加入拼图校验

h5验证码登录和微信登录绑定手机号在发送验证码之前都需要判断是否需要拼图校验

加入拼图校验
h5验证码登录和微信登录绑定手机号在发送验证码之前都需要判断是否需要拼图校验
388e54af · Chongwen.jiang · 74b22cbe · 388e54af · 388e54af · 388e54af
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -188,6 +188,18 @@
            <scope>test</scope>
        </dependency>

+        <dependency>
+            <groupId>com.pica.cloud.foundation</groupId>
+            <artifactId>pica-cloud-proof-client</artifactId>
+            <version>1.0.0</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>io.swagger</groupId>
+                    <artifactId>swagger-annotations</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+

    </dependencies>


--- a/server/src/main/java/com/pica/cloud/account/account/server/controller/AutoCodeController.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/controller/AutoCodeController.java
@@ -140,20 +140,16 @@ public class AutoCodeController extends AccountBaseController {
        BaseRequest request = CryptoUtil.decrypt(entity, BaseRequest.class);
        AccountUtils.checkMobilePhone(request.getMobile());

-        if (request.getBizType() != null && request.getBizType().equals(1)) {
-            logger.info("h5-rcValidate-start");
-            //  调用风控接口
-            authCodeService.rcValidate(req, request, super.getDeviceInfo());
-            //  发送短信验证码
-            processSysCode(request.getMobile(), request.getFlag());
-            return PicaResponse.toResponse();
-        } else {
-            //  h5(发送短信验证码)
-            processSysCode(request.getMobile(), request.getFlag());
-            //  记录风控数据
-            authCodeService.recordRcData(req, request, super.getDeviceInfo("device_ip"));
-            return PicaResponse.toResponse();
-        }
+        //  拼图验证
+        authCodeService.validateJigsawCode(request.getMobile(), request.getCapCode(), request.getxPos());
+
+        //  发送短信验证码
+        processSysCode(request.getMobile(), request.getFlag());
+
+        //  TODO 记录风控数据（记录是h5端）
+        authCodeService.recordRcData(req, request, super.getDeviceInfo("device_ip"));
+
+        return PicaResponse.toResponse();
    }

    /**
@@ -197,7 +193,13 @@ public class AutoCodeController extends AccountBaseController {
        return PicaResponse.toResponse(StringUtils.EMPTY);
    }

-
+    @ApiOperation("获取拼图码校验")
+    @PostMapping("/jigsawCode")
+    public PicaResponse getJigsawCode(@RequestBody EncryptEntity entity,
+                                      HttpServletRequest req) throws Exception {
+        BaseRequest request = CryptoUtil.decrypt(entity, BaseRequest.class);
+        return PicaResponse.toResponse(authCodeService.validateJigsawCode(request.getMobile()));
+    }

    @ApiOperation("微信获取验证码")
    @PostMapping(value = "/authCode/wechat")

--- a/server/src/main/java/com/pica/cloud/account/account/server/enums/AccountExceptionEnum.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/enums/AccountExceptionEnum.java
@@ -50,6 +50,8 @@ public enum AccountExceptionEnum {
    PICA_H5_AUTH_CODE_INTERFACE_OFFED("216541", "该功能已关闭"),
    PICA_MESSAGE_SERVICE_CALL_FAIL("216542", "短信发送失败"),
    PICA_BIND_WECHAT_FAIL("216543", "绑定微信失败"),
+    PICA_CAP_CODE_ERROR("216544", "拼图验证失败"),
+    PICA_CAP_GET_INVOKE_ERROR("216545", "拼图获取失败"),


    xxx_xxx("","");

--- a/server/src/main/java/com/pica/cloud/account/account/server/model/JigsawCodeModel.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/model/JigsawCodeModel.java
+// Copyright 2016-2101 Pica.
+package com.pica.cloud.account.account.server.model;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+
+/**
+ * @ClassName AuthCodeReq
+ * @Description h5拼图对象
+ * @Author Chongwen.jiang
+ * @Date 2020/3/23 13:29
+ * @ModifyDate 2020/3/23 13:29
+ * @Version 1.0
+ */
+@ApiModel(value = "JigsawCodeModel", description = "h5拼图对象")
+public class JigsawCodeModel {
+
+    @ApiModelProperty(value = "背景图")
+    private String backImage;
+
+    @ApiModelProperty(value = "滑动图")
+    private String slidingImage;
+
+    @ApiModelProperty(value = "y坐标")
+    private Integer yHeight;
+
+    @ApiModelProperty(value = "时间戳")
+    private String capCode;
+
+    public String getBackImage() {
+        return backImage;
+    }
+
+    public void setBackImage(String backImage) {
+        this.backImage = backImage;
+    }
+
+    public String getSlidingImage() {
+        return slidingImage;
+    }
+
+    public void setSlidingImage(String slidingImage) {
+        this.slidingImage = slidingImage;
+    }
+
+    public Integer getyHeight() {
+        return yHeight;
+    }
+
+    public void setyHeight(Integer yHeight) {
+        this.yHeight = yHeight;
+    }
+
+    public String getCapCode() {
+        return capCode;
+    }
+
+    public void setCapCode(String capCode) {
+        this.capCode = capCode;
+    }
+
+}
+
--- a/server/src/main/java/com/pica/cloud/account/account/server/req/BaseRequest.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/req/BaseRequest.java
@@ -46,6 +46,10 @@ public class BaseRequest {
    private String appleId;
    @ApiModelProperty("apple用户信息(json字符串)")
    private String info;
+    @ApiModelProperty("capCode")
+    private String capCode;
+    @ApiModelProperty("滑动图片的x位置")
+    private int xPos;

