欢迎关注公众号与我交流
 博主目前就职于一家工业互联网公司担任架构师,曾供职于阿里、康佳、电商与移动社交等公司,技术能力、架构能力过硬

SpringBoot前后端分离图片验证码的实现方式

本文阅读量:   

背景

互联网应用都是前后端分离的,而且一般不会通过session的方式来保持会话,一般都是使用oauth2的方式做登录鉴权。此时,是无法用传统的方式把图片验证码绑定当前会话的方式来做校验的。故可通过以下的方式来做校验。

一 生成图片工具类

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
import java.awt.*;
import java.awt.image.BufferedImage;
import java.util.Random;

/**
 * 验证码生成工具类 (根据需要调整图片宽高 验证码个数 同时需要注意字体大小位置的调整)
 * @author mafgwo
 * @since 2020/10/13
 */
public class CaptchaUtil {

    private BufferedImage buffImg;
    private String code;

    // 图片的宽度
    private static final int CAPTCHA_WIDTH = 90;
    // 图片的高度
    private static final int CAPTCHA_HEIGHT = 20;
    // 验证码的个数
    private static final int CAPTCHA_CODECOUNT = 4;

    private static final int XX = 15;
    private static final int CAPTCHA_FONT_HEIGHT = 18;
    private static final int CAPTCHA_CODE_Y = 16;
    private static final char[] CODE_SEQUENCE = {
            'a', 'b', 'c', 'd', 'e', 'f', 'g',
            'h', 'i', 'j', 'k', 'l', 'm', 'n',
            'o', 'p', 'q', 'r', 's', 't',
            'u', 'v', 'w', 'x', 'y', 'z',
            'A', 'B', 'C', 'D', 'E', 'F', 'G',
            'H', 'I', 'J', 'K', 'L', 'M', 'N',
            'O', 'P', 'Q', 'R', 'S', 'T',
            'U', 'V', 'W', 'X', 'Y', 'Z',
            '0', '1', '2', '3', '4', '5', '6', '7', '8', '9' };

    // 过期时间为60秒
    private static final long EXPIRE_MINUTES = 60;

    private CaptchaUtil() {
        // 定义图像 Buffer
        buffImg = new BufferedImage(CAPTCHA_WIDTH, CAPTCHA_HEIGHT, BufferedImage.TYPE_INT_RGB);
        // 创建一个绘制图像的对象
        Graphics2D g = buffImg.createGraphics();
        // 创建一个随机数生成器类
        Random random = new Random();
        // 将图像填充为白色
        g.setColor(Color.WHITE);
        g.fillRect(0, 0, CAPTCHA_WIDTH, CAPTCHA_HEIGHT);
        // 设置字体
        g.setFont(new Font("Fixedsys", Font.BOLD, CAPTCHA_FONT_HEIGHT));
        // 设置字体边缘光滑
        g.setRenderingHint(RenderingHints.KEY_ANTIALIASING, RenderingHints.VALUE_ANTIALIAS_ON);
        // 画边框
        g.setColor(Color.BLACK);
        g.drawRect(0, 0, CAPTCHA_WIDTH - 1, CAPTCHA_HEIGHT - 1);
        // 随机产生40条干扰线,使图象中的认证码不易被其它程序探测到。
        g.setColor(Color.BLACK);
        for (int i = 0; i < 40; i++) {
            int x = random.nextInt(CAPTCHA_WIDTH);
            int y = random.nextInt(CAPTCHA_HEIGHT);
            int xl = random.nextInt(12);
            int yl = random.nextInt(12);
            g.drawLine(x, y, x + xl, y + yl);
        }

