FAQs and answers to the imitation Niuke technology blog project (I)

1. How to realize the registration of the project

User registration for developers is to insert a new user data into the database table . In our project, it is in user Insert a new piece of data into the table , We can develop according to the following three requests realized by the registration function

We develop every request by Dao——>sevice——controller layer

Before inserting data , Null value verification will be performed on the data , Verify the account and mailbox repeatedly , Use map To store error messages , If controller I got it on the second floor map If it is blank, it means the registration result , Carry out subsequent activation processing . When inserting data , The password will be salted , In the use of MD5 The algorithm encrypts , And then store it in the database , Initial data Status Set to 0, Invalid representation , Activation processing is required .

Activate logic ：

2. How does the project realize user uniqueness verification

Creating MySQL Table time , Use unqiue Keyword guarantees user name username Uniqueness of fields . in addition , Repeat verification when registering users , If the user already exists , Cannot register .

3. Project deployment

Not deployed

4. Why should we choose SpringBoot

use SpringBoot To simplify project development ,Springboot Have the following advantages ：

One 、 Independent operation

Spring Boot And it's embedded with all kinds of servlet Containers ,Tomcat、Jetty etc. , It's no longer necessary to play war Package deployed to container ,Spring Boot Just type an executable jar The package can run independently , All dependency packages are in one jar In bag .

Two 、 Simplified configuration

spring-boot-starter-web Initiators automatically depend on other components , Jane is missing maven Configuration of .

3、 ... and 、 Automatic configuration

Spring Boot According to the current class path 、jar Package to automatically configure bean, If you add a spring-boot-starter-web The starter can have web The function of , No other configuration required .

Four 、 No code generation and XML To configure

Spring Boot No code generated during configuration , No need XML Configuration files can do all the configuration work , All this is done with the help of conditional annotation , This is also Spring4.x One of the core functions of .

5. Where is the login status saved

Save in user credential table , Include users id, User credentials , User status and expiration time , For user credential table is 0 It works 1 Invalid . Verify whether the account password is empty when logging in , Or whether the password is wrong , If there is no error, generate login credentials , The code is as follows

6. How to display the login page after the user logs in

Users will log in with ticket by key, And the actual ticket by value Create a cookie Save to browser , Then the server queries in the user credential table according to the user credentials user The information is encapsulated in a template and then returned to the browser . The code and process are shown in the figure below

This process exists when every user logs in , So we need interceptors to deal with . At the same time, for the server , At the same time, there may be a large number of browser requests , So thread safety is also involved here .

Interceptor ：1. Custom interceptors 2. Configure interceptors

Verify the user first

after controller after , Return to the interceptor , The interceptor then stores the user information model

Custom interceptors need to be implemented HandlerInterceptor, Then rewrite preHandle（controller Pre execution ）,postHandle（controller After execution ）, as well as afterCompletion（ Execute after template parsing ）

Configure interceptors ： Need to achieve WebMvcConfigurer Interface , Then rewrite addInterceptors Method , Exclude blocking static pages .

use ThreadLocal To save user information , Ensure thread safety

ThreadLocal Source code ：

As you can see from the code above ,ThreadLocal  set When assigning values, the current thread will be obtained first thread, And get the thread In thread ThreadLocalMap attribute . If map Property is not empty , Then directly update value value , If map It's empty , Then instantiate threadLocalMap, And will value Value initialization

ThreadLocalMap yes ThreadLocal The inner static class of , And its composition mainly uses Entry To save the data , And it's an inherited weak reference . stay Entry For internal use ThreadLocal As key, Use We set up value As value.

Through the current thread object getMap() Method to get ThreadMap object And then put the current ThreadLocal Object as key Value deposit map This ensures that resources are shared within threads and that different threads are independent

7.md5 Do you know the principle ？ Is it safe? ？ Reversible ？

Can be MD5 The algorithm is regarded as a machine , Anything on the computer （ character string , picture , Video etc. ） If it is thrown in, it will output a length of 128 Bit MD5 value .

The input message is the same , The result will always be the same , Different news , The result is different .MD5 Principle introduction ：MD5 With 512 Bit grouping to process the input information , And each group is divided into 16 individual 32 Group the seats , After a series of treatment , The output of the algorithm consists of four 32 Bit grouping composition , Put these four 32 After the concatenation of bit groups, a 128 Bit hash value .

MD5 The security of ： It is generally believed that MD5 It's safe , Because the time of brute force cracking is unacceptable to ordinary people . In fact, if you put the user's password MD5 After processing, it is stored in the database , It's not safe . Because the user's password is relatively short , And many users use birthday passwords , Phone number , Id card number , Phone numbers and so on . Or use some commonly used auspicious numbers , Or an English word . If I put the commonly used password first MD5 Handle , Store the data , And then talk to your MD5 The results match , Then I may get the plaintext . So in our project , The user password will be salted （ Add a random string at the end of the password ） And then we can move on MD5 Encrypt and store in the database . 

 MD5 Is it reversible ： Irreversible , as a result of MD5 Is a hash function , It uses hash Algorithm , In the process of calculation, part of the original information is lost .