Enhance captcha functionality (#182)

liuyiwuqing · web-flow · commit 8cac6ba5f38f · 2025-07-31T07:29:13.000Z
- ## 算术验证码支持自定义运算范围 <img width="300" height="auto" alt="image" src="https://github.com/user-attachments/assets/e450cef0-a12a-40ec-bbe6-c600ecec2afb" /> - ## 字母数字组合验证支持是否忽略验证码大小写验证、自定义验证码长度 <img width="300" height="auto" alt="image" src="https://github.com/user-attachments/assets/ba1cc5e7-4ca2-4c11-aa2e-a4372ad7abe3" /> Fixes #179 ```release-note 增强验证码功能并优化配置 ```
diff --git a/src/main/java/run/halo/comment/widget/SettingConfigGetter.java b/src/main/java/run/halo/comment/widget/SettingConfigGetter.java
@@ -52,6 +52,12 @@ class CaptchaConfig {
         @Getter(onMethod_ = @NonNull)
         private CaptchaType type = CaptchaType.ALPHANUMERIC;
 
+        private boolean ignoreCase = true;
+
+        private int captchaLength = 4;
+
+        private int arithmeticRange = 90;
+
         public CaptchaConfig setType(CaptchaType type) {
             this.type = (type == null ? CaptchaType.ALPHANUMERIC : type);
             return this;
diff --git a/src/main/java/run/halo/comment/widget/captcha/CaptchaEndpoint.java b/src/main/java/run/halo/comment/widget/captcha/CaptchaEndpoint.java
@@ -28,7 +28,7 @@ public RouterFunction<ServerResponse> endpoint() {
     private Mono<ServerResponse> generateCaptcha(ServerRequest request) {
         return settingConfigGetter.getSecurityConfig()
             .map(SettingConfigGetter.SecurityConfig::getCaptcha)
-            .flatMap(captchaConfig -> captchaManager.generate(request.exchange(), captchaConfig.getType()))
+            .flatMap(captchaConfig -> captchaManager.generate(request.exchange(), captchaConfig))
             .flatMap(captcha -> ServerResponse.ok().bodyValue(captcha.imageBase64()));
     }
 
diff --git a/src/main/java/run/halo/comment/widget/captcha/CaptchaGenerator.java b/src/main/java/run/halo/comment/widget/captcha/CaptchaGenerator.java
@@ -26,12 +26,12 @@ public class CaptchaGenerator {
         customFont = loadArialFont();
     }
 
-    public static Captcha generateMathCaptcha() {
-        return generateCaptchaImage(CaptchaGenerator::drawMathCaptchaText);
+    public static Captcha generateMathCaptcha(int arithmeticRange) {
+        return generateCaptchaImage((g2d) -> drawMathCaptchaText(g2d, arithmeticRange));
     }
 
-    public static Captcha generateSimpleCaptcha() {
-        return generateCaptchaImage(CaptchaGenerator::drawSimpleText);
+    public static Captcha generateSimpleCaptcha(int captchaLength) {
+        return generateCaptchaImage((g2d) -> drawSimpleText(g2d, captchaLength));
     }
 
     private static Captcha generateCaptchaImage(Function<Graphics2D, String> drawCaptchaTextFunc) {
@@ -61,10 +61,10 @@ private static Captcha generateCaptchaImage(Function<Graphics2D, String> drawCap
         return new Captcha(captchaText, bufferedImage);
     }
 
-    private static String drawMathCaptchaText(Graphics2D g2d) {
+    private static String drawMathCaptchaText(Graphics2D g2d, int arithmeticRange) {
         Random random = new Random();
-        int num1 = random.nextInt(90) + 1;
-        int num2 = random.nextInt(90) + 1;
+        int num1 = random.nextInt(arithmeticRange) + 1;
+        int num2 = random.nextInt(arithmeticRange) + 1;
         char operator = getRandomOperator();
 
         int result;
@@ -92,12 +92,15 @@ private static String drawMathCaptchaText(Graphics2D g2d) {
     public record Captcha(String code, BufferedImage image) {
     }
 
