feat : 完成h5第三方微信扣扣授权登录注册

game-module/game-sdk/pom.xml

@@ -63,6 +63,12 @@
             <artifactId>weixin-popular</artifactId>
             <version>2.8.16</version>
         </dependency>
+        <!-- 谷歌http工具类 -->
+        <dependency>
+            <groupId>cn.hutool</groupId>
+            <artifactId>hutool-all</artifactId>
+            <version>5.8.0.M1</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-bootstrap</artifactId>

game-module/game-sdk/src/main/java/com/zanxiang/sdk/common/constant/ApiUrlConstant.java

@@ -0,0 +1,68 @@
+package com.zanxiang.sdk.common.constant;
+
+/**
+ * @author : lingfeng
+ * @time : 2022-06-21
+ * @description : 第三方api通用url
+ */
+public class ApiUrlConstant {
+
+    //-------------------- 扣扣api --------------------
+
+    /**
+     * QQ授权重定向地址
+     */
+    public static final String QQ_AUTH_URL = "https://graph.qq.com/oauth2.0/authorize";
+
+    /**
+     * QQ授权回调地址
+     */
+    public static final String QQ_REDIRECT_URL = "http://127.0.0.1:8080/qqCallback";
+
+    /**
+     * QQ网页获取授权token地址
+     */
+    public static final String QQ_WEB_TOKEN_URL = "https://graph.qq.com/oauth2.0/token";
+
+    /**
+     * QQ获取用户openId地址
+     */
+    public static final String QQ_USER_OPENID_URL = "https://graph.qq.com/oauth2.0/me";
+
+    /**
+     * QQ获取用户信息地址
+     */
+    public static final String QQ_USER_INFO_URL = "https://graph.qq.com/user/get_user_info";
+
+    //-------------------- 微信api --------------------
+
+    /**
+     * VX授权重定向地址
+     */
+    public static final String VX_AUTH_URL = "https://open.weixin.qq.com/connect/qrconnect";
+
+    /**
+     * VX授权回调地址
+     */
+    public static final String VX_REDIRECT_URL = "http://127.0.0.1:8080/vxCallback";
+
+    /**
+     * VX网页获取授权token地址
+     */
+    public static final String VX_WEB_TOKEN_URL = "https://api.weixin.qq.com/sns/oauth2/access_token";
+
+    /**
+     * VX网页获取刷新token地址
+     */
+    public static final String VX_WEB_TOKEN_REFRESH_URL = "https://api.weixin.qq.com/sns/oauth2/refresh_token";
+
+    /**
+     * VX网页检测token地址
+     */
+    public static final String VX_WEB_TOKEN_CHECK_URL = "https://api.weixin.qq.com/sns/auth";
+
+    /**
+     * VX网页授权获取用户信息
+     */
+    public static final String VX_WEB_USER_INFO_URL = "https://api.weixin.qq.com/sns/userinfo";
+}

game-module/game-sdk/src/main/java/com/zanxiang/sdk/common/constant/RedisKeyConstant.java

@@ -26,4 +26,10 @@ public class RedisKeyConstant {
      * 手机验证码缓存key
      */
     public static final String SMS_PHONE_KEY = RedisKeyConstant.REDIS_PREFIX + "sms_phone";
+
+    /**
+     * 手机验证码缓存key
+     */
+    public static final String AUTH_STATE_KEY = RedisKeyConstant.REDIS_PREFIX + "auth_state";
+
 }

game-module/game-sdk/src/main/java/com/zanxiang/sdk/common/util/RedisUtils.java

@@ -3,6 +3,7 @@ package com.zanxiang.sdk.common.util;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.SetOperations;
 import org.springframework.data.redis.core.ValueOperations;
 import org.springframework.stereotype.Component;
 
@@ -91,4 +92,57 @@ public class RedisUtils<T> {
         }
         return false;
     }
+
+    /**
+     * set集合添加元素
+     *
+     * @param key : 缓存key
+     * @param t   : 需要添加的元素
+     * @return : 返回是否添加成功
+     */
+    public boolean addToSet(String key, T... t) {
+        try {
+            SetOperations<String, T> setOperations = redisTemplate.opsForSet();
+            Long add = setOperations.add(key, t);
+            return add != null && add >= 1;
+        } catch (Exception e) {
+            log.error("Set添加失败,key : " + key + " e :" + e.toString());
+        }
+        return false;
+    }
+
+    /**
+     * set集合删除元素
+     *
+     * @param key : 缓存key
+     * @param t   : 需要删除的元素
+     * @return : 返回是否删除成功
+     */
+    public boolean removeOfSet(String key, T... t) {
+        try {
+            SetOperations<String, T> setOperations = redisTemplate.opsForSet();
+            Long remove = setOperations.remove(key, t);
+            return remove != null && remove >= 1;
+        } catch (Exception e) {
+            log.error("Set删除失败,key : " + key + " e :" + e.toString());
+        }
+        return false;
+    }
+
+    /**
+     * 判断元素是否存在于set集合
+     *
+     * @param key : 缓存key
+     * @param t   : 需要判断的元素
+     * @return : 判断元素是否存在
+     */
+    public boolean isMemberInSet(String key, T t) {
+        try {
+            SetOperations<String, T> setOperations = redisTemplate.opsForSet();
+            return setOperations.isMember(key, t);
+        } catch (Exception e) {
+            log.error("Set元素是否存在,key : " + key + " e :" + e.toString());
+        }
+        return false;
+    }
 }

game-module/game-sdk/src/main/java/com/zanxiang/sdk/controller/UserController.java

@@ -28,36 +28,6 @@ public class UserController {
     @Autowired
     private IUserService userService;
 
