【笔记】GoogleRecaptcha学习笔记

发表于 更新于 阅读次数:

前言

GoogleRecaptcha学习笔记

获取密钥

  • 复制网站密钥密钥

用于测试的密钥对

网站密钥:6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
密钥:6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe

前端验证(v3)

  • 发送请求给Google获取token

google域名:https://www.google.com/recaptcha/api.js
recaptcha域名:https://www.recaptcha.net/recaptcha/api.js

1
2
3
4
5
6
7
8
9
<script src="https://www.recaptcha.net/recaptcha/api.js"></script>
<script>
  function onSubmit(token) {
    console.log(token);
    // 发送给后端进行验证
    ...
  }
</script>
<button class="g-recaptcha" data-sitekey="6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI" data-callback="onSubmit" data-action="submit">提交</button>
  • 把从Cloudflare获取token发送请求给后端
request
1
2
3
4
POST http://127.0.0.1:8080/api
Content-Type: application/json

{username: "", password: "", token: "从Google获取的token"}

后端验证

  • 发送请求给Cloudflare验证从前端获取的token

google域名:https://www.google.com/recaptcha/api/siteverify
recaptcha域名:https://www.recaptcha.net/recaptcha/api/siteverify

request
1
2
3
4
POST https://www.recaptcha.net/recaptcha/api/siteverify
Content-Type: application/x-www-form-urlencoded

secret=密钥&response=从前端获取的token

Go

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
package main

import (
    "encoding/json"
    "fmt"
    "io/ioutil"
    "net/http"
    "strings"
    "time"
)

type GoogleRecaptchaVerificationResponseEntity struct {
    Success     bool      `json:"success"`
    Score       uint      `json:"score"`
    Action      string    `json:"action"`
    ChallengeTS time.Time `json:"challenge_ts"`
    ErrorCodes  []string  `json:"error-codes"`
}

func GoogleRecaptchaVerification(token string) (err error, success bool) {

    var url = "https://challenges.cloudflare.com/turnstile/v0/siteverify"
    var secret = "密钥"
 
    // 请求体参数
    var requestPayload string = fmt.Sprintf("secret=%s&response=%s", secret, token)
    // 发起请求获取响应
    var responseEntity *http.Response
    if res, err := http.Post(url, "application/x-www-form-urlencoded", strings.NewReader(requestPayload)); err != nil {
        return err, success
    } else {
        responseEntity = res
    }
    defer responseEntity.Body.Close()
    // 将响应体转换为文本
    var responseText []byte
    if res, err := ioutil.ReadAll(responseEntity.Body); err != nil {
        return err, success
    } else {
        responseText = res
    }
    // 将JSON格式的响应体文本转换为响应体结构体
    var responseObject GoogleRecaptchaVerificationResponseEntity
    if err := json.Unmarshal(responseText, &responseObject); err != nil {
        return err, success
    }
    if responseObject.Success == false {
        var errorCodeListString strings.Builder
        errorCodeListString.WriteString("\nErrorCodes:\n")
        for _, errorCodes := range responseObject.ErrorCodes {
            errorCodeListString.WriteString(errorCodes)
        }
        return err, false
    }

    return err, true
}

完成

参考文献

祥&宇的博客
哔哩哔哩——程序员老涂