客户端服务器REST API验证码实现 [英] Client Server REST API captcha implementation

问题描述

我正在构建客户端服务器REST应用程序。
客户端基于Angular，而服务器是PHP（不管怎么说都不重要）。

I'm building client server REST application. Client side is based on Angular while server is PHP (not that it matters much anyhow).

我想知道是否有任何最佳实践，不错在这种情况下验证码实现的例子？ Captcha将用于用户注册等。

What I am wondering if there are any best practices, good examples of captcha implementation in this case? Captcha would be used for user registration etc.

我不限于任何特定的库，只要求客户端不能对第三方服务器进行任何调用（js库托管在第三方服务器或req api密钥等）。

I'm not limited to any specific libraries, only requirement is that there cannot be any calls to 3rd party servers on client side (js libraries hosted on 3rd party servers or req api key etc).

谢谢

推荐答案

当google captcha批准一个用户时，它会为您提供一个令牌。

When google captcha approves one user, it provides you a token.

想象一下这个背景。用户即将保存，并使用验证码，验证码开展业务直到批准用户并为您提供令牌，这一切都很重要。

So imagine this context. Users is about to save, and uses the captcha, the captcha does its business until approve user and gives you a token, it is all that matters.

如果你想看到暂定的请求流程。

If you want to see a "tentative" flow of requests for this.

1. 用户在注册码传递验证码之前，验证码会在前端为您提供一个令牌。


2. 用户单击保存，您在后端接收表单数据和验证码令牌。你要求谷歌通过api，令牌是真的吗？如果他们说是，则保存表单，如果Google无法识别，则返回错误。


3. 前端侦听成功或错误以及出现什么样的错误。如果错误是验证码，则强制重试，获取新令牌。


4. 后端再次接收表单数据和新令牌并再次检查。

1. User before register passed captcha, the captcha gives you a token in the front end.
2. User clicks save, you receive in the backend the form data and the captcha token. You ask to google through the api, does the token is real? if they said yes, you save the form, if somehow Google does not recognize it, you return an error.
3. Front end listen for success or error and what kind of error. IF error is captcha, force a retry, get a new token.
4. Backend receive again the form data and the new token and check again.

这篇关于客户端服务器REST API验证码实现的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！