-    @ApiOperation(value = "用户普通注册")
-    @PostMapping("/register/password")
-    @ApiResponses(value = {@ApiResponse(code = 200, message = "成功", response = UserLoginVO.class)})
-    public ResultVo<UserLoginVO> registerPassword(@Validated @RequestBody RegisterPasswordParam registerPasswordParam,
-                                                  HttpServletRequest request) {
-        return userService.registerPassword(registerPasswordParam, request);
-    }
-
-    @ApiOperation(value = "用户手机注册")
-    @PostMapping("/register/mobile")
-    @ApiResponses(value = {@ApiResponse(code = 200, message = "成功", response = UserLoginVO.class)})
-    public ResultVo<UserLoginVO> registerMobile(@Validated @RequestBody RegisterMobileParam registerMobileParam,
-                                                HttpServletRequest request) {
-        return userService.registerMobile(registerMobileParam, request);
-    }
-
-    @ApiOperation(value = "用户名密码登录")
-    @PostMapping("/login/password")
-    @ApiResponses(value = {@ApiResponse(code = 200, message = "成功", response = UserLoginVO.class)})
-    public ResultVo<UserLoginVO> loginPassword(@Validated @RequestBody LoginPasswordParam userLoginParam, HttpServletRequest request) {
-        return userService.loginPassword(userLoginParam, request);
-    }
-
-    @ApiOperation(value = "用户手机号登录")
-    @PostMapping("/login/mobile")
-    @ApiResponses(value = {@ApiResponse(code = 200, message = "成功", response = UserLoginVO.class)})
-    public ResultVo<UserLoginVO> loginMobile(@Validated @RequestBody LoginMobileParam loginMobileParam, HttpServletRequest request) {
-        return userService.loginMobile(loginMobileParam, request);
-    }
-
     @ApiOperation(value = "用户重置密码")
     @PostMapping("/update/password")
     @ApiResponses(value = {@ApiResponse(code = 200, message = "成功", response = UserLoginVO.class)})

game-module/game-sdk/src/main/java/com/zanxiang/sdk/controller/UserLoginController.java

@@ -0,0 +1,95 @@
+package com.zanxiang.sdk.controller;
+
+import com.zanxiang.common.domain.ResultVo;
+import com.zanxiang.sdk.domain.params.*;
+import com.zanxiang.sdk.domain.vo.UserLoginVO;
+import com.zanxiang.sdk.service.IUserAuthService;
+import com.zanxiang.sdk.service.IUserService;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import io.swagger.annotations.ApiResponse;
+import io.swagger.annotations.ApiResponses;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author : lingfeng
+ * @time : 2022-06-21
+ * @description : 用户注册登录
+ */
+@Api(tags = "注册登录接口")
+@CrossOrigin
+@RestController
+@RequestMapping(value = "/api/user")
+public class UserLoginController {
+
+    @Autowired
+    private IUserAuthService userAuthService;
+
+    @Autowired
+    private IUserService userService;
+
+    @ApiOperation(value = "用户普通注册")
+    @PostMapping("/register/password")
+    @ApiResponses(value = {@ApiResponse(code = 200, message = "成功", response = UserLoginVO.class)})
+    public ResultVo<UserLoginVO> registerPassword(@Validated @RequestBody RegisterPasswordParam registerPasswordParam,
+                                                  HttpServletRequest request) {
+        return userService.registerPassword(registerPasswordParam, request);
+    }
+
+    @ApiOperation(value = "用户手机注册")
+    @PostMapping("/register/mobile")
+    @ApiResponses(value = {@ApiResponse(code = 200, message = "成功", response = UserLoginVO.class)})
+    public ResultVo<UserLoginVO> registerMobile(@Validated @RequestBody RegisterMobileParam registerMobileParam,
+                                                HttpServletRequest request) {
+        return userService.registerMobile(registerMobileParam, request);
+    }
+
+    @ApiOperation(value = "用户名密码登录")
+    @PostMapping("/login/password")
+    @ApiResponses(value = {@ApiResponse(code = 200, message = "成功", response = UserLoginVO.class)})
+    public ResultVo<UserLoginVO> loginPassword(@Validated @RequestBody LoginPasswordParam userLoginParam, HttpServletRequest request) {
+        return userService.loginPassword(userLoginParam, request);
+    }
+
+    @ApiOperation(value = "用户手机号登录")
+    @PostMapping("/login/mobile")
+    @ApiResponses(value = {@ApiResponse(code = 200, message = "成功", response = UserLoginVO.class)})
+    public ResultVo<UserLoginVO> loginMobile(@Validated @RequestBody LoginMobileParam loginMobileParam, HttpServletRequest request) {
+        return userService.loginMobile(loginMobileParam, request);
+    }
+
+    @ApiOperation(value = "用户QQ授权登录")
+    @GetMapping("/register/login/qq")
+    @ApiResponses(value = {@ApiResponse(code = 200, message = "成功", response = UserLoginVO.class)})
+    public ResultVo qqLoginAuth(HttpServletResponse response) {
+        userAuthService.qqLoginAuth(response);
+        return ResultVo.ok();
+    }
+
+    @ApiOperation(value = "用户QQ授权登录回调接口")
+    @PostMapping("/register/login/qq/call/back")
+    @ApiResponses(value = {@ApiResponse(code = 200, message = "成功", response = UserLoginVO.class)})
+    public ResultVo<UserLoginVO> qqLoginCallback(@Validated @RequestBody QqLoginCallbackParam qqLoginCallbackParam, HttpServletRequest request) {
+        return userAuthService.qqLoginCallback(qqLoginCallbackParam, request);
+    }
+
+    @ApiOperation(value = "用户微信授权登录")
+    @GetMapping("/register/login/vx")
+    @ApiResponses(value = {@ApiResponse(code = 200, message = "成功", response = UserLoginVO.class)})
+    public ResultVo getUserDetail(HttpServletResponse response) {
+        userAuthService.vxLoginAuth(response);
+        return ResultVo.ok();
+    }
+
+    @ApiOperation(value = "用户微信授权登录回调接口")
+    @PostMapping("/register/login/vx/call/back")
+    @ApiResponses(value = {@ApiResponse(code = 200, message = "成功", response = UserLoginVO.class)})
+    public ResultVo<UserLoginVO> vxLoginCallback(@Validated @RequestBody QqLoginCallbackParam qqLoginCallbackParam, HttpServletRequest request) {
+        return userAuthService.vxLoginCallback(qqLoginCallbackParam, request);
+    }
+}