        // 保存随机产生的验证码,以便用户登录后进行验证
        StringBuilder randomCode = new StringBuilder();
        int red = 0, green = 0, blue = 0;
        // 随机产生验证码
        for (int i = 0; i < CAPTCHA_CODECOUNT; i++) {
            // 得到随机产生的验证码数字
            String code = String.valueOf(CODE_SEQUENCE[random.nextInt(CODE_SEQUENCE.length)]);
            // 产生随机的颜色分量来构造颜色值,这样输出的每位数字的颜色值都将不同
            red = random.nextInt(255);
            green = random.nextInt(255);
            blue = random.nextInt(255);
            // 用随机产生的颜色将验证码绘制到图像中
            g.setColor(new Color(red, green, blue));
            g.drawString(code, (i + 1) * XX, CAPTCHA_CODE_Y);
            // 将产生的随机数组合在一起
            randomCode.append(code);
        }
        code = randomCode.toString();
    }

    public static CaptchaUtil getInstance(){
        return new CaptchaUtil();
    }

    public BufferedImage getBuffImg() {
        return buffImg;
    }

    public String getCode() {
        return code;
    }
}

二 Controller获取验证码的方法

方式一: 返回图片流方式

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/**
 * 获取登录图片验证码
 */
@ApiOperation(value = "获取图片验证码接口")
@GetMapping(value = "/captcha")
public ResponseEntity<byte[]> getCaptchaCode() {
    CaptchaUtil instance = CaptchaUtil.getInstance();
    // 验证码标识
    String key = "k" + System.currentTimeMillis() + (10000 + new Random().nextInt(89999));
    String cacheKey = CacheKeyUtil.getImageValidateCodeCacheKey(key);
    redisTemplate.opsForValue().set(cacheKey, instance.getCode(), CacheKeyUtil.DEFAULT_CACHE_TIME, TimeUnit.SECONDS);
    // 将图像输出到Servlet输出流中。
    ByteArrayOutputStream out = new ByteArrayOutputStream();
    try {
        ImageIO.write(instance.getBuffImg(), "jpeg", out);
        return ResponseEntity.status(HttpStatus.OK)
                .contentType(MediaType.IMAGE_JPEG)
                .header(HttpHeaders.PRAGMA, "no-cache")
                .cacheControl(CacheControl.noCache())
                .header("CaptchaKey", key)
                .header("Access-Control-Expose-Headers", "CaptchaKey")
                .body(out.toByteArray());
    } catch (IOException e) {
        log.error("获取图片验证码异常", e);
        throw new RuntimeException("获取图片验证码异常");
    }
}

方式二: 返回base64 application/json方式

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
/**
 * 获取登录图片验证码
 */
@ApiOperation(value = "获取图片验证码base64接口")
@GetMapping(value = "/captcha")
public MsgResult<ValidBase64CodeVO> getCaptchaCode() {
    CaptchaUtil instance = CaptchaUtil.getInstance();
    // 验证码标识
    String key = "k" + System.currentTimeMillis() + (10000 + new Random().nextInt(89999));
    String cacheKey = CacheKeyUtil.getImageValidateCodeCacheKey(key);
    redisTemplate.opsForValue().set(cacheKey, instance.getCode(), CacheKeyUtil.DEFAULT_CACHE_TIME, TimeUnit.SECONDS);
    // 将图像输出到Servlet输出流中。
    ByteArrayOutputStream out = new ByteArrayOutputStream();
    try {
        ImageIO.write(instance.getBuffImg(), "jpeg", out);
        return this.successHandler(new ValidBase64CodeVO(Base64Utils.encodeToString(out.toByteArray()), "image/jpeg", key));
    } catch (IOException e) {
        log.error("获取图片验证码异常", e);
        throw new CommonRuntimeException(StatusType.FAIL, "获取图片验证码异常");
    }
}

ValidBase64CodeVO 类如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import io.swagger.annotations.ApiModelProperty;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;

/**
 * base64的图片验证码
 * @author chenxiaoqi
 * @since 2021/03/03
 */
@AllArgsConstructor
@NoArgsConstructor
@Data
public class ValidBase64CodeVO {

    @ApiModelProperty("base64后的图片验证码")
    private String base64;

    @ApiModelProperty("图片媒体类型")
    private String mediaType;

    @ApiModelProperty("图片验证码的key")
    private String validateKey;

