日本免费高清视频-国产福利视频导航-黄色在线播放国产-天天操天天操天天操天天操|www.shdianci.com

學無先后,達者為師

網(wǎng)站首頁 編程語言 正文

前后端驗證碼分析(字母&計算)

作者:玉滿堂_YTM 更新時間: 2023-12-25 編程語言

樣式:

前端:

login.vue

<template>
<view class="normal-login-container">
<view class="login-form-content">
<view class="input-item flex align-center">
<view class="iconfont icon-user icon"></view>
<input v-model="loginForm.username" class="input" type="text" placeholder="請輸入賬號" maxlength="30" />
</view>
<view class="input-item flex align-center">
<view class="iconfont icon-password icon"></view>
<input v-model="loginForm.password" type="password" class="input" placeholder="請輸入密碼" maxlength="20" />
</view>
<view class="input-item flex align-center" style="width: 60%;margin: 0px;" v-if="captchaEnabled">
<view class="iconfont icon-code icon"></view>
<input v-model="loginForm.code" type="number" class="input" placeholder="請輸入驗證碼" maxlength="4" />
<view class="login-code">
<image :src="codeUrl" @click="getCode" class="login-code-img"></image>
</view>
</view>
<view class="action-btn">
<button @click="handleLogin" class="login-btn cu-btn block bg-blue lg round">登錄</button>
</view>
</view>

</view>
</template>

<script>
import { getCodeImg } from '@/api/login'
export default {
data() {
return {
codeUrl: "",
captchaEnabled: true,
loginForm: {
username: "",
password: "",
code: "",
uuid: ''
}
}
},
created() {
this.getCode()
},
methods: {
// 獲取圖形驗證碼
getCode() {
getCodeImg().then(res => {
this.captchaEnabled = res.captchaEnabled === undefined ? true : res.captchaEnabled
if (this.captchaEnabled) {
this.codeUrl = 'data:image/gif;base64,' + res.img
this.loginForm.uuid = res.uuid
}
})
},
// 登錄方法
async handleLogin() {
if (this.loginForm.username === "") {
this.modal.msgError("請輸入您的賬號")
        } else if (this.loginForm.password === "") {
          this.modal.msgError("請輸入您的密碼")
} else if (this.loginForm.code === "" && this.captchaEnabled) {
this.modal.msgError("請輸入驗證碼")
        } else {
          this.modal.loading("登錄中,請耐心等待...")
this.pwdLogin()
}
},
// 密碼登錄
async pwdLogin() {
this.store.dispatch('Login', this.loginForm).then(() => {
          this.modal.closeLoading()
this.loginSuccess()
}).catch(() => {
if (this.captchaEnabled) {
this.getCode()
}
})
},
// 登錄成功后,處理函數(shù)
loginSuccess(result) {
// 設置用戶信息
this.store.dispatch('GetInfo').then(res => {
          this.tab.reLaunch('/pages/index')
})
}
}
}
</script>

<style lang="scss">
page {
background-color: #ffffff;
}

.normal-login-container {
width: 100%;

.login-form-content {
  text-align: center;
  margin: 20px auto;
  margin-top: 15%;
  width: 80%;

  .input-item {
    margin: 20px auto;
    background-color: #f5f6f7;
    height: 45px;
    border-radius: 20px;

    .icon {
      font-size: 38rpx;
      margin-left: 10px;
      color: #999;
    }

    .input {
      width: 100%;
      font-size: 14px;
      line-height: 20px;
      text-align: left;
      padding-left: 15px;
    }

  }

  .login-btn {
    margin-top: 40px;
    height: 45px;
  }
  
  .login-code {
    height: 38px;
    float: right;
  
    .login-code-img {
      height: 38px;
      position: absolute;
      margin-left: 10px;
      width: 200rpx;
    }
  }
}
}

</style>

login.js

import request from '@/utils/request'

// 登錄方法
export function login(username, password, code, uuid) {
  const data = {
    username,
    password,
    code,
    uuid
  }
  return request({
    'url': '/login',
    headers: {
      isToken: false
    },
    'method': 'post',
    'data': data
  })
}

// 注冊方法
export function register(data) {
  return request({
    url: '/register',
    headers: {
      isToken: false
    },
    method: 'post',
    data: data
  })
}

// 獲取用戶詳細信息
export function getInfo() {
  return request({
    'url': '/getInfo',
    'method': 'get'
  })
}

