小程序登录流程

{ "name": "code-express", "version": "1.0.0", "description": "", "main": "index.js", "scripts": { "dev": "nodemon ./main.js" }, "keywords": [], "author": "", "license": "ISC", "dependencies": { "axios": "^1.3.4", "crypto": "^1.0.1", "express": "^4.18.2", "jsonwebtoken": "^9.0.0", "mongoose": "^7.0.0" }, "devDependencies": { "nodemon": "^2.0.20" } }

//使用 Express，我们可以方便、快速的创建 Web 网站的服务器或 API 接口的服务器。 const express = require("express"; const mongoose = require("mongoose"; const jwt = require("jsonwebtoken"; const WXBizDataCrypt = require("./utils/WXBizDataCrypt"; const axios = require("axios"; // 数据库链接地址 const dburl = "mongodb://127.0.0.1:27017/hello"; // 描述数据表的格式 const schema = new mongoose.Schema({ username: String, password: String, phone: String, openid: String, // 微信昵称 nickName: String, // 微信头像 avatarUrl: String, // 性别 gender: Number, }; // 用于操作users表的model对象 const userModel = mongoose.model("user", schema; const appid = "wx7ebb4519149403ff"; const appSecret = "13655691c054c1b84484cbc523c78afc"; const app = express(; // 注册中间件，让req.body可以使用 app.use(express.json(; // 登录接口 app.post("/api/auth/login", async (req, res => { // 1. 获取前端传递过来的 code 、encryptedData、iv const { code, encryptedData, iv } = req.body; // 2. 调用 微信的 jscode2session 接口 https://developers.weixin.qq.com/miniprogram/dev/OpenApiDoc/user-login/code2Session.html const response = await axios.get( "https://api.weixin.qq.com/sns/jscode2session", { params: { appid, // 小程序appid secret: appSecret, // 要注意安全 js_code: code, grant_type: "authorization_code", }, } ; // 3. 取出 openid、session_key const { openid, session_key } = response.data; // const openid = "oKWcP0ZKMAk5KuUFgsLyBRtAFt08"; console.log("openid", openid; // 4. 判断 openid 是否正确获取到了 if (!openid { return res.send({ status: response.data.errcode, msg: response.data.errmsg, }; } // 5. 根据 openid 去查看数据库中有没有存在 const userInfo = await userModel.findOne({ openid }; // 6. 判断 userInfo 是否存在 if (!userInfo { // 解密 encryptedData const pc = new WXBizDataCrypt(appid, session_key; const data = pc.decryptData(encryptedData, iv; console.log("解密后的数据", data; // 直接给注册一下，写入数据库 await userModel.create({ username: "", password: "", phone: "", nickName: data.nickName, avatarUrl: data.avatarUrl, gender: data.gender, openid: openid, }; } // 7. 签发token const token = jwt.sign( { openid, }, "hello" ; // 8. 登录成功, 响应token到前端 res.send({ status: 0, msg: "登录成功", data: token, }; }; // 获取用户信息接口 app.get("/api/profile", async (req, res => { try { // 1. 从请求头中，获取前端传递过来的 token const token = req.get("Authorization"; // 2. 校验 token const payload = jwt.verify(token, "hello"; console.log("payload", payload; // 3. 根据 openid 查询数据库对应的用户信息 // const { password, ...other } = await userModel.findOne({ // openid: payload.openid, // }; const userInfo = await userModel.findOne({ openid: payload.openid, }; // 4. 响应用户数据出去 res.send({ status: 0, msg: "获取成功", data: userInfo, }; } catch (error { // token 校验失败 res.send(401, { status: -1, msg: "token 无效", }; } }; app.listen(3000, async ( => { // 链接数据库 await mongoose.connect(dburl; console.log("数据库链接成功，服务启动成功, 3000"; };