1、增加滑块验证码效验

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/controller/app/common/captcha/AppCaptchaController.java

@@ -0,0 +1,53 @@
+package com.citu.module.menduner.system.controller.app.common.captcha;
+
+import cn.hutool.core.util.StrUtil;
+import com.citu.framework.common.util.servlet.ServletUtils;
+import com.xingyuv.captcha.model.common.ResponseModel;
+import com.xingyuv.captcha.model.vo.CaptchaVO;
+import com.xingyuv.captcha.service.CaptchaService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.annotation.Resource;
+import javax.annotation.security.PermitAll;
+import javax.servlet.http.HttpServletRequest;
+
+@Tag(name = "用户端 - 验证码")
+@RestController("appCaptchaController")
+@RequestMapping("/menduner/system/captcha")
+public class AppCaptchaController {
+
+    @Resource
+    private CaptchaService captchaService;
+
+    @PostMapping({"/get"})
+    @Operation(summary = "获得验证码")
+    @PermitAll
+    public ResponseModel get(@RequestBody CaptchaVO data, HttpServletRequest request) {
+        assert request.getRemoteHost() != null;
+        data.setBrowserInfo(getRemoteId(request));
+        return captchaService.get(data);
+    }
+
+    @PostMapping("/check")
+    @Operation(summary = "校验验证码")
+    @PermitAll
+    public ResponseModel check(@RequestBody CaptchaVO data, HttpServletRequest request) {
+        data.setBrowserInfo(getRemoteId(request));
+        return captchaService.check(data);
+    }
+
+    public static String getRemoteId(HttpServletRequest request) {
+        String ip = ServletUtils.getClientIP(request);
+        String ua = request.getHeader("user-agent");
+        if (StrUtil.isNotBlank(ip)) {
+            return ip + ua;
+        }
+        return request.getRemoteAddr() + ua;
+    }
+
+}

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/framework/captcha/config/CituCaptchaConfiguration.java

@@ -0,0 +1,30 @@
+package com.citu.module.menduner.system.framework.captcha.config;
+
+
+import com.citu.module.menduner.system.framework.captcha.core.RedisCaptchaServiceImpl;
+import com.xingyuv.captcha.properties.AjCaptchaProperties;
+import com.xingyuv.captcha.service.CaptchaCacheService;
+import com.xingyuv.captcha.service.impl.CaptchaServiceFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.core.StringRedisTemplate;
+
+/**
+ * 验证码的配置类
+ *
+ * @author Rayson
+ */
+@Configuration(proxyBeanMethods = false)
+public class CituCaptchaConfiguration {
+
+    @Bean
+    public CaptchaCacheService captchaCacheService(AjCaptchaProperties config,
+                                                   StringRedisTemplate stringRedisTemplate) {
+        CaptchaCacheService captchaCacheService = CaptchaServiceFactory.getCache(config.getCacheType().name());
+        if (captchaCacheService instanceof RedisCaptchaServiceImpl) {
+            ((RedisCaptchaServiceImpl) captchaCacheService).setStringRedisTemplate(stringRedisTemplate);
+        }
+        return captchaCacheService;
+    }
+
+}

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/framework/captcha/core/RedisCaptchaServiceImpl.java

@@ -0,0 +1,49 @@
+package com.citu.module.menduner.system.framework.captcha.core;
+
+import com.xingyuv.captcha.service.CaptchaCacheService;
+import lombok.Setter;
+import org.springframework.data.redis.core.StringRedisTemplate;
+
+import java.util.concurrent.TimeUnit;
+
+/**
+ * 基于 Redis 实现验证码的存储
+ *
+ * @author 星语
+ */
+@Setter
+public class RedisCaptchaServiceImpl implements CaptchaCacheService {
+
+    private StringRedisTemplate stringRedisTemplate;
+
+    @Override
+    public String type() {
+        return "redis";
+    }
+
+    @Override
+    public void set(String key, String value, long expiresInSeconds) {
+        stringRedisTemplate.opsForValue().set(key, value, expiresInSeconds, TimeUnit.SECONDS);
+    }
+
+    @Override
+    public boolean exists(String key) {
+        return Boolean.TRUE.equals(stringRedisTemplate.hasKey(key));
+    }
+
+    @Override
+    public void delete(String key) {
+        stringRedisTemplate.delete(key);
+    }
+
+    @Override
+    public String get(String key) {
+        return stringRedisTemplate.opsForValue().get(key);
+    }
+
+    @Override
+    public Long increment(String key, long val) {
+        return stringRedisTemplate.opsForValue().increment(key,val);
+    }
+
+}

