【7.0.4】【captcha】整理验证码

kernel-a-rule/src/main/java/cn/stylefeng/roses/kernel/rule/constants/RuleConstants.java

@@ -87,4 +87,9 @@ public interface RuleConstants {
      */
     String TENANT_DB_PREFIX = "sys_tenant_db_";
 
+    /**
+     * base64图片前缀，用在给<img src=""/>使用
+     */
+    String BASE64_IMG_PREFIX = "data:image/png;base64,";
+
 }

kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java

@@ -55,7 +55,7 @@ import cn.stylefeng.roses.kernel.jwt.api.pojo.payload.DefaultJwtPayload;
 import cn.stylefeng.roses.kernel.log.api.LoginLogServiceApi;
 import cn.stylefeng.roses.kernel.message.api.expander.WebSocketConfigExpander;
 import cn.stylefeng.roses.kernel.rule.util.HttpServletUtil;
-import cn.stylefeng.roses.kernel.security.api.CaptchaApi;
+import cn.stylefeng.roses.kernel.security.api.ImageCaptchaApi;
 import cn.stylefeng.roses.kernel.system.api.UserServiceApi;
 import cn.stylefeng.roses.kernel.system.api.enums.UserStatusEnum;
 import cn.stylefeng.roses.kernel.system.api.expander.SystemConfigExpander;
@@ -102,7 +102,7 @@ public class AuthServiceImpl implements AuthServiceApi {
     private LoginLogServiceApi loginLogServiceApi;
 
     @Resource
-    private CaptchaApi captchaApi;
+    private ImageCaptchaApi captchaApi;
 
     @Resource
     private SsoProperties ssoProperties;

kernel-d-security/security-api/src/main/java/cn/stylefeng/roses/kernel/security/api/DragCaptchaApi.java

@@ -0,0 +1,53 @@
+/*
+ * Copyright [2020-2030] [https://www.stylefeng.cn]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Guns采用APACHE LICENSE 2.0开源协议，您在使用过程中，需要注意以下几点：
+ *
+ * 1.请不要删除和修改根目录下的LICENSE文件。
+ * 2.请不要删除和修改Guns源码头部的版权声明。
+ * 3.请保留源码和相关描述文件的项目出处，作者声明等。
+ * 4.分发源码时候，请注明软件出处 https://gitee.com/stylefeng/guns
+ * 5.在修改包名，模块名称，项目代码等时，请注明软件出处 https://gitee.com/stylefeng/guns
+ * 6.若您的项目无法满足以上几点，可申请商业授权
+ */
+package cn.stylefeng.roses.kernel.security.api;
+
+import cn.stylefeng.roses.kernel.security.api.pojo.DragCaptchaImageDTO;
+
+/**
+ * 拖拽验证码
+ *
+ * @author fengshuonan
+ * @date 2021/7/5 12:05
+ */
+public interface DragCaptchaApi {
+
+    /**
+     * 生成拖拽验证码的返回值
+     *
+     * @author fengshuonan
+     * @date 2021/7/5 11:55
+     */
+    DragCaptchaImageDTO createCaptcha();
+
+    /**
+     * 验证拖拽验证码
+     *
+     * @author fengshuonan
+     * @date 2021/7/5 11:55
+     */
+    boolean validateCaptcha(String verKey, Integer verCode);
+
+}

kernel-d-security/security-api/src/main/java/cn/stylefeng/roses/kernel/security/api/ImageCaptchaApi.java

@@ -24,7 +24,7 @@
  */
 package cn.stylefeng.roses.kernel.security.api;
 
-import cn.stylefeng.roses.kernel.security.api.pojo.EasyCaptcha;
+import cn.stylefeng.roses.kernel.security.api.pojo.ImageCaptcha;
 
 /**
  * 图形验证码Api
@@ -34,7 +34,7 @@ import cn.stylefeng.roses.kernel.security.api.pojo.EasyCaptcha;
  * @author chenjinlong
  * @date 2021/1/15 13:46
  */
-public interface CaptchaApi {
+public interface ImageCaptchaApi {
 
     /**
      * 生成图形验证码
@@ -42,7 +42,7 @@ public interface CaptchaApi {
      * @author chenjinlong
      * @date 2021/1/15 12:38
      */
-    EasyCaptcha captcha();
+    ImageCaptcha captcha();
 
     /**
      * 校验图形验证码

kernel-d-security/security-api/src/main/java/cn/stylefeng/roses/kernel/security/api/exception/enums/SecurityExceptionEnum.java

@@ -39,9 +39,9 @@ import lombok.Getter;
 public enum SecurityExceptionEnum implements AbstractExceptionEnum {
 