-    private static String drawSimpleText(Graphics2D g2d) {
-        var captchaText = generateRandomText();
+    private static String drawSimpleText(Graphics2D g2d, int captchaLength) {
+        var captchaText = generateRandomText(captchaLength);
         Random random = new Random();
+        int charSpacing = WIDTH / (captchaLength + 1);
         for (int i = 0; i < captchaText.length(); i++) {
             g2d.setColor(new Color(random.nextInt(256), random.nextInt(256), random.nextInt(256)));
-            g2d.drawString(String.valueOf(captchaText.charAt(i)), 20 + i * 24, 30);
+            // 动态计算每个字符的位置
+            int xPos = charSpacing + i * charSpacing;
+            g2d.drawString(String.valueOf(captchaText.charAt(i)), xPos, 30);
         }
         return captchaText;
     }
@@ -121,10 +124,10 @@ private static char getRandomOperator() {
         return operators[random.nextInt(operators.length)];
     }
 
-    private static String generateRandomText() {
-        StringBuilder sb = new StringBuilder(CHAR_LENGTH);
+    private static String generateRandomText(int captchaLength) {
+        StringBuilder sb = new StringBuilder(captchaLength);
         Random random = new Random();
-        for (int i = 0; i < CHAR_LENGTH; i++) {
+        for (int i = 0; i < captchaLength; i++) {
             sb.append(CHAR_STRING.charAt(random.nextInt(CHAR_STRING.length())));
         }
         return sb.toString();
diff --git a/src/main/java/run/halo/comment/widget/captcha/CaptchaManager.java b/src/main/java/run/halo/comment/widget/captcha/CaptchaManager.java
@@ -2,13 +2,14 @@
 
 import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
+import run.halo.comment.widget.SettingConfigGetter;
 
 public interface CaptchaManager {
-    Mono<Boolean> verify(String id, String captchaCode);
+    Mono<Boolean> verify(String id, String captchaCode, boolean ignoreCase);
 
     Mono<Void> invalidate(String id);
 
-    Mono<Captcha> generate(ServerWebExchange exchange, CaptchaType type);
+    Mono<Captcha> generate(ServerWebExchange exchange, SettingConfigGetter.CaptchaConfig captchaConfig);
 
     record Captcha(String id, String code, String imageBase64) {
     }
diff --git a/src/main/java/run/halo/comment/widget/captcha/CaptchaManagerImpl.java b/src/main/java/run/halo/comment/widget/captcha/CaptchaManagerImpl.java
@@ -10,6 +10,7 @@
 import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 import reactor.core.scheduler.Schedulers;
+import run.halo.comment.widget.SettingConfigGetter;
 
 @Component
 @RequiredArgsConstructor
@@ -25,9 +26,9 @@ public class CaptchaManagerImpl implements CaptchaManager {
     private final CaptchaCookieResolver captchaCookieResolver;
 
     @Override
-    public Mono<Boolean> verify(String key, String captchaCode) {
+    public Mono<Boolean> verify(String key, String captchaCode, boolean ignoreCase) {
         return Mono.justOrEmpty(captchaCache.getIfPresent(key))
-            .filter(captcha -> captcha.code().equalsIgnoreCase(captchaCode))
+            .filter(captcha -> ignoreCase ? captcha.code().equalsIgnoreCase(captchaCode) : captcha.code().equals(captchaCode))
             .hasElement();
     }
 
@@ -38,16 +39,16 @@ public Mono<Void> invalidate(String id) {
     }
 
     @Override
-    public Mono<Captcha> generate(ServerWebExchange exchange, CaptchaType type) {
-        return doGenerate(type)
+    public Mono<Captcha> generate(ServerWebExchange exchange, SettingConfigGetter.CaptchaConfig captchaConfig) {
+        return doGenerate(captchaConfig)
             .doOnNext(captcha -> captchaCookieResolver.setCookie(exchange, captcha.id()));
     }
 
