Search

US-12627647-B2 - Data processing method and apparatus, computer device, and readable storage medium

US12627647B2US 12627647 B2US12627647 B2US 12627647B2US-12627647-B2

Abstract

A data processing method includes invoking an object login service based on an authorization request transmitted through an application client, obtaining target login information entered in the object login service, performing matching of the target login information with object credential information through the object login service, obtaining an object authorization code if the target login information matches the object credential information, receiving a token obtaining request transmitted by the application client based on the object authorization code, invoking a token issuance service based on the token obtaining request, and obtaining an object token through the token issuance service. The object token is configured to provide the application client with an operation permission to operate resource data within a scope of authority through the service node.

Inventors

  • Gengliang Zhu

Assignees

  • TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED

Dates

Publication Date
20260512
Application Date
20240614
Priority Date
20220517

Claims (18)

  1. 1 . A data processing method, performed by a service node in a blockchain network, comprising: receiving an authorization request transmitted through an application client; invoking an object login service based on the authorization request; obtaining target login information entered in the object login service, the target login information including a target object identifier and a target object password; invoking a login determining contract obtained from a consensus node of the blockchain network; obtaining object credential information from an object information database through the login determining contract, the object credential information being obtained by the service node from on-chain data of the consensus node through synchronization, and the object credential information including object identifier credential information; searching the object identifier credential information for the target object identifier; in response to the object identifier credential information not including the target object identifier, determining that the target login information does not match the object credential information; and in response to the object identifier credential information including the target object identifier: determining a matching result between the target login information and the object credential information based on the target object password; in response to the matching result indicating the target login information matching the object credential information, obtaining an object authorization code, and returning the object authorization code to the application client; receiving a token obtaining request transmitted by the application client based on the object authorization code; invoking a token issuance service based on the token obtaining request; obtaining an object token through the token issuance service, the object token being configured to provide the application client with an operation permission to operate resource data within a scope of authority through the service node; and returning the object token to the application client.
  2. 2 . The method according to claim 1 , wherein: the object login service includes an object login front-end and an object login back-end; invoking the object login service includes invoking the object login front-end based on the authorization request; obtaining the target login information includes obtaining the target login information entered in the object login front-end; and the login determining contract is invoked through the object login back-end.
  3. 3 . The method according to claim 1 , wherein: the object credential information further includes object password credential information and character string credential information, one piece of object identifier credential information corresponding to one piece of object password credential information and one piece of character string credential information; and determining the matching result includes: splicing the target object password with character string credential information that corresponds to the target object identifier and that is in the object credential information, to obtain target spliced login information; performing hash calculation on the target spliced login information, to obtain target hash login information; comparing the target hash login information with object password credential information that corresponds to the target object identifier and that is in the object credential information; generating, in response to the target hash login information being same as the object password credential information that corresponds to the target object identifier and that is in the object credential information, a first matching result representing that the target login information matches the object credential information; and generating, in response to the target hash login information being different from the object password credential information that corresponds to the target object identifier and that is in the object credential information, a second matching result representing that the target login information does not match the object credential information.
  4. 4 . The method according to claim 1 , wherein obtaining the object token includes: invoking an authorization code verification contract through the token issuance service, the authorization code verification contract being obtained by the service node from the consensus node; performing verification on the object authorization code through the authorization code verification contract; and in response to the verification on the object authorization code being successful, obtaining associated authorization information, and generating the object token based on the associated authorization information.
  5. 5 . The method according to claim 4 , wherein: obtaining the object authorization code includes: obtaining selected authorization information selected in the object login service, the selected authorization information including at least one of aging information, the operation permission, or the scope of authority, and the aging information representing a life cycle of the object token; and generating the object authorization code based on the selected authorization information; and obtaining the associated authorization information includes: parsing the object authorization code, to obtain the associated authorization information.
  6. 6 . The method according to claim 4 , further comprising: obtaining selected authorization information selected in the object login service, the selected authorization information including at least one of aging information, the operation permission, or the scope of authority, and the aging information representing a life cycle of the object token; and wherein obtaining the associated authorization information includes: obtaining the associated authorization information from the object login service through the token issuance service.
  7. 7 . The method according to claim 1 , wherein the service node is further configured to provide an object information operation service; the method further comprising: receiving a resource operation request transmitted by the application client based on the object token; invoking the object information operation service based on the resource operation request; invoking a token verification contract through the object information operation service; performing verification on the resource operation request and the object token through the token verification contract; responding to the resource operation request through the object information operation service in response to the verification on the resource operation request and the object token being successful; and rejecting the resource operation request through the object information operation service in response to the verification on the resource operation request and the object token having failed.
