From 2d7e241b76b20c96801d7701bdd3e86f6b7088d2 Mon Sep 17 00:00:00 2001 From: liangzai <2440983361@qq.com> Date: Tue, 24 Feb 2026 16:47:46 +0800 Subject: [PATCH] add ali captcha --- app/main/api/desc/front/query.api | 9 +-- app/main/api/desc/front/user.api | 22 +++++- app/main/api/etc/main.dev.yaml | 6 ++ app/main/api/etc/main.yaml | 10 +++ app/main/api/internal/config/config.go | 8 +++ .../captcha/getencryptedsceneidhandler.go | 17 +++++ app/main/api/internal/handler/routes.go | 13 ++++ .../api/internal/logic/auth/sendsmslogic.go | 12 ++++ .../logic/captcha/getencryptedsceneidlogic.go | 38 +++++++++++ .../internal/logic/query/queryservicelogic.go | 46 +++++++++++++ .../logic/user/mobilecodeloginlogic.go | 2 +- app/main/api/internal/types/types.go | 18 +++-- go.mod | 9 +-- go.sum | 33 +++++++++ pkg/captcha/aliyun.go | 67 +++++++++++++++++++ pkg/captcha/encrypt_scene.go | 61 +++++++++++++++++ 16 files changed, 354 insertions(+), 17 deletions(-) create mode 100644 app/main/api/internal/handler/captcha/getencryptedsceneidhandler.go create mode 100644 app/main/api/internal/logic/captcha/getencryptedsceneidlogic.go create mode 100644 pkg/captcha/aliyun.go create mode 100644 pkg/captcha/encrypt_scene.go diff --git a/app/main/api/desc/front/query.api b/app/main/api/desc/front/query.api index 4bcd368..9ca2fd5 100644 --- a/app/main/api/desc/front/query.api +++ b/app/main/api/desc/front/query.api @@ -51,10 +51,11 @@ type ( type ( QueryServiceReq { - Product string `path:"product"` - Data string `json:"data" validate:"required"` - AgentIdentifier string `json:"agent_identifier,optional"` - App bool `json:"app,optional"` + Product string `path:"product"` + Data string `json:"data" validate:"required"` + AgentIdentifier string `json:"agent_identifier,optional"` + App bool `json:"app,optional"` + CaptchaVerifyParam string `json:"captchaVerifyParam,optional"` } QueryServiceResp { Id string `json:"id"` diff --git a/app/main/api/desc/front/user.api b/app/main/api/desc/front/user.api index aa750f5..54db874 100644 --- a/app/main/api/desc/front/user.api +++ b/app/main/api/desc/front/user.api @@ -141,8 +141,26 @@ service main { type ( sendSmsReq { - Mobile string `json:"mobile" validate:"required,mobile"` - ActionType string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"` + Mobile string `json:"mobile" validate:"required,mobile"` + ActionType string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"` + CaptchaVerifyParam string `json:"captchaVerifyParam"` + } +) + +//============================> captcha v1 <============================ +@server ( + prefix: api/v1 + group: captcha +) +service main { + @doc "get encrypted scene id for aliyun captcha" + @handler getEncryptedSceneId + post /captcha/encryptedSceneId returns (GetEncryptedSceneIdResp) +} + +type ( + GetEncryptedSceneIdResp { + EncryptedSceneId string `json:"encryptedSceneId"` } ) diff --git a/app/main/api/etc/main.dev.yaml b/app/main/api/etc/main.dev.yaml index c404887..ed27142 100644 --- a/app/main/api/etc/main.dev.yaml +++ b/app/main/api/etc/main.dev.yaml @@ -17,6 +17,12 @@ VerifyCode: SignName: "天远查" TemplateCode: "SMS_302641455" ValidTime: 300 +Captcha: + AccessKeyID: "LTAI5tKGB3TVJbMHSoZN3yr9" + AccessKeySecret: "OCQ30GWp4yENMjmfOAaagksE18bp65" + EndpointURL: "captcha.cn-shanghai.aliyuncs.com" + SceneID: "wynt39to" + EKey: "xdhf5JbWVmFXx+2K+6kBk2aH++GtQBEI8Gmzdeen90o=" Encrypt: SecretKey: "ff83609b2b24fc73196aac3d3dfb874f" Alipay: diff --git a/app/main/api/etc/main.yaml b/app/main/api/etc/main.yaml index 45376c9..e5d9ad0 100644 --- a/app/main/api/etc/main.yaml +++ b/app/main/api/etc/main.yaml @@ -19,6 +19,16 @@ VerifyCode: SignName: "天远查" TemplateCode: "SMS_302641455" ValidTime: 300 +Captcha: + # 建议与短信相同的 AccessKey,或单独为验证码创建子账号 + AccessKeyID: "LTAI5tKGB3TVJbMHSoZN3yr9" + AccessKeySecret: "OCQ30GWp4yENMjmfOAaagksE18bp65" + # 验证码服务 Endpoint,国内一般为 captcha.cn-shanghai.aliyuncs.com + EndpointURL: "captcha.cn-shanghai.aliyuncs.com" + # 阿里云控制台中该场景的 SceneId,请替换为真实值 + SceneID: "wynt39to" + # 验证码控制台中的 ekey(通常为 Base64 字符串),用于生成 EncryptedSceneId + EKey: "xdhf5JbWVmFXx+2K+6kBk2aH++GtQBEI8Gmzdeen90o=" Encrypt: SecretKey: "ff83609b2b24fc73196aac3d3dfb874f" WestConfig: diff --git a/app/main/api/internal/config/config.go b/app/main/api/internal/config/config.go index c0a7821..b2b66c9 100644 --- a/app/main/api/internal/config/config.go +++ b/app/main/api/internal/config/config.go @@ -11,6 +11,7 @@ type Config struct { CacheRedis cache.CacheConf JwtAuth JwtAuth // JWT 鉴权相关配置 VerifyCode VerifyCode + Captcha CaptchaConfig Encrypt Encrypt Alipay AlipayConfig Wxpay WxpayConfig @@ -45,6 +46,13 @@ type VerifyCode struct { TemplateCode string ValidTime int } +type CaptchaConfig struct { + AccessKeyID string + AccessKeySecret string + EndpointURL string + SceneID string + EKey string +} type Encrypt struct { SecretKey string } diff --git a/app/main/api/internal/handler/captcha/getencryptedsceneidhandler.go b/app/main/api/internal/handler/captcha/getencryptedsceneidhandler.go new file mode 100644 index 0000000..9c78719 --- /dev/null +++ b/app/main/api/internal/handler/captcha/getencryptedsceneidhandler.go @@ -0,0 +1,17 @@ +package captcha + +import ( + "net/http" + + "tyc-server/app/main/api/internal/logic/captcha" + "tyc-server/app/main/api/internal/svc" + "tyc-server/common/result" +) + +func GetEncryptedSceneIdHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + l := captcha.NewGetEncryptedSceneIdLogic(r.Context(), svcCtx) + resp, err := l.GetEncryptedSceneId() + result.HttpResult(r, w, resp, err) + } +} diff --git a/app/main/api/internal/handler/routes.go b/app/main/api/internal/handler/routes.go index 2159ed1..6b89ab9 100644 --- a/app/main/api/internal/handler/routes.go +++ b/app/main/api/internal/handler/routes.go @@ -22,6 +22,7 @@ import ( app "tyc-server/app/main/api/internal/handler/app" auth "tyc-server/app/main/api/internal/handler/auth" authorization "tyc-server/app/main/api/internal/handler/authorization" + captcha "tyc-server/app/main/api/internal/handler/captcha" notification "tyc-server/app/main/api/internal/handler/notification" pay "tyc-server/app/main/api/internal/handler/pay" product "tyc-server/app/main/api/internal/handler/product" @@ -954,6 +955,18 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) { rest.WithPrefix("/api/v1"), ) + server.AddRoutes( + []rest.Route{ + { + // get encrypted scene id for aliyun captcha + Method: http.MethodPost, + Path: "/captcha/encryptedSceneId", + Handler: captcha.GetEncryptedSceneIdHandler(serverCtx), + }, + }, + rest.WithPrefix("/api/v1"), + ) + server.AddRoutes( []rest.Route{ { diff --git a/app/main/api/internal/logic/auth/sendsmslogic.go b/app/main/api/internal/logic/auth/sendsmslogic.go index 252a03f..4e392a2 100644 --- a/app/main/api/internal/logic/auth/sendsmslogic.go +++ b/app/main/api/internal/logic/auth/sendsmslogic.go @@ -6,6 +6,7 @@ import ( "math/rand" "time" "tyc-server/common/xerr" + "tyc-server/pkg/captcha" "tyc-server/pkg/lzkit/crypto" "github.com/pkg/errors" @@ -35,6 +36,17 @@ func NewSendSmsLogic(ctx context.Context, svcCtx *svc.ServiceContext) *SendSmsLo } func (l *SendSmsLogic) SendSms(req *types.SendSmsReq) error { + // 图形验证码校验(开发环境可跳过) + cfg := l.svcCtx.Config.Captcha + if err := captcha.Verify(captcha.Config{ + AccessKeyID: cfg.AccessKeyID, + AccessKeySecret: cfg.AccessKeySecret, + EndpointURL: cfg.EndpointURL, + SceneID: cfg.SceneID, + }, req.CaptchaVerifyParam); err != nil { + return err + } + secretKey := l.svcCtx.Config.Encrypt.SecretKey encryptedMobile, err := crypto.EncryptMobile(req.Mobile, secretKey) if err != nil { diff --git a/app/main/api/internal/logic/captcha/getencryptedsceneidlogic.go b/app/main/api/internal/logic/captcha/getencryptedsceneidlogic.go new file mode 100644 index 0000000..21c485b --- /dev/null +++ b/app/main/api/internal/logic/captcha/getencryptedsceneidlogic.go @@ -0,0 +1,38 @@ +package captcha + +import ( + "context" + + "tyc-server/app/main/api/internal/svc" + "tyc-server/app/main/api/internal/types" + "tyc-server/pkg/captcha" + + "github.com/zeromicro/go-zero/core/logx" +) + +type GetEncryptedSceneIdLogic struct { + logx.Logger + ctx context.Context + svcCtx *svc.ServiceContext +} + +func NewGetEncryptedSceneIdLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetEncryptedSceneIdLogic { + return &GetEncryptedSceneIdLogic{ + Logger: logx.WithContext(ctx), + ctx: ctx, + svcCtx: svcCtx, + } +} + +func (l *GetEncryptedSceneIdLogic) GetEncryptedSceneId() (resp *types.GetEncryptedSceneIdResp, err error) { + cfg := l.svcCtx.Config.Captcha + encrypted, genErr := captcha.GenerateEncryptedSceneID(cfg.SceneID, cfg.EKey, 3600) + if genErr != nil { + // 记录日志,返回通用错误 + l.Errorf("generate encrypted scene id error: %+v", genErr) + return nil, genErr + } + return &types.GetEncryptedSceneIdResp{ + EncryptedSceneId: encrypted, + }, nil +} diff --git a/app/main/api/internal/logic/query/queryservicelogic.go b/app/main/api/internal/logic/query/queryservicelogic.go index 7e9b8bb..8dea389 100644 --- a/app/main/api/internal/logic/query/queryservicelogic.go +++ b/app/main/api/internal/logic/query/queryservicelogic.go @@ -13,6 +13,7 @@ import ( "tyc-server/common/ctxdata" "tyc-server/common/globalkey" "tyc-server/common/xerr" + "tyc-server/pkg/captcha" "tyc-server/pkg/lzkit/crypto" "tyc-server/pkg/lzkit/validator" @@ -109,7 +110,52 @@ var productHandlers = map[string]queryHandlerFunc{ "toc_BankcardBlacklist": runVerifyBankBlackReq, } +// productHasSmsCode 表示该 product 解密后的请求结构体中是否包含必填短信验证码 Code。 +// 有 Code 的产品在「获取验证码」时已经做了滑块,这里不再强制要求 CaptchaVerifyParam。 +// 其他产品(无 Code)在查询时必须传并校验 CaptchaVerifyParam,防止跳过图形验证。 +func productHasSmsCode(product string) bool { + switch product { + case "marriage", + "homeservice", + "riskassessment", + "companyinfo", + "rentalinfo", + "preloanbackgroundcheck", + "backgroundcheck", + "personalData", + "toc_PersonalLawsuit", + "toc_EnterpriseLawsuit", + "toc_Marriage", + "toc_PersonalMarriageStatus", + "toc_MarriageStatusRegisterTime", + "toc_MarriageStatusSupplement", + "toc_MarriageStatusVerify", + "toc_DualMarriageStatusRegisterTime", + "toc_VehiclesUnderName", + "toc_VehiclesUnderNamePlate": + return true + default: + return false + } +} + func (l *QueryServiceLogic) PreprocessLogic(req *types.QueryServiceReq, product string) (*types.QueryServiceResp, error) { + // 无短信验证码 Code 的 product:查询前必须传并校验滑块,否则不允许跳过 + if !productHasSmsCode(product) { + if req.CaptchaVerifyParam == "" { + return nil, errors.Wrapf(xerr.NewErrMsg("请完成图形验证"), "product %s requires captcha", product) + } + cfg := l.svcCtx.Config.Captcha + if err := captcha.Verify(captcha.Config{ + AccessKeyID: cfg.AccessKeyID, + AccessKeySecret: cfg.AccessKeySecret, + EndpointURL: cfg.EndpointURL, + SceneID: cfg.SceneID, + }, req.CaptchaVerifyParam); err != nil { + return nil, err + } + } + decryptData, err := l.DecryptData(req.Data) if err != nil { return nil, err diff --git a/app/main/api/internal/logic/user/mobilecodeloginlogic.go b/app/main/api/internal/logic/user/mobilecodeloginlogic.go index 41a4da7..844f592 100644 --- a/app/main/api/internal/logic/user/mobilecodeloginlogic.go +++ b/app/main/api/internal/logic/user/mobilecodeloginlogic.go @@ -38,7 +38,7 @@ func (l *MobileCodeLoginLogic) MobileCodeLogin(req *types.MobileCodeLoginReq) (r if err != nil { return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "手机登录, 加密手机号失败: %+v", err) } - // 检查验证码(开发环境可跳过) + // 短信验证码校验(开发环境可跳过) if os.Getenv("ENV") != "development" { redisKey := fmt.Sprintf("%s:%s", "login", encryptedMobile) cacheCode, err := l.svcCtx.Redis.Get(redisKey) diff --git a/app/main/api/internal/types/types.go b/app/main/api/internal/types/types.go index dd34cb7..2ae9578 100644 --- a/app/main/api/internal/types/types.go +++ b/app/main/api/internal/types/types.go @@ -1547,6 +1547,10 @@ type GetCommissionResp struct { List []Commission `json:"list"` // 查询列表 } +type GetEncryptedSceneIdResp struct { + EncryptedSceneId string `json:"encryptedSceneId"` +} + type GetLinkDataReq struct { LinkIdentifier string `form:"link_identifier"` } @@ -2050,10 +2054,11 @@ type QueryRetryResp struct { } type QueryServiceReq struct { - Product string `path:"product"` - Data string `json:"data" validate:"required"` - AgentIdentifier string `json:"agent_identifier,optional"` - App bool `json:"app,optional"` + Product string `path:"product"` + Data string `json:"data" validate:"required"` + AgentIdentifier string `json:"agent_identifier,optional"` + App bool `json:"app,optional"` + CaptchaVerifyParam string `json:"captchaVerifyParam,optional"` } type QueryServiceResp struct { @@ -2245,6 +2250,7 @@ type GetAppVersionResp struct { } type SendSmsReq struct { - Mobile string `json:"mobile" validate:"required,mobile"` - ActionType string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"` + Mobile string `json:"mobile" validate:"required,mobile"` + ActionType