正在显示
3 个修改的文件
包含
42 行增加
和
5 行删除
... | ... | @@ -14,6 +14,7 @@ import configure |
14 | 14 | from app.decorators.auth_decorator import auth_decorator |
15 | 15 | import time |
16 | 16 | from app.models import SM3, AESHelper |
17 | +from PIL import Image | |
17 | 18 | |
18 | 19 | |
19 | 20 | def current_user(): |
... | ... | @@ -47,9 +48,14 @@ class DataManager(BlueprintApi): |
47 | 48 | except OAuth2Error as error: |
48 | 49 | return jsonify(dict(error.get_body())) |
49 | 50 | if not user: |
51 | + #生成验证码 | |
52 | + | |
50 | 53 | return render_template("auth/authorize.html", user=user, grant=grant) |
51 | 54 | error = "" |
52 | 55 | if not user: |
56 | + # 验证码校验 | |
57 | + | |
58 | + | |
53 | 59 | if not "username" in request.form or not request.form.get("username"): |
54 | 60 | error = "用户名不可为空" |
55 | 61 | elif not "password" in request.form or not request.form.get("password"): | ... | ... |
app/util/component/captcha.py
0 → 100644
1 | +''' | |
2 | +生成验证码图片 | |
3 | +''' | |
4 | + | |
5 | +from PIL import Image, ImageDraw, ImageFont, ImageFilter | |
6 | +import random | |
7 | + | |
8 | + | |
9 | +# 随机字符 | |
10 | +def rndChar(): | |
11 | + num = 0 | |
12 | + while num == 0 and ((num >= 58 and num <= 64) or (num >= 91 and num <= 96)): | |
13 | + num = random.randint(48, 122) | |
14 | + return num | |
15 | + | |
16 | +# 随机颜色 | |
17 | + | |
18 | + | |
19 | +def rndColor(): | |
20 | + return '' | |
\ No newline at end of file | ... | ... |
1 | -# 权限控制 | |
1 | +101映射域名 | |
2 | +dmap.apps.chinadci.com | |
3 | + | |
4 | +# Web安全 | |
2 | 5 | ## 1 接口权限控制 |
3 | 6 | [swagger](https://swagger.io/docs/specification/2-0/what-is-swagger/) |
4 | 7 | |
... | ... | @@ -34,7 +37,8 @@ password = SM3.encode('test') |
34 | 37 | ~~前端使用sm-crypto,用户与python-gmssl互通~~ |
35 | 38 | ~~[npm_sm-crypto](https://www.npmjs.com/package/sm-crypto)~~ |
36 | 39 | |
37 | -使用AES加密敏感信息,前端加密,后端解密。偏移量iv、加密密钥key与前端保持一致,保证解密正确。封装在models.py中 | |
40 | +使用AES对称加密敏感信息,前端加密,后端解密。偏移量iv、加密密钥key与前端保持一致,保证解密正确。封装在models.py中。 | |
41 | + | |
38 | 42 | 依赖组件: |
39 | 43 | * pycryptodome |
40 | 44 | * Crypto |
... | ... | @@ -42,10 +46,17 @@ password = SM3.encode('test') |
42 | 46 | 参考资料 |
43 | 47 | [pycryptodome]() |
44 | 48 | |
45 | - | |
49 | +**demo** | |
46 | 50 | ```python |
47 | 51 | from app.models import AESHelper |
48 | 52 | |
49 | -encryption=AESHelper.encode('message') | |
53 | +encryption=AESHelper.encode('test_data') | |
50 | 54 | result=AESHelper.decode(encryption) |
51 | -``` | |
\ No newline at end of file | ||
55 | +``` | |
56 | + | |
57 | +## 4 使用验证码,防止恶意破解密码、刷票、论坛灌水、刷页 | |
58 | +验证码又叫CAPTCHA | |
59 | + | |
60 | +[验证码基础知识](https://baike.baidu.com/item/%E9%AA%8C%E8%AF%81%E7%A0%81/31701) | |
61 | +[使用python图像处理标准库](https://www.liaoxuefeng.com/wiki/1016959663602400/1017785454949568) | |
62 | +[pillow](https://pillow.readthedocs.io/en/stable/index.html) | |
\ No newline at end of file | ... | ... |
请
注册
或
登录
后发表评论