thebund1st / daming Goto Github PK
View Code? Open in Web Editor NEWSms verification component for spring boot project
License: Apache License 2.0
Sms verification component for spring boot project
License: Apache License 2.0
There are multiple actions requiring sms verification. We should provide exclusive code for each tasks. So that hacker can't pass the verification for action A with code for action B.
Currently, it requires a private key by default to boot the SmsVerificationJwtIssuer
, but sometimes the monolithic project don't want to use the DEL /api/sms/verification/code
endpoint, but rather using SmsVerificationCommandHander
directly.
Context from this issue
The context is from here
We are trying to adopt daming in our source repo, but it's not work of redis starter 1.x
It should return bad request(400) given mobile phone number is not valid or invalid code
The warning message during the ./gradlew clean build
compileJavaErrors occurred while build effective model from /workspace/.gradle/caches/modules-2/files-2.1/com.github.hippoom/sms-verification-core/0.9.5/4651eda5fd9124f49448d1b5b7b81a5ee0fe29e2/sms-verification-core-0.9.5.pom:
'dependencies.dependency.version' for com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar is missing. in com.github.hippoom:sms-verification-core:0.9.5
Here is the build.gradle dependencies part:
compileOnly "org.projectlombok:lombok"
testCompileOnly "org.projectlombok:lombok"
compileOnly 'com.google.code.findbugs:annotations'
testCompileOnly 'com.google.code.findbugs:annotations'
// web
compile "org.springframework.boot:spring-boot-starter-web"
compile("org.springframework.boot:spring-boot-starter-hateoas")
compile("org.springframework.boot:spring-boot-starter-actuator")
compile("org.springframework.cloud:spring-cloud-starter-feign")
compile group: 'commons-io', name: 'commons-io', version: '2.0.1'
// security
compile "org.springframework.boot:spring-boot-starter-security"
testCompile group: 'org.springframework.security', name: 'spring-security-test', version: '4.2.3.RELEASE'
// cache
compile("org.springframework.boot:spring-boot-starter-cache")
compile("org.springframework.boot:spring-boot-starter-data-redis")
compile group: 'com.github.ben-manes.caffeine', name: 'caffeine', version: '2.6.2'
// mock server
testCompile group: 'com.github.tomakehurst', name: 'wiremock-standalone', version: '2.12.0'
// to mock concrete class
testCompile("org.hamcrest:hamcrest-all:1.3")
testCompile group: 'org.codehaus.groovy', name: 'groovy-all', version: '2.4.12'
testCompile group: 'com.github.hippoom', name: 'test-data-builder', version: '0.4.1'
// distributed trace
compile('org.springframework.cloud:spring-cloud-starter-sleuth')
compile group: 'net.logstash.logback', name: 'logstash-logback-encoder', version: '4.11'
// e2e test
testCompile group: 'io.rest-assured', name: 'rest-assured', version: '3.0.7'
testCompile 'com.jayway.awaitility:awaitility:1.7.0'
compile group: 'solutions.fluidity', name: 'cascade', version: '1.1'
// json path
compile 'com.jayway.jsonpath:json-path:2.4.0'
compile group: 'net.minidev', name: 'json-smart', version: '2.2.1'
// poi
//compile name: 'poi-0.0.2'
compile files('../libs/poi-0.0.2.jar')
compile group: 'org.apache.poi', name: 'poi', version: '3.17'
compile group: 'org.apache.poi', name: 'poi-ooxml', version: '3.17'
// embedded redis
testCompile 'com.github.kstyrc:embedded-redis:0.6'
// pinyin4j
//compile name: 'pinyin4j-2.5.0'
compile files('../libs/pinyin4j-2.5.0.jar')
//compile group: 'net.sourceforge.pinyin4j', name: 'pinyin4j', version: '2.5.0'
// AWS SQS
compile('org.springframework.cloud:spring-cloud-starter-aws-messaging')
// jackson
compile("org.springframework.boot:spring-boot-starter-json:${springBootVersion}")
// aliyun sdk
compile("com.aliyun:aliyun-java-sdk-core:4.0.6")
compile("com.aliyun:aliyun-java-sdk-dysmsapi:1.1.0")
// mail
compile('com.sun.jersey.contribs:jersey-multipart:1.19.4')
compile('org.springframework.boot:spring-boot-starter-thymeleaf')
compile group: 'org.springframework.boot', name: 'spring-boot-starter-mail', version: '2.1.3.RELEASE'
// http://commons.apache.org/proper/commons-beanutils/
compile('commons-beanutils:commons-beanutils:1.9.3')
// swagger
compile('io.springfox:springfox-swagger2:2.7.0')
// PostgreSQL with jpa
compile('org.postgresql:postgresql:42.2.5.jre7')
compile('org.springframework.boot:spring-boot-starter-data-jpa')
compile('org.hibernate:hibernate-core')
compile('com.vladmihalcea:hibernate-types-5:2.4.0')
compile('com.google.guava:guava:23.5-jre')
compile('org.apache.commons:commons-lang3:3.1')
// flyway migrate
compile('org.flywaydb:flyway-core')
// aliyun email
compile files('../libs/aliyun-java-sdk-core-3.0.0.jar')
compile files('../libs/aliyun-java-sdk-dm-3.1.0.jar')
// peb-aes
compile('org.jasypt:jasypt:1.9.2')
A pre-check mechanism to avoid verification code spam
By pass the verification in non production environment somehow. Because sending sms cost money!!
The SmsVerificationRequired
annotation verifies the JWT, but does not cover if the protected API receives the same mobile with the mobile in the JWT.
Imagine this case, the order submit form requires a mobile phone number.
The customer needs to finish the sms verification process to make sure he/she is the owner of the mobile phone number that is submitted.
Some of the method usage of RestTemplate
only available since spring-data-redis
2.x. This makes it difficult for projects still using spring-data-redis
1.x to adopt daming
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.