game-module/game-sdk/src/main/java/com/zanxiang/sdk/domain/dto/UserOauthDTO.java

@@ -0,0 +1,106 @@
+package com.zanxiang.sdk.domain.dto;
+
+import lombok.Builder;
+import lombok.Data;
+
+import java.time.LocalDateTime;
+
+/**
+ * @author : lingfeng
+ * @time : 2022-06-21
+ * @description : 用户授权信息
+ */
+@Data
+@Builder
+public class UserOauthDTO {
+
+    /**
+     * 主键id
+     */
+    private Long id;
+
+    /**
+     * 关联的本站用户id
+     */
+    private Long userId;
+
+    /**
+     * 用户来源（微信/QQ/华为）
+     */
+    private String from;
+
+    /**
+     * 配置ID
+     */
+    private String confId;
+
+    /**
+     * 第三方open id
+     */
+    private String openid;
+
+    /**
+     * 第三方秘钥
+     */
+    private String accessToken;
+
+    /**
+     * 第三方唯一用户id
+     */
+    private String unionid;
+
+    /**
+     * 第三方昵称
+     */
+    private String nickname;
+
+    /**
+     * 国家
+     */
+    private String country;
+
+    /**
+     * 省份
+     */
+    private String province;
+
+    /**
+     * 城市
+     */
+    private String city;
+
+    /**
+     * 1 男 2 女 3 未知
+     */
+    private Boolean six;
+
+    /**
+     * 头像
+     */
+    private String avatar;
+
+    /**
+     * access_token过期时间
+     */
+    private Long expiresIn;
+
+    /**
+     * 扩展信息
+     */
+    private String more;
+
+    /**
+     * 最后登录ip
+     */
+    private String lastLoginIp;
+
+    /**
+     * 最后登录时间
+     */
+    private Long lastLoginTime;
+
+    /**
+     * 绑定时间
+     */
+    private LocalDateTime createTime;
+}

game-module/game-sdk/src/main/java/com/zanxiang/sdk/domain/params/QqLoginCallbackParam.java

@@ -0,0 +1,24 @@
+package com.zanxiang.sdk.domain.params;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+/**
+ * @author : lingfeng
+ * @time : 2022-06-21
+ * @description : QQ授权回调参数
+ */
+@Data
+@EqualsAndHashCode(callSuper = true)
+public class QqLoginCallbackParam extends CommonParam{
+
+    /**
+     * 授权code
+     */
+    private String code;
+
+    /**
+     * 接口密钥
+     */
+    private String state;
+}

game-module/game-sdk/src/main/java/com/zanxiang/sdk/domain/params/UpdatePasswordParam.java

@@ -3,6 +3,7 @@ package com.zanxiang.sdk.domain.params;
 import com.fasterxml.jackson.annotation.JsonAlias;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
+import lombok.EqualsAndHashCode;
 
 import javax.validation.constraints.NotBlank;
 
@@ -12,7 +13,8 @@ import javax.validation.constraints.NotBlank;
  * @description : 修改密码参数
  */
 @Data
-public class UpdatePasswordParam {
+@EqualsAndHashCode(callSuper = true)
+public class UpdatePasswordParam extends CommonParam{
 
     /**
      * 用户token

game-module/game-sdk/src/main/java/com/zanxiang/sdk/service/IQqApiService.java

@@ -0,0 +1,19 @@
+package com.zanxiang.sdk.service;
+
+import java.util.Map;
+
+/**
+ * @author : lingfeng
+ * @time : 2022-06-21
+ * @description :
+ */
+public interface IQqApiService {
+
+    /**
+     * QQ授权获取用户信息
+     *
+     * @param code : 前端授权code
+     * @return : 返回用户信息
+     */
+    Map<String, String> qqAuthUserInfo(String code);
+}

game-module/game-sdk/src/main/java/com/zanxiang/sdk/service/IUserAuthService.java

@@ -0,0 +1,48 @@
+package com.zanxiang.sdk.service;
+
+import com.zanxiang.common.domain.ResultVo;
+import com.zanxiang.sdk.domain.params.QqLoginCallbackParam;
+import com.zanxiang.sdk.domain.vo.UserLoginVO;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author : lingfeng
+ * @time : 2022-06-21
+ * @description : 用户第三方授权
+ */
+public interface IUserAuthService {
+
+    /**
+     * QQ授权登录
+     *
+     * @param response : 返回体
+     */
+    void qqLoginAuth(HttpServletResponse response);
+
+    /**
+     * QQ授权登录回调
+     *
+     * @param qqLoginCallbackParam : 回调参数
+     * @param request              : request
+     * @return : 返回登录token
+     */
+    ResultVo<UserLoginVO> qqLoginCallback(QqLoginCallbackParam qqLoginCallbackParam, HttpServletRequest request);
+
+    /**
+     * 微信授权登录
+     *
+     * @param response : 返回体
+     */
+    void vxLoginAuth(HttpServletResponse response);
+
+    /**
+     * 微信回调方法
+     *
+     * @param qqLoginCallbackParam : 回调参数
+     * @param request              : request
+     * @return : 返回登录token
+     */
+    ResultVo<UserLoginVO> vxLoginCallback(QqLoginCallbackParam qqLoginCallbackParam, HttpServletRequest request);
+}

game-module/game-sdk/src/main/java/com/zanxiang/sdk/service/IUserOauthService.java

