HWJ 何伟俊 / DMapManager · 提交

提交 b3bd899e301ca83d6f6734c64f487523862fc190

作者 qianyingz
1 个父辈 d3d6703d

验证码提交1

内嵌 并排对比
正在显示 3 个修改的文件 包含 42 行增加5 行删除
@@ -14,6 +14,7 @@ import configure @@ -14,6 +14,7 @@ import configure
14 from app.decorators.auth_decorator import auth_decorator 14 from app.decorators.auth_decorator import auth_decorator
15 import time 15 import time
16 from app.models import SM3, AESHelper 16 from app.models import SM3, AESHelper
  17 +from PIL import Image
17 18
18 19
19 def current_user(): 20 def current_user():
@@ -47,9 +48,14 @@ class DataManager(BlueprintApi): @@ -47,9 +48,14 @@ class DataManager(BlueprintApi):
47 except OAuth2Error as error: 48 except OAuth2Error as error:
48 return jsonify(dict(error.get_body())) 49 return jsonify(dict(error.get_body()))
49 if not user: 50 if not user:
  51 + #生成验证码
  52 +
50 return render_template("auth/authorize.html", user=user, grant=grant) 53 return render_template("auth/authorize.html", user=user, grant=grant)
51 error = "" 54 error = ""
52 if not user: 55 if not user:
  56 + # 验证码校验
  57 +
  58 +
53 if not "username" in request.form or not request.form.get("username"): 59 if not "username" in request.form or not request.form.get("username"):
54 error = "用户名不可为空" 60 error = "用户名不可为空"
55 elif not "password" in request.form or not request.form.get("password"): 61 elif not "password" in request.form or not request.form.get("password"):
  1 +'''
  2 +生成验证码图片
  3 +'''
  4 +
  5 +from PIL import Image, ImageDraw, ImageFont, ImageFilter
  6 +import random
  7 +
  8 +
  9 +# 随机字符
  10 +def rndChar():
  11 + num = 0
  12 + while num == 0 and ((num >= 58 and num <= 64) or (num >= 91 and num <= 96)):
  13 + num = random.randint(48, 122)
  14 + return num
  15 +
  16 +# 随机颜色
  17 +
  18 +
  19 +def rndColor():
  20 + return ''
1 -# 权限控制 1 +101映射域名
  2 +dmap.apps.chinadci.com
  3 +
  4 +# Web安全
2 ## 1 接口权限控制 5 ## 1 接口权限控制
3 [swagger](https://swagger.io/docs/specification/2-0/what-is-swagger/) 6 [swagger](https://swagger.io/docs/specification/2-0/what-is-swagger/)
4 7
@@ -34,7 +37,8 @@ password = SM3.encode('test') @@ -34,7 +37,8 @@ password = SM3.encode('test')
34 ~~前端使用sm-crypto,用户与python-gmssl互通~~ 37 ~~前端使用sm-crypto,用户与python-gmssl互通~~
35 ~~[npm_sm-crypto](https://www.npmjs.com/package/sm-crypto)~~ 38 ~~[npm_sm-crypto](https://www.npmjs.com/package/sm-crypto)~~
36 39
37 -使用AES加密敏感信息,前端加密,后端解密。偏移量iv、加密密钥key与前端保持一致,保证解密正确。封装在models.py中 40 +使用AES对称加密敏感信息,前端加密,后端解密。偏移量iv、加密密钥key与前端保持一致,保证解密正确。封装在models.py中。
  41 +
38 依赖组件: 42 依赖组件:
39 * pycryptodome 43 * pycryptodome
40 * Crypto 44 * Crypto
@@ -42,10 +46,17 @@ password = SM3.encode('test') @@ -42,10 +46,17 @@ password = SM3.encode('test')
42 参考资料 46 参考资料
43 [pycryptodome]() 47 [pycryptodome]()
44 48
45 - 49 +**demo**
46 ```python 50 ```python
47 from app.models import AESHelper 51 from app.models import AESHelper
48 52
49 -encryption=AESHelper.encode('message') 53 +encryption=AESHelper.encode('test_data')
50 result=AESHelper.decode(encryption) 54 result=AESHelper.decode(encryption)
51 -```  
  55 +```
  56 +
  57 +## 4 使用验证码,防止恶意破解密码、刷票、论坛灌水、刷页
  58 +验证码又叫CAPTCHA
  59 +
  60 +[验证码基础知识](https://baike.baidu.com/item/%E9%AA%8C%E8%AF%81%E7%A0%81/31701)
  61 +[使用python图像处理标准库](https://www.liaoxuefeng.com/wiki/1016959663602400/1017785454949568)
  62 +[pillow](https://pillow.readthedocs.io/en/stable/index.html)
注册登录 后发表评论