验证码功能实现
最近公司对公司小程序进行安全漏洞检测,发现我们的登录接口存在安全隐患,需要添加图形验证码来进行过滤,要实现图形验证码要考虑两个问题
1,图片展现的形式
1)二进制传到前端直接展示
2)存到一个图片地址,返回url前端直接获取
2,如何定位
后端生成一个key,验证码,存到缓存中,传给前端,前端传验证码,key到后端
啥也不说了,直接上代码
ImageVerificationCode.java
package org.source.dsmh.utils;
import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.Graphics2D;
import java.awt.image.BufferedImage;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.Random;
import javax.imageio.ImageIO;
import org.apache.commons.lang3.ArrayUtils;
import sun.misc.BASE64Encoder;
public class ImageVerificationCode {
private volatile static ImageVerificationCode imageCode;
private ImageVerificationCode(){}
public static ImageVerificationCode getInstance(){
if(imageCode==null){
synchronized (ImageVerificationCode.class){
if(imageCode==null){
imageCode=new ImageVerificationCode();
}
}
}
return imageCode;
}
private static Random r = new Random(); //获取随机数对象
//private String[] fontNames = {"宋体", "华文楷体", "黑体", "微软雅黑", "楷体_GB2312"}; //字体数组
//验证码数组
// private static String codes = "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
private static String codes = "1234567890";
/**
* 获取随机的颜色
*
* @return
*/
private Color randomColor() {
int r = this.r.nextInt(225); //这里为什么是225,因为当r,g,b都为255时,即为白色,为了好辨认,需要颜色深一点。
int g = this.r.nextInt(225);
int b = this.r.nextInt(225);
return new Color(r, g, b); //返回一个随机颜色
}
/**
* 获取随机字符串
*
* @return
*/
public String randomStr() {
StringBuilder sb=new StringBuilder();
for(int i=0;i<4;i++) {
int index = r.nextInt(codes.length());
char x=codes.charAt(index);
sb.append(x);
}
return sb.toString();
}
public String createImageWithVerifyCode(int width, int height, String word) throws IOException {
String png_base64="";
//绘制内存中的图片
BufferedImage bufferedImage = new BufferedImage(width,height,BufferedImage.TYPE_INT_RGB);
//得到画图对象
Graphics graphics = bufferedImage.getGraphics();
//绘制图片前指定一个颜色
graphics.setColor( Color.white);
graphics.fillRect(0,0,width,height);
//绘制边框
graphics.setColor(Color.white);
graphics.drawRect(0, 0, width - 1, height - 1);
// 步骤四 四个随机数字
Graphics2D graphics2d = (Graphics2D) graphics;
graphics2d.setFont(new Font("宋体", Font.BOLD, 18));
Random random = new Random();
// 定义x坐标
int x = 5;
for (int i = 0; i < word.length(); i++) {
// 随机颜色
//graphics2d.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));
graphics2d.setColor(new Color(0,29,38));
// 旋转 -30 --- 30度
int jiaodu = random.nextInt(60) - 30;
// 换算弧度
double theta = jiaodu * Math.PI / 180;
// 获得字母数字
char c = word.charAt(i);
//将c 输出到图片
graphics2d.rotate(theta, x, 20);
graphics2d.drawString(String.valueOf(c), x, 20);
graphics2d.rotate(-theta, x, 20);
x += 18;
}
//保存验证码
// 绘制干扰线
graphics.setColor(this.randomColor());
int x1;
int x2;
int y1;
int y2;
for (int i = 0; i < 30; i++) {
x1 = random.nextInt(width);
x2 = random.nextInt(12);
y1 = random.nextInt(height);
y2 = random.nextInt(12);
// graphics.drawLine(x1, y1, x1 + x2, x2 + y2);
}
graphics.dispose();// 释放资源
ByteArrayOutputStream baos = new ByteArrayOutputStream();//io流
ImageIO.write(bufferedImage, "png", baos);//写入流中
byte[] bytes = baos.toByteArray();//转换成字节
BASE64Encoder encoder = new BASE64Encoder();
png_base64 = encoder.encodeBuffer(bytes).trim();
png_base64= "data:image/jpeg;base64,"+png_base64;
// png_base64 = png_base64.replaceAll("\n", "").replaceAll("\r", "");//删除 \r\n
return png_base64;
}
public static String getRandomString(int length){
Random random=new Random();
StringBuffer sb=new StringBuffer();
for(int i=0;i<length;i++){
int number=random.nextInt(100);
sb.append(number);
}
return sb.toString();
}