// 退出方法
export function logout() {
  return request({
    'url': '/logout',
    'method': 'post'
  })
}

// 獲取驗證碼
export function getCodeImg() {
  return request({
    'url': '/captchaImage',
    headers: {
      isToken: false
    },
    method: 'get',
    timeout: 20000
  })
}

?八個Utils:

auth.js

const TokenKey = 'App-Token'

export function getToken() {
  return uni.getStorageSync(TokenKey)
}

export function setToken(token) {
  return uni.setStorageSync(TokenKey, token)
}

export function removeToken() {
  return uni.removeStorageSync(TokenKey)
}

common.js

/**
* 顯示消息提示框
* @param content 提示的標題
*/
export function toast(content) {
  uni.showToast({
    icon: 'none',
    title: content
  })
}

/**
* 顯示模態(tài)彈窗
* @param content 提示的標題
*/
export function showConfirm(content) {
  return new Promise((resolve, reject) => {
    uni.showModal({
      title: '提示',
      content: content,
      cancelText: '取消',
      confirmText: '確定',
      success: function(res) {
        resolve(res)
      }
    })
  })
}
export function praseStrEmpty(str) {
	if (!str || str == "undefined" || str == "null") {
		return "";
	}
	return str;
}

/**
* 參數(shù)處理
* @param params 參數(shù)
*/
export function tansParams(params) {
  let result = ''
  for (const propName of Object.keys(params)) {
    const value = params[propName]
    var part = encodeURIComponent(propName) + "="
    if (value !== null && value !== "" && typeof (value) !== "undefined") {
      if (typeof value === 'object') {
        for (const key of Object.keys(value)) {
          if (value[key] !== null && value[key] !== "" && typeof (value[key]) !== 'undefined') {
            let params = propName + '[' + key + ']'
            var subPart = encodeURIComponent(params) + "="
            result += subPart + encodeURIComponent(value[key]) + "&"
          }
        }
      } else {
        result += part + encodeURIComponent(value) + "&"
      }
    }
  }
  return result
}

constant.js

const constant = {
   avatar: 'vuex_avatar',
   name: 'vuex_name',
   roles: 'vuex_roles',
   permissions: 'vuex_permissions'
 }

 export default constant

?errorCode.js

export default {
  '401': '認證失敗,無法訪問系統(tǒng)資源',
  '403': '當前操作沒有權限',
  '404': '訪問資源不存在',
  'default': '系統(tǒng)未知錯誤,請反饋給管理員'
}

?permission.js

import store from '@/store'

/**
 * 字符權限校驗
 * @param {Array} value 校驗值
 * @returns {Boolean}
 */
export function checkPermi(value) {
  if (value && value instanceof Array && value.length > 0) {
    const permissions = store.getters && store.getters.permissions
    const permissionDatas = value
    const all_permission = "*:*:*"

    const hasPermission = permissions.some(permission => {
      return all_permission === permission || permissionDatas.includes(permission)
    })

    if (!hasPermission) {
      return false
    }
    return true
  } else {
    console.error(`need roles! Like checkPermi="['system:user:add','system:user:edit']"`)
    return false
  }
}

/**
 * 角色權限校驗
 * @param {Array} value 校驗值
 * @returns {Boolean}
 */
export function checkRole(value) {
  if (value && value instanceof Array && value.length > 0) {
    const roles = store.getters && store.getters.roles
    const permissionRoles = value
    const super_admin = "admin"

    const hasRole = roles.some(role => {
      return super_admin === role || permissionRoles.includes(role)
    })

    if (!hasRole) {
      return false
    }
    return true
  } else {
    console.error(`need roles! Like checkRole="['admin','editor']"`)
    return false
  }
}

?request.js

import store from '@/store'
import config from '@/config'
import { getToken } from '@/utils/auth'
import errorCode from '@/utils/errorCode'
import { toast, showConfirm, tansParams } from '@/utils/common'
import axios from 'axios'

