BlackHorse Rating Login Design

Publish on: Classify at:
Words: 205 Read:≈ 1mins Views:

Alt text

SMS Verification Code Login

  1. User enters phone number on login page and clicks “Get Code”. Backend validates phone format, generates a verification code, stores phone:code in Redis with 2-minute expiry.
  2. User enters code and clicks “Login”. Backend compares submitted code with stored value.
  3. If user doesn’t exist, create and save to database.
  4. Generate random token as login credential; convert User object to Hash and store as token:userHash in Redis.

Login Status Validation

  1. Requests carry token in header. RefreshTokenInterceptor intercepts all requests (passes through if no token).
  2. Extract token from header, retrieve user Map from Redis using token.
  3. If user exists, convert Map to UserDTO, store in ThreadLocal, and refresh token expiry.

LoginInterceptor intercepts all paths except specified public ones. If UserHolder is empty (not logged in), request is rejected.

UserHolder

Each ThreadLocal stores one object per thread. ThreadLocal instances are stored in the thread’s private ThreadLocalMap.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

public class UserHolder {
    private static final ThreadLocal<UserDTO> tl = new ThreadLocal<>();
    public static void saveUser(UserDTO userDTO){
        tl.set(userDTO);
    }
    public static UserDTO getUser(){
        return tl.get();
    }
    public static void removeUser(){
        tl.remove();
    }
}

After a request requiring login completes, loginInterceptor’s afterCompletion method removes the user from UserHolder.