Spring Boot 验证码微服务(生产骨架)
✅ 滑块验证码 ✅ 行为验证码(无感 + 风控评分) ✅ Redis 状态 / Token / TTL ✅ 风险分级 → 决策 ✅ 可扩展点(模型 / 点选 / 短信)
真实项目结构
一、项目结构(生产推荐)
captcha-service ├── controller │ └── CaptchaController.java ├── service │ ├── SliderCaptchaService.java │ ├── BehaviorCaptchaService.java │ └── RiskDecisionService.java ├── model │ ├── SliderTrack.java │ ├── BehaviorEvent.java │ ├── CaptchaResult.java │ └── CaptchaDecision.java ├── util │ ├── TokenUtil.java │ └── RiskUtil.java ├── config │ └── RedisConfig.java └── CaptchaApplication.java二、核心数据模型
1️⃣ 决策枚举
public enum CaptchaDecision { PASS, SLIDER, REJECT }2️⃣ 返回结果
@Data @AllArgsConstructor public class CaptchaResult { private CaptchaDecision decision; private String captchaToken; }3️⃣ 滑块轨迹
@Data public class SliderTrack { private int x; private int y; private long t; }4️⃣ 行为事件
@Data public class BehaviorEvent { private String type; // move / click / key private int x; private int y; private long timestamp; }三、Token 工具(一次性 + 防重放)
public class TokenUtil { private static final String SECRET = "captcha-secret"; public static String generate(String sessionId) { String raw = sessionId + ":" + System.currentTimeMillis() + ":" + UUID.randomUUID(); return DigestUtils.sha256Hex(raw + SECRET); } }四、滑块验证码 Service(重点)
@Service public class SliderCaptchaService { public boolean verifyPosition(int userX, int targetX) { return Math.abs(userX - targetX) <= 5; } public boolean verifyTrack(List<SliderTrack> tracks) { if (tracks == null || tracks.size() < 10) return false; long duration = tracks.get(tracks.size() - 1).getT() - tracks.get(0).getT(); if (duration < 300) return false; boolean acc = false, dec = false; for (int i = 2; i < tracks.size(); i++) { int dx1 = tracks.get(i - 1).getX() - tracks.get(i - 2).getX(); int d