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/framework/captcha/package-info.java

@@ -0,0 +1,8 @@
+/**
+ * 验证码拓展
+ *
+ * 基于 aj-captcha 实现滑块验证码，文档：https://ajcaptcha.beliefteam.cn/captcha-doc/
+ *
+ * @author 星语
+ */
+package com.citu.module.menduner.system.framework.captcha;

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/service/auth/MdeAuthServiceImpl.java

@@ -153,7 +153,7 @@ public class MdeAuthServiceImpl implements MdeAuthService {
                     .set(String.format(MDE_AUTH_USER_PHONE_ENUM, account), String.valueOf(numInt), 8, TimeUnit.HOURS);
 
             createLoginLog(null, account, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS);
-            if (numInt >= 5) {
+            if (numInt >= 1) {
                 // 8个小时内输错5次 锁定
                 throw exception(MDE_USER_PHONE_NOT_EXISTS_ERROR);
             } else {

menduner/menduner-system-biz/src/main/resources/META-INF/services/com.xingyuv.captcha.service.CaptchaCacheService

@@ -0,0 +1 @@
+com.citu.module.menduner.system.framework.captcha.core.RedisCaptchaServiceImpl

menduner/menduner-system-biz/src/main/resources/application.yaml

@@ -116,6 +116,23 @@ baidu:
     apiKey: yREaxoyldHnwuq8hqAEe0JAQ
     secretKey: nYGuu9KJGWvi3RsWodCQ1OuFMDVXukBR
 
+--- #################### 验证码相关配置 ####################
+aj:
+  captcha:
+    jigsaw: classpath:images/jigsaw # 滑动验证，底图路径，不配置将使用默认图片；以 classpath: 开头，取 resource 目录下路径
+    pic-click: classpath:images/pic-click # 滑动验证，底图路径，不配置将使用默认图片；以 classpath: 开头，取 resource 目录下路径
+    cache-type: redis # 缓存 local/redis...
+    cache-number: 1000 # local 缓存的阈值,达到这个值，清除缓存
+    timing-clear: 180 # local定时清除过期缓存(单位秒),设置为0代表不执行
+    type: blockPuzzle # 验证码类型 default两种都实例化。 blockPuzzle 滑块拼图 clickWord 文字点选
+    water-mark: 门墩儿 # 右下角水印文字(我的水印)，可使用 https://tool.chinaz.com/tools/unicode.aspx 中文转 Unicode，Linux 可能需要转 unicode
+    interference-options: 0 # 滑动干扰项(0/1/2)
+    req-frequency-limit-enable: false # 接口请求次数一分钟限制是否开启 true|false
+    req-get-lock-limit: 5 # 验证失败5次，get接口锁定
+    req-get-lock-seconds: 10 # 验证失败后，锁定时间间隔
+    req-get-minute-limit: 30 # get 接口一分钟内请求数限制
+    req-check-minute-limit: 60 # check 接口一分钟内请求数限制
+    req-verify-minute-limit: 60 # verify 接口一分钟内请求数限制
 
 --- #################### 芋道相关配置 ####################
 
@@ -148,7 +165,7 @@ citu:
     transform:
       enable: false
   captcha:
-    enable: false # 验证码的开关，默认为 true；
+    enable: true # 验证码的开关，默认为 true；
   tenant: # 多租户相关配置项
     enable: true
     ignore-urls: