CAPTCHA

To check the lot | view Gitee warehouse warehouse

Introduction to the

HMI and CAPTcha are one of the most common ways to protect interfaces in back-end development, and such code often leads to poor project maintainability due to coupling with business code.

CAPTCHA is a CAPTCHA framework based on Spring Boot. It uses AOP to complete CAPTCHA generating, sending, storing and other CAPTCHA related business to avoid coupling with business code. Developers can easily combine different components to implement authentication services, and customize the implementation to meet their own service requirements (such as email verification codes and SMS verification codes).

Code sample

Importing Maven dependencies

<dependency>
    <groupId>cn.dustlight.captcha</groupId>
    <artifactId>captcha-core</artifactId>
    <version>0.0.6</version>
</dependency>
Copy the code

Add annotations to enable CAPTCHA

@SpringBootApplication
@EnableCaptcha / / enable the CAPTCHA
public class DemoApplication {
    public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); }}Copy the code

Production captcha using annotations

    @RequestMapping("/captcha")
    @SendCode // Generate random character image captcha and send it
    public void captcha(@CodeValue String code) {
        // The custom business is done here. The generation, sending and storage of the verification code are done by the annotation '@sendCode'.
        log.info(code);
    }
Copy the code

Consuming captchas with annotations (protecting interfaces)

    @RequestMapping("/")
    @VerifyCode
    public String index(@CodeValue String code) {
        // The custom business is done here. Verification and destruction of the verification code are done by annotation '@verifyCode'.
        return String.format("Hello World! (%s)", code);
    }
Copy the code

Realize the principle of

Based on AOP, CAPTCHA divides the CAPTCHA business into two facets:

  • @SendCode
    1. Generate captcha
    2. Stored verification code
    3. Send verification code
  • @VerifyCode
    1. Read verification code
    2. To verify

At the same time, the captcha service is abstracted into the following interfaces:

  • Code– captcha
  • CodeGenerator– the generator
  • CodeSender– the sender
  • CodeStore– storage
  • CodeVerifier– the validator

example

AOP implementation of random character image verification code

Business analysis

  1. The client accesses the captcha interface to obtain the image, and the backend service stores the generated captcha in Session or Redis.
  2. The client accesses the interface (login, registration, etc.), passes in parameters and verification codes, and the back-end service retrieves the verification codes for verification.

Module partition

interface implementation Function/Description
Code Code<String> The value is a string of Code containing the name and value of the verification Code. (Verification code name Verification code used to distinguish different services)
CodeGenerator RandomStringCodeGenerator Random string generation, through the parameters to configure the character pool and length.
CodeSender ImageCodeSender Draw an image (random characters, interference lines) and output it to Response.
CodeStore HttpSessionCodeStore Store and retrieve verification codes based on Session.
CodeVerifier StringEqualsCodeVerifier String comparison verification, by setting whether the parameter is case sensitive and whether trim.

The business logic

@SendCode

  1. throughCodeGeneratorgenerateCode.
  2. throughCodeStorestorageCode.
  3. throughCodeSenderThe outputCode.
  4. Execute the business code.

@VerifyCode

  1. Gets the captcha to be validated from the request parameter.
  2. throughCodeStoreTake out theCode
  3. throughCodeVerifyVerify.
  4. Execute the business code when validation is complete, otherwise throw an exception.

Expansion and combination

In addition to image captcha (human-machine recognition), common captcha services or human-machine recognition services such as SMS captcha, email captCHA, and Google reCAPTCHA can implement these interfaces.

For example, if you want to store captcha using Redis, you can implement CodeStore via RedisTemplate, and then use a combination of modules to easily accomplish custom captcha business without affecting the business code.

Expand module

Redis storage module

Provides verification code storage function based on Redis.

Mailbox verification code sender

Integrates the mailbox verification code sending function.

SMS verification code sender (Tencent SMS)

Provides the verification code sending function based on Tencent cloud SMS service.

Google reCAPTCHA human machine recognition

Integration with Google reCAPTCHA human-machine recognition service.