    public String getCaptchaToken() {
        return captchaToken;
@@ -206,4 +210,20 @@ public class BaseRequest {
    public void setDevice_token(String device_token) {
        this.device_token = device_token;
    }
+
+    public String getCapCode() {
+        return capCode;
+    }
+
+    public void setCapCode(String capCode) {
+        this.capCode = capCode;
+    }
+
+    public int getxPos() {
+        return xPos;
+    }
+
+    public void setxPos(int xPos) {
+        this.xPos = xPos;
+    }
 }
--- a/server/src/main/java/com/pica/cloud/account/account/server/service/AuthCodeService.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/service/AuthCodeService.java
 // Copyright 2016-2101 Pica.
 package com.pica.cloud.account.account.server.service;

+import com.pica.cloud.account.account.server.model.JigsawCodeModel;
 import com.pica.cloud.account.account.server.req.BaseRequest;

 import javax.servlet.http.HttpServletRequest;
@@ -19,4 +20,9 @@ public interface AuthCodeService {

    void recordRcData(HttpServletRequest req, BaseRequest baseRequest, String deviceIp);

+    void validateJigsawCode(String mobile, String capCode, int xPos);
+
+    JigsawCodeModel validateJigsawCode(String mobile);
+
+
 }
--- a/server/src/main/java/com/pica/cloud/account/account/server/service/impl/AuthCodeServiceImpl.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/service/impl/AuthCodeServiceImpl.java
@@ -3,10 +3,12 @@ package com.pica.cloud.account.account.server.service.impl;

 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONException;
+import com.alibaba.fastjson.JSONObject;
 import com.pica.cloud.account.account.server.constants.Constants;
 import com.pica.cloud.account.account.server.enums.AccountExceptionEnum;
 import com.pica.cloud.account.account.server.enums.RcRepTypeEnum;
 import com.pica.cloud.account.account.server.req.BaseRequest;
+import com.pica.cloud.account.account.server.model.JigsawCodeModel;
 import com.pica.cloud.account.account.server.service.AuthCodeService;
 import com.pica.cloud.account.account.server.util.AESUtil;
 import com.pica.cloud.account.account.server.util.IPUtil;
@@ -15,6 +17,9 @@ import com.pica.cloud.foundation.entity.PicaResponse;
 import com.pica.cloud.foundation.entity.PicaResultCode;
 import com.pica.cloud.foundation.entity.PicaWarnException;
 import com.pica.cloud.foundation.redis.ICacheClient;
+import com.pica.cloud.foundation.utils.utils.StringUtil;
+import com.pica.cloud.proof.client.SliderImageService;
+import com.pica.cloud.proof.contract.request.SliderImageRequest;
 import com.pica.cloud.riskcontrol.riskcontrol.client.CheckCodeClient;
 import com.pica.cloud.riskcontrol.riskcontrol.common.req.CheckcodeRiskReq;
 import com.pica.cloud.riskcontrol.riskcontrol.common.resp.CheckcodeRiskResp;
@@ -51,6 +56,9 @@ public class AuthCodeServiceImpl implements AuthCodeService {
    @Qualifier("accountThreadPool")
    private ThreadPoolTaskExecutor threadPoolTaskExecutor;

+    @Autowired
+    private SliderImageService sliderImageService;
+

    /**
     * @Description 调用风控接口
@@ -108,7 +116,7 @@ public class AuthCodeServiceImpl implements AuthCodeService {
                            //  获取剩余秒数
                            String authCodeKey = Constants.AUTH_CODE_PREFIX + baseRequest.getFlag() + "-" + AESUtil.encryptV0(baseRequest.getMobile()) + "-secure";
                            Long time = cacheClient.get(authCodeKey, Long.class);
-                            if(Objects.nonNull(time)) {
+                            if (Objects.nonNull(time)) {
                                int remainTime = 59 - (int) (System.currentTimeMillis() - time) / 1000;
                                if (remainTime > 0) {
                                    throw new PicaWarnException(AccountExceptionEnum.PICA_RC_60_SECOND_LIMIT.getCode(),
@@ -153,5 +161,117 @@ public class AuthCodeServiceImpl implements AuthCodeService {
        }
    }

