|
|
'use strict';
|
|
|
|
|
|
const _ = require('lodash');
|
|
|
const headerModel = require('../../../doraemon/models/header');
|
|
|
const checkModel = require('..//models/check');
|
|
|
const decodeURIComponent = require('../../../utils/string-process').decodeURIComponent;
|
|
|
const logger = global.yoho.logger;
|
|
|
const Geetest = require('geetest');
|
...
|
...
|
@@ -14,7 +16,12 @@ const captcha = new Geetest({ |
|
|
|
|
|
exports.index = (req, res) => {
|
|
|
req.yoho.captchaShow = false;
|
|
|
res.locals.useGeetest = true;
|
|
|
|
|
|
if (req.session.apiRiskValidate) {
|
|
|
res.locals.useRiskImg = true;
|
|
|
} else {
|
|
|
res.locals.useGeetest = true;
|
|
|
}
|
|
|
|
|
|
if (_.has(res, 'locals.loadJsBefore')) {
|
|
|
res.locals.loadJsBefore.push({
|
...
|
...
|
@@ -27,89 +34,135 @@ exports.index = (req, res) => { |
|
|
}
|
|
|
];
|
|
|
}
|
|
|
|
|
|
res.render('check', {
|
|
|
pageHeader: headerModel.setNav({
|
|
|
navTitle: '友情提醒'
|
|
|
}),
|
|
|
width750: true,
|
|
|
localCss: true
|
|
|
});
|
|
|
};
|
|
|
|
|
|
exports.submit = (req, res) => {
|
|
|
co(function * () {
|
|
|
let challenge = req.body.geetest_challenge,
|
|
|
validate = req.body.geetest_validate,
|
|
|
seccode = req.body.geetest_seccode;
|
|
|
|
|
|
let errRes = {
|
|
|
code: 400,
|
|
|
message: '验证码错误',
|
|
|
captchaShow: true,
|
|
|
changeCaptcha: true
|
|
|
};
|
|
|
|
|
|
if (!challenge || !validate || !seccode) {
|
|
|
return res.json(errRes);
|
|
|
|
|
|
const submitValidate = {
|
|
|
errRes: {
|
|
|
code: 400,
|
|
|
message: '验证码错误',
|
|
|
captchaShow: true,
|
|
|
changeCaptcha: true
|
|
|
},
|
|
|
clearLimitIp(req) {
|
|
|
let remoteIp = req.yoho.clientIp;
|
|
|
|
|
|
if (remoteIp.indexOf(',') > 0) {
|
|
|
let arr = remoteIp.split(',');
|
|
|
|
|
|
remoteIp = arr[0];
|
|
|
}
|
|
|
|
|
|
let geetestRes = yield captcha.validate({
|
|
|
challenge,
|
|
|
validate,
|
|
|
seccode
|
|
|
});
|
|
|
// pc:limiter:IP 和PC端共用
|
|
|
let operations = [cache.delAsync(`pc:limiter:${remoteIp}`)];
|
|
|
|
|
|
if (geetestRes) {
|
|
|
logger.info('geetest success');
|
|
|
// 验证码之后一小时之内不再限制qps
|
|
|
if (req.session.apiLimitValidate || req.session.apiRiskValidate) {
|
|
|
operations.push(cache.setAsync(
|
|
|
`${config.app}:limiter:api:ishuman:${remoteIp}`,
|
|
|
1,
|
|
|
config.LIMITER_IP_TIME
|
|
|
));
|
|
|
} else {
|
|
|
operations.push(cache.setAsync(
|
|
|
`${config.app}:limiter:ishuman:${remoteIp}`,
|
|
|
1,
|
|
|
config.LIMITER_IP_TIME
|
|
|
));
|
|
|
}
|
|
|
|
|
|
delete req.session.apiLimitValidate;
|
|
|
delete req.session.apiRiskValidate;
|
|
|
|
|
|
if (req.body.pid) {
|
|
|
let riskPid = decodeURIComponent(req.body.pid) + ':' + _.get(req.yoho, 'clientIp', '');
|
|
|
|
|
|
operations.push(cache.delAsync(riskPid));
|
|
|
}
|
|
|
|
|
|
_.forEach(config.REQUEST_LIMIT, (val, key) => {
|
|
|
operations.push(cache.delAsync(`${config.app}:limiter:${key}:max:${remoteIp}`));
|
|
|
});
|
|
|
|
|
|
let remoteIp = req.yoho.clientIp;
