随着技术发展,前端登录验证也是层出不穷,今天主要介绍一下主流的滑块认证和验证码认证
- 滑块认证
滑块认证属于行为认证,主要通过用户的操作行为来区分机器模拟行为。实现如下,这里使用vue搭建的系统。
系统界面:
<!-- 先在页面上设置两个容器,用于存放滑块图片和验证结果 -->
<div ref="captcha" id="captcha"></div>
<div id="msg"></div>
<script>
// 引入js文件
import '@/utils/slideBlock.js'
data() {
return {
slideRules: false, //滑块验证
}
},
mounted() {
this.getCaptcha()
},
methods: {
getCaptcha() {
jigsaw.init({
el: this.$refs.captcha,
onSuccess: this.onSuccess,
onFail: this.onFail,
onRefresh: this.cleanMsg
})
},
onSuccess() {
this.slideRules = true
this.$message.success('验证成功')
// 后台登录认证
},
onFail() {
this.slideRules = false
this.$message.error('验证失败,重新滑动')
},
cleanMsg() {
this.slideRules = false
},
}
到这里界面部分就结束了,接下来只要引入对应的js和css文件就可以了(css文件在js中引入)
**js页面:**
const l = 42, // 滑块边长
r = 9, // 滑块半径
w = 310, // canvas宽度
h = 155, // canvas高度
PI = Math.PI
const L = l + r * 2 + 3 // 滑块实际边长
const isIE = window.navigator.userAgent.indexOf('Trident') > -1
function getRandomNumberByRange (start, end) {
return Math.round(Math.random() * (end - start) + start)
}
function createCanvas (width, height) {
const canvas = document.createElement('canvas')
canvas.width = width
canvas.height = height
return canvas
}
function createImg (onload) {
const img = new Image()
img.crossOrigin = "Anonymous"
img.onload = onload
img.onerror = () => {
img.setSrc(getRandomImgSrc())
}
img.setSrc = function (src) {
if (isIE) { // IE浏览器无法通过img.crossOrigin跨域,使用ajax获取图片blob然后转为dataURL显示
const xhr = new XMLHttpRequest()
xhr.onloadend = function (e) {
const file = new FileReader() // FileReader仅支持IE10+
file.readAsDataURL(e.target.response)
file.onloadend = function (e) {
img.src = e.target.result
}
}
xhr.open('GET', src)
xhr.responseType = 'blob'
xhr.send()
}
else img.src = src
}
// 设置随机图像
img.setSrc(getRandomImgSrc())
return img
}
function createElement (tagName, className) {
const elment = document.createElement(tagName)
elment.className = className
return elment
}
function addClass (tag, className) {
tag.classList.add(className)
}
function removeClass (tag, className) {
tag.classList.remove(className)
}
// 随机图片地址
function getRandomImgSrc () {
return '//picsum.photos/300/150/?image=' + getRandomNumberByRange(0, 1084)
}
function draw (ctx, x, y, operation) {
ctx.beginPath()
ctx.moveTo(x, y)
ctx.arc(x + l / 2, y - r + 2, r, 0.72 * PI, 2.26 * PI)
ctx.lineTo(x + l, y)
ctx.arc(x + l + r - 2, y + l / 2, r, 1.21 * PI, 2.78 * PI)
ctx.lineTo(x + l, y + l)
ctx.lineTo(x, y + l)
ctx.arc(x + r - 2, y + l / 2, r + 0.4, 2.76 * PI, 1.24 * PI, true)
ctx.lineTo(x, y)
ctx.lineWidth = 2
ctx.fillStyle = 'rgba(255, 255, 255, 0.7)'
ctx.strokeStyle = 'rgba(255, 255, 255, 0.7)'
ctx.stroke()
ctx[operation]()
ctx.globalCompositeOperation = 'destination-over'
}
function sum (x, y) {
return x + y
}
function square (x) {
return x * x
}
import './slideBlock.css'
class jigsaw {
constructor ({ el, onSuccess, onFail, onRefresh }) {
el.style.position = 'relative'
el.style.width = w + 'px'
Object.assign(el.style, {
position: 'relative',
width: w + 'px',
margin: '0 auto'
})
this.el = el
this.onSuccess = onSuccess
this.onFail = onFail
this.onRefresh = onRefresh
}
init () {
this.initDOM()
this.initImg()
this.bindEvents()
}
initDOM () {
const canvas = createCanvas(w, h) // 画布
const block = canvas.cloneNode(true) // 滑块
const sliderContainer = createElement('div', 'sliderContainer')
const refreshIcon = createElement('div', 'refreshIcon')
const sliderMask = createElement('div', 'sliderMask')
const slider = createElement('div', 'slider')
const sliderIcon = createElement('span', 'sliderIcon')
const text = createElement('span', 'sliderText')
block.className = 'block'
text.innerHTML = '向右滑动填充拼图'
const el = this.el
el.appendChild(canvas)