@@ -0,0 +1,31 @@
+package com.zanxiang.sdk.service;
+
+import com.zanxiang.mybatis.entity.User;
+import com.zanxiang.sdk.domain.dto.UserOauthDTO;
+
+import java.util.Map;
+
+/**
+ * @author : lingfeng
+ * @time : 2022-06-21
+ * @description : 用户第三方授权信息
+ */
+public interface IUserOauthService {
+
+    /**
+     * 根据openid查询用户授权信息
+     *
+     * @param openId : 用户第三方授权信息
+     * @return : 返回用户授权信息
+     */
+    UserOauthDTO getUserOauthByOpenId(String openId);
+
+    /**
+     * 创建用户授权信息
+     *
+     * @param user : 用户信息
+     * @param map  : 第三方用户信息
+     * @return : 返回用户授权信息
+     */
+    UserOauthDTO createUserOauth(User user, Map<String, String> map);
+}

game-module/game-sdk/src/main/java/com/zanxiang/sdk/service/IVxApiService.java

@@ -0,0 +1,19 @@
+package com.zanxiang.sdk.service;
+
+import java.util.Map;
+
+/**
+ * @author : lingfeng
+ * @time : 2022-06-21
+ * @description : 微信授权api
+ */
+public interface IVxApiService {
+
+    /**
+     * QQ授权获取用户信息
+     *
+     * @param code : 前端授权code
+     * @return : 返回用户信息
+     */
+    Map<String, String> vxAuthUserInfo(String code);
+}

game-module/game-sdk/src/main/java/com/zanxiang/sdk/service/Impl/UserAuthServiceImpl.java

