在我们的 Web Portal 中提交表单后,我们将进入504 Gateway Time-out
Google Recaptcha。
到目前为止,当我们在 App Server 中 curl 时:
curl -X POST -H "Content-Type: application/json" \
-d '{"secret": "abc123", "response": "def456"}' \
https://www.google.com/recaptcha/api/siteverify
我们得到timeout-or-duplicate
错误。
背景:
我们正在使用 Google Recaptcha V2 来防止我们的页面中出现机器人,因为我们没有用户身份验证并且该页面对公众开放。
具有 Google Recaptcha 的页面位于我们使用ReactJS
. 此 Web 门户托管在我们的Web Server
. 此 Web 服务器用作反向代理,并与托管在App Server
. 应用服务器无法访问 Internet。
我们的 Google Recaptcha 使用服务器端验证,一旦用户回答表单,完成 Google Recaptcha,然后提交,Web Portal 通过 API 将响应密钥发送到后端。然后后端通过向 Google调用API 请求来验证这一点。
我们已经在应用服务器级别将 Google IP 地址列入白名单,因此它能够连接到 Google,如下所述:
- https://code.google.com/archive/p/recaptcha/wikis/FirewallsAndRecaptcha.wiki
- https://chronicler.tech/firewall-considerations-for-google-recaptcha/
这是后端代码段:
public boolean verifyCaptcha(String responseCaptcha) throws IllegalAccessException, BaseServiceException, JsonParseException, JsonMappingException, IOException, Exception {
String secretGoogle = baseServiceCommonPropertiesBean.getRecaptchaKey();
logger.info(" Entering verifyCaptcha method of DeclarationServiceImpl class.");
if (responseCaptcha == null || "".equals(responseCaptcha)) {
return false;
}
String googleUrl = "https://www.google.com/recaptcha/api/siteverify?secret=" + secretGoogle + "&response=" + responseCaptcha;
try{
URL url = new URL(null, googleUrl, new sun.net.www.protocol.https.Handler());
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
/*URL obj = new URL(googleUrl);
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();*/
// add reuqest header
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
con.setRequestProperty("User-Agent", "Mozilla/5.0");
/*String postParams = "secret=" + secretGoogle + "&response=" + responseCaptcha;*/
// Send post request
con.setDoOutput(true);
DataOutputStream wr = new DataOutputStream(con.getOutputStream());
//wr.writeBytes(postParams);
wr.flush();
wr.close();
int responseCode = con.getResponseCode();
logger.info("Resposne Code "+responseCode);
logger.info("Post parameters : " + googleUrl);
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
//parse JSON response and return 'success' value
String responseBody = response.toString();
logger.info("Result response from google : "+responseBody);
if (responseBody == null || responseBody.isEmpty()) {
logger.info("Response body is empty");
return false;
}
JSONObject jsonObject = new JSONObject(responseBody);
boolean result = jsonObject.getBoolean("success");
logger.info("Result from google : "+result);
return jsonObject.getBoolean("success");
}catch(Exception e){
logger.error("Error at verifyCaptcha method of DeclarationServiceImpl class and error is :"+e);
return false;
}
}
我在前端的 Web Portal中使用react-google-recaptcha 。ReactJS