}

三 方式一响应头中包含的CaptchaKey: k160255833263697219则是需要在校验验证码的时候一并传入后端的

1
2
3
4
5
6
7
8
9
10
HTTP/1.1 200
Pragma: no-cache
Cache-Control: no-cache
CaptchaKey: k160255833263697219
Access-Control-Expose-Headers: CaptchaKey
Content-Type: image/jpeg
Content-Length: 1853
Date: Tue, 13 Oct 2020 03:05:32 GMT
Keep-Alive: timeout=60
Connection: keep-alive

校验验证码时需要额外传入的参数如下:

1
2
3
4
5
6
7
8
9
10
11
12
/**
 * 登录图片验证码key
 */
@NotBlank(message = "图片验证码key不能为空")
@ApiModelProperty(value = "登录图片验证码key", required = true)
private String captchaKey;
/**
 * 图片验证码
 */
@NotBlank(message = "图片验证码不能为空")
@ApiModelProperty(value = "图片验证码", required = true)
private String captchaCode;

四 方式一Vue中获取图片验证码同时获取响应头的方式如下:

1
2
3
4
5
6
7
8
9
10
11
12
getValid() {
  axios.get(baseUrl + '/captcha', {
    responseType: 'arraybuffer'
  }).then(response => {
    this.validateForm.captchaKey = response.headers.captchakey
    return 'data:image/png;base64,' + btoa(
        new Uint8Array(response.data).reduce((data, byte) => data + String.fromCharCode(byte), '')
    )
  }).then(data => {
    this.testImg = data
  })
}

