From 1549f8458b63f50f9741d5988efaa7befdab293c Mon Sep 17 00:00:00 2001 From: guqing <38999863+guqing@users.noreply.github.com> Date: Thu, 27 Jun 2024 13:54:55 +0800 Subject: [PATCH] feat: add CAPTCHA verification for anonymous comments to enhance security (#133) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit #### What type of PR is this? /kind feature #### What this PR does / why we need it: 在匿名评论时增加图形验证码验证机制以提高安全性 #### Which issue(s) this PR fixes: Fixes #132 #### Does this PR introduce a user-facing change? ```release-note 在匿名评论时增加图形验证码验证机制以提高安全性 ``` --- build.gradle | 3 +- packages/comment-widget/src/base-form.ts | 77 ++++++++- packages/comment-widget/src/comment-form.ts | 27 ++- packages/comment-widget/src/comment-widget.ts | 47 +++--- packages/comment-widget/src/context/index.ts | 2 + packages/comment-widget/src/reply-form.ts | 27 ++- packages/comment-widget/src/utils/captcha.ts | 12 ++ packages/widget/src/index.ts | 2 + .../comment/widget/DefaultCommentWidget.java | 59 ++++--- .../comment/widget/SettingConfigGetter.java | 49 ++++++ .../widget/SettingConfigGetterImpl.java | 76 +++++++++ .../widget/captcha/CaptchaCookieResolver.java | 19 +++ .../captcha/CaptchaCookieResolverImpl.java | 49 ++++++ .../widget/captcha/CaptchaEndpoint.java | 39 +++++ .../widget/captcha/CaptchaGenerator.java | 142 ++++++++++++++++ .../widget/captcha/CaptchaManager.java | 15 ++ .../widget/captcha/CaptchaManagerImpl.java | 64 ++++++++ .../comment/widget/captcha/CaptchaType.java | 6 + .../widget/captcha/CommentCaptchaFilter.java | 155 ++++++++++++++++++ .../resources/extensions/role-templates.yaml | 14 ++ src/main/resources/extensions/settings.yaml | 23 +++ src/main/resources/fonts/Arial_Bold.ttf | Bin 0 -> 286620 bytes 22 files changed, 841 insertions(+), 66 deletions(-) create mode 100644 packages/comment-widget/src/utils/captcha.ts create mode 100644 src/main/java/run/halo/comment/widget/SettingConfigGetter.java create mode 100644 src/main/java/run/halo/comment/widget/SettingConfigGetterImpl.java create mode 100644 src/main/java/run/halo/comment/widget/captcha/CaptchaCookieResolver.java create mode 100644 src/main/java/run/halo/comment/widget/captcha/CaptchaCookieResolverImpl.java create mode 100644 src/main/java/run/halo/comment/widget/captcha/CaptchaEndpoint.java create mode 100644 src/main/java/run/halo/comment/widget/captcha/CaptchaGenerator.java create mode 100644 src/main/java/run/halo/comment/widget/captcha/CaptchaManager.java create mode 100644 src/main/java/run/halo/comment/widget/captcha/CaptchaManagerImpl.java create mode 100644 src/main/java/run/halo/comment/widget/captcha/CaptchaType.java create mode 100644 src/main/java/run/halo/comment/widget/captcha/CommentCaptchaFilter.java create mode 100644 src/main/resources/extensions/role-templates.yaml create mode 100644 src/main/resources/fonts/Arial_Bold.ttf diff --git a/build.gradle b/build.gradle index 16f124f..d6c7d09 100644 --- a/build.gradle +++ b/build.gradle @@ -16,7 +16,7 @@ repositories { } dependencies { - implementation platform('run.halo.tools.platform:plugin:2.9.0-SNAPSHOT') + implementation platform('run.halo.tools.platform:plugin:2.13.0-SNAPSHOT') compileOnly 'run.halo.app:api' testImplementation 'run.halo.app:api' @@ -42,4 +42,5 @@ build { halo { version = "2.15.0-rc.1" + debug = true } diff --git a/packages/comment-widget/src/base-form.ts b/packages/comment-widget/src/base-form.ts index 216ff34..c8991aa 100644 --- a/packages/comment-widget/src/base-form.ts +++ b/packages/comment-widget/src/base-form.ts @@ -1,20 +1,23 @@ -import './emoji-button'; +import type { User } from '@halo-dev/api-client'; +import { consume } from '@lit/context'; import { css, html, LitElement } from 'lit'; +import { property, state } from 'lit/decorators.js'; import { createRef, Ref, ref } from 'lit/directives/ref.js'; import { allowAnonymousCommentsContext, baseUrlContext, + captchaEnabledContext, currentUserContext, groupContext, kindContext, nameContext, + toastContext, } from './context'; -import { property, state } from 'lit/decorators.js'; -import type { User } from '@halo-dev/api-client'; +import './emoji-button'; +import './icons/icon-loading'; +import { ToastManager } from './lit-toast'; import baseStyles from './styles/base'; -import { consume } from '@lit/context'; import varStyles from './styles/var'; -import './icons/icon-loading'; export class BaseForm extends LitElement { @consume({ context: baseUrlContext }) @@ -29,6 +32,10 @@ export class BaseForm extends LitElement { @state() allowAnonymousComments = false; + @consume({ context: captchaEnabledContext, subscribe: true }) + @state() + captchaEnabled = false; + @consume({ context: groupContext }) @state() group = ''; @@ -41,9 +48,17 @@ export class BaseForm extends LitElement { @state() name = ''; + @property({ type: String }) + @state() + captcha = ''; + @property({ type: Boolean }) submitting = false; + @consume({ context: toastContext, subscribe: true }) + @state() + toastManager: ToastManager | undefined; + textareaRef: Ref = createRef(); get customAccount() { @@ -58,6 +73,25 @@ export class BaseForm extends LitElement { return `/console/login?redirect_uri=${encodeURIComponent(window.location.href + parentDomId)}`; } + get showCaptcha() { + return this.captchaEnabled && !this.currentUser; + } + + async handleFetchCaptcha() { + if (!this.showCaptcha) { + return; + } + + const response = await fetch(`/apis/api.commentwidget.halo.run/v1alpha1/captcha/-/generate`); + + if (!response.ok) { + this.toastManager?.error('获取验证码失败'); + return; + } + + this.captcha = await response.text(); + } + handleOpenLoginPage() { window.location.href = this.loginUrl; } @@ -124,6 +158,7 @@ export class BaseForm extends LitElement { override connectedCallback(): void { super.connectedCallback(); this.addEventListener('keydown', this.onKeydown); + this.handleFetchCaptcha(); } override disconnectedCallback(): void { @@ -182,6 +217,20 @@ export class BaseForm extends LitElement { ` : ''}
+ ${this.showCaptcha + ? html` +
+ + captcha +
+ ` + : ''} +