     /**
-     * xxx
+     * 生成验证码错误
      */
-    SECURITY_EXPIRED_ERROR(RuleConstants.BUSINESS_ERROR_TYPE_CODE + SecurityConstants.SECURITY_EXCEPTION_STEP_CODE + "01", "安全模块异常");
+    CAPTCHA_ERROR(RuleConstants.BUSINESS_ERROR_TYPE_CODE + SecurityConstants.SECURITY_EXCEPTION_STEP_CODE + "01", "生成验证码错误");
 
     /**
      * 错误编码

kernel-d-security/security-api/src/main/java/cn/stylefeng/roses/kernel/security/api/pojo/DragCaptchaImageDTO.java

@@ -0,0 +1,48 @@
+package cn.stylefeng.roses.kernel.security.api.pojo;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+/**
+ * 剪裁图片dto传输实体
+ *
+ * @author fengshuonan
+ * @date 2021/7/5 14:10
+ */
+@Data
+@AllArgsConstructor
+public class DragCaptchaImageDTO {
+
+    /**
+     * 本次验证码缓存的key
+     */
+    private String key;
+
+    /**
+     * 剪裁后的源图片（base64编码）
+     */
+    private String srcImage;
+
+    /**
+     * 剪裁的小拼图图片（base64编码）
+     */
+    private String cutImage;
+
+    /**
+     * x轴坐标
+     */
+    private Integer locationX;
+
+    /**
+     * y轴坐标
+     */
+    private Integer locationY;
+
+    public DragCaptchaImageDTO(String srcImage, String cutImage, int locationX, int locationY) {
+        this.srcImage = srcImage;
+        this.cutImage = cutImage;
+        this.locationX = locationX;
+        this.locationY = locationY;
+    }
+
+}

kernel-d-security/security-api/src/main/java/cn/stylefeng/roses/kernel/security/api/pojo/ImageCaptcha.java

@@ -36,7 +36,7 @@ import lombok.Data;
  */
 @Data
 @Builder
-public class EasyCaptcha {
+public class ImageCaptcha {
 
     /**
      * 缓存Key

kernel-d-security/security-sdk-captcha/src/main/java/cn/stylefeng/roses/kernel/security/captcha/DragCaptchaService.java

@@ -0,0 +1,97 @@
+/*
+ * Copyright [2020-2030] [https://www.stylefeng.cn]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Guns采用APACHE LICENSE 2.0开源协议，您在使用过程中，需要注意以下几点：
+ *
+ * 1.请不要删除和修改根目录下的LICENSE文件。
+ * 2.请不要删除和修改Guns源码头部的版权声明。
+ * 3.请保留源码和相关描述文件的项目出处，作者声明等。
+ * 4.分发源码时候，请注明软件出处 https://gitee.com/stylefeng/guns
+ * 5.在修改包名，模块名称，项目代码等时，请注明软件出处 https://gitee.com/stylefeng/guns
+ * 6.若您的项目无法满足以上几点，可申请商业授权
+ */
+package cn.stylefeng.roses.kernel.security.captcha;
+
+import cn.hutool.core.codec.Base64;
+import cn.hutool.core.convert.Convert;
+import cn.hutool.core.io.IoUtil;
+import cn.hutool.core.util.IdUtil;
+import cn.hutool.core.util.StrUtil;
+import cn.stylefeng.roses.kernel.cache.api.CacheOperatorApi;
+import cn.stylefeng.roses.kernel.security.api.DragCaptchaApi;
+import cn.stylefeng.roses.kernel.security.api.exception.SecurityException;
+import cn.stylefeng.roses.kernel.security.api.exception.enums.SecurityExceptionEnum;
+import cn.stylefeng.roses.kernel.security.api.pojo.DragCaptchaImageDTO;
+import cn.stylefeng.roses.kernel.security.captcha.util.DragCaptchaImageUtil;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+/**
+ * 拖拽验证码实现
+ *
+ * @author fengshuonan
+ * @date 2021/7/5 11:34
+ */
+public class DragCaptchaService implements DragCaptchaApi {
+
+    private final CacheOperatorApi<String> cacheOperatorApi;
+
+    public DragCaptchaService(CacheOperatorApi<String> cacheOperatorApi) {
+        this.cacheOperatorApi = cacheOperatorApi;
+    }
+
+    public DragCaptchaImageDTO createCaptcha() {
+        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(DragCaptchaImageUtil.IMAGE_BASE64));
+        try {
+            DragCaptchaImageDTO dragCaptchaImageDTO = DragCaptchaImageUtil.getVerifyImage(byteArrayInputStream);
+            // 缓存x轴坐标
+            String verKey = IdUtil.simpleUUID();
+            Integer verValue = dragCaptchaImageDTO.getLocationX();
+            cacheOperatorApi.put(verKey, verValue.toString());
+
+            // 清空x轴坐标
+            dragCaptchaImageDTO.setKey(verKey);
+            dragCaptchaImageDTO.setLocationX(null);
+
+            return dragCaptchaImageDTO;
+        } catch (IOException e) {
+            throw new SecurityException(SecurityExceptionEnum.CAPTCHA_ERROR);
+        } finally {
+            IoUtil.close(byteArrayInputStream);
+        }
+    }
+
+    public boolean validateCaptcha(String verKey, Integer verScope) {
+        if (StrUtil.isEmpty(verKey)) {
+            return false;
+        }
+        if (verScope == null) {
+            return false;
+        }
+
+        // 获取缓存中存储的范围
+        Integer locationX = Convert.toInt(cacheOperatorApi.get(verKey));
+        int beginScope = locationX - 5;
+        int endScope = locationX + 5;
+
+        // 每次验证不管成功和失败都剔除掉key
+        cacheOperatorApi.remove(verKey);
+
+        // 验证缓存中的范围值
+        return verScope >= beginScope && verScope <= endScope;
+    }
+
+}