@@ -0,0 +1,233 @@
+package com.zanxiang.sdk.service.Impl;
+
+import com.zanxiang.common.domain.ResultVo;
+import com.zanxiang.common.exception.BaseException;
+import com.zanxiang.common.text.UUID;
+import com.zanxiang.common.utils.IpUtils;
+import com.zanxiang.common.utils.JsonUtil;
+import com.zanxiang.common.utils.URIUtil;
+import com.zanxiang.mybatis.entity.User;
+import com.zanxiang.sdk.common.constant.ApiUrlConstant;
+import com.zanxiang.sdk.common.constant.RedisKeyConstant;
+import com.zanxiang.sdk.common.util.RedisUtils;
+import com.zanxiang.sdk.domain.dto.UserOauthDTO;
+import com.zanxiang.sdk.domain.params.QqLoginCallbackParam;
+import com.zanxiang.sdk.domain.vo.UserLoginVO;
+import com.zanxiang.sdk.service.*;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.time.LocalDateTime;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author : lingfeng
+ * @time : 2022-06-20
+ * @description : 用户第三方授权
+ */
+@Slf4j
+@Service
+public class UserAuthServiceImpl implements IUserAuthService {
+
+    @Autowired
+    private RedisUtils<String> redisUtils;
+
+    @Autowired
+    private IQqApiService qqApiService;
+
+    @Autowired
+    private IVxApiService vxApiService;
+
+    @Autowired
+    private IUserOauthService userOauthService;
+
+    @Autowired
+    private IUserTokenService userTokenService;
+
+    @Autowired
+    private IUserLoginLogService userLoginLogService;
+
+    @Autowired
+    private IUserService userService;
+
+    /**
+     * QQ开发者应用id
+     */
+    @Value("${auth.qq-appId}")
+    private String qqAppId;
+
+    /**
+     * QQ开发者应用id
+     */
+    @Value("${auth.vx-appId}")
+    private String vxAppId;
+
+    /**
+     * QQ授权登录
+     *
+     * @param response : 返回体
+     */
+    @Override
+    public void qqLoginAuth(HttpServletResponse response) {
+        //获取state
+        String state = this.getState();
+        //传递参数
+        Map<String, String> paramMap = new HashMap<>(4);
+        paramMap.put("response_type", "code");
+        paramMap.put("client_id", qqAppId);
+        paramMap.put("state", state);
+        paramMap.put("redirect_uri", ApiUrlConstant.QQ_REDIRECT_URL);
+        //重定向到QQ授权页面
+        try {
+            response.sendRedirect(URIUtil.fillUrlParams(ApiUrlConstant.QQ_AUTH_URL, paramMap, Boolean.TRUE));
+        } catch (Exception e) {
+            log.error("QQ授权登录重定向跳转异常");
+            throw new BaseException("QQ授权登录重定向跳转异常");
+        }
+    }
+
+    /**
+     * QQ授权登录回调
+     *
+     * @param qqLoginCallbackParam : 回调参数
+     * @param request              : request
+     * @return : 返回登录token
+     */
+    @Override
+    public ResultVo<UserLoginVO> qqLoginCallback(QqLoginCallbackParam qqLoginCallbackParam, HttpServletRequest request) {
+        String code = qqLoginCallbackParam.getCode();
+        String state = qqLoginCallbackParam.getState();
+        String deviceType = qqLoginCallbackParam.getDeviceType();
+        //验证state，如果不一致，可能被CSRF攻击
+        this.checkState(state);
+        //获取用户信息
+        Map<String, String> userInfoMap = qqApiService.qqAuthUserInfo(code);
+        //查询用户授权信息是否存在
+        UserOauthDTO userOauthDTO = userOauthService.getUserOauthByOpenId(userInfoMap.get("openId"));
+        //获取用户信息
+        User user = this.getUserByUserOauth(deviceType, userInfoMap, userOauthDTO);
+        //用户登录成功
+        String userToken = userTokenService.getUserToken(userOauthDTO.getId(), deviceType);
+        //登录的ip
+        String realIp = IpUtils.getRealIp(request);
+        //插入用户登录记录
+        userLoginLogService.addUserLoginLog(realIp, user, qqLoginCallbackParam.getGameId());
+        //移出state
+        redisUtils.removeOfSet(RedisKeyConstant.AUTH_STATE_KEY, state);
+        //构造返回
+        return new ResultVo<>(new UserLoginVO(userToken));
+    }
+
+    /**
+     * 微信授权登录
+     *
+     * @param response : 返回体
+     */
+    @Override
+    public void vxLoginAuth(HttpServletResponse response) {
+        //获取state
+        String state = this.getState();
+        //传递参数
+        Map<String, String> paramMap = new HashMap<>(6);
+        paramMap.put("appid", qqAppId);
+        paramMap.put("redirect_uri", URIUtil.encodeURIComponent(ApiUrlConstant.VX_REDIRECT_URL));
+        paramMap.put("response_type", "code");
+        paramMap.put("scope", "snsapi_login");
+        paramMap.put("state", state);
+        paramMap.put("lang", "cn");
+        //重定向到QQ授权页面
+        try {
+            response.sendRedirect(URIUtil.fillUrlParams(ApiUrlConstant.VX_AUTH_URL, paramMap, Boolean.TRUE));
+        } catch (Exception e) {
+            log.error("微信授权登录重定向跳转异常");
+            throw new BaseException("微信授权登录重定向跳转异常");
+        }
+    }
+
+    /**
+     * 微信回调方法
+     *
+     * @param qqLoginCallbackParam : 回调参数
+     * @param request              : request
+     * @return : 返回登录token
+     */
+    @Override
+    public ResultVo<UserLoginVO> vxLoginCallback(QqLoginCallbackParam qqLoginCallbackParam, HttpServletRequest request) {
+        String deviceType = qqLoginCallbackParam.getDeviceType();
+        String code = qqLoginCallbackParam.getCode();
+        String state = qqLoginCallbackParam.getState();
+        //验证state，如果不一致，可能被CSRF攻击
+        this.checkState(state);
+        //获取用户信息
+        Map<String, String> userInfoMap = vxApiService.vxAuthUserInfo(code);
+        //查询用户授权信息是否存在
+        UserOauthDTO userOauthDTO = userOauthService.getUserOauthByOpenId(userInfoMap.get("openId"));
+        //获取用户信息
+        User user = this.getUserByUserOauth(deviceType, userInfoMap, userOauthDTO);
+        //登录的ip
+        String realIp = IpUtils.getRealIp(request);
+        //用户登录成功
+        String userToken = userTokenService.getUserToken(userOauthDTO.getId(), deviceType);
+        //插入用户登录记录
+        userLoginLogService.addUserLoginLog(realIp, user, qqLoginCallbackParam.getGameId());
+        //移出state
+        redisUtils.removeOfSet(RedisKeyConstant.AUTH_STATE_KEY, state);
+        //构造返回
+        return new ResultVo<>(new UserLoginVO(userToken));
+    }
+
+    /**
+     * 格局用户授权信息获取用户
+     *
+     * @param deviceType   : 设备类型
+     * @param userInfoMap  : 第三方用户信息
+     * @param userOauthDTO : 用户授权信息
+     * @return : 返回应用用户信息
+     */
+    private User getUserByUserOauth(String deviceType, Map<String, String> userInfoMap, UserOauthDTO userOauthDTO) {
+        if (userOauthDTO != null) {
+            return userService.getById(userOauthDTO.getUserId());
+        }
+        //创建用户信息
+        User user = User.builder()
+                .nickname(userInfoMap.get("nickname"))
+                .avatar(userInfoMap.get("avatar"))
+                .deviceType(deviceType)
+                .createTime(LocalDateTime.now())
+                .updateTime(LocalDateTime.now())
+                .build();
+        userService.save(user);
+        //创建用户授权信息
+        userOauthDTO = userOauthService.createUserOauth(user, userInfoMap);
+        log.info("用户授权信息, userOauthDTO : {}", JsonUtil.toString(userOauthDTO));
+        //返回用户信息
+        return user;
+    }
+
+    /**
+     * 生成随机密钥并添加到redis中
+     *
+     * @return : 返回随机密钥
+     */
+    private String getState() {
+        String state = UUID.randomUUID().toString();
+        redisUtils.addToSet(RedisKeyConstant.AUTH_STATE_KEY, state);
+        return state;
+    }
+
+    /**
+     * state参数检测
+     *
+     * @param state : 随机密钥
+     */
+    private void checkState(String state) {
+        if (!redisUtils.isMemberInSet(RedisKeyConstant.AUTH_STATE_KEY, state)) {
+            throw new BaseException("State验证失败");
+        }
+    }
+}

game-module/game-sdk/src/main/java/com/zanxiang/sdk/service/Impl/UserOauthServiceImpl.java