  8. 8 . The method according to claim 7 , wherein performing verification on the resource operation request and the object token through the token verification contract includes: obtaining authorization information associated with the object token through the token verification contract; determining whether the resource operation request meets the authorization information; determining, in response to the resource operation request meeting the authorization information, that the verification on the resource operation request and the object token is successful; and determining, in response to the resource operation request not meeting the authorization information, that the verification on the resource operation request and the object token has failed.
  9. 9 . The method according to claim 7 , wherein responding to the resource operation request through the object information operation service includes: obtaining, in response to the resource operation request being a resource reading operation request, from an object information database through the object information operation service, target read data requested by the resource reading operation request to be read, the target read data belonging to the resource data; and returning the target read data to the application client.
  10. 10 . The method according to claim 9 , wherein obtaining the target read data includes: obtaining the target read data from the object information database through the object information operation service in response to the object information database including the target read data; and in response to the object information database not including the target read data: transmitting, through the object information operation service, a data synchronization request for the target read data to the consensus node; obtaining synchronization data from on-chain data of the consensus node based on the data synchronization request for the target read data, the synchronization data including the target read data; storing the synchronization data into the object information database; and obtaining the target read data from the object information database through the object information operation service.
  11. 11 . The method according to claim 7 , wherein responding to the resource operation request through the object information operation service includes: obtaining, in response to the resource operation request being a resource writing operation request, through the object information operation service, target write data requested by the resource writing operation request to be written, the target write data belonging to the resource data; and writing the target write data into the object information database in response to the object information database not including the target write data.
  12. 12 . The method according to claim 11 , wherein writing the target write data into the object information database includes: forwarding, in response to the object information database not including the target write data, the target write data to the consensus node, to cause the consensus node to package the target write data, generate a target block, and add the target block to the blockchain network; and transmitting a data synchronization request for the target write data to the consensus node, receiving the target write data returned by the consensus node based on the data synchronization request for the target write data, and writing the target write data into the object information database.
  13. 13 . A computer device serving as a service node of a blockchain network, comprising: one or more processors; and one or more memories storing one or more computer programs that, when executed by the one or more processors, cause the computer device to: receive an authorization request transmitted through an application client; invoke an object login service based on the authorization request; obtain target login information entered in the object login service, the target login information including a target object identifier and a target object password; invoke a login determining contract obtained from a consensus node of the blockchain network; obtain object credential information from an object information database through the login determining contract, the object credential information being obtained by the service node from on-chain data of the consensus node through synchronization, and the object credential information including object identifier credential information; search the object identifier credential information for the target object identifier; in response to the object identifier credential information not including the target object identifier, determine that the target login information does not match the object credential information; and in response to the object identifier credential information including the target object identifier: determine a matching result between the target login information and the object credential information based on the target object password; in response to the matching result indicating the target login information matching the object credential information, obtain an object authorization code, and return the object authorization code to the application client; receive a token obtaining request transmitted by the application client based on the object authorization code; invoke a token issuance service based on the token obtaining request; obtain an object token through the token issuance service, the object token being configured to provide the application client with an operation permission to operate resource data within a scope of authority through the service node; and return the object token to the application client.
  14. 14 . The computer device according to claim 13 , wherein: the object login service includes an object login front-end and an object login back-end; the object login service is invoked the object login front-end based on the authorization request; the target login information is entered in the object login front-end; and the login determining contract is invoked through the object login back-end.
  15. 15 . The computer device according to claim 13 , wherein: the object credential information further includes object password credential information and character string credential information, one piece of object identifier credential information corresponding to one piece of object password credential information and one piece of character string credential information; and the one or more computer programs, when executed by the one or more processors, further cause the computer device to: splice the target object password with character string credential information that corresponds to the target object identifier and that is in the object credential information, to obtain target spliced login information; perform hash calculation on the target spliced login information, to obtain target hash login information; compare the target hash login information with object password credential information that corresponds to the target object identifier and that is in the object credential information; generate, in response to the target hash login information being same as the object password credential information that corresponds to the target object identifier and that is in the object credential information, a first matching result representing that the target login information matches the object credential information; and generate, in response to the target hash login information being different from the object password credential information that corresponds to the target object identifier and that is in the object credential information, a second matching result representing that the target login information does not match the object credential information.