let timeout = 10000
const baseUrl = config.baseUrl

const request = config => {
  // 是否需要設置 token
  const isToken = (config.headers || {}).isToken === false
  config.header = config.header || {}
  console.log("--------"+getToken())
  if (getToken() && !isToken) {
    config.header['Authorization'] = 'Bearer ' + getToken()
  }
  // get請求映射params參數(shù)
  if (config.params) {
    let url = config.url + '?' + tansParams(config.params)
    url = url.slice(0, -1)
    config.url = url
  }
  return new Promise((resolve, reject) => {
    uni.request({
        method: config.method || 'get',
        timeout: config.timeout ||  timeout,
        url: config.baseUrl || baseUrl + config.url,
        data: config.data,
        header: config.header,
        dataType: 'json'
      }).then(response => {
        let [error, res] = response
        if (error) {
          toast('后端接口連接異常')
          reject('后端接口連接異常')
          return
        }
        const code = res.data.code || 200
        const msg = errorCode[code] || res.data.msg || errorCode['default']
        if (code === 401) {
          showConfirm('登錄狀態(tài)已過期,您可以繼續(xù)留在該頁面,或者重新登錄?').then(res => {
            if (res.confirm) {
              store.dispatch('LogOut').then(res => {
                uni.reLaunch({ url: '/pages/login' })
              })
            }
          })
          reject('無效的會話,或者會話已過期,請重新登錄。')
        } else if (code === 500) {
          toast(msg)
          reject('500')
        } else if (code !== 200) {
          toast(msg)
          reject(code)
        }
        resolve(res.data)
      })
      .catch(error => {
        let { message } = error
        if (message === 'Network Error') {
          message = '后端接口連接異常'
        } else if (message.includes('timeout')) {
          message = '系統(tǒng)接口請求超時'
        } else if (message.includes('Request failed with status code')) {
          message = '系統(tǒng)接口' + message.substr(message.length - 3) + '異常'
        }
        toast(message)
        reject(error)
      })
  })
}

export default request

?storage.js

import constant from './constant'

// 存儲變量名
let storageKey = 'storage_data'

// 存儲節(jié)點變量名
let storageNodeKeys = [constant.avatar, constant.name, constant.roles, constant.permissions]

const storage = {
  set: function(key, value) {
    if (storageNodeKeys.indexOf(key) != -1) {
      let tmp = uni.getStorageSync(storageKey)
      tmp = tmp ? tmp : {}
      tmp[key] = value
      uni.setStorageSync(storageKey, tmp)
    }
  },
  get: function(key) {
    let storageData = uni.getStorageSync(storageKey) || {}
    return storageData[key] || ""
  },
  remove: function(key) {
    let storageData = uni.getStorageSync(storageKey) || {}
    delete storageData[key]
    uni.setStorageSync(storageKey, storageData)
  },
  clean: function() {
    uni.removeStorageSync(storageKey)
  }
}

export default storage

upload.js

import store from '@/store'
import config from '@/config'
import { getToken } from '@/utils/auth'
import errorCode from '@/utils/errorCode'
import { toast, showConfirm, tansParams } from '@/utils/common'

let timeout = 10000
const baseUrl = config.baseUrl

const upload = config => {
  // 是否需要設置 token
  const isToken = (config.headers || {}).isToken === false
  config.header = config.header || {}
  if (getToken() && !isToken) {
    config.header['Authorization'] = 'Bearer ' + getToken()
  }
  // get請求映射params參數(shù)
  if (config.params) {
    let url = config.url + '?' + tansParams(config.params)
    url = url.slice(0, -1)
    config.url = url
  }
  return new Promise((resolve, reject) => {
      uni.uploadFile({
        timeout: config.timeout || timeout,
        url: baseUrl + config.url,
        filePath: config.filePath,
        name: config.name || 'file',
        header: config.header,
        formData: config.formData,
        success: (res) => {
          let result = JSON.parse(res.data)
          const code = result.code || 200
          const msg = errorCode[code] || result.msg || errorCode['default']
          if (code === 200) {
            resolve(result)
          } else if (code == 401) {
            showConfirm("登錄狀態(tài)已過期,您可以繼續(xù)留在該頁面,或者重新登錄?").then(res => {
              if (res.confirm) {
                store.dispatch('LogOut').then(res => {
                  uni.reLaunch({ url: '/pages/login/login' })
                })
              }
            })
            reject('無效的會話,或者會話已過期,請重新登錄。')
          } else if (code === 500) {
            toast(msg)
            reject('500')
          } else if (code !== 200) {
            toast(msg)
            reject(code)
          }
        },
        fail: (error) => {
          let { message } = error
          if (message == 'Network Error') {
            message = '后端接口連接異常'
          } else if (message.includes('timeout')) {
            message = '系統(tǒng)接口請求超時'
          } else if (message.includes('Request failed with status code')) {
            message = '系統(tǒng)接口' + message.substr(message.length - 3) + '異常'
          }
          toast(message)
          reject(error)
        }
      })
  })
}

export default upload

?

