feat: 完成人机交互验证 API 接入，增加短信防刷验证

2025-11-07 09:43:43 +08:00 · 2023-07-25 17:00:24 +08:00
parent cab955c292
commit c5be114db2
18 changed files with 705 additions and 213 deletions
--- a/api/handler/captcha_handler.go
+++ b/api/handler/captcha_handler.go
@@ -0,0 +1,47 @@
+package handler
+
+import (
+	"chatplus/core/types"
+	"chatplus/service"
+	"chatplus/utils/resp"
+	"github.com/gin-gonic/gin"
+)
+
+// 今日头条函数实现
+
+type CaptchaHandler struct {
+	service *service.CaptchaService
+}
+
+func NewCaptchaHandler(s *service.CaptchaService) *CaptchaHandler {
+	return &CaptchaHandler{service: s}
+}
+
+func (h *CaptchaHandler) Get(c *gin.Context) {
+	data, err := h.service.Get()
+	if err != nil {
+		resp.ERROR(c, err.Error())
+		return
+	}
+
+	resp.SUCCESS(c, data)
+}
+
+// Check verify the captcha data
+func (h *CaptchaHandler) Check(c *gin.Context) {
+	var data struct {
+		Key  string `json:"key"`
+		Dots string `json:"dots"`
+	}
+	if err := c.ShouldBindJSON(&data); err != nil {
+		resp.ERROR(c, types.InvalidArgs)
+		return
+	}
+
+	if h.service.Check(data) {
+		resp.SUCCESS(c)
+	} else {
+		resp.ERROR(c)
+	}
+
+}
--- a/api/handler/sms_handler.go
+++ b/api/handler/sms_handler.go
@@ -0,0 +1,65 @@
+package handler
+
+import (
+	"chatplus/core"
+	"chatplus/core/types"
+	"chatplus/service"
+	"chatplus/store"
+	"chatplus/utils"
+	"chatplus/utils/resp"
+	"github.com/gin-gonic/gin"
+)
+
+const CodeStorePrefix = "/verify/codes/"
+
+type SmsHandler struct {
+	BaseHandler
+	db      *store.LevelDB
+	sms     *service.AliYunSmsService
+	captcha *service.CaptchaService
+}
+
+func NewSmsHandler(app *core.AppServer, db *store.LevelDB, sms *service.AliYunSmsService, captcha *service.CaptchaService) *SmsHandler {
+	handler := &SmsHandler{db: db, sms: sms, captcha: captcha}
+	handler.App = app
+	return handler
+}
+
+// VerifyCode 发送验证码短信
+func (h *SmsHandler) VerifyCode(c *gin.Context) {
+	var data struct {
+		Mobile string `json:"mobile"`
+		Key    string `json:"key"`
+		Dots   string `json:"dots"`
+	}
+	if err := c.ShouldBindJSON(&data); err != nil {
+		resp.ERROR(c, types.InvalidArgs)
+		return
+	}
+
+	if !h.captcha.Check(data) {
+		resp.ERROR(c, "验证码错误，请先完人机验证")
+		return
+	}
+
+	code := utils.RandomNumber(6)
+	err := h.sms.SendVerifyCode(data.Mobile, code)
+	if err != nil {
+		resp.ERROR(c, err.Error())
+		return
+	}
+
+	// 存储验证码，等待后面注册验证
+	err = h.db.Put(CodeStorePrefix+data.Mobile, code)
+	if err != nil {
+		resp.ERROR(c, "验证码保存失败")
+		return
+	}
+
+	resp.SUCCESS(c)
+}
+
+// Status check if the message service is enabled
+func (h *SmsHandler) Status(c *gin.Context) {
+	resp.SUCCESS(c, h.App.Config.EnabledMsgService)
+}
--- a/api/handler/user_handler.go
+++ b/api/handler/user_handler.go
@@ -58,12 +58,14 @@ func (h *UserHandler) Register(c *gin.Context) {

 	// 检查验证码
 	key := CodeStorePrefix + data.Mobile
-	var code int
-	err := h.levelDB.Get(key, &code)
-	if err != nil || code != data.Code {
-		logger.Info(code)
-		resp.ERROR(c, "短信验证码错误")
-		return
+	if h.App.Config.EnabledMsgService {
+		var code int
+		err := h.levelDB.Get(key, &code)
+		if err != nil || code != data.Code {
+			logger.Info(code)
+			resp.ERROR(c, "短信验证码错误")
+			return
+		}
 	}

 	// check if the username is exists
@@ -111,7 +113,7 @@ func (h *UserHandler) Register(c *gin.Context) {
 	var cfg model.Config
 	h.db.Where("marker = ?", "system").First(&cfg)
 	var config types.SystemConfig
-	err = utils.JsonDecode(cfg.Config, &config)
+	err := utils.JsonDecode(cfg.Config, &config)
 	if err != nil || config.UserInitCalls <= 0 {
 		user.Calls = types.UserInitCalls
 	} else {
@@ -124,7 +126,9 @@ func (h *UserHandler) Register(c *gin.Context) {
 		return
 	}