string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"` + CaptchaVerifyParam string `json:"captchaVerifyParam"` } diff --git a/go.mod b/go.mod index 4accc07..b25a4fc 100644 --- a/go.mod +++ b/go.mod @@ -6,9 +6,9 @@ toolchain go1.23.4 require ( github.com/Masterminds/squirrel v1.5.4 - github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 + github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.13 github.com/alibabacloud-go/dysmsapi-20170525/v3 v3.0.6 - github.com/alibabacloud-go/tea v1.2.2 + github.com/alibabacloud-go/tea v1.3.13 github.com/alibabacloud-go/tea-utils/v2 v2.0.7 github.com/bytedance/sonic v1.13.0 github.com/cenkalti/backoff/v4 v4.3.0 @@ -37,16 +37,17 @@ require ( require ( filippo.io/edwards25519 v1.1.0 // indirect github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect + github.com/alibabacloud-go/captcha-20230305 v1.1.3 // indirect github.com/alibabacloud-go/debug v1.0.1 // indirect github.com/alibabacloud-go/endpoint-util v1.1.0 // indirect github.com/alibabacloud-go/openapi-util v0.1.0 // indirect github.com/alibabacloud-go/tea-utils v1.3.1 // indirect github.com/alibabacloud-go/tea-xml v1.1.3 // indirect - github.com/aliyun/credentials-go v1.3.10 // indirect + github.com/aliyun/credentials-go v1.4.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bytedance/sonic/loader v0.2.2 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect - github.com/clbanning/mxj/v2 v2.5.5 // indirect + github.com/clbanning/mxj/v2 v2.7.0 // indirect github.com/cloudwego/base64x v0.1.5 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect diff --git a/go.sum b/go.sum index c3e2419..f7fd5c3 100644 --- a/go.sum +++ b/go.sum @@ -13,6 +13,8 @@ github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6/go.mod h1:4EUIoxs/do2 github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 h1:zE8vH9C7JiZLNJJQ5OwjU9mSi4T9ef9u3BURT6LCLC8= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5/go.mod h1:tWnyE9AjF8J8qqLk645oUmVUnFybApTQWklQmi5tY6g= +github.com/alibabacloud-go/captcha-20230305 v1.1.3 h1:0Aobw12m3x28aeDMPjwjXsfF8MuLvRjlQ4Hhoy5hFOY= +github.com/alibabacloud-go/captcha-20230305 v1.1.3/go.mod h1:ydzBIN2OiM7eeQPpAFyBrv1H5TY1MtUP2rQig44C4UQ= github.com/alibabacloud-go/darabonba-array v0.1.0 h1:vR8s7b1fWAQIjEjWnuF0JiKsCvclSRTfDzZHTYqfufY= github.com/alibabacloud-go/darabonba-array v0.1.0/go.mod h1:BLKxr0brnggqOJPqT09DFJ8g3fsDshapUD3C3aOEFaI= github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC2NG0Ax+GpOM5gtupki31XE= @@ -22,6 +24,8 @@ github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+M github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.2/go.mod h1:5JHVmnHvGzR2wNdgaW1zDLQG8kOC4Uec8ubkMogW7OQ= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 h1:GEYkMApgpKEVDn6z12DcH1EGYpDYRB8JxsazM4Rywak= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10/go.mod h1:26a14FGhZVELuz2cc2AolvW4RHmIO3/HRwsdHhaIPDE= +github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.13 h1:Q00FU3H94Ts0ZIHDmY+fYGgB7dV9D/YX6FGsgorQPgw= +github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.13/go.mod h1:lxFGfobinVsQ49ntjpgWghXmIF0/Sm4+wvBJ1h5RtaE= github.com/alibabacloud-go/darabonba-signature-util v0.0.7 