|
|
|
return Promise.all(operations);
|
|
|
},
|
|
|
geetest(req, res) {
|
|
|
const self = this;
|
|
|
|
|
|
if (remoteIp.indexOf(',') > 0) {
|
|
|
let arr = remoteIp.split(',');
|
|
|
co(function * () {
|
|
|
let challenge = req.body.geetest_challenge,
|
|
|
validate = req.body.geetest_validate,
|
|
|
seccode = req.body.geetest_seccode;
|
|
|
|
|
|
remoteIp = arr[0];
|
|
|
if (!challenge || !validate || !seccode) {
|
|
|
return res.json(self.errRes);
|
|
|
}
|
|
|
|
|
|
// pc:limiter:IP 和PC端共用
|
|
|
let operations = [cache.delAsync(`pc:limiter:${remoteIp}`)];
|
|
|
let geetestRes = yield captcha.validate({
|
|
|
challenge,
|
|
|
validate,
|
|
|
seccode
|
|
|
});
|
|
|
|
|
|
if (geetestRes) {
|
|
|
logger.info('geetest success');
|
|
|
|
|
|
yield self.clearLimitIp(req);
|
|
|
|
|
|
// 验证码之后一小时之内不再限制qps
|
|
|
if (req.session.apiLimitValidate) {
|
|
|
operations.push(cache.setAsync(
|
|
|
`${config.app}:limiter:api:ishuman:${remoteIp}`,
|
|
|
1,
|
|
|
config.LIMITER_IP_TIME
|
|
|
));
|
|
|
// 图形验证码关闭时通过极验证后解锁接口风控
|
|
|
if (req.session.apiRiskClear) {
|
|
|
delete req.session.apiRiskClear;
|
|
|
yield req.ctx(checkModel).verifyImgCheckRisk(req.cookies.udid, '1,2,3,4').catch(console.error);
|
|
|
}
|
|
|
|
|
|
return res.json({
|
|
|
code: 200
|
|
|
});
|
|
|
} else {
|
|
|
operations.push(cache.setAsync(
|
|
|
`${config.app}:limiter:ishuman:${remoteIp}`,
|
|
|
1,
|
|
|
config.LIMITER_IP_TIME
|
|
|
));
|
|
|
logger.info('geetest faild');
|
|
|
return res.json(self.errRes);
|
|
|
}
|
|
|
|
|
|
delete req.session.apiLimitValidate;
|
|
|
})();
|
|
|
},
|
|
|
imgCheckRisk(req, res) {
|
|
|
const self = this;
|
|
|
|
|
|
if (req.body.pid) {
|
|
|
let riskPid = decodeURIComponent(req.body.pid) + ':' + _.get(req.yoho, 'clientIp', '');
|
|
|
co(function * () {
|
|
|
let result = yield req.ctx(checkModel).verifyImgCheckRisk(req.cookies.udid, req.body.captcha);
|
|
|
|
|
|
operations.push(cache.delAsync(riskPid));
|
|
|
}
|
|
|
if (result.code === 200) {
|
|
|
yield self.clearLimitIp(req);
|
|
|
|
|
|
_.forEach(config.REQUEST_LIMIT, (val, key) => {
|
|
|
operations.push(cache.delAsync(`${config.app}:limiter:${key}:max:${remoteIp}`));
|
|
|
});
|
|
|
return res.json(result);
|
|
|
} else {
|
|
|
logger.info('api risk img verify faild');
|
|
|
return res.json(self.errRes);
|
|
|
}
|
|
|
})();
|
|
|
}
|
|
|
};
|
|
|
|
|
|
yield Promise.all(operations);
|
|
|
exports.submit = (req, res) => {
|
|
|
let validateType = 'geetest';
|
|
|
|
|
|
return res.json({
|
|
|
code: 200
|
|
|
});
|
|
|
} else {
|
|
|
logger.info('geetest faild');
|
|
|
return res.json(errRes);
|
|
|
}
|
|
|
if (req.session.apiRiskValidate && req.body.apiRiskValidate) {
|
|
|
validateType = 'imgCheckRisk';
|
|
|
}
|
|
|
|
|
|
})().catch(() => {
|
|
|
try {
|
|
|
return submitValidate[validateType](req, res);
|
|
|
} catch (err) {
|
|
|
return res.json({
|
|
|
code: 400
|
|
|
});
|
|
|
});
|
|
|
}
|
|
|
}; |
...
|
...
|
|