kernel-d-security/security-sdk-captcha/src/main/java/cn/stylefeng/roses/kernel/security/captcha/ImageCaptchaService.java

@@ -27,8 +27,8 @@ package cn.stylefeng.roses.kernel.security.captcha;
 import cn.hutool.core.util.IdUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.stylefeng.roses.kernel.cache.api.CacheOperatorApi;
-import cn.stylefeng.roses.kernel.security.api.CaptchaApi;
-import cn.stylefeng.roses.kernel.security.api.pojo.EasyCaptcha;
+import cn.stylefeng.roses.kernel.security.api.ImageCaptchaApi;
+import cn.stylefeng.roses.kernel.security.api.pojo.ImageCaptcha;
 import com.wf.captcha.SpecCaptcha;
 
 /**
@@ -37,21 +37,21 @@ import com.wf.captcha.SpecCaptcha;
  * @author chenjinlong
  * @date 2021/1/15 13:44
  */
-public class CaptchaService implements CaptchaApi {
+public class ImageCaptchaService implements ImageCaptchaApi {
 
     private final CacheOperatorApi<String> cacheOperatorApi;
 
-    public CaptchaService(CacheOperatorApi<String> cacheOperatorApi) {
+    public ImageCaptchaService(CacheOperatorApi<String> cacheOperatorApi) {
         this.cacheOperatorApi = cacheOperatorApi;
     }
 
     @Override
-    public EasyCaptcha captcha() {
+    public ImageCaptcha captcha() {
         SpecCaptcha specCaptcha = new SpecCaptcha(130, 48, 5);
         String verCode = specCaptcha.text().toLowerCase();
         String verKey = IdUtil.simpleUUID();
         cacheOperatorApi.put(verKey, verCode);
-        return EasyCaptcha.builder().verImage(specCaptcha.toBase64()).verKey(verKey).build();
+        return ImageCaptcha.builder().verImage(specCaptcha.toBase64()).verKey(verKey).build();
     }
 
     @Override

kernel-d-security/security-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/security/starter/CaptchaAutoConfiguration.java

@@ -26,8 +26,10 @@ package cn.stylefeng.roses.kernel.security.starter;
 
 import cn.hutool.cache.CacheUtil;
 import cn.hutool.cache.impl.TimedCache;
-import cn.stylefeng.roses.kernel.security.api.CaptchaApi;
-import cn.stylefeng.roses.kernel.security.captcha.CaptchaService;
+import cn.stylefeng.roses.kernel.security.api.DragCaptchaApi;
+import cn.stylefeng.roses.kernel.security.api.ImageCaptchaApi;
+import cn.stylefeng.roses.kernel.security.captcha.DragCaptchaService;
+import cn.stylefeng.roses.kernel.security.captcha.ImageCaptchaService;
 import cn.stylefeng.roses.kernel.security.captcha.cache.CaptchaMemoryCache;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
@@ -49,12 +51,27 @@ public class CaptchaAutoConfiguration {
      * @date 2021/1/15 11:25
      */
     @Bean
-    @ConditionalOnMissingBean(CaptchaApi.class)
-    public CaptchaApi captchaApi() {
+    @ConditionalOnMissingBean(ImageCaptchaApi.class)
+    public ImageCaptchaApi captchaApi() {
         // 验证码过期时间 120秒
         TimedCache<String, String> timedCache = CacheUtil.newTimedCache(1000 * 120);
         CaptchaMemoryCache captchaMemoryCache = new CaptchaMemoryCache(timedCache);
-        return new CaptchaService(captchaMemoryCache);
+        return new ImageCaptchaService(captchaMemoryCache);
+    }
+
+    /**
+     * 拖拽验证码工具
+     *
+     * @author fengshuonan
+     * @date 2021/7/5 11:57
+     */
+    @Bean
+    @ConditionalOnMissingBean(DragCaptchaApi.class)
+    public DragCaptchaApi dragCaptchaService() {
+        // 验证码过期时间 120秒
+        TimedCache<String, String> timedCache = CacheUtil.newTimedCache(1000 * 120);
+        CaptchaMemoryCache captchaMemoryCache = new CaptchaMemoryCache(timedCache);
+        return new DragCaptchaService(captchaMemoryCache);
     }
 