@@ -0,0 +1,62 @@
+package com.zanxiang.sdk.service.Impl;
+
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import com.zanxiang.common.utils.bean.BeanUtils;
+import com.zanxiang.mybatis.entity.User;
+import com.zanxiang.mybatis.entity.UserOauth;
+import com.zanxiang.mybatis.mapper.UserOauthMapper;
+import com.zanxiang.sdk.domain.dto.UserOauthDTO;
+import com.zanxiang.sdk.service.IUserOauthService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+
+import java.util.Map;
+
+/**
+ * @author : lingfeng
+ * @time : 2022-06-21
+ * @description : 用户第三方授权信息
+ */
+@Slf4j
+@Service
+public class UserOauthServiceImpl extends ServiceImpl<UserOauthMapper, UserOauth> implements IUserOauthService {
+
+    /**
+     * 根据openid查询用户授权信息
+     *
+     * @param openId : 用户第三方授权信息
+     * @return : 返回用户授权信息
+     */
+    @Override
+    public UserOauthDTO getUserOauthByOpenId(String openId) {
+        //根据用户第三方唯一查询
+        UserOauth userOauth = super.getOne(new LambdaQueryWrapper<UserOauth>().eq(UserOauth::getOpenid, openId));
+        //直接查到了信息
+        if (userOauth != null) {
+            return BeanUtils.copy(userOauth, UserOauthDTO.class);
+        }
+        return null;
+    }
+
+    /**
+     * 创建用户授权信息
+     *
+     * @param user : 用户信息
+     * @param map  : 第三方用户信息
+     * @return : 返回用户授权信息
+     */
+    @Override
+    public UserOauthDTO createUserOauth(User user, Map<String, String> map) {
+        UserOauth userOauth = UserOauth.builder()
+                .userId(user.getId())
+                .openid(map.get("openId"))
+                .accessToken(map.get("accessToken"))
+                .unionid(map.get("openId"))
+                .nickname(map.get("nickname"))
+                .avatar(map.get("avatar"))
+                .build();
+        super.save(userOauth);
+        return BeanUtils.copy(userOauth, UserOauthDTO.class);
+    }
+}

game-module/game-sdk/src/main/java/com/zanxiang/sdk/service/Impl/UserServiceImpl.java

@@ -84,7 +84,7 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IU
         //插入用户登录记录
         userLoginLogService.addUserLoginLog(realIp, user, registerPasswordParam.getGameId());
         //获取token
-        String userToken = userTokenService.getUserToken(user.getId(), user.getDeviceType());
+        String userToken = userTokenService.getUserToken(user.getId(), registerPasswordParam.getDeviceType());
         //返回用户token
         return new ResultVo<>(new UserLoginVO(userToken));
     }
@@ -131,7 +131,7 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IU
                 .build();
         super.save(user);
         //获取token
-        String userToken = userTokenService.getUserToken(user.getId(), user.getDeviceType());
+        String userToken = userTokenService.getUserToken(user.getId(), registerMobileParam.getDeviceType());
         //登录的ip
         String realIp = IpUtils.getRealIp(request);
         //插入用户登录记录
@@ -261,7 +261,7 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IU
             return new ResultVo<>(HttpStatusEnum.USERNAME_OR_PASSWORD_ERR);
         }
         //验证通过, 获取token
-        String userToken = userTokenService.getUserToken(user.getId(), user.getDeviceType());
+        String userToken = userTokenService.getUserToken(user.getId(), userLoginParam.getDeviceType());
         //登录的ip
         String realIp = IpUtils.getRealIp(request);
         //插入用户登录记录
@@ -300,7 +300,7 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IU
             return new ResultVo<>(HttpStatusEnum.ACCOUNT_HALT);
         }
         //验证通过, 获取token
-        String userToken = userTokenService.getUserToken(user.getId(), user.getDeviceType());
+        String userToken = userTokenService.getUserToken(user.getId(), loginMobileParam.getDeviceType());
         //登录的ip
         String realIp = IpUtils.getRealIp(request);
         //插入用户登录记录
@@ -333,7 +333,7 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IU
             return new ResultVo<>(HttpStatusEnum.USERNAME_NOT_EXISTS);
         }
         //验证token是否存在
-        HttpStatusEnum checkUserTokenEnum = userTokenService.checkUserToken(token, user.getId(), user.getDeviceType());
+        HttpStatusEnum checkUserTokenEnum = userTokenService.checkUserToken(token, user.getId(), updatePasswordParam.getDeviceType());
         if (!Objects.equals(HttpStatusEnum.SUCCESS, checkUserTokenEnum)) {
             return new ResultVo<>(checkUserTokenEnum);
         }

game-module/game-sdk/src/main/java/com/zanxiang/sdk/service/Impl/auth/QqApiServiceImpl.java

