spring boot:用redis+lua限制短信验证码的发送频率(spring boot 2.3.2)

时间:2023-03-09 15:33:22
spring boot:用redis+lua限制短信验证码的发送频率(spring boot 2.3.2)

一,为什么要限制短信验证码的发送频率?

1,短信验证码每条短信都有成本制约,

肯定不能被刷接口的乱发

而且接口被刷会影响到用户的体验,

影响服务端的正常访问,

所以既使有图形验证码等的保护,

我们仍然要限制短信验证码的发送频率

2,演示项目中我使用的数值是:

同一手机号60秒内禁止重复发送

同一手机号一天时间最多发10条

验证码的有效时间是300秒

大家可以根据自己的业务需求进行调整

3,生产环境中使用时对表单还需要添加参数的验证/反csrf/表单的幂等检验等,

本文仅供参考

说明:刘宏缔的架构森林是一个专注架构的博客,地址:https://www.cnblogs.com/architectforest

对应的源码可以访问这里获取: https://github.com/liuhongdi/

说明:作者:刘宏缔 邮箱: 371125307@qq.com

二,演示项目的相关信息

1,项目地址:

https://github.com/liuhongdi/sendsms

2,项目功能说明:

用redis保存验证码的数据和实现时间控制

发送短信功能我使用的是luosimao的sdk,

大家可以根据自己的实际情况修改

3,项目结构,如图:

spring boot:用redis+lua限制短信验证码的发送频率(spring boot 2.3.2)

三,配置文件说明

1,pom.xml

        <!--redis begin-->

        <dependency>

            <groupId>org.springframework.boot</groupId>

            <artifactId>spring-boot-starter-data-redis</artifactId>

        </dependency>

        <dependency>

            <groupId>org.apache.commons</groupId>

            <artifactId>commons-pool2</artifactId>

        </dependency>

        <dependency>

            <groupId>com.fasterxml.jackson.core</groupId>

            <artifactId>jackson-core</artifactId>

            <version>2.11.1</version>

        </dependency>

        <dependency>

            <groupId>com.fasterxml.jackson.core</groupId>

            <artifactId>jackson-databind</artifactId>

            <version>2.11.1</version>

        </dependency>

        <!--redis   end-->

        <!--luosimao send sms begin-->

        <dependency>

            <groupId>com.sun.jersey</groupId>

            <artifactId>api</artifactId>

            <version>1.19</version>

            <scope>system</scope>

            <systemPath>${project.basedir}/src/main/resources/jar/jersey-bundle-1.19.jar</systemPath>

        </dependency>

        <dependency>

            <groupId>org.json</groupId>

            <artifactId>json</artifactId>

            <version>1.0</version>

            <scope>system</scope>

            <systemPath>${project.basedir}/src/main/resources/jar/json-org.jar</systemPath>

        </dependency>

        <!--luosimao send sms   end-->

说明:引入了发短信的sdk和redis访问依赖

2,application.properties

#error

server.error.include-stacktrace=always

#errorlog

logging.level.org.springframework.web=trace

#redis

spring.redis.host=127.0.0.1

spring.redis.port=6379

spring.redis.password=lhddemo

#redis-lettuce

spring.redis.lettuce.pool.max-active=8

spring.redis.lettuce.pool.max-wait=1

spring.redis.lettuce.pool.max-idle=8

spring.redis.lettuce.pool.min-idle=0

配置了redis的访问

四,lua代码说明

1,smslimit.lua

local key = KEYS[1]

local keyseconds = tonumber(KEYS[2])

local daycount = tonumber(KEYS[3])

local keymobile = 'SmsAuthKey:'..key

local keycount = 'SmsAuthCount:'..key

--redis.log(redis.LOG_NOTICE,' keyseconds: '..keyseconds..';daycount:'..daycount)

local current = redis.call('GET', keymobile)

