啥是防刷校验:就是你注册不是要发你验证码吗,正常应该60秒内只能发一次,不然别人捕获到你的请求疯狂给你发,那性能降低
宕机都有可能,实现大致逻辑就是,发送一次验证码就把它拼上缓存作为值,然后键就用缓存前缀(最好有,防重复)拼上手机号
放入缓存,要设置过期时间,我这是10分钟,如果十分钟后还没输入就要重发验证码了,然后发送一次后如果在60秒内他又刷新页面然后
点发送验证码,就根据当前手机号取出缓存,用当前系统时间减去当时缓存中存入的系统时间如果小于60秒那么就给抛异常:刷新频率太高,请稍后再试
1.auth服务引入redis依赖
2.添加redis主机与端口的配置 端口默认为6379
3.添加验证码前缀
5.后端代码
LoginController
package com.atguigu.gulimall.auth.controller;
import com.atguigu.common.constant.AuthServerConstant;
import com.atguigu.common.exception.BizCodeEnume;
import com.atguigu.common.utils.R;
import com.atguigu.gulimall.auth.feign.SmsFeignService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
/**
* @author rengang
* @version 1.0
* @date 2021/4/21 14:52
*/
@Controller
public class LoginController {
@Autowired
SmsFeignService smsFeignService;
@Autowired
StringRedisTemplate stringRedisTemplate;
@GetMapping("/sms/sendCode")
public R sendSms(@RequestParam("phone") String phone){
String cacheKey = AuthServerConstant.SMS_CODE_CACHE_PREFIX+"_"+phone;
//验证码防刷
String code = stringRedisTemplate.opsForValue().get(cacheKey);
//已经发送过的话需要做校验 间隔少于60秒 不能再次请求
if(code != null && System.currentTimeMillis() - Long.parseLong(code.split("_")[1]) < 60*1000){
return R.error(10003,"验证码发送频率太高,请稍后再试");
}
String sendCode = UUID.randomUUID().toString().substring(0, 5);
String cacheCode = sendCode+"_"+System.currentTimeMillis();
stringRedisTemplate.opsForValue().set(cacheKey,cacheCode,10, TimeUnit.MINUTES);
R r = smsFeignService.sendCode(phone, sendCode);
return r;
}
}
SmsFeignService
package com.atguigu.gulimall.auth.feign;
import com.atguigu.common.utils.R;
import org.springframework.cloud.openfeign.FeignClient;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
/**
* @author rengang
* @version 1.0
* @date 2021/4/21 14:54
*/
@FeignClient("gulimall-thirdparty")
public interface SmsFeignService {
@GetMapping("/sms/sendCode")
R sendCode(@RequestParam String phone, @RequestParam String code);
}
SmsSendController
发送短信直接在通过feign调用第三方服务中打印或者存到redis中算了 这样来测试,就不用花钱买真实的验证码短信服务了
package com.atguigu.gulimall.thirdparty.controller;
import com.atguigu.common.utils.R;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
/**
* @author rengang
* @version 1.0
* @date 2021/4/21 14:13
*/
@RestController
@RequestMapping("/sms")
public class SmsSendController {
@GetMapping("/sendCode")
public R sendCode(@RequestParam String phone, @RequestParam String code){
System.out.println("给手机号为"+phone+"的人发送了短信验证码: "+code);
return R.ok();
}
}
6.前端代码
reg.html
$(function(){
//点击发送验证码按钮触发下面函数
$('#sendCode').click(function(){
//1、倒计时 如果有disabled,说明最近已经点过,则什么都不做
debugger
if($(this).hasClass("disabled")){
//正在倒计时中
}else{
//2、给指定手机号发送验证码
$.get("/sms/sendCode?phone="+$("#phoneNum").val(),function(data){
if(data.code != 0){
alert(data.msg);
}
});
setTimeout("timeoutChangeStyle()",1000);
}
});
})