javascript 客户端服务器 REST API 验证码实现
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/29562710/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Client Server REST API captcha implementation
提问by Vladimir Cvetic
I'm building client server REST application. Client side is based on Angular while server is PHP (not that it matters much anyhow).
我正在构建客户端服务器 REST 应用程序。客户端基于 Angular,而服务器是 PHP(无论如何这并不重要)。
What I am wondering if there are any best practices, good examples of captcha implementation in this case? Captcha would be used for user registration etc.
我想知道在这种情况下是否有任何最佳实践,验证码实现的好例子?验证码将用于用户注册等。
I'm not limited to any specific libraries, only requirement is that there cannot be any calls to 3rd party servers on client side (js libraries hosted on 3rd party servers or req api key etc).
我不限于任何特定的库,唯一的要求是不能在客户端调用 3rd 方服务器(托管在 3rd 方服务器上的 js 库或 req api 密钥等)。
thanks
谢谢
回答by Daniel Aranda
When google captcha approves one user, it provides you a token.
当谷歌验证码批准一个用户时,它会为您提供一个令牌。
So imagine this context. Users is about to save, and uses the captcha, the captcha does its business until approve user and gives you a token, it is all that matters.
所以想象一下这个背景。用户即将保存,并使用验证码,验证码会一直工作,直到批准用户并给您一个令牌,这才是最重要的。
If you want to see a "tentative" flow of requests for this.
如果您想查看此请求的“暂定”流程。
- User before register passed captcha, the captcha gives you a token in the front end.
- User clicks save, you receive in the backend the form data and the captcha token. You ask to google through the api, does the token is real? if they said yes, you save the form, if somehow Google does not recognize it, you return an error.
- Front end listen for success or error and what kind of error. IF error is captcha, force a retry, get a new token.
- Backend receive again the form data and the new token and check again.
- 用户在注册前通过验证码,验证码在前端给你一个令牌。
- 用户点击保存,您会在后端收到表单数据和验证码令牌。你通过api要求google,token是真的吗?如果他们说是,你保存表单,如果谷歌不承认它,你返回一个错误。
- 前端监听成功或错误以及什么样的错误。如果错误是验证码,则强制重试,获取新令牌。
- 后端再次接收表单数据和新令牌并再次检查。
回答by Ben Gray
Google's new-ish reCaptcha is pretty slick. They have several easy to understand examples and usage scenarios.
谷歌的新式 reCaptcha 非常漂亮。他们有几个易于理解的示例和使用场景。
https://www.google.com/recaptcha/intro/index.html
https://www.google.com/recaptcha/intro/index.html
Edit: To address your specific question of how to implement this in a RESTful application, I'd make two files. One would be a public-facing file like index.php and the other would be a back-end file that would hold the private information.
编辑:为了解决您如何在 RESTful 应用程序中实现这一点的具体问题,我将制作两个文件。一个是像 index.php 这样的面向公众的文件,另一个是包含私人信息的后端文件。
I could copy/paste my previously-written how-to here, or I could just link you to the article I wrote 2 months ago.
我可以在此处复制/粘贴我之前编写的操作方法,或者我可以将您链接到我 2 个月前写的文章。
回答by Anita
You can have a look on google-recaptcha. Its angular implementation is here
您可以查看 google-recaptcha。它的角度实现在这里