h1:UzCnKvsjPFzApvODDNEYqBHMFt1w98wC7FOo0InLyxg= github.com/alibabacloud-go/darabonba-signature-util v0.0.7/go.mod h1:oUzCYV2fcCH797xKdL6BDH8ADIHlzrtKVjeRtunBNTQ= github.com/alibabacloud-go/darabonba-string v1.0.2 h1:E714wms5ibdzCqGeYJ9JCFywE5nDyvIXIIQbZVFkkqo= @@ -46,6 +50,8 @@ github.com/alibabacloud-go/tea v1.1.19/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy github.com/alibabacloud-go/tea v1.1.20/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A= github.com/alibabacloud-go/tea v1.2.2 h1:aTsR6Rl3ANWPfqeQugPglfurloyBJY85eFy7Gc1+8oU= github.com/alibabacloud-go/tea v1.2.2/go.mod h1:CF3vOzEMAG+bR4WOql8gc2G9H3EkH3ZLAQdpmpXMgwk= +github.com/alibabacloud-go/tea v1.3.13 h1:WhGy6LIXaMbBM6VBYcsDCz6K/TPsT1Ri2hPmmZffZ94= +github.com/alibabacloud-go/tea v1.3.13/go.mod h1:A560v/JTQ1n5zklt2BEpurJzZTI8TUT+Psg2drWlxRg= github.com/alibabacloud-go/tea-utils v1.3.1 h1:iWQeRzRheqCMuiF3+XkfybB3kTgUXkXX+JMrqfLeB2I= github.com/alibabacloud-go/tea-utils v1.3.1/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE= github.com/alibabacloud-go/tea-utils/v2 v2.0.0/go.mod h1:U5MTY10WwlquGPS34DOeomUGBB0gXbLueiq5Trwu0C4= @@ -64,6 +70,8 @@ github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTs github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= github.com/aliyun/credentials-go v1.3.10 h1:45Xxrae/evfzQL9V10zL3xX31eqgLWEaIdCoPipOEQA= github.com/aliyun/credentials-go v1.3.10/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= +github.com/aliyun/credentials-go v1.4.5 h1:O76WYKgdy1oQYYiJkERjlA2dxGuvLRrzuO2ScrtGWSk= +github.com/aliyun/credentials-go v1.4.5/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= @@ -83,6 +91,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/clbanning/mxj/v2 v2.5.5 h1:oT81vUeEiQQ/DcHbzSytRngP6Ky9O+L+0Bw0zSJag9E= github.com/clbanning/mxj/v2 v2.5.5/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= +github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME= +github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4= github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w= @@ -326,10 +336,13 @@ golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -342,6 +355,9 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -356,10 +372,13 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -370,6 +389,9 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -384,20 +406,27 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -406,6 +435,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4= @@ -420,6 +451,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/pkg/captcha/aliyun.go b/pkg/captcha/aliyun.go new file mode 100644 index 0000000..0241d13 --- /dev/null +++ b/pkg/captcha/aliyun.go @@ -0,0 +1,67 @@ +package captcha + +import ( + "os" + + captcha20230305 "github.com/alibabacloud-go/captcha-20230305/client" + openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client" + "github.com/alibabacloud-go/tea/tea" + "github.com/pkg/errors" + "github.com/zeromicro/go-zero/core/logx" + "tyc-server/common/xerr" +) + +// Config 阿里云验证码配置(与 api internal config 解耦,供 pkg 使用) +type Config struct { + AccessKeyID string + AccessKeySecret string + EndpointURL string + SceneID string +} + +// Verify 校验前端传入的 captchaVerifyParam。异常时视为通过以保证业务可用。 +func Verify(cfg Config, captchaVerifyParam string) error { + if os.Getenv("ENV") == "development" { + return nil + } + if captchaVerifyParam == "" { + return errors.Wrapf(xerr.NewErrMsg("图形验证码校验失败"), "empty captchaVerifyParam") + } + + clientCfg := &openapi.Config{ + AccessKeyId: tea.String(cfg.AccessKeyID), + AccessKeySecret: tea.String(cfg.AccessKeySecret), + } + clientCfg.Endpoint = tea.String(cfg.EndpointURL) + clientCfg.ConnectTimeout = tea.Int(5000) + clientCfg.ReadTimeout = tea.Int(5000) + + client, err := captcha20230305.NewClient(clientCfg) + if err != nil { + logx.Errorf("init aliyun captcha client error: %+v", err) + return nil + } + + req := &captcha20230305.VerifyIntelligentCaptchaRequest{ + SceneId: tea.String(cfg.SceneID), + CaptchaVerifyParam: tea.String(captchaVerifyParam), + } + + resp, err := client.VerifyIntelligentCaptcha(req) + if err != nil { + logx.Errorf("verify aliyun captcha error: %+v", err) + return nil + } + if resp.Body == nil || resp.Body.Result == nil { + logx.Errorf("verify aliyun captcha empty result, resp: %+v", resp) + return nil + } + + if tea.BoolValue(resp.Body.Result.VerifyResult) { + return nil + } + + verifyCode := tea.StringValue(resp.Body.Result.VerifyCode) + logx.Errorf("verify aliyun captcha failed, code: %s", verifyCode) + return errors.Wrapf(xerr.NewErrMsg("图形验证码校验失败"), "aliyun captcha verify fail, code: %s", verifyCode) +} diff --git a/pkg/captcha/encrypt_scene.go b/pkg/captcha/encrypt_scene.go new file mode 100644 index 0000000..1e3f36b --- /dev/null +++ b/pkg/captcha/encrypt_scene.go @@ -0,0 +1,61 @@ +package captcha + +import ( + "bytes" + "crypto/aes" + "crypto/cipher" + "crypto/rand" + "encoding/base64" + "fmt" + "io" + "time" +) + +// GenerateEncryptedSceneID 按阿里云文档生成 EncryptedSceneId(仅适用于 V3 架构加密模式)。 +// 明文格式: sceneId×tamp&expireTime +// 加密: AES-256-CBC + PKCS7Padding,结果为 Base64( IV(16字节) + ciphertext ) +func GenerateEncryptedSceneID(sceneId, ekey string, expireSeconds int) (string, error) { + if expireSeconds <= 0 || expireSeconds > 86400 { + expireSeconds = 3600 + } + + ts := time.Now().Unix() // 秒级时间戳 + plaintext := fmt.Sprintf("%s&%d&%d", sceneId, ts, expireSeconds) + + keyBytes, err := base64.StdEncoding.DecodeString(ekey) + if err != nil { + return "", fmt.Errorf("decode ekey error: %w", err) + } + if len(keyBytes) != 32 { + return "", fmt.Errorf("invalid ekey length, need 32 bytes after base64 decode, got %d", len(keyBytes)) + } + + block, err := aes.NewCipher(keyBytes) + if err != nil { + return "", fmt.Errorf("new cipher error: %w", err) + } + + iv := make([]byte, aes.BlockSize) + if _, err := io.ReadFull(rand.Reader, iv); err != nil { + return "", fmt.Errorf("read iv error: %w", err) + } + + padded := pkcs7Pad([]byte(plaintext), aes.BlockSize) + ciphertext := make([]byte, len(padded)) + + mode := cipher.NewCBCEncrypter(block, iv) + mode.CryptBlocks(ciphertext, padded) + + out := append(iv, ciphertext...) + return base64.StdEncoding.EncodeToString(out), nil +} + +func pkcs7Pad(src []byte, blockSize int) []byte { + padLen := blockSize - len(src)%blockSize + if padLen == 0 { + padLen = blockSize + } + pad := bytes.Repeat([]byte{byte(padLen)}, padLen) + return append(src, pad...) +} +