后端:

傳入URL:

http://localhost:8080/captchaImage

驗證碼操作處理(CaptchaController):

生成驗證碼的Controller,可以生成數(shù)字計算或者字符驗證類型的驗證碼。生成的驗證碼被存儲在Redis緩存中,并返回一個包含驗證碼圖片Base64編碼和驗證碼uuid的AjaxResult對象。

package com.muyuan.web.controller.common;

import java.awt.image.BufferedImage;
import java.io.IOException;
import java.util.concurrent.TimeUnit;

import javax.annotation.Resource;
import javax.imageio.ImageIO;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.util.FastByteArrayOutputStream;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import com.google.code.kaptcha.Producer;
import com.muyuan.common.constant.Constants;
import com.muyuan.common.core.domain.AjaxResult;
import com.muyuan.common.core.redis.RedisCache;
import com.muyuan.common.utils.sign.Base64;
import com.muyuan.common.utils.uuid.IdUtils;

/**
 * 驗證碼操作處理
 */
//@Api("驗證碼")
@RestController
public class CaptchaController {
    @Resource(name = "captchaProducer")
    private Producer captchaProducer;

    @Resource(name = "captchaProducerMath")
    private Producer captchaProducerMath;

    @Autowired
    private RedisCache redisCache;
    
    // 驗證碼類型
    @Value("${muyuan.captchaType}")
    private String captchaType;

    /**
     * 生成驗證碼
     */
    //@ApiOperation("生成驗證碼")
    @GetMapping("/captchaImage")
    public AjaxResult getCode(HttpServletResponse response) throws IOException
    {
        // 1.保存驗證碼信息
        //1.1 生成簡單的uuid(詳細看文章ID生成工具)
        String uuid = IdUtils.simpleUUID();
        //1.2Constants.CAPTCHA_CODE_KEY就是拼接一個前綴信息("captcha_codes:")
        // 確保唯一性(確定每個人獨自的驗證碼)
        String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid;
        //1.3以下滯空
        String capStr = null, code = null;
        BufferedImage image = null;

        // 2.生成驗證碼(兩種方式計算驗證碼和字母驗證碼)
            //2.1由captchaType控制在application.yml中定義:
                //2.1.1 # 驗證碼類型 math 數(shù)組計算 char 字符驗證
                //2.1.2captchaType: math
        if ("math".equals(captchaType))
        {
            //2.2.1用captchaProducerMath計算公式創(chuàng)建了一個文本 例如:1+1=@2
            String capText = captchaProducerMath.createText();
            //2.2.2字符串撕裂為 1+1= 這一部分
            capStr = capText.substring(0, capText.lastIndexOf("@"));
            //2.2.3字符串撕裂為 2 這一部分
            code = capText.substring(capText.lastIndexOf("@") + 1);
            //2.2.4創(chuàng)建了一個照片流
            image = captchaProducerMath.createImage(capStr);
        }
        else if ("char".equals(captchaType))
        {
            //2.3.1用captchaProducerMath計算公式創(chuàng)建了一個文本
            capStr = code = captchaProducer.createText();
            //2.3.2創(chuàng)建了一個照片流
            image = captchaProducer.createImage(capStr);
        }
        //redis存儲(詳見文章spring redis的工具類)
        //TimeUnit.MINUTES為有效時間
        redisCache.setCacheObject(verifyKey, code, Constants.CAPTCHA_EXPIRATION, TimeUnit.MINUTES);
        // 轉換流信息寫出
        FastByteArrayOutputStream os = new FastByteArrayOutputStream();
        try
        {
            //照片流轉成jpg格式名為os
            ImageIO.write(image, "jpg", os);
        }
        catch (IOException e)
        {
            return AjaxResult.error(e.getMessage());
        }
        //操作消息提醒(詳見文章封裝消息提醒)
        AjaxResult ajax = AjaxResult.success();

        ajax.put("uuid", uuid);
        //將os進行Base64編碼的操作提高兼容性
        ajax.put("img", Base64.encode(os.toByteArray()));
        return ajax;
    }
}

之后前端輸入驗證碼點擊登錄:

接口 URL:

http://localhost:8080/login

登錄的操作處理(LoginController):