  16. 16 . The computer device according to claim 13 , wherein the one or more computer programs, when executed by the one or more processors, further cause the computer device to: invoke an authorization code verification contract through the token issuance service, the authorization code verification contract being obtained by the service node from the consensus node; perform verification on the object authorization code through the authorization code verification contract; and in response to the verification on the object authorization code being successful, obtain associated authorization information, and generate the object token based on the associated authorization information.
  17. 17 . The computer device according to claim 16 , wherein the one or more computer programs, when executed by the one or more processors, further cause the computer device to: obtain selected authorization information selected in the object login service, the selected authorization information including at least one of aging information, the operation permission, or the scope of authority, and the aging information representing a life cycle of the object token; generate the object authorization code based on the selected authorization information; and parse the object authorization code, to obtain the associated authorization information.
  18. 18 . A non-transitory computer-readable storage medium storing one or more computer programs that, when executed by one or more processors of a service node of a blockchain network, cause the one or more processors to: receive an authorization request transmitted through an application client; invoke an object login service based on the authorization request; obtain target login information entered in the object login service, the target login information including a target object identifier and a target object password; invoke a login determining contract obtained from a consensus node of a blockchain network; obtain object credential information from an object information database through the login determining contract, the object credential information being obtained by the service node from on-chain data of the consensus node through synchronization, and the object credential information including object identifier credential information; search the object identifier credential information for the target object identifier; in response to the object identifier credential information not including the target object identifier, determine that the target login information does not match the object credential information; and in response to the object identifier credential information including the target object identifier: determine a matching result between the target login information and the object credential information based on the target object password; in response to the matching result indicating the target login information matching the object credential information, obtain an object authorization code, and return the object authorization code to the application client; receive a token obtaining request transmitted by the application client based on the object authorization code; invoke a token issuance service based on the token obtaining request; obtain an object token through the token issuance service, the object token being configured to provide the application client with an operation permission to operate resource data within a scope of authority through the service node; and return the object token to the application client.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application is a continuation of International Application No. PCT/CN2023/089109, filed on Apr. 19, 2023, which claims priority to Chinese Patent Application No. 202210536186.7, entitled “DATA PROCESSING METHOD AND APPARATUS, COMPUTER DEVICE, AND READABLE STORAGE MEDIUM” filed with the China National Intellectual Property Administration on May 17, 2022, the entire contents of both of which are incorporated herein by reference. FIELD OF THE TECHNOLOGY This application relates to the field of blockchain technologies, and in particular, to a data processing method and apparatus, a computer device, and a readable storage medium. BACKGROUND OF THE DISCLOSURE In the related art, an identity management system may store, in a centralized server (that is, an authorization server), identity management information used for login. The identity management information stored in the authorization server is associated with all objects. That is, the identity management information required by all the objects for login is stored in the authorization server. Therefore, when needing to perform login through an application client, all the objects need to transmit a login request to the authorization server, to implement a login operation on the application client. SUMMARY In accordance with the disclosure, there is provided a data processing method performed by a service node in a blockchain network and including receiving an authorization request transmitted through an application client, invoking an object login service based on the authorization request, obtaining target login information entered in the object login service, performing matching of the target login information with object credential information through the object login service, and, in response to the target login information matching the object credential information, obtaining an object authorization code and returning the object authorization code to the application client. The object credential information is obtained by the service node from a consensus node of the blockchain network. The method further includes receiving a token obtaining request transmitted by the application client based on the object authorization code, invoking a token issuance service based on the token obtaining request, and obtaining an object token through the token issuance service. The object token is configured to provide the application client with an operation permission to operate resource data within a scope of authority through the service node. The method also includes returning the object token to the application client. Also in accordance with the disclosure, there is provided a computer device serving as a service node of a blockchain network and including one or more processors, and one or more memories storing one or more computer programs that, when executed by the one or more processors, cause the computer device to receive an authorization request transmitted through an application client, invoke an object login service based on the authorization request, obtain target login information entered in the object login service, perform matching of the target login information with object credential information through the object login service, and, in response to the target login information matching the object credential information, obtain an object authorization code and returning the object authorization code to the application client. The object credential information is obtained by the service node from a consensus node of the blockchain network. The one or more computer programs, when executed by the one or more processors, further cause the computer device to receive a token obtaining request transmitted by the application client based on the object authorization code, invoke a token issuance service based on the token obtaining request, and obtain an object token through the token issuance service. The object token is configured to provide the application client with an operation permission to operate resource data within a scope of authority through the service node. The one or more computer programs, when executed by the one or more processors, also cause the computer device to return the object token to the application client. Also in accordance with the disclosure, there is provided a non-transitory computer-readable storage medium storing one or more computer programs that, when executed by one or more processors, cause a computer device including the one or more processors to receive an authorization request transmitted through an application client, invoke an object login service based on the authorization request, obtain target login information entered in the object login service, perform matching of the target login information with object credential information through the object login service, and, in response to the target login information matching the object credential information, obtain an object