@@ -0,0 +1,146 @@
+package com.zanxiang.sdk.service.Impl.auth;
+
+import cn.hutool.http.HttpUtil;
+import com.zanxiang.common.exception.BaseException;
+import com.zanxiang.common.utils.URIUtil;
+import com.zanxiang.sdk.common.constant.ApiUrlConstant;
+import com.zanxiang.sdk.service.IQqApiService;
+import com.zanxiangnet.module.util.JsonUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.logging.log4j.util.Strings;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author : lingfeng
+ * @time : 2022-06-20
+ * @description : QQ Api接口
+ */
+@Slf4j
+@Service
+public class QqApiServiceImpl implements IQqApiService {
+
+    /**
+     * QQ开发者应用id
+     */
+    @Value("${auth.qq-appId}")
+    private String qqAppId;
+
+    /**
+     * QQ开发者应用key
+     */
+    @Value("${auth.qq-appKey}")
+    private String qqAppKey;
+
+    /**
+     * QQ授权获取用户信息
+     *
+     * @param code : 前端授权code
+     * @return : 返回用户信息
+     */
+    @Override
+    public Map<String, String> qqAuthUserInfo(String code) {
+        // 向QQ认证服务器申请令牌
+        String accessToken = this.getAccessTokenApi(code);
+        if (Strings.isBlank(accessToken)) {
+            throw new BaseException("获取token失败");
+        }
+        // 通过accessToken获取用户openId
+        String openId = this.getUserOpenIdApi(accessToken);
+        if (Strings.isBlank(openId)) {
+            throw new BaseException("获取openId失败");
+        }
+        // 获取用户信息
+        Map<String, String> userInfo = this.getUserInfoApi(accessToken, openId);
+        if (userInfo.isEmpty()) {
+            throw new BaseException("获取用户信息失败");
+        }
+        //构造返回信息
+        Map<String, String> map = new HashMap<>(3);
+        map.put("openId", openId);
+        map.put("accessToken", accessToken);
+        map.put("nickname", userInfo.get("nickname"));
+        map.put("avatar", userInfo.get("figureurl_qq_1"));
+        map.put("six", userInfo.get("gender"));
+        return map;
+    }
+
+    /**
+     * 获取用户授权token
+     *
+     * @param code : 用户授权code
+     * @return : 返回token
+     */
+    private String getAccessTokenApi(String code) {
+        Map<String, String> paramMap = new HashMap<>(5);
+        paramMap.put("grant_type", "authorization_code");
+        paramMap.put("code", code);
+        paramMap.put("redirect_uri", ApiUrlConstant.QQ_REDIRECT_URL);
+        paramMap.put("client_id", qqAppId);
+        paramMap.put("client_secret", qqAppKey);
+        //拼接url请求参数
+        Map<String, String> resultMap = new HashMap<>();
+        try {
+            String uri = URIUtil.fillUrlParams(ApiUrlConstant.QQ_WEB_TOKEN_URL, paramMap, Boolean.TRUE);
+            String result = HttpUtil.get(uri);
+            if (Strings.isNotBlank(result)) {
+                resultMap = JsonUtil.toMap(result, Map.class, String.class);
+            }
+        } catch (Exception e) {
+            log.error("QQ获取用户授权token异常");
+            throw new BaseException("QQ获取用户授权token异常");
+        }
+        return resultMap.get("access_token");
+    }
+
+    /**
+     * 获取用户openId
+     *
+     * @param accessToken : 用户token密钥
+     * @return : 返回用户openId
+     */
+    private String getUserOpenIdApi(String accessToken) {
+        //拼接url请求参数
+        Map<String, String> paramMap = new HashMap<>(1);
+        paramMap.put("access_token", accessToken);
+        Map<String, String> resultMap = new HashMap<>();
+        try {
+            String uri = URIUtil.fillUrlParams(ApiUrlConstant.QQ_USER_OPENID_URL, paramMap, Boolean.TRUE);
+            String result = HttpUtil.get(uri);
+            if (Strings.isNotBlank(result)) {
+                resultMap = JsonUtil.toMap(result, Map.class, String.class);
+            }
+        } catch (Exception e) {
+            log.error("");
+        }
+        return resultMap.get("openid");
+    }
+
+    /**
+     * 获取用户openId
+     *
+     * @param accessToken : 用户token密钥
+     * @return : 返回用户openId
+     */
+    private Map<String, String> getUserInfoApi(String accessToken, String openId) {
+        //拼接url请求参数
+        Map<String, String> paramMap = new HashMap<>(3);
+        paramMap.put("access_token", accessToken);
+        paramMap.put("oauth_consumer_key", qqAppId);
+        paramMap.put("openid", openId);
+        Map<String, String> resultMap = new HashMap<>();
+        try {
+            String uri = URIUtil.fillUrlParams(ApiUrlConstant.QQ_USER_INFO_URL, paramMap, Boolean.TRUE);
+            String result = HttpUtil.get(uri);
+            if (Strings.isNotBlank(result)) {
+                resultMap = JsonUtil.toMap(result, Map.class, String.class);
+            }
+        } catch (Exception e) {
+            log.error("");
+        }
+        return resultMap;
+    }
+}

game-module/game-sdk/src/main/java/com/zanxiang/sdk/service/Impl/auth/VxApiServiceImpl.java