/**
     * 登錄方法
     * 
     * @param loginBody 登錄信息
     * @return 結果
     */
    @PostMapping("/login")
    public AjaxResult login(@RequestBody LoginBody loginBody) {
        AjaxResult ajax = AjaxResult.success();
        // 生成令牌
        String token = loginService.login(loginBody.getUsername(), loginBody.getPassword(), loginBody.getCode(),
                loginBody.getUuid());
        ajax.put(Constants.TOKEN, token);
        return ajax;
    }

登錄的操作處理(LoginService):

  • 參數(shù):用戶名(username)、密碼(password)、驗證碼(code)、驗證碼唯一標識(uuid)。
  • 首先根據(jù)uuid拼接出驗證碼在Redis緩存中的鍵名(verifyKey)。
  • 從Redis緩存中獲取該鍵名對應的驗證碼(captcha)。
  • 刪除Redis緩存中的該鍵名。
  • 如果驗證碼為null,說明驗證碼已過期,拋出CaptchaExpireException異常。
  • 如果驗證碼不匹配,拋出CaptchaException異常。
  • 調(diào)用authenticationManager的authenticate方法進行用戶驗證,傳入用戶名和密碼。
  • 如果驗證失敗,根據(jù)異常類型進行相應處理:
    • 如果是BadCredentialsException異常,拋出UserPasswordNotMatchException異常,表示密碼不匹配。
    • 其他異常情況下,拋出CustomException異常,并記錄異常信息。
  • 記錄登錄日志,包括用戶名、登錄結果(成功或失?。⑾嚓P消息。
  • 獲取驗證通過的用戶對象(LoginUser)。
  • 調(diào)用tokenService的createToken方法生成token并返回。
package com.muyuan.framework.web.service;

import javax.annotation.Resource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;
import com.muyuan.common.constant.Constants;
import com.muyuan.common.core.domain.model.LoginUser;
import com.muyuan.common.core.redis.RedisCache;
import com.muyuan.common.exception.CustomException;
import com.muyuan.common.exception.user.CaptchaException;
import com.muyuan.common.exception.user.CaptchaExpireException;
import com.muyuan.common.exception.user.UserPasswordNotMatchException;
import com.muyuan.common.utils.MessageUtils;
import com.muyuan.framework.manager.AsyncManager;
import com.muyuan.framework.manager.factory.AsyncFactory;

/**
 * 登錄校驗方法
 * 
 * 
 */
@Component
public class SysLoginService {
    @Autowired
    private TokenService tokenService;

    @Resource
    private AuthenticationManager authenticationManager;

    @Autowired
    private RedisCache redisCache;

    /**
     * 登錄驗證
     * 
     * @param username 用戶名
     * @param password 密碼
     * @param code 驗證碼
     * @param uuid 唯一標識
     * @return 結果
     */
    public String login(String username, String password, String code, String uuid) {
        //前端獲取的進行拼接verifyKey
        String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid;
        //從redisCache存儲中獲得verifyKey
        String captcha = redisCache.getCacheObject(verifyKey);
        //清除verifyKey緩存
        redisCache.deleteObject(verifyKey);
        if (captcha == null)
        {
            //記錄日志(詳見文章日志記錄)
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire")));
            throw new CaptchaExpireException();
        }
        if (!code.equalsIgnoreCase(captcha))
        {
            //記錄日志(詳見文章日志記錄)
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.error")));
            throw new CaptchaException();
        }
        // 用戶驗證
        Authentication authentication = null;
        try {
            /**
             *獲取用戶對象的時候,會去調(diào)用下面的這個方法查詢用戶對象
             * UserDetailsServiceImpl.loadUserByUsername
             */
            // 該方法會去調(diào)用UserDetailsServiceImpl.loadUserByUsername
            System.out.println("username "+username+" -----password "+password);
            authentication = authenticationManager
                    .authenticate(new UsernamePasswordAuthenticationToken(username, password));
        }catch (Exception e) {
            e.printStackTrace();
            if (e instanceof BadCredentialsException) {
                //記錄日志(詳見文章日志記錄)
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
                throw new UserPasswordNotMatchException();
            }else {
                //記錄日志(詳見文章日志記錄)
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));
                throw new CustomException(e.getMessage());
            }
        }
        //記錄日志(詳見文章日志記錄)
        AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
        LoginUser loginUser = (LoginUser) authentication.getPrincipal();
        // 生成token(詳見文章Token驗證處理)
        return tokenService.createToken(loginUser);
    }
}

原文鏈接:https://blog.csdn.net/A2029292473/article/details/134739723

  • 上一篇:沒有了
  • 下一篇:沒有了
欄目分類
最近更新