asp.net core 腾讯验证码的接入

asp.net core 腾讯验证码的接入

Intro

之前使用的验证码服务是用的极验验证，而且是比较旧的，好久之前接入的，而且验证码服务依赖 Session，有点不太灵活，后来发现腾讯也有验证码服务，而且支持小程序，并且是唯一支持小程序的验证码。。（垄断么。。）

而且相比之下，腾讯验证码不需要依赖 Session，集成起来也比较方便，于是就用了腾讯验证码，详细参考：https://007.qq.com/product.html?ADTAG=index.block

验证流程

服务器端接入

using System.ComponentModel.DataAnnotations;	
using System.Net.Http;	
using System.Threading.Tasks;	
using Microsoft.Extensions.Logging;	
using Microsoft.Extensions.Options;	
using Newtonsoft.Json;	
using WeihanLi.Extensions;	
namespace ActivityReservation.Common	
{	
    public class TencentCaptchaOptions	
    {	
        /// <summary>	
        /// 客户端AppId	
        /// </summary>	
        [Required]	
        public string AppId { get; set; }	
        /// <summary>	
        /// App Secret Key	
        /// </summary>	
        [Required]	
        public string AppSecret { get; set; }	
    }	
    public class TencentCaptchaRequest	
    {	
        /// <summary>	
        /// 验证码客户端验证回调的票据	
        /// </summary>	
        public string Ticket { get; set; }	
        /// <summary>	
        /// 验证码客户端验证回调的随机串	
        /// </summary>	
        public string Nonce { get; set; }	
        /// <summary>	
        /// 提交验证的用户的IP地址（eg: 10.127.10.2）	
        /// </summary>	
        public string UserIP { get; set; }	
    }	
    public class TencentCaptchaHelper	
    {	
        private class TencentCaptchaResponse	
        {	
            /// <summary>	
            /// 1:验证成功，0:验证失败，100:AppSecretKey参数校验错误	
            /// </summary>	
            [JsonProperty("response")]	
            public int Code { get; set; }	
            /// <summary>	
            /// 恶意等级 [0, 100]	
            /// </summary>	
            [JsonProperty("evil_level")]	
            public string EvilLevel { get; set; }	
            /// <summary>	
            /// 错误信息	
            /// </summary>	
            [JsonProperty("err_msg")]	
            public string ErrorMsg { get; set; }	
        }	
        private const string TencentCaptchaVerifyUrl = "https://ssl.captcha.qq.com/ticket/verify";	
        private readonly TencentCaptchaOptions _captchaOptions;	
        private readonly ILogger _logger;	
        private readonly HttpClient _httpClient;	
        public TencentCaptchaHelper(	
            IOptions<TencentCaptchaOptions> option,	
            ILogger<TencentCaptchaHelper> logger,	
            HttpClient httpClient)	
        {	
            _captchaOptions = option.Value;	
            _logger = logger;	
            _httpClient = httpClient;	
        }	
        public async Task<bool> IsValidRequestAsync(TencentCaptchaRequest request)	
        {	
            // 参考文档：https://007.qq.com/captcha/#/gettingStart	
            var response = await _httpClient.GetAsync(	
                $"{TencentCaptchaVerifyUrl}?aid={_captchaOptions.AppId}&AppSecretKey={_captchaOptions.AppSecret}&Ticket={request.Ticket}&Randstr={request.Nonce}&UserIP={request.UserIP}");	
            var responseText = await response.Content.ReadAsStringAsync();	
            if (responseText.IsNotNullOrEmpty())	
            {	
                _logger.Debug($"Tencent captcha verify response:{responseText}");	
                var result = responseText.JsonToType<TencentCaptchaResponse>();	
                if (result.Code == 1)	
                {	
                    return true;	
                }	
            }	
            return false;	
        }	
    }	
}

Startup 配置：

services.AddHttpClient<TencentCaptchaHelper>(client => client.Timeout = TimeSpan.FromSeconds(3))	
    .ConfigurePrimaryHttpMessageHandler(() => new NoProxyHttpClientHandler());	
services.AddTencentCaptchaHelper(options =>	
{	
    options.AppId = Configuration["Tencent:Captcha:AppId"];	
    options.AppSecret = Configuration["Tencent:Captcha:AppSecret"];	
});

前端接入

前端接入这里不作多介绍了，接入方式多种多样，具体可以参考官方文档：https://cloud.tencent.com/document/product/1110/36841

下面的代码是 angular spa 在前端接入的核心代码

  private loadCaptcha(): void {	
    var tCaptcha = document.getElementById("tCaptcha");	
    if (tCaptcha) {	
      this.InitCaptcha();	
      return;	
    }	
    let script = <any>document.createElement('script');	
    script.id = "tCaptcha";	
    script.type = 'text/javascript';	
    script.src = "https://ssl.captcha.qq.com/TCaptcha.js"	
    if (script.readyState) {  //IE	
      script.onreadystatechange = () => {	
        if (script.readyState === "loaded" || script.readyState === "complete") {	
          this.InitCaptcha();	
        }	
      };	
    } else {  //Others	
      script.onload = () => {	
        this.InitCaptcha();	
      };	
    }	
    document.getElementsByTagName('body')[0].appendChild(script);	
  }	
  private InitCaptcha(): void {	
    let captchaDom = document.getElementById('TencentCaptcha1');	
    if (!captchaDom) {	
      return;	
    }	
    this.tencentRecaptcha = new TencentCaptcha(	
      captchaDom, appId, (res) => {	
        this.captchaValid = false;	
        console.log(res);	
        // res（用户主动关闭验证码）= {ret: 2, ticket: null}	
        // res（验证成功） = {ret: 0, ticket: "String", randstr: "String"}	
        if (res.ret === 0) {	
          this.captchaInfo.nonce = res.randstr;	
          this.captchaInfo.ticket = res.ticket;	
          this.captchaValid = true;	
          this.tencentRecaptcha.destroy();	
          let button = <HTMLElement>document.getElementById("btnSubmit");	
          button.click();	
        }	
      }	
    );	
    console.log(`captcha inited`);	
    this.tencentRecaptcha.show();	
  }

使用效果：

老版网站接入效果：

Reference

• https://github.com/WeihanLi/ActivityReservation

• https://reservation.weihanli.xyz/Home/Reservate

• https://reservation-client.weihanli.xyz/reservation/new

• https://cloud.tencent.com/document/product/1110/36841