+    /**
+     * @Description 拼图验证
+     * @Author Chongwen.jiang
+     * @Date 2020/3/23 15:04
+     * @ModifyDate 2020/3/23 15:04
+     * @Params [capCode, xPos]
+     * @Return void
+     */
+    @Override
+    public void validateJigsawCode(String mobile, String capCode, int xPos) {
+        // 调用风控服务，是否需要触发拼图验证
+        Boolean need = this.judgeNeedJigsaw(mobile);
+        Boolean paramValid = StringUtils.isNotEmpty(capCode) && xPos > 0;
+        if (!need && !paramValid) {
+            return;
+        }
+
+        if (!paramValid) {
+            throw new PicaWarnException(PicaResultCode.PARAM_IS_INVALID.code(), PicaResultCode.PARAM_IS_INVALID.message());
+        }
+        PicaResponse resp = null;
+        try {
+            SliderImageRequest req = new SliderImageRequest();
+            req.setCapcode(capCode);
+            req.setXpos(xPos);
+            resp = sliderImageService.checkcapcode(req);
+            logger.info("validateJigsawCode-resp:{}", JSON.toJSONString(resp));
+        } catch (Exception e) {
+            logger.error("validateJigsawCode-sliderImageService.checkcapcode invoke exception", e.getMessage());
+            throw new PicaWarnException(AccountExceptionEnum.PICA_CAP_CODE_ERROR.getCode(),
+                    AccountExceptionEnum.PICA_CAP_CODE_ERROR.getMessage());
+        }
+
+        String code = "2";
+        if (Objects.nonNull(resp)) {
+            JSONObject respData = JSON.parseObject(JSON.toJSONString(resp.getData()), JSONObject.class);
+            if (Objects.nonNull(respData)) {
+                Object codeObj = respData.get("code");
+                if (Objects.nonNull(codeObj)) {
+                    code = String.valueOf(codeObj);
+                }
+            }
+        }
+        if (StringUtil.equals(code, "2") ||
+                StringUtil.equals(code, "3")) {
+            // 3超期 2验证失败 1成功
+            throw new PicaWarnException(AccountExceptionEnum.PICA_CAP_CODE_ERROR.getCode(),
+                    AccountExceptionEnum.PICA_CAP_CODE_ERROR.getMessage());
+        }
+    }
+
+    /**
+     * @Description 获取拼图码校验
+     * @Author Chongwen.jiang
+     * @Date 2020/3/23 15:29
+     * @ModifyDate 2020/3/23 15:29
+     * @Params [mobile]
+     * @Return com.pica.cloud.account.account.server.model.JigsawCodeModel
+     */
+    @Override
+    public JigsawCodeModel validateJigsawCode(String mobile) {
+        logger.info("getJigsawCode-mobile:{}", mobile);
+        // 调用风控服务，是否需要触发拼图验证
+        Boolean need = this.judgeNeedJigsaw(mobile);
+
+        //  调用proof服务获取拼图数据
+        JigsawCodeModel data = new JigsawCodeModel();
+        PicaResponse picResp = null;
+        if (need) {
+            try {
+                picResp = sliderImageService.getPic();
+                logger.info("getJigsawCode-getPic:{}", JSON.toJSONString(picResp));
+            } catch (Exception e) {
+                logger.error("getJigsawCode-sliderImageService.getPic invoke exception", e.getMessage());
+                throw new PicaWarnException(AccountExceptionEnum.PICA_CAP_GET_INVOKE_ERROR.getCode(),
+                        AccountExceptionEnum.PICA_CAP_GET_INVOKE_ERROR.getMessage());
+            }
+            if (Objects.nonNull(picResp)) {
+                JSONObject respData = JSON.parseObject(JSON.toJSONString(picResp.getData()), JSONObject.class);
+                if (Objects.nonNull(respData)) {
+                    data.setCapCode(respData.getString("capcode"));
+                    data.setBackImage(respData.getString("backImage"));
+                    data.setSlidingImage(respData.getString("slidingImage"));
+                    data.setyHeight(respData.getInteger("yHeight"));
+                }
+            }
+        }
+
+        return data;
+    }
+
+    /**
+     * @Description 调用风控服务，是否需要触发拼图验证
+     * @Author Chongwen.jiang
+     * @Date 2020/3/23 16:01
+     * @ModifyDate 2020/3/23 16:01
+     * @Params [mobile]
+     * @Return java.lang.Boolean true:需要触发拼图验证 false:不需要
+     */
+    private Boolean judgeNeedJigsaw(String mobile) {
+        Boolean need = true;
+        try {
+            //  TODO 调用风控服务，是否需要触发拼图验证
+            //  rcClient.
+
+        } catch (Exception e) {
+            logger.error("judgeNeedJigsaw-client invoke exception", e.getMessage());
+            throw new PicaWarnException(PicaResultCode.INTERFACE_INVOKE_ERROR.code(),
+                    PicaResultCode.INTERFACE_INVOKE_ERROR.message());
+        }
+        return need;
+    }

 }