-    private Mono<Captcha> doGenerate(CaptchaType type) {
+    private Mono<Captcha> doGenerate(SettingConfigGetter.CaptchaConfig captchaConfig) {
         return Mono.fromSupplier(() -> {
-                var captcha = switch (type) {
-                    case ALPHANUMERIC -> CaptchaGenerator.generateSimpleCaptcha();
-                    case ARITHMETIC -> CaptchaGenerator.generateMathCaptcha();
+                var captcha = switch (captchaConfig.getType()) {
+                    case ALPHANUMERIC -> CaptchaGenerator.generateSimpleCaptcha(captchaConfig.getCaptchaLength());
+                    case ARITHMETIC -> CaptchaGenerator.generateMathCaptcha(captchaConfig.getArithmeticRange());
                 };
                 var imageBase64 = encodeBufferedImageToDataUri(captcha.image());
                 var id = UUID.randomUUID().toString();
diff --git a/src/main/java/run/halo/comment/widget/captcha/CommentCaptchaFilter.java b/src/main/java/run/halo/comment/widget/captcha/CommentCaptchaFilter.java
@@ -65,10 +65,9 @@ public Mono<Void> filter(@NonNull ServerWebExchange exchange, @NonNull WebFilter
     private Mono<Void> sendCaptchaRequiredResponse(ServerWebExchange exchange,
                                                    SettingConfigGetter.CaptchaConfig captchaConfig,
                                                    ResponseStatusException e) {
-        var type = captchaConfig.getType();
         exchange.getResponse().getHeaders().addIfAbsent(CAPTCHA_REQUIRED_HEADER, "true");
         exchange.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
-        return captchaManager.generate(exchange, type)
+        return captchaManager.generate(exchange, captchaConfig)
             .flatMap(captcha -> {
                 var problemDetail = toProblemDetail(e);
                 problemDetail.setProperty("captcha", captcha.imageBase64());
@@ -94,7 +93,7 @@ private Mono<Void> validateCaptcha(ServerWebExchange exchange, WebFilterChain ch
         if (captchaCodeOpt.isEmpty() || cookie == null) {
             return sendCaptchaRequiredResponse(exchange, captchaConfig, new CaptchaCodeMissingException());
         }
-        return captchaManager.verify(cookie.getValue(), captchaCodeOpt.get())
+        return captchaManager.verify(cookie.getValue(), captchaCodeOpt.get(), captchaConfig.isIgnoreCase())
             .flatMap(valid -> {
                 if (valid) {
                     captchaCookieResolver.expireCookie(exchange);
diff --git a/src/main/resources/extensions/settings.yaml b/src/main/resources/extensions/settings.yaml
@@ -51,12 +51,42 @@ spec:
               label: 验证码类型
               if: "$get(anonymousCommentCaptcha).value === true"
               name: type
+              id: type
               value: "ALPHANUMERIC"
               options:
                 - label: 字母数字组合
                   value: "ALPHANUMERIC"
                 - label: 算术验证码
                   value: "ARITHMETIC"
+            - $formkit: number
+              if: "$get(type).value === ALPHANUMERIC"
+              name: captchaLength
+              key: captchaLength
+              label: 验证码长度
+              help: 字母数字组合验证码长度，不宜过长或过短，建议4-6位
+              max: 8
+              value: 4
+              validation: required
+            - $formkit: radio
+              if: "$get(type).value === ALPHANUMERIC"
+              name: ignoreCase
+              key: ignoreCase
+              label: 是否忽略验证码大小写验证
+              help: 忽略大小写验证码，建议开启
+              value: true
+              options:
+                - label: 是
+                  value: true
+                - label: 否
+                  value: false
+            - $formkit: number
+              if: "$get(type).value === ARITHMETIC"
+              name: arithmeticRange
+              key: arithmeticRange
+              label: 计算范围
+              help: 算术验证码计算范围
+              value: 90
+              validation: required
     - group: avatar
       label: 头像设置
       formSchema:

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ public RouterFunction<ServerResponse> endpoint() {`
`28`	`28`	`private Mono<ServerResponse> generateCaptcha(ServerRequest request) {`
`29`	`29`	`return settingConfigGetter.getSecurityConfig()`
`30`	`30`	`.map(SettingConfigGetter.SecurityConfig::getCaptcha)`
`31`		`- .flatMap(captchaConfig -> captchaManager.generate(request.exchange(), captchaConfig.getType()))`
	`31`	`+ .flatMap(captchaConfig -> captchaManager.generate(request.exchange(), captchaConfig))`
`32`	`32`	`.flatMap(captcha -> ServerResponse.ok().bodyValue(captcha.imageBase64()));`
`33`	`33`	`}`
`34`	`34`