237899745/vue-driven-cloud-storage
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
7ce9d95d440910202e2f071a3b561e969fb1e73d
vue-driven-cloud-storage/test_captcha.sh
喻勇祥 61c99ce5c0 添加登录验证码功能 - 增强系统安全性 
## 新增功能
- 密码输错2次后自动显示验证码
- 4位数字验证码,点击可刷新
- 验证码有效期5分钟
- 基于IP和用户名双重防护
- 前台和后台登录均支持

## 后端改动
- 新增验证码生成API: GET /api/captcha
- 修改登录API支持验证码验证
- 添加session管理验证码
- 增强RateLimiter防爆破机制

## 前端改动
- 登录表单添加验证码输入框(条件显示)
- 验证码图片展示和刷新功能
- 自动触发验证码显示逻辑

## 依赖更新
- 新增: svg-captcha (验证码生成)
- 新增: express-session (session管理)

## 文档
- CAPTCHA_FEATURE.md - 详细功能文档
- CAPTCHA_README.md - 快速开始指南
- test_captcha.sh - 自动化测试脚本
- 更新说明_验证码功能.txt - 中文说明

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-21 16:32:32 +00:00

91 lines
2.9 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# 登录验证码功能测试脚本
echo "================================"
echo "登录验证码功能测试"
echo "================================"
echo ""
BASE_URL="http://localhost:40001"
echo "1. 测试验证码API..."
response=$(curl -s -w "\n%{http_code}" "$BASE_URL/api/captcha")
http_code=$(echo "$response" | tail -n1)
if [ "$http_code" = "200" ]; then
echo "✓ 验证码API正常 (HTTP $http_code)"
else
echo "✗ 验证码API异常 (HTTP $http_code)"
fi
echo ""
echo "2. 测试第一次登录失败(不需要验证码)..."
response=$(curl -s -X POST "$BASE_URL/api/login" \
-H "Content-Type: application/json" \
-d '{"username":"test","password":"wrong"}' \
-c cookies.txt)
echo "$response" | jq -r '.message'
needCaptcha=$(echo "$response" | jq -r '.needCaptcha // false')
if [ "$needCaptcha" = "false" ]; then
echo "✓ 第一次失败不需要验证码"
else
echo "⚠ 第一次失败就需要验证码(可能之前已有失败记录)"
fi
echo ""
echo "3. 测试第二次登录失败(不需要验证码)..."
response=$(curl -s -X POST "$BASE_URL/api/login" \
-H "Content-Type: application/json" \
-d '{"username":"test","password":"wrong"}' \
-b cookies.txt -c cookies.txt)
echo "$response" | jq -r '.message'
needCaptcha=$(echo "$response" | jq -r '.needCaptcha // false')
if [ "$needCaptcha" = "false" ]; then
echo "✓ 第二次失败不需要验证码"
else
echo "⚠ 第二次失败就需要验证码(可能之前已有失败记录)"
fi
echo ""
echo "4. 测试第三次登录失败(应该需要验证码)..."
response=$(curl -s -X POST "$BASE_URL/api/login" \
-H "Content-Type: application/json" \
-d '{"username":"test","password":"wrong"}' \
-b cookies.txt -c cookies.txt)
echo "$response" | jq -r '.message'
needCaptcha=$(echo "$response" | jq -r '.needCaptcha // false')
if [ "$needCaptcha" = "true" ]; then
echo "✓ 第三次失败需要验证码"
else
echo "✗ 第三次失败应该需要验证码"
fi
echo ""
echo "5. 测试不提供验证码时登录..."
response=$(curl -s -X POST "$BASE_URL/api/login" \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"admin123"}' \
-b cookies.txt -c cookies.txt)
message=$(echo "$response" | jq -r '.message')
echo "$message"
if [[ "$message" == *"验证码"* ]]; then
echo "✓ 正确要求输入验证码"
else
echo "⚠ 未要求验证码(用户可能不存在或之前没有失败记录)"
fi
echo ""
# 清理
rm -f cookies.txt
echo "================================"
echo "测试完成"
echo "================================"
echo ""
echo "注意事项:"
echo "1. 确保后端服务已启动 (node backend/server.js)"
echo "2. 测试用户'test'可能不存在,这是正常的"
echo "3. 如果要完整测试,请使用浏览器手动测试"
echo "4. 防爆破机制会在失败5次后封锁30分钟"
echo ""
Reference in New Issue View Git Blame Copy Permalink