 }

kernel-d-sms/sms-business-validation/src/main/java/cn/stylefeng/roses/kernel/sms/modular/service/impl/SysSmsInfoServiceImpl.java

@@ -31,7 +31,7 @@ import cn.hutool.core.util.StrUtil;
 import cn.stylefeng.roses.kernel.db.api.factory.PageFactory;
 import cn.stylefeng.roses.kernel.db.api.factory.PageResultFactory;
 import cn.stylefeng.roses.kernel.db.api.pojo.page.PageResult;
-import cn.stylefeng.roses.kernel.security.api.CaptchaApi;
+import cn.stylefeng.roses.kernel.security.api.ImageCaptchaApi;
 import cn.stylefeng.roses.kernel.sms.api.SmsSenderApi;
 import cn.stylefeng.roses.kernel.sms.api.exception.SmsException;
 import cn.stylefeng.roses.kernel.sms.api.expander.SmsConfigExpander;
@@ -75,7 +75,7 @@ public class SysSmsInfoServiceImpl extends ServiceImpl<SysSmsMapper, SysSms> imp
     private SmsSenderApi smsSenderApi;
 
     @Resource
-    private CaptchaApi captchaApi;
+    private ImageCaptchaApi captchaApi;
 
     @Transactional(rollbackFor = Exception.class)
     @Override

kernel-s-system/system-business-user/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/controller/KaptchaController.java

@@ -28,12 +28,16 @@ import cn.stylefeng.roses.kernel.rule.pojo.response.ResponseData;
 import cn.stylefeng.roses.kernel.rule.pojo.response.SuccessResponseData;
 import cn.stylefeng.roses.kernel.scanner.api.annotation.ApiResource;
 import cn.stylefeng.roses.kernel.scanner.api.annotation.GetResource;
-import cn.stylefeng.roses.kernel.security.api.CaptchaApi;
-import cn.stylefeng.roses.kernel.security.api.pojo.EasyCaptcha;
+import cn.stylefeng.roses.kernel.security.api.DragCaptchaApi;
+import cn.stylefeng.roses.kernel.security.api.ImageCaptchaApi;
+import cn.stylefeng.roses.kernel.security.api.pojo.DragCaptchaImageDTO;
+import cn.stylefeng.roses.kernel.security.api.pojo.ImageCaptcha;
 import org.springframework.web.bind.annotation.RestController;
 
 import javax.annotation.Resource;
 
+import static cn.stylefeng.roses.kernel.rule.constants.RuleConstants.BASE64_IMG_PREFIX;
+
 /**
  * 图形验证码
  *
@@ -45,11 +49,34 @@ import javax.annotation.Resource;
 public class KaptchaController {
 
     @Resource
-    private CaptchaApi captchaApi;
+    private ImageCaptchaApi captchaApi;
 
-    @GetResource(name = "获取图形验证码", path = "/captcha", requiredPermission = false, requiredLogin = false, responseClass = EasyCaptcha.class)
+    @Resource
+    private DragCaptchaApi dragCaptchaApi;
+
+    /**
+     * 获取图形验证码
+     *
+     * @author fengshuonan
+     * @date 2021/7/5 12:00
+     */
+    @GetResource(name = "获取图形验证码", path = "/captcha", requiredPermission = false, requiredLogin = false, responseClass = ImageCaptcha.class)
     public ResponseData captcha() {
         return new SuccessResponseData(captchaApi.captcha());
     }
 
+    /**
+     * 获取拖拽验证码
+     *
+     * @author fengshuonan
+     * @date 2021/7/5 12:00
+     */
+    @GetResource(name = "获取图形验证码", path = "/dragCaptcha", requiredPermission = false, requiredLogin = false, responseClass = DragCaptchaImageDTO.class)
+    public ResponseData dragCaptcha() {
+        DragCaptchaImageDTO captcha = dragCaptchaApi.createCaptcha();
+        captcha.setSrcImage(BASE64_IMG_PREFIX + captcha.getSrcImage());
+        captcha.setCutImage(BASE64_IMG_PREFIX + captcha.getCutImage());
+        return new SuccessResponseData(captcha);
+    }
+
 }