正在显示
3 个修改的文件
包含
42 行增加
和
5 行删除
| ... | ... | @@ -14,6 +14,7 @@ import configure |
| 14 | 14 | from app.decorators.auth_decorator import auth_decorator |
| 15 | 15 | import time |
| 16 | 16 | from app.models import SM3, AESHelper |
| 17 | +from PIL import Image | |
| 17 | 18 | |
| 18 | 19 | |
| 19 | 20 | def current_user(): |
| ... | ... | @@ -47,9 +48,14 @@ class DataManager(BlueprintApi): |
| 47 | 48 | except OAuth2Error as error: |
| 48 | 49 | return jsonify(dict(error.get_body())) |
| 49 | 50 | if not user: |
| 51 | + #生成验证码 | |
| 52 | + | |
| 50 | 53 | return render_template("auth/authorize.html", user=user, grant=grant) |
| 51 | 54 | error = "" |
| 52 | 55 | if not user: |
| 56 | + # 验证码校验 | |
| 57 | + | |
| 58 | + | |
| 53 | 59 | if not "username" in request.form or not request.form.get("username"): |
| 54 | 60 | error = "用户名不可为空" |
| 55 | 61 | elif not "password" in request.form or not request.form.get("password"): | ... | ... |
app/util/component/captcha.py
0 → 100644
| 1 | +''' | |
| 2 | +生成验证码图片 | |
| 3 | +''' | |
| 4 | + | |
| 5 | +from PIL import Image, ImageDraw, ImageFont, ImageFilter | |
| 6 | +import random | |
| 7 | + | |
| 8 | + | |
| 9 | +# 随机字符 | |
| 10 | +def rndChar(): | |
| 11 | + num = 0 | |
| 12 | + while num == 0 and ((num >= 58 and num <= 64) or (num >= 91 and num <= 96)): | |
| 13 | + num = random.randint(48, 122) | |
| 14 | + return num | |
| 15 | + | |
| 16 | +# 随机颜色 | |
| 17 | + | |
| 18 | + | |
| 19 | +def rndColor(): | |
| 20 | + return '' | |
| \ No newline at end of file | ... | ... |
| 1 | -# 权限控制 | |
| 1 | +101映射域名 | |
| 2 | +dmap.apps.chinadci.com | |
| 3 | + | |
| 4 | +# Web安全 | |
| 2 | 5 | ## 1 接口权限控制 |
| 3 | 6 | [swagger](https://swagger.io/docs/specification/2-0/what-is-swagger/) |
| 4 | 7 | |
| ... | ... | @@ -34,7 +37,8 @@ password = SM3.encode('test') |
| 34 | 37 | ~~前端使用sm-crypto,用户与python-gmssl互通~~ |
| 35 | 38 | ~~[npm_sm-crypto](https://www.npmjs.com/package/sm-crypto)~~ |
| 36 | 39 | |
| 37 | -使用AES加密敏感信息,前端加密,后端解密。偏移量iv、加密密钥key与前端保持一致,保证解密正确。封装在models.py中 | |
| 40 | +使用AES对称加密敏感信息,前端加密,后端解密。偏移量iv、加密密钥key与前端保持一致,保证解密正确。封装在models.py中。 | |
| 41 | + | |
| 38 | 42 | 依赖组件: |
| 39 | 43 | * pycryptodome |
| 40 | 44 | * Crypto |
| ... | ... | @@ -42,10 +46,17 @@ password = SM3.encode('test') |
| 42 | 46 | 参考资料 |
| 43 | 47 | [pycryptodome]() |
| 44 | 48 | |
| 45 | - | |
| 49 | +**demo** | |
| 46 | 50 | ```python |
| 47 | 51 | from app.models import AESHelper |
| 48 | 52 | |
| 49 | -encryption=AESHelper.encode('message') | |
| 53 | +encryption=AESHelper.encode('test_data') | |
| 50 | 54 | result=AESHelper.decode(encryption) |
| 51 | -``` | |
| \ No newline at end of file | ||
| 55 | +``` | |
| 56 | + | |
| 57 | +## 4 使用验证码,防止恶意破解密码、刷票、论坛灌水、刷页 | |
| 58 | +验证码又叫CAPTCHA | |
| 59 | + | |
| 60 | +[验证码基础知识](https://baike.baidu.com/item/%E9%AA%8C%E8%AF%81%E7%A0%81/31701) | |
| 61 | +[使用python图像处理标准库](https://www.liaoxuefeng.com/wiki/1016959663602400/1017785454949568) | |
| 62 | +[pillow](https://pillow.readthedocs.io/en/stable/index.html) | |
| \ No newline at end of file | ... | ... |
请
注册
或
登录
后发表评论