el.appendChild(refreshIcon)
el.appendChild(block)
slider.appendChild(sliderIcon)
sliderMask.appendChild(slider)
sliderContainer.appendChild(sliderMask)
sliderContainer.appendChild(text)
el.appendChild(sliderContainer)
Object.assign(this, {
canvas,
block,
sliderContainer,
refreshIcon,
slider,
sliderMask,
sliderIcon,
text,
canvasCtx: canvas.getContext('2d'),
blockCtx: block.getContext('2d')
})
}
initImg () {
const img = createImg(() => {
this.draw()
this.canvasCtx.drawImage(img, 0, 0, w, h)
this.blockCtx.drawImage(img, 0, 0, w, h)
const y = this.y - r * 2 - 1
const ImageData = this.blockCtx.getImageData(this.x - 3, y, L, L)
this.block.width = L
this.blockCtx.putImageData(ImageData, 0, y)
})
this.img = img
}
draw () {
// 随机创建滑块的位置
this.x = getRandomNumberByRange(L + 10, w - (L + 10))
this.y = getRandomNumberByRange(10 + r * 2, h - (L + 10))
draw(this.canvasCtx, this.x, this.y, 'fill')
// 绘制滑块
draw(this.blockCtx, this.x, this.y, 'clip')
}
clean () {
this.canvasCtx.clearRect(0, 0, w, h)
this.blockCtx.clearRect(0, 0, w, h)
this.block.width = w
}
bindEvents () {
this.el.onselectstart = () => false
this.refreshIcon.onclick = () => {
this.reset()
typeof this.onRefresh === 'function' && this.onRefresh()
}
let originX, originY, trail = [], isMouseDown = false
const handleDragStart = function (e) {
originX = e.clientX || e.touches[0].clientX
originY = e.clientY || e.touches[0].clientY
isMouseDown = true
}
const handleDragMove = (e) => {
if (!isMouseDown) return false
const eventX = e.clientX || e.touches[0].clientX
const eventY = e.clientY || e.touches[0].clientY
const moveX = eventX - originX
const moveY = eventY - originY
if (moveX < 0 || moveX + 38 >= w) return false
this.slider.style.left = moveX + 'px'
const blockLeft = (w - 40 - 20) / (w - 40) * moveX
this.block.style.left = blockLeft + 'px'
addClass(this.sliderContainer, 'sliderContainer_active')
this.sliderMask.style.width = moveX + 'px'
trail.push(moveY)
}
const handleDragEnd = (e) => {
if (!isMouseDown) return false
isMouseDown = false
const eventX = e.clientX || e.changedTouches[0].clientX
if (eventX == originX) return false
removeClass(this.sliderContainer, 'sliderContainer_active')
this.trail = trail
const { spliced, verified } = this.verify()
if (spliced) {
if (verified) {
addClass(this.sliderContainer, 'sliderContainer_success')
typeof this.onSuccess === 'function' && this.onSuccess()
} else {
addClass(this.sliderContainer, 'sliderContainer_fail')
this.text.innerHTML = '再试一次'
this.reset()
}
} else {
addClass(this.sliderContainer, 'sliderContainer_fail')
typeof this.onFail === 'function' && this.onFail()
setTimeout(() => {
this.reset()
}, 1000)
}
}
this.slider.addEventListener('mousedown', handleDragStart)
this.slider.addEventListener('touchstart', handleDragStart)
this.block.addEventListener('mousedown', handleDragStart)
this.block.addEventListener('touchstart', handleDragStart)
document.addEventListener('mousemove', handleDragMove)
document.addEventListener('touchmove', handleDragMove)
document.addEventListener('mouseup', handleDragEnd)
document.addEventListener('touchend', handleDragEnd)
}
/**
* 进行验证
*/
verify () {
const arr = this.trail // 拖动时y轴的移动距离
console.log(this.trail)
// 求平均数
const average = arr.reduce(sum) / arr.length
// 计算偏差
const deviations = arr.map(x => x - average)
//
const stddev = Math.sqrt(deviations.map(square).reduce(sum) / arr.length)
console.log(stddev);
// 计算滑块左边距离
const left = parseInt(this.block.style.left)
return {
// 如果偏差小于10
spliced: Math.abs(left - this.x) < 10,
verified: stddev !== 0, // 简单验证下拖动轨迹,为零时表示Y轴上下没有波动,可能非人为操作
}
}
reset () {
this.sliderContainer.className = 'sliderContainer'
this.slider.style.left = 0
this.block.style.left = 0
