //微信端登录code

   string wxcode = code;

   string requesturl = "https://api.weixin.qq测试数据/sns/jscode2session" ;

   map<string,string> requesturlparam = new hashmap<string, string>( );

   requesturlparam.put( "appid" , "你的小程序appid" ); //小程序appid

   requesturlparam.put( "secret" , "你的小程序appsecret" );

   requesturlparam.put( "js_code" ,wxcode ); //小程序端返回的code

   requesturlparam.put( "grant_type" , "authorization_code" ); //默认参数

   //发送post请求读取调用微信接口获取openid用户唯一标识

   jsonobject jsonobject = json.parseobject( urlutil.sendpost( requesturl,requesturlparam ));

   return jsonobject;

}

public static jsonobject getuserinfo(string encrypteddata,string sessionkey,string iv){

   // 被加密的数据

   byte [] databyte = base64.decode(encrypteddata);

   // 加密秘钥

   byte [] keybyte = base64.decode(sessionkey);

   // 偏移量

   byte [] ivbyte = base64.decode(iv);

   try {

     // 如果密钥不足16位，那么就补足. 这个if 中的内容很重要

     int base = 16 ;

     if (keybyte.length % base != 0 ) {

       int groups = keybyte.length / base + (keybyte.length % base != 0 ? 1 : 0 );

       byte [] temp = new byte [groups * base];

       arrays.fill(temp, ( byte ) 0 );

       system.arraycopy(keybyte, 0 , temp, 0 , keybyte.length);

       keybyte = temp;

     }

     // 初始化

     security.addprovider( new bouncycastleprovider());

     cipher cipher = cipher.getinstance( "aes/cbc/pkcs7padding" , "bc" );

     secretkeyspec spec = new secretkeyspec(keybyte, "aes" );

     algorithmparameters parameters = algorithmparameters.getinstance( "aes" );

     parameters.init( new ivparameterspec(ivbyte));

     cipher.init( cipher.decrypt_mode, spec, parameters); // 初始化

     byte [] resultbyte = cipher.dofinal(databyte);

     if ( null != resultbyte && resultbyte.length > 0 ) {

       string result = new string(resultbyte, "utf-8" );

       return json.parseobject(result);

     }

   } catch (nosuchalgorithmexception e) {

     log.error(e.getmessage(), e);

   } catch (nosuchpaddingexception e) {

     log.error(e.getmessage(), e);

   } catch (invalidparameterspecexception e) {

     log.error(e.getmessage(), e);

   } catch (illegalblocksizeexception e) {

     log.error(e.getmessage(), e);

   } catch (badpaddingexception e) {

     log.error(e.getmessage(), e);

   } catch (unsupportedencodingexception e) {

     log.error(e.getmessage(), e);

   } catch (invalidkeyexception e) {

     log.error(e.getmessage(), e);

   } catch (invalidalgorithmparameterexception e) {

     log.error(e.getmessage(), e);

   } catch (nosuchproviderexception e) {

     log.error(e.getmessage(), e);

   }

   return null ;

}

map.put( "skey" ,skey );

map.put( "result" , "0" );

map.put( "userinfo" ,userinfo );

return map;