--redis.log(redis.LOG_NOTICE,' current: keymobile:'..current)

if current == false then

   --redis.log(redis.LOG_NOTICE,keymobile..' is nil ')

   local count = redis.call('GET', keycount)

   if count == false then

      redis.call('SET', keycount,1)

      redis.call('EXPIRE',keycount,86400)

      redis.call('SET', keymobile,1)

      redis.call('EXPIRE',keymobile,keyseconds)

      return '1'

   else

      local num_count = tonumber(count)

      if num_count+1 > daycount then

         return '2'

      else

         redis.call('INCRBY',keycount,1)

         redis.call('SET', keymobile,1)

         redis.call('EXPIRE',keymobile,keyseconds)

         return '1'

      end

   end

else

   --redis.log(redis.LOG_NOTICE,keymobile..' is not nil ')

   return '0'

end

说明:每天不超过指定的验证码短信条数,并且60秒内没有发过知信,

才返回1,表示可以发

返回2:表示条数已超

返回0:表示上一条短信发完还没超过60秒

五,java代码说明

1,RedisLuaUtil.java

@Service

public class RedisLuaUtil {

    @Resource

    private StringRedisTemplate stringRedisTemplate;

    //private static final Logger logger = LogManager.getLogger("bussniesslog");

    /*

    run a lua script

    luaFileName: lua file name,no path

    keyList: list for redis key

    return 0: fail

           1: success

    */

    public String runLuaScript(String luaFileName, List<String> keyList) {

        DefaultRedisScript<String> redisScript = new DefaultRedisScript<>();

        redisScript.setScriptSource(new ResourceScriptSource(new ClassPathResource("lua/"+luaFileName)));

        redisScript.setResultType(String.class);

        String result = "";

        String argsone = "none";

        try {

            result = stringRedisTemplate.execute(redisScript, keyList,argsone);

        } catch (Exception e) {

            //logger.error("发生异常",e);

        }

        return result;

    }

}

用来调用lua程序

2,AuthCodeUtil.java

@Component

public class AuthCodeUtil {

    //验证码长度

    private static final int AUTHCODE_LENGTH = 6;

    //验证码的有效时间300秒

    private static final int AUTHCODE_TTL_SECONDS = 300;

    private static final String AUTHCODE_PREFIX = "AuthCode:";

    @Resource

    private RedisTemplate redisTemplate;

    //get a auth code

    public String getAuthCodeCache(String mobile){

        String authcode = (String) redisTemplate.opsForValue().get(AUTHCODE_PREFIX+mobile);

        return authcode;

    }

    //把验证码保存到缓存

    public void setAuthCodeCache(String mobile,String authcode){

        redisTemplate.opsForValue().set(AUTHCODE_PREFIX+mobile,authcode,AUTHCODE_TTL_SECONDS, TimeUnit.SECONDS);

    }

    //make a auth code

    public static String newAuthCode(){

        String code = "";

        Random random = new Random();

        for (int i = 0; i < AUTHCODE_LENGTH; i++) {

            //设置了bound参数后,取值范围为[0, bound),如果不写参数,则取值为int范围,-2^31 ~ 2^31-1

            code += random.nextInt(10);

        }

        return code;

    }

}

生成验证码、保存验证码到redis、从redis获取验证码

3,SmsUtil.java

@Component

public class SmsUtil {

    @Resource

    private RedisLuaUtil redisLuaUtil;

   //发送验证码的规则:同一手机号:

    //60秒内不允许重复发送

     private static final String SEND_SECONDS = "60";

    //一天内最多发10条

     private static final String DAY_COUNT = "10";

    //密钥

    private static final String SMS_APP_SECRET = "key-thisisademonotarealappsecret";

     //发送验证码短信

    public String sendAuthCodeSms(String mobile,String authcode){

        Client client = Client.create();

        client.addFilter(new HTTPBasicAuthFilter(

                "api",SMS_APP_SECRET));

        WebResource webResource = client.resource(

                "http://sms-api.luosimao.com/v1/send.json");