this.sliderMask.style.width = 0
this.clean()
this.img.setSrc(getRandomImgSrc())
}
}
/**
* 设置window对象
*/
window.jigsaw = {
init: function (opts) {
return new jigsaw(opts).init()
}
}
css文件:
.block {
position: absolute;
left: 0;
top: 0;
cursor: pointer;
cursor: grab;
}
.block:active {
cursor: pointer;
cursor: grabbing;
}
.sliderContainer {
position: relative;
text-align: center;
width: 310px;
height: 40px;
line-height: 40px;
margin-top: 15px;
background: #f7f9fa;
color: #45494c;
border: 1px solid #e4e7eb;
}
.sliderContainer_active .slider {
height: 38px;
top: -1px;
border: 1px solid #1991FA;
}
.sliderContainer_active .sliderMask {
height: 38px;
border-width: 1px;
}
.sliderContainer_success .slider {
height: 38px;
top: -1px;
border: 1px solid #52CCBA;
background-color: #52CCBA !important;
}
.sliderContainer_success .sliderMask {
height: 38px;
border: 1px solid #52CCBA;
background-color: #D2F4EF;
}
.sliderContainer_success .sliderIcon {
background-position: 0 0 !important;
}
.sliderContainer_fail .slider {
height: 38px;
top: -1px;
border: 1px solid #f57a7a;
background-color: #f57a7a !important;
}
.sliderContainer_fail .sliderMask {
height: 38px;
border: 1px solid #f57a7a;
background-color: #fce1e1;
}
.sliderContainer_fail .sliderIcon {
top: 14px;
background-position: 0 -82px !important;
}
.sliderContainer_active .sliderText, .sliderContainer_success .sliderText, .sliderContainer_fail .sliderText {
display: none;
}
.sliderMask {
position: absolute;
left: 0;
top: 0;
height: 40px;
border: 0 solid #1991FA;
background: #D1E9FE;
}
.slider {
position: absolute;
top: 0;
left: 0;
width: 40px;
height: 40px;
background: #fff;
box-shadow: 0 0 3px rgba(0, 0, 0, 0.3);
transition: background .2s linear;
cursor: pointer;
cursor: grab;
}
.slider:active {
cursor: grabbing;
}
.slider:hover {
background: #1991FA;
}
.slider:hover .sliderIcon {
background-position: 0 -13px;
}
.sliderIcon {
position: absolute;
top: 15px;
left: 13px;
width: 14px;
height: 12px;
background: url(http://cstaticdun.126.net//2.6.3/images/icon_light.f13cff3.png) 0 -26px;
background-size: 34px 471px;
}
.refreshIcon {
position: absolute;
right: 0;
top: 0;
width: 34px;
height: 34px;
cursor: pointer;
background: url(http://cstaticdun.126.net//2.6.3/images/icon_light.f13cff3.png) 0 -437px;
background-size: 34px 471px;
}
到这里,滑块就生成啦,接下来根据滑块对应的响应事件,完成自己的业务逻辑就可以啦
使用滑块验证虽然酷炫,但由于只在前端做的验证,没办法保证对服务器接口发起的登录攻击,所以传统的验证码登录还是有一定的用武之地的,接下来就看一下验证码怎么验证呢?
2.验证码验证
界面: 这里使用vue框架和antdv组件
<!-- 验证码验证 -->
<a-form-item prop="code">
<a-row :span="24">
<a-col :span="16">
<a-input size="large"
pressEnter="handleSubmit"
v-model="loginForm.code"
placeholder="请输入验证码"
auto-complete="off"
v-decorator="[
'code',
{rules: [{ required: true, message: '请输入密码' }], validateTrigger: 'blur'}
]"
>
<a-icon slot="prefix" type="safety-certificate" :style="{ color: 'rgba(0,0,0,.25)' }" />
</a-input>
</a-col>
<a-col :span="7" :offset="1">
<div>
<img :src="loginForm.image" style="height:100%;width:100%" @click="getCaptchaCode"
/>
</div>
</a-col>
</a-row>
</a-form-item>
<script>
export default {
data() {
return {
form: this.$form.createForm(this),
loginBtn: false,
isLoginError: false,
slideRules: false, //滑块验证
loginForm: {
//验证码的值
code: "",
key:"",
//预加载白色背景
image: "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7",
},
}
},
mounted() {
this.getCaptchaCode() //获取验证码
},
methods: {
// 和后端请求验证码图片
getCaptchaCode(){
var that = this
api.getCaptchaCode().then(res =>{
that.loginForm.image = res.image
that.loginForm.key = res.key
})
},
}
</script>
使用验证码登录,逻辑很简单,就是先向后端发请求获取验证码图片和对应的索引key,用户输入验证码值后,点击提交一并把账号密码和验证码发给后端,供后端验证。
验证方式层出不穷,主要理解验证逻辑,希望能帮助到大家,这里只有部分关键代码用做参考
版权声明:本文为weixin_43727458原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。