五 方式二直接返回body如下

1
2
3
4
5
6
7
8
9
{
    "status": 0,
    "statusText": "OK",
    "data": {
        "base64": "/9j/4AAQSkZJRgABAgAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAoAJ4DASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDsadIjRSNG4wykqR6EU2nyrIsrCYOJM5beOcn1zUnEN2naGwdpOAccZ/yaFUscKCTgngdhT4p5Ic7G4PVSMg/UHg1J5sQIljVopkIZQvzKTn35H659qAK9QjVNLiujZ3N5AtwxCiPzlEgJ6fKTznI478c1lt4u8PpdG3bVIfMyACAzIScfxgbe/XOBg1w2pyQy/FO2k374Hu7Vt0ZB3KRHyD06VEp22N6dFyfvaaHqrhVchG3L2OMVoW8kb2MjOAXjKrJ6tHyOPUgke3yr6VQljMMrRsQSD1HQj1HsagluorZCZZljDDkFsbgOenftVNpK7MoKTlaKuy89xdQOYWmZ1TgKTuQjtgHgjuPwqGWZpcbggx/cjVf5CqK6xZ3DAfaVyq4BYbeB7nr/AJ9K07doHIS4wgAIDgHv64646j8jx0UZxkrxdy6lKpTdqia9dCB02OV3K3oVOQabVi5hS1sZ5JmWOS2DSTA5yqAdfT6YyTurDh8RaTPBLMl6nlxY3llK8kEgDI5PB4HpT5kt2ZPQ2Z2RpAY8bdiA4GOdoz+uabGqO2HkEfHBIJGffHNUrDUbTU4Gms5fMjVthO0jnAPce4q1TWq0C4+SJ4W2yKVJGR6Eeo9R70yud1//AI/k/wCuQ/ma6KsadXnnKNtjqr4X2VKnUvfmv8rBTo3aKRZEOGUhgfQim0VscpNdIsd1IqDEZO5P908j9CKWONZosKUWVT/E4UMPXJOMj9c+xpI081v3rMAwKo5PGQBgZP4D2yKiZSrFWBDA4II5BoGPn8vzmMX3DyB/dzzj3x0z7U5LmRECHa8Y6I43AeuPT8MVDRQK5KkRnZvLCBs5EecE+wz1+nX61yPxAvZrPwyUhbb9omWFyCQdpBJxj124+hNdlYMRfQrwVd1VlIyCCRwRVLX7Cz8R6RLZ3bOrOQVkCgvE/ZgT94dsEg4OAepqZXasjSm0pJs5TwN4e02Twst/NZW91NcFvMM8YcxgOQNoI4HHX357VyNzp8GlfEW3s7UMIUvICoY5xkq2M+2a6XQdP8b+HmNpZ29lc2nmKgknlHlpvBzj5lYA8547Ejrznt4R8QReL7e8uVa6CXEMk9wWVeRtLgKTnCnIHA4A4HSsmtErHXGVpSbloz064Ta0bBmZXjUgsfbB/Igj8K467nSXWJGugzRI5XanXA4A/wA+prr0R5iEDZYD5FJ689B+Z4/rWHe6VObz7XZOqP8AeK9Ofb6+9ZYynOcVy62Z0ZRXpUqsvaO11ZPb8enqUL+6064gxBbtFKD8pCKoPrnBrZ8Ol7uyKO3+r3gHrwq7sf0qCc68g2G2hQkZDIytx7HcQfStbSEmjXbcOHl8uUswPByrGooQftefXbtY3x1WCwqpaPXT3+Zr8NvmQam8p8P6kFKsFtJhsPXaUOfrg847Hn1rz7wloltq9xcPd5aOAL+7BI3Fs9SOeMf5797qUMlxpV5DEu6SSB0UZxklSBWL4O02+0m31CK9t/K854mQ71bO0OD0J/vCumcb1FpofPtXaNqy06001JY7OHyYpH3+WGLBTgDgkk9s8k9TWiv2VlAYTRtjlgQ4J+nGPzqCrFtOkW5ZE3o+M98fh+J9D6EVray0KRy/iIINRURszL5QwWGD1PbJroKy/EGny3F+klpGrx+UASsgIzk5xnBH0P61B/xPf87K4YTdOrNuLd+yPbq0oYjD0oxqRTine772NuioNLkvIomN2AXLEFTjDLxwce/41blEXDRFgD1Rjkj8cc/5+p7Yy5le1jx6kOSTjdO3bYmiTzLGZdykqQ6rnn0OB7g5JH9zntTJmEyCbI8zO1xnqccN+POff6io2V4ZCpyrYxwexH8iDVrTYra4keG6kWNMbg+QDkcYyfr+gqiVroUqKKKBEkEvk3EcuN2xw2M4zg5p7RCVTJCAMDLR55X6dyP5d/UlFA1roMRJSQiBsyDgdNwz+vI/MUSvKcRyliY/lAbqvt/9aiigOg6JFljKKP32cr/tDuPr0x+PtTZZfNwzD95/E2fve59/fv8AXJJRQHQWO4eNdnDRk5KMMqf8D7jmlZFFnFIB8zSOpPsAuP5miigCW3haS1mAKspTfgHlWXnJHXpkemWH4MhtlmQkTorKCWVw2ePTAOeP6+maKKQ7bCSWskUfmFoyhGVIkGWGcZAzn9KZEImysjMhP3WAyPxH9f0NFFCE1YJYWiwSVZW+6ynIP+fQ8801H2OG2q3qGGQaKKYPRiyMjNmNCgxyN2Rn29vz+tEbqjZaJJBjoxOP0IoooEaFjcwy3NvG9vEhWRfLYFzjnp1/LtntyTWaylWKsCGBwQRyDRRSG3dH/9k=",
        "mediaType": "image/jpeg",
        "validateKey": "k161474678777226854"
    }
}

前端在imgsrc属性中填充进data:image/jpeg;base64, + body中返回的base64 即可

tag:

    缺失模块。
    1、请确保node版本大于6.2
    2、在博客根目录(注意不是yilia根目录)执行以下命令:
    npm i hexo-generator-json-content --save

    3、在根目录_config.yml里添加配置: 

      jsonContent:
    meta: false
    pages: false
    posts:
      title: true
      date: true
      path: true
      text: false
      raw: false
      content: false
      slug: false
      updated: false
      comments: false
      link: false
      permalink: false
      excerpt: false
      categories: false
      tags: true

曾供职于<br>大厂(阿里)、<br>国企(康佳)、<br>电商与移动社交<br>等互联网公司,<br>技术能力、架构能力过硬。<br><br>我的个人微信:qicoding,<br>请注明来自码蜂窝技术博客,<br>非常欢迎加微信沟通交流<br>(包含但不限于源码、技术点、设<br>计与生产实践中遇到的问题等)