-	_ = h.levelDB.Delete(key) // 注册成功，删除短信验证码
+	if h.App.Config.EnabledMsgService {
+		_ = h.levelDB.Delete(key) // 注册成功，删除短信验证码
+	}
 	resp.SUCCESS(c, user)
 }

--- a/api/handler/verify_handler.go
+++ b/api/handler/verify_handler.go
@@ -1,150 +0,0 @@
-package handler
-
-import (
-	"chatplus/core"
-	"chatplus/core/types"
-	"chatplus/service"
-	"chatplus/store"
-	"chatplus/utils"
-	"chatplus/utils/resp"
-	"fmt"
-	"time"
-
-	"github.com/gin-gonic/gin"
-)
-
-// 短信验证码控制器
-
-type VerifyHandler struct {
-	BaseHandler
-	sms *service.AliYunSmsService
-	db  *store.LevelDB
-}
-
-const TokenStorePrefix = "/verify/tokens/"
-const CodeStorePrefix = "/verify/codes/"
-const MobileStatPrefix = "/verify/stats/"
-
-func NewVerifyHandler(app *core.AppServer, sms *service.AliYunSmsService, db *store.LevelDB) *VerifyHandler {
-	handler := &VerifyHandler{sms: sms, db: db}
-	handler.App = app
-	return handler
-}
-
-type VerifyToken struct {
-	Token     string
-	Timestamp int64
-}
-
-// CodeStats 验证码发送统计
-type CodeStats struct {
-	Mobile string
-	Count  uint
-	Time   int64
-}
-
-// Token 生成自验证 token
-func (h *VerifyHandler) Token(c *gin.Context) {
-	// 如果不是通过浏览器访问，则返回错误的 token
-	// TODO: 引入验证码机制防刷机制
-	if c.GetHeader("Sec-Fetch-Mode") != "cors" {
-		token := fmt.Sprintf("%s:%d", utils.RandString(32), time.Now().Unix())
-		encrypt, err := utils.AesEncrypt(h.App.Config.AesEncryptKey, []byte(token))
-		if err != nil {
-			resp.ERROR(c, "Token 加密出错")
-			return
-		}
-		resp.SUCCESS(c, encrypt)
-		return
-	}
-
-	token := VerifyToken{
-		Token:     utils.RandString(32),
-		Timestamp: time.Now().Unix(),
-	}
-	json := utils.JsonEncode(token)
-	encrypt, err := utils.AesEncrypt(h.App.Config.AesEncryptKey, []byte(json))
-	if err != nil {
-		resp.ERROR(c, "Token 加密出错")
-		return
-	}
-	err = h.db.Put(TokenStorePrefix+token.Token, token)
-	if err != nil {
-		resp.ERROR(c, "Token 存储失败")
-		return
-	}
-
-	resp.SUCCESS(c, encrypt)
-}
-
-// SendMsg 发送验证码短信
-func (h *VerifyHandler) SendMsg(c *gin.Context) {
-	var data struct {
-		Mobile string `json:"mobile"`
-		Token  string `json:"token"`
-	}
-	if err := c.ShouldBindJSON(&data); err != nil {
-		resp.ERROR(c, types.InvalidArgs)
-		return
-	}
-
-	decrypt, err := utils.AesDecrypt(h.App.Config.AesEncryptKey, data.Token)
-	if err != nil {
-		resp.ERROR(c, "Token 解密失败")
-		return
-	}
-
-	var token VerifyToken
-	err = utils.JsonDecode(string(decrypt), &token)
-	if err != nil {
-		resp.ERROR(c, "Token 解码失败")
-		return
-	}
-
-	if time.Now().Unix()-token.Timestamp > 30 {
-		resp.ERROR(c, "Token 已过期，请刷新页面重试")
-		return
-	}
-
-	// 验证当前手机号发送次数，24 小时内相同手机号只允许发送 2 次
-	var stat CodeStats
-	err = h.db.Get(MobileStatPrefix+data.Mobile, &stat)
-	if err != nil {
-		stat = CodeStats{
-			Mobile: data.Mobile,
-			Count:  0,
-			Time:   time.Now().Unix(),
-		}
-	} else if stat.Count == 2 {
-		if time.Now().Unix()-stat.Time > 86400 {
-			stat.Count = 0
-			stat.Time = time.Now().Unix()
-		} else {
-			resp.ERROR(c, "触发流量预警，请 24 小时后再操作！")
-			return
-		}
-	}
-
-	code := utils.RandomNumber(6)
-	err = h.sms.SendVerifyCode(data.Mobile, code)
-	if err != nil {
-		resp.ERROR(c, err.Error())
-		return
-	}
-
-	// 每个 token 用完一次立即失效
-	_ = h.db.Delete(TokenStorePrefix + token.Token)
-	// 存储验证码，等待后面注册验证
-	err = h.db.Put(CodeStorePrefix+data.Mobile, code)
-	if err != nil {
-		resp.ERROR(c, "验证码保存失败")
-		return
-	}
-
-	// 更新发送次数
-	stat.Count = stat.Count + 1
-	_ = h.db.Put(MobileStatPrefix+data.Mobile, stat)
-	logger.Infof("%+v", stat)
-
-	resp.SUCCESS(c)
-}