        MultivaluedMapImpl formData = new MultivaluedMapImpl();

        formData.add("mobile", mobile);

        formData.add("message", "验证码:"+authcode+"【商城】");

        ClientResponse response =  webResource.type( MediaType.APPLICATION_FORM_URLENCODED ).

                post(ClientResponse.class, formData);

        String textEntity = response.getEntity(String.class);

        int status = response.getStatus();

        return "短信已发送";

    }

    //判断一个手机号能否发验证码短信

    public String isAuthCodeCanSend(String mobile) {

        List<String> keyList = new ArrayList();

        keyList.add(mobile);

        keyList.add(SEND_SECONDS);

        keyList.add(DAY_COUNT);

        String res = redisLuaUtil.runLuaScript("smslimit.lua",keyList);

        System.out.println("------------------lua res:"+res);

        return res;

    }

}

判断短信是否可以发送、发送短信

4,RedisConfig.java

@Configuration

public class RedisConfig {

    @Bean

    public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory redisConnectionFactory) {

        RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>();

        //使用Jackson2JsonRedisSerializer来序列化和反序列化redis的value值

        redisTemplate.setValueSerializer(new GenericJackson2JsonRedisSerializer());

        redisTemplate.setHashValueSerializer(new GenericJackson2JsonRedisSerializer());

        //使用StringRedisSerializer来序列化和反序列化redis的ke

        redisTemplate.setKeySerializer(new StringRedisSerializer());

        redisTemplate.setHashKeySerializer(new StringRedisSerializer());

        //开启事务

        redisTemplate.setEnableTransactionSupport(true);

        redisTemplate.setConnectionFactory(redisConnectionFactory);

        return redisTemplate;

    }

}

配置redis的访问

5,HomeController.java

@RestController

@RequestMapping("/home")

public class HomeController {

    @Resource

    private SmsUtil smsUtil;

    @Resource

    private AuthCodeUtil authCodeUtil;

    //发送一条验证码短信

    @GetMapping("/send")

    public String send(@RequestParam(value="mobile",required = true,defaultValue = "") String mobile) {

         String returnStr = "";

         String res = smsUtil.isAuthCodeCanSend(mobile);

         if (res.equals("1")) {

             //生成一个验证码

             String authcode=authCodeUtil.newAuthCode();

             //把验证码保存到缓存

             authCodeUtil.setAuthCodeCache(mobile,authcode);

             //发送短信

             return smsUtil.sendAuthCodeSms(mobile,authcode);

         } else if (res.equals("0")) {

             returnStr = "请超过60秒之后再发短信";

         } else if (res.equals("2")) {

             returnStr = "当前手机号本日内发送数量已超限制";

         }

         return returnStr;

    }

    //检查验证码是否正确

    @GetMapping("/auth")

    public String auth(@RequestParam(value="mobile",required = true,defaultValue = "") String mobile,

                       @RequestParam(value="authcode",required = true,defaultValue = "") String authcode) {

        String returnStr = "";

        String authCodeCache = authCodeUtil.getAuthCodeCache(mobile);

        System.out.println(":"+authCodeCache+":");

        if (authCodeCache.equals(authcode)) {

            returnStr = "验证码正确";

        } else {

            returnStr = "验证码错误";

        }

        return returnStr;

    }

}

发验证码和检测验证码是否有效

六,效果测试

1,访问:(注意换成自己的手机号)

http://127.0.0.1:8080/home/send?mobile=13888888888

返回:

短信已发送

60秒内连续刷新返回:

请超过60秒之后再发短信

如果超过10条时返回:

当前手机号本日内发送数量已超限制

2,验证:

http://127.0.0.1:8080/home/auth?mobile=13888888888&authcode=638651

如果有效会返回:

验证码正确

七,查看spring boot的版本:

  .   ____          _            __ _ _

 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \

( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \

 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )

  '  |____| .__|_| |_|_| |_\__, | / / / /

 =========|_|==============|___/=/_/_/_/

 :: Spring Boot ::        (v2.3.2.RELEASE)

相关文章