public static void main(String[] args) throws IOException {
ImageVerificationCode ivc = new ImageVerificationCode(); //用我们的验证码类,生成验证码类对象
/*
* String str=ivc.randomStr(); System.out.println(str);
* System.out.println(ivc.createImageWithVerifyCode(75, 31,str ));
*/
System.out.println(ivc.getRandomString(5));
}
} LocalAccountPicCodeServiceImpl.java
package org.source.dsmh.service.impl;
import java.util.concurrent.locks.ReentrantLock;
import org.apache.log4j.Logger;
import org.source.dsmh.service.LocalDataService;
import org.source.dsmh.utils.AccountConstant;
import org.source.dsmh.utils.DataTemplate;
import org.source.dsmh.utils.ImageVerificationCode;
import org.source.dsmh.utils.mongodb.LogMsg;
import org.source.dsmh.utils.redis.RedisOperator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.alibaba.druid.util.StringUtils;
import com.alibaba.fastjson.JSONObject;
/****
* 图片验证码*/
@Service("local-account-picCode")
public class LocalAccountPicCodeServiceImpl implements LocalDataService {
private Logger log = Logger.getLogger(LocalAccountPicCodeServiceImpl.class);
@Autowired
private RedisOperator redisOperator;
public static final String PICCODE_PREFIX = "account:code";
private final ReentrantLock lock=new ReentrantLock();
@Override
public DataTemplate localData(String paramJson, String function, String method, String appUser) {
this.log.info(LogMsg.getLogMsgForInfo(function, method, paramJson, method));
/**
* @info 完成参数转换
*/
JSONObject jsonObject = null;
if (!StringUtils.isEmpty(paramJson)) {
try {
jsonObject = JSONObject.parseObject(paramJson);
} catch (Exception e) {
e.printStackTrace();
log.error(LogMsg.getLogMsgForError(function, method, paramJson, "", AccountConstant.PARAM_JSON_ERROR),
e);
return DataTemplate.error(AccountConstant.PARAM_JSON_ERROR);
}
} else {
jsonObject = new JSONObject();
}
/**
* @info 随机生成验证码--将验证码发送至用户手机
*/
lock.lock();
try {
long time=System.currentTimeMillis();
String key=time+ImageVerificationCode.getInstance().getRandomString(5);
final int width = 75; // 图片宽度
final int height = 31; // 图片高度
String words = ImageVerificationCode.getInstance().randomStr();
// 创建验证码图片并返回图片上的字符串
String code = ImageVerificationCode.getInstance().createImageWithVerifyCode(width, height, words);
log.info("验证码内容: " + words);
this.redisOperator.setCache(PICCODE_PREFIX, "code:" + key, words);
log.info(LogMsg.getLogMsgForInfo(function, method, PICCODE_PREFIX+":code:"+key+"验证码:"+words, AccountConstant.SUCCESS));
JSONObject result = new JSONObject();
result.put("code", code);
result.put("picCodeKey", key);
return DataTemplate.ok(result);
} catch (Exception e) {
e.printStackTrace();
log.error(LogMsg.getLogMsgForError(function, method, paramJson, "", "获取验证码失败"), e);
return DataTemplate.error("获取验证码失败");
}finally {
lock.unlock();
}
}
} LocalAccountLoginvalidateServiceImpl.java
String picCode=jsonObject.getString("picCode");
if (StringUtils.isEmpty(picCode)){
return DataTemplate.error("验证码不能为空");
}
String picCodeKey=jsonObject.getString("picCodeKey"); try {
//获取缓存中验证码值,判断验证码是否正确
String valid = this.redisOperator.getCache(PICCODE_PREFIX, "code:" + picCodeKey);
if (StringUtils.isEmpty(picCode) || !picCode.equalsIgnoreCase(valid)) {
log.error(LogMsg.getLogMsgForError(function, method, paramJson, "缓存验证码:"+valid, AccountConstant.VALID_ERROR_MESSAGE));
return DataTemplate.error(AccountConstant.VALID_ERROR_MESSAGE);
}
} catch (Exception e) {
log.error(LogMsg.getLogMsgForError(function, method, paramJson, "", AccountConstant.VALID_ERROR_MESSAGE));
return DataTemplate.error(AccountConstant.VALID_ERROR_MESSAGE);
}