@@ -0,0 +1,221 @@
+package com.zanxiang.sdk.service.Impl.auth;
+
+import cn.hutool.http.HttpUtil;
+import com.zanxiang.common.exception.BaseException;
+import com.zanxiang.common.utils.URIUtil;
+import com.zanxiang.sdk.common.constant.ApiUrlConstant;
+import com.zanxiang.sdk.service.IVxApiService;
+import com.zanxiangnet.module.util.JsonUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.logging.log4j.util.Strings;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * @author : lingfeng
+ * @time : 2022-06-20
+ * @description : 微信api接口
+ */
+@Slf4j
+@Service
+public class VxApiServiceImpl implements IVxApiService {
+
+    /**
+     * 微信开发者应用id
+     */
+    @Value("${auth.vx-appId}")
+    private String vxAppId;
+
+    /**
+     * 微信开发者应用key
+     */
+    @Value("${auth.vx-appSecret}")
+    private String vxAppSecret;
+
+    /**
+     * QQ授权获取用户信息
+     *
+     * @param code : 前端授权code
+     * @return : 返回用户信息
+     */
+    @Override
+    public Map<String, String> vxAuthUserInfo(String code) {
+        // 向QQ认证服务器申请令牌
+        Map<String, String> tokenResultMap = this.getAccessTokenApi(code);
+        if (tokenResultMap.isEmpty()) {
+            throw new BaseException("获取token失败");
+        }
+        // 获取用户信息
+        Map<String, String> userInfoMap = this.getUserInfoApi(tokenResultMap.get("access_token"), tokenResultMap.get("openid"));
+        if (userInfoMap.isEmpty()) {
+            throw new BaseException("获取用户信息失败");
+        }
+        //构造返回信息
+        Map<String, String> map = new HashMap<>(3);
+        map.put("openId", tokenResultMap.get("openid"));
+        map.put("accessToken", tokenResultMap.get("access_token"));
+        map.put("nickname", userInfoMap.get("nickname"));
+        map.put("avatar", userInfoMap.get("headimgurl"));
+        map.put("six", userInfoMap.get("six"));
+        return map;
+    }
+
+
+    /**
+     * web获取用户授权token
+     * <p>
+     * 成功示例 :
+     * {
+     * "access_token":"ACCESS_TOKEN",
+     * "expires_in":7200,
+     * "refresh_token":"REFRESH_TOKEN",
+     * "openid":"OPENID",
+     * "scope":"SCOPE"
+     * }
+     * <p>
+     * 错误返回样例：
+     * {
+     * "errcode":40029,"errmsg":"invalid code"
+     * }
+     *
+     * @param code : 用户授权code
+     * @return : 返回token
+     */
+    private Map<String, String> getAccessTokenApi(String code) {
+        Map<String, String> paramMap = new HashMap<>(4);
+        paramMap.put("appid", vxAppId);
+        paramMap.put("secret", vxAppSecret);
+        paramMap.put("code", code);
+        paramMap.put("grant_type", "authorization_code");
+        //拼接url请求参数
+        Map<String, String> resultMap = new HashMap<>();
+        try {
+            String uri = URIUtil.fillUrlParams(ApiUrlConstant.VX_WEB_TOKEN_URL, paramMap, Boolean.TRUE);
+            String result = HttpUtil.get(uri);
+            if (Strings.isNotBlank(result)) {
+                resultMap = JsonUtil.toMap(result, Map.class, String.class);
+            }
+        } catch (Exception e) {
+            log.error("微信获取用户授权token异常");
+            throw new BaseException("微信获取用户授权token异常");
+        }
+        return resultMap;
+    }
+
+    /**
+     * web刷新用户token
+     * <p>
+     * 成功示例 :
+     * {
+     * "access_token":"ACCESS_TOKEN",
+     * "expires_in":7200,
+     * "refresh_token":"REFRESH_TOKEN",
+     * "openid":"OPENID",
+     * "scope":"SCOPE"
+     * }
+     * <p>
+     * 错误返回样例：
+     * {
+     * "errcode":40030,"errmsg":"invalid refresh_token"
+     * }
+     *
+     * @param refreshToken : 刷新token密钥
+     * @return : 返回新的token
+     */
+    private Map<String, String> refreshTokenApi(String refreshToken) {
+        Map<String, String> paramMap = new HashMap<>(4);
+        paramMap.put("appid", vxAppId);
+        paramMap.put("grant_type", "refresh_token");
+        paramMap.put("refresh_token", refreshToken);
+        //拼接url请求参数
+        Map<String, String> resultMap = new HashMap<>();
+        try {
+            String uri = URIUtil.fillUrlParams(ApiUrlConstant.VX_WEB_TOKEN_REFRESH_URL, paramMap, Boolean.TRUE);
+            String result = HttpUtil.get(uri);
+            if (Strings.isNotBlank(result)) {
+                resultMap = JsonUtil.toMap(result, Map.class, String.class);
+            }
+        } catch (Exception e) {
+            log.error("微信刷新用户token异常");
+            throw new BaseException("微信刷新用户token异常");
+        }
+        return resultMap;
+    }
+
+    /**
+     * web用户token校验是否有效
+     *
+     * @param openid      : 用户在微信应用的唯一id
+     * @param accessToken : 密钥
+     * @return : 返回token是否有效, true : 有效, false : 无效
+     */
+    private Boolean tokenCheckApi(String openid, String accessToken) {
+        Map<String, String> paramMap = new HashMap<>(2);
+        paramMap.put("accessToken", accessToken);
+        paramMap.put("openid", openid);
+        //拼接url请求参数
+        Map<String, String> resultMap = new HashMap<>();
+        try {
+            String uri = URIUtil.fillUrlParams(ApiUrlConstant.VX_WEB_TOKEN_CHECK_URL, paramMap, Boolean.TRUE);
+            String result = HttpUtil.get(uri);
+            if (Strings.isNotBlank(result)) {
+                resultMap = JsonUtil.toMap(result, Map.class, String.class);
+            }
+        } catch (Exception e) {
+            log.error("微信刷新用户token异常");
+            throw new BaseException("微信刷新用户token异常");
+        }
+        return Objects.equals(resultMap.get("errcode"), "0");
+    }
+
+
+    /**
+     * web获取用户信息
+     * <p>
+     * 成功示例 :
+     * {
+     * "openid":"OPENID",
+     * "nickname":"NICKNAME",
+     * "sex":1,
+     * "province":"PROVINCE",
+     * "city":"CITY",
+     * "country":"COUNTRY",
+     * "headimgurl": "headimgurl",
+     * "privilege":["PRIVILEGE1","PRIVILEGE2"],
+     * "unionid": " o6_bmasdasdsad6_2sgVt7hMZOPfL"
+     * }
+     * <p>
+     * 错误返回样例：
+     * {
+     * "errcode":40003,"errmsg":"invalid openid"
+     * }
+     *
+     * @param openid      : 用户在微信应用的唯一id
+     * @param accessToken : 密钥
+     * @return : 返回token是否有效, true : 有效, false : 无效
+     */
+    private Map<String, String> getUserInfoApi(String accessToken, String openid) {
+        Map<String, String> paramMap = new HashMap<>(3);
+        paramMap.put("accessToken", accessToken);
+        paramMap.put("openid", openid);
+        paramMap.put("lang", "zh_CN");
+        //拼接url请求参数
+        Map<String, String> resultMap = new HashMap<>();
+        try {
+            String uri = URIUtil.fillUrlParams(ApiUrlConstant.VX_WEB_USER_INFO_URL, paramMap, Boolean.TRUE);
+            String result = HttpUtil.get(uri);
+            if (Strings.isNotBlank(result)) {
+                resultMap = JsonUtil.toMap(result, Map.class, String.class);
+            }
+        } catch (Exception e) {
+            log.error("web获取用户信息异常");
+            throw new BaseException("web获取用户信息异常");
+        }
+        return resultMap;
+    }
+
+}

game-module/game-sdk/src/main/resources/bootstrap.yml

@@ -49,6 +49,12 @@ ali-sms:
   defaultSignName: 赞象
   defaultVerifyCodeTemplate: SMS_232080189
 
+auth:
+  qq-appId: 101933357
+  qq-appKey: 900292039ed5408d941dad762ab68383
+  vx-appId :
+  vx-appSecret:
+
 logging:
   level:
     root: warn