📢 This article was translated by gemini-2.5-flash
Happy Lunar Year!
Flow:
https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/login.html
The frontend gets the authorization code, then requests
https://api.weixin.qq.com/sns/jscode2session
to get session_key and openid.
WeChat API for request:
https://developers.weixin.qq.com/miniprogram/dev/OpenApiDoc/user-login/code2Session.html
Analysis & Design
API Design
Request Path: /user/user/login
Request Method: POST
Request Parameters: code String (WeChat user authorization code)
Response Data:
- id integer (user ID)
- openid (WeChat openid)
- token (JWT token)
Database Table Design
When a user uses the mini program for the first time, they’re automatically registered, and relevant info is stored in the user table.
| Field Name | Data Type | Description |
|---|
| id | bigint | Primary Key, auto-increment |
| openid | varchar(45) | WeChat User Unique Identifier |
| name | varchar(32) | User Name |
| phone | varchar(11) | Phone Number |
| gender | varchar(2) | Gender |
| id_number | varchar(18) | ID Card Number |
| avatar | varchar(500) | WeChat User Avatar Path |
| create_time | datetime | Registration Time |
Mini programs registered under individual accounts don’t have permission to get the WeChat user’s phone number.
Program Configuration
First, configure the parameters required for WeChat login.
application-dev.yml
1
2
3
4
| sky:
wechat:
appid: your_appid
secret: your_secret
|
application.yml
1
2
3
4
| sky:
wechat:
appid: ${sky.wechat.appid}
secret: ${sky.wechat.secret}
|
Configuration items used when generating JWT tokens for WeChat users.
1
2
3
4
5
6
| sky:
jwt:
# User-related
user-secret-key: key
user-ttl: 7200000
user-token-name: authentication
|
Java
Business Logic Code
controller
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| @RestController
@RequestMapping("/user/user")
@Api(tags = "User-related APIs")
@Slf4j
public class UserController {
@Autowired
private UserService userService;
@Autowired
private JwtProperties jwtProperties;
@PostMapping("/login")
@ApiOperation("WeChat login")
public Result<UserLoginVO> login(@RequestBody UserLoginDTO userLoginDTO){
log.info("WeChat user login: {}", userLoginDTO.getCode());
// WeChat login
User user = userService.wxlogin(userLoginDTO);
// Generate JWT token for WeChat user
HashMap<String, Object> claims = new HashMap<>();
claims.put(JwtClaimsConstant.USER_ID, user.getId());
String token = JwtUtil.createJWT(jwtProperties.getUserSecretKey(),
jwtProperties.getUserTtl(), claims);
UserLoginVO userLoginVO = UserLoginVO.builder()
.id(user.getId())
.openid(user.getOpenid())
.token(token)
.build();
return Result.success(userLoginVO);
}
}
|
service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
| @Service
@Slf4j
public class UserServiceImpl implements UserService {
// WeChat API
public static final String WX_LOGIN = "https://api.weixin.qq.com/sns/jscode2session";
@Autowired
private WeChatProperties weChatProperties;
@Autowired
private UserMapper userMapper;
@Override
public User wxlogin(UserLoginDTO userLoginDTO) {
String openid = getOpenid(userLoginDTO.getCode());
// Check if openid is valid
if (openid == null){
throw new LoginFailedException(MessageConstant.LOGIN_FAILED);
}
// Check if it's a new user
User user = userMapper.getByOpenid(openid);
// If new user, auto-register
if (user == null){
user = User.builder()
.openid(openid)
.createTime(LocalDateTime.now())
.build();
userMapper.insert(user);
}
return user;
}
// Call WeChat API to get user openid
private String getOpenid(String code){
Map<String,String> map = new HashMap<>();
map.put("appid", weChatProperties.getAppid());
map.put("secret", weChatProperties.getSecret());
map.put("js_code", code);
map.put("grant_type", "authorization_code");
String json = HttpClientUtil.doGet(WX_LOGIN, map);
JSONObject jsonObject = JSON.parseObject(json);
String openid = jsonObject.getString("openid");
return openid;
}
}
|
Mapper
1
2
3
4
5
6
7
| @Mapper
public interface UserMapper {
@Select("select * from user where openid = #{openid}")
User getByOpenid(String openid);
void insert(User user);
}
|
Mapper XML
1
2
3
4
5
6
7
8
9
| <?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.sky.mapper.UserMapper">
<insert id="insert">
insert into user(openid, name, phone, sex, id_number, avatar, create_time)
VALUES (#{openid}, #{name}, #{phone}, #{sex}, #{idNumber}, #{avatar}, #{createTime})
</insert>
</mapper>
|
Interceptor
Globally intercept user-side requests for JWT validation.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
| @Component
@Slf4j
public class JwtTokenUserInterceptor implements HandlerInterceptor {
@Autowired
private JwtProperties jwtProperties;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// Determine interceptor type: controller or other resource
if(!(handler instanceof HandlerMethod)){
// If the current interception is not a dynamic method, let it pass
return true;
}
// Get token from request
String token = request.getHeader(jwtProperties.getUserTokenName());
// Validate token
try {
log.info("JWT validation: {}", token);
Claims claims = JwtUtil.parseJWT(jwtProperties.getUserSecretKey(), token);
Long userId = Long.valueOf(claims.get(JwtClaimsConstant.USER_ID).toString());
log.info("Current user ID: {}", userId);
BaseContext.setCurrentId(userId);
// Validation passed
return true;
}catch (Exception ex){
// Validation failed
return false;
}
}
}
|
Register interceptor in WebMvcConfiguration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| @Autowired
private JwtTokenUserInterceptor jwtTokenUserInterceptor;
/**
* Register custom interceptors
* @param registry
*/
protected void addInterceptors(InterceptorRegistry registry) {
log.info("Starting custom interceptor registration...");
//.........
registry.addInterceptor(jwtTokenUserInterceptor)
.addPathPatterns("/user/**")
.excludePathPatterns("/user/user/login")
.excludePathPatterns("/user/shop/status");
}
|