# Vue如何實現登錄記住賬號密碼功能
## 前言
在現代Web應用中,用戶登錄是必不可少的功能。為了提高用戶體驗,"記住賬號密碼"功能成為許多應用的標配。本文將深入探討在Vue.js框架中實現這一功能的完整方案,涵蓋前端處理、安全考量和與后端的交互。
---
## 一、功能需求分析
### 1.1 基礎功能需求
- 登錄表單提供"記住我"復選框
- 勾選后下次訪問自動填充賬號密碼
- 未勾選時僅保持當前會話
- 提供清除已保存憑據的選項
### 1.2 安全需求
- 密碼不能明文存儲
- 需要提供安全退出機制
- 敏感信息需要加密處理
- 考慮CSRF防護
### 1.3 用戶體驗需求
- 清晰的UI狀態反饋
- 移動端適配
- 多瀏覽器兼容
- 可訪問性設計
---
## 二、前端實現方案
### 2.1 基礎組件結構
```vue
<template>
<div class="login-container">
<form @submit.prevent="handleSubmit">
<div class="form-group">
<label>用戶名</label>
<input
v-model="username"
type="text"
required
/>
</div>
<div class="form-group">
<label>密碼</label>
<input
v-model="password"
type="password"
required
/>
</div>
<div class="remember-me">
<input
id="remember"
v-model="rememberMe"
type="checkbox"
/>
<label for="remember">記住我</label>
</div>
<button type="submit">登錄</button>
</form>
</div>
</template>
<script>
export default {
data() {
return {
username: '',
password: '',
rememberMe: false
}
},
methods: {
handleSubmit() {
// 登錄邏輯
}
}
}
</script>
| 存儲方式 | 容量 | 生命周期 | 訪問限制 | 適用場景 |
|---|---|---|---|---|
| Cookie | 4KB | 可設置過期時間 | 每次請求攜帶 | 會話管理 |
| localStorage | 5-10MB | 永久存儲 | 僅客戶端 | 長期存儲 |
| sessionStorage | 5-10MB | 會話結束清除 | 僅當前標簽頁 | 臨時存儲 |
| IndexedDB | 50MB+ | 永久存儲 | 異步操作 | 大量結構化數據 |
// src/utils/auth.js
import CryptoJS from 'crypto-js'
const SECRET_KEY = 'your_app_secret_key'
export function saveCredentials(username, password, remember) {
const encrypted = {
username,
password: CryptoJS.AES.encrypt(password, SECRET_KEY).toString()
}
if (remember) {
localStorage.setItem('auth', JSON.stringify(encrypted))
} else {
sessionStorage.setItem('auth', JSON.stringify(encrypted))
}
}
export function loadCredentials() {
const storage = localStorage.getItem('auth') || sessionStorage.getItem('auth')
if (!storage) return null
try {
const { username, password } = JSON.parse(storage)
return {
username,
password: CryptoJS.AES.decrypt(password, SECRET_KEY).toString(CryptoJS.enc.Utf8)
}
} catch (e) {
clearCredentials()
return null
}
}
export function clearCredentials() {
localStorage.removeItem('auth')
sessionStorage.removeItem('auth')
}
// 在Login組件中
export default {
mounted() {
const credentials = loadCredentials()
if (credentials) {
this.username = credentials.username
this.password = credentials.password
this.rememberMe = true
}
},
methods: {
handleSubmit() {
// 驗證邏輯...
if (this.rememberMe) {
saveCredentials(this.username, this.password, true)
} else {
saveCredentials(this.username, this.password, false)
}
// 提交登錄...
}
}
}
// 使用更安全的密鑰派生方式
import { PBKDF2 } from 'crypto-js'
function getDerivedKey(password) {
return PBKDF2(password, 'salt', {
keySize: 512/32,
iterations: 1000
})
}
// 存儲時
const derivedKey = getDerivedKey(SECRET_KEY)
const encrypted = CryptoJS.AES.encrypt(password, derivedKey, {
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
})
// 在存儲前進行轉義
import DOMPurify from 'dompurify'
function sanitizeInput(input) {
return DOMPurify.sanitize(input, {
ALLOWED_TAGS: [],
ALLOWED_ATTR: []
})
}
// 使用示例
const cleanUsername = sanitizeInput(username)
// 在axios攔截器中添加CSRF Token
import axios from 'axios'
axios.interceptors.request.use(config => {
const token = localStorage.getItem('csrfToken') ||
sessionStorage.getItem('csrfToken')
if (token) {
config.headers['X-CSRF-TOKEN'] = token
}
return config
})
// 登錄請求示例
async function login(username, password) {
try {
const response = await axios.post('/api/auth/login', {
username,
password,
remember: this.rememberMe
})
// 處理響應
if (response.data.csrfToken) {
if (this.rememberMe) {
localStorage.setItem('csrfToken', response.data.csrfToken)
} else {
sessionStorage.setItem('csrfToken', response.data.csrfToken)
}
}
return response.data
} catch (error) {
throw error
}
}
sequenceDiagram
用戶->>前端: 提交登錄(勾選記住我)
前端->>后端: 發送認證請求
后端->>前端: 返回長期有效的JWT
前端->>localStorage: 存儲Token
前端->>后續請求: 攜帶Authorization頭
sequenceDiagram
用戶->>前端: 提交登錄(勾選記住我)
前端->>后端: 發送認證請求
后端->>前端: 設置長期Cookie
瀏覽器->>后續請求: 自動攜帶Cookie
<template>
<div class="login-container">
<!-- 表單結構同上... -->
<div v-if="showReset" class="reset-saved">
<a href="#" @click.prevent="clearSaved">清除已保存的登錄信息</a>
</div>
</div>
</template>
<script>
import { saveCredentials, loadCredentials, clearCredentials } from '@/utils/auth'
import { login } from '@/api/auth'
export default {
data() {
return {
username: '',
password: '',
rememberMe: false,
showReset: false
}
},
mounted() {
const credentials = loadCredentials()
if (credentials) {
this.username = credentials.username
this.password = credentials.password
this.rememberMe = true
this.showReset = true
}
},
methods: {
async handleSubmit() {
try {
await login(this.username, this.password)
if (this.rememberMe) {
saveCredentials(this.username, this.password, true)
} else {
saveCredentials(this.username, this.password, false)
}
this.$router.push('/dashboard')
} catch (error) {
console.error('登錄失敗:', error)
}
},
clearSaved() {
clearCredentials()
this.username = ''
this.password = ''
this.rememberMe = false
this.showReset = false
}
}
}
</script>
// src/router/index.js
router.beforeEach((to, from, next) => {
if (to.meta.requiresAuth) {
const auth = loadCredentials()
if (auth) {
next()
} else {
next('/login?redirect=' + encodeURIComponent(to.fullPath))
}
} else {
next()
}
})
describe('記住密碼功能', () => {
beforeEach(() => {
localStorage.clear()
sessionStorage.clear()
})
it('應該能保存到localStorage', () => {
saveCredentials('test', '123456', true)
expect(localStorage.getItem('auth')).not.toBeNull()
})
it('應該能正確解密', () => {
saveCredentials('test', '123456', true)
const cred = loadCredentials()
expect(cred.password).toBe('123456')
})
it('勾選記住我應該使用localStorage', () => {
// 模擬組件測試...
})
})
存儲不生效
自動填充失敗
安全問題
// 使用Web Authentication API
if (window.PublicKeyCredential) {
navigator.credentials.get({
publicKey: {
challenge: new Uint8Array(32),
allowCredentials: []
}
})
}
function checkPasswordStrength(pwd) {
// 實現強度檢查邏輯
return score // 0-4
}
