The verification code (CAPTCHA) is "Completely Automated Public Turing test to tell Computers and Humans Apart" and Human Turing Test), is a public, fully automated program that distinguishes whether a user is a computer or a human. It can prevent: malicious cracking of passwords, ticket fraud, forum flooding, and effectively prevents a hacker from using a specific program to violently crack a specific registered user from making continuous login attempts. In fact, using verification codes is a common method for many websites now. We use This function is implemented in a relatively simple way. This question can be generated and judged by a computer, but only a human can answer it. Since computers cannot answer CAPTCHA questions, the user who answers the questions can be considered a human.
Traditional website verification code working mechanism
- The client requests the server to obtain the verification code image
- The server generates a random string (verification code value) Write to Session, and write the verification code value into the picture and return it to the client
- The client inputs the string on the picture and submits it to the server for verification
- The server compares the characters submitted by the client Whether the string value matches the value in the Session. If it matches, the verification is passed.
Since the verification code value generated by the server is not returned to the client from beginning to end, the client can only identify it from the picture. Verification code string to ensure human-machine verification logic.
Go's HTTP verification code
Thinking
The HTTP server of Go language does not support Session by default, so the verification code value needs to be stored in a different way, as follows It is the logic of not using Session
- The client requests the server to obtain the verification code ID
- The server generates the verification code ID, generates the verification code value, and records the mapping relationship between the ID and the value to memory or cache, and returns the ID to the client
- The client requests the server to obtain the verification code image based on the returned ID
- The server obtains the verification code ID and retrieves the verification code from the memory or cache value, write the value into the image and return the image to the client
- The client submits the verification code ID (obtained in step 1) and the verification code value to the server for verification
- The server obtains the verification code ID, retrieve the verification code value from the memory or cache and compare it with the verification code value submitted by the client
Example
- Installing the verification code dependency
github.com/dchest/captcha
- Code implementation
package main import ( "fmt" "github.com/dchest/captcha" "log" "net/http" ) func main() { // 获取验证码 ID http.HandleFunc("/captcha/generate", func(w http.ResponseWriter, r *http.Request) { id := captcha.NewLen(6) if _, err := fmt.Fprint(w, id); err != nil { log.Println("generate captcha error", err) } }) // 获取验证码图片 http.HandleFunc("/captcha/image", func(w http.ResponseWriter, r *http.Request) { id := r.URL.Query().Get("id") if id == "" { http.Error(w, "Bad Request", http.StatusBadRequest) return } w.Header().Set("Content-Type", "image/png") if err := captcha.WriteImage(w, id, 120, 80); err != nil { log.Println("show captcha error", err) } }) // 业务处理 http.HandleFunc("/login", func(w http.ResponseWriter, r *http.Request) { if err := r.ParseForm(); err != nil { log.Println("parseForm error", err) http.Error(w, "Internal Error", http.StatusInternalServerError) return } // 获取验证码 ID 和验证码值 id := r.FormValue("id") value := r.FormValue("value") // 比对提交的验证码值和内存中的验证码值 if captcha.VerifyString(id, value) { fmt.Fprint(w, "ok") } else { fmt.Fprint(w, "mismatch") } }) log.Fatal(http.ListenAndServe(":8080", nil)) }
-
Run
- Visit /captcha/generate to get the verification code ID
- Visit /captcha/image?id=Verification code ID
- Visit /login, and enter the verification code ID in the first step and the verification code value in the second step to view the verification results
Project address
https://github.com/xialeistudio/go-http-captcha-example