title: antibot-server接入說明
date:2016-05-05
tags:
1、對于已使用ng-common-0.4.31 RPC的接入方
1.1拉岁、新增配置項(xiàng)
1.1.1、在define.conf中
# RPC本地調(diào)試時(shí)的antibot_server地址-開發(fā)時(shí)用到
antibot_server.test=http://100.84.51.184:9027
#調(diào)用antibot_server的caller&key族跛,無需配置弛作,配置好rpc.caller和rpc.key即可
1.1.2愕提、在application.conf中
antibot_server.test.host=${antibot_server.test}
1.2、引入jar包
引入antibot-server-api-xxx.jar皿哨,其中xxx是版本號浅侨。
antibot-server-api-xxx.jar當(dāng)前還沒有上傳到nexus庫,如需最新版本证膨,請找我要如输。
1.3、示例:業(yè)務(wù)方頁面接入ua.js
在頁面最底部(body結(jié)束之前)央勒,加入如下代碼片段:
<body>
<!--頁面主體及業(yè)務(wù)js-->
<script>
var UA_Opt={Flag:16676992};//ua.js的配置
function (doc, tagName, tagId, src) {
a = doc.createElement(tagName);
m = doc.getElementsByTagName(tagName)[0];
a.async = 1;
a.id = tagId;
a.src = src;
m.parentNode.insertBefore(a, m);
}(document, 'script', 'uajs', "/ua.js?siteId=<你的siteId>");
</script>
</body>
在發(fā)起業(yè)務(wù)請求時(shí)不见,獲取ua密文;在complete時(shí)崔步,切換token稳吮。例如:
$.ajax({
type: "POST",
url: that.user.upCoinsUrl,
data: {
uid: uid,
shareId: shareId,
coins: coinsBuilt,
ua:UA_Opt.getUA() //字段名通常是ua,與第4步中從Reqeust.current()中獲取的參數(shù)名保持一致即可
},
complete:function(){
UA_Opt.reload(true); //異步地切換token
}
dataType: "json",
timeout: 30000
//其他屬性...
});
1.4井濒、示例:業(yè)務(wù)方服務(wù)器調(diào)用評估風(fēng)險(xiǎn)接口
/**
* 測試antibot_server提供的接口
*/
public static void antibotEstimate(){
Request req = Request.current();
String uaCipher = req.param.get("ua");
if(StringUtils.isEmpty(uaCipher)){
// ua密文不存在灶似,高風(fēng)險(xiǎn),請?zhí)幚? ResponseHelper.sendError(...);
}
RuleApiService ruleServ = RPC.look(RuleApiService.class);
RuleEstimateRequest req = new RuleEstimateRequest();
req.setUaCipher(uaCipher);
req.setRules(buildRules("dafde23ccde0a"));
try{
RuleEstimateResponse resp = ruleServ.estimate(req,"?siteId=<你的siteId>");
int riskLevel = resp.getRiskLevel();
if(riskLevel>=4){
//高風(fēng)險(xiǎn)
}
}catch(ApiException e){
//處理業(yè)務(wù)參數(shù)錯誤瑞你,業(yè)務(wù)碼說明請參見接口描述文檔
int errCode = e.getErrorCode();
if(errCode==RuleStatusCode.DECODE_FAILURE.getCode()){
//解碼失敗酪惭,可視為高風(fēng)險(xiǎn)
}else{
//多半是請求參數(shù)有問題,請調(diào)整
}
}catch(RpcException e){
//處理rpc調(diào)用出錯(如調(diào)用超時(shí))
}
}
/** 構(gòu)造規(guī)則
* @param submitBtnId 提交按鈕的id
* @return List<Rule>
*/
private static List<Rule> buildRules(String submitBtnId){
return Arrays.asList(new Rule[]{
new Rule(COND.TOKEN),//頁面token合法
new Rule(COND.BROWSER_PLATFORM),//瀏覽器平臺APP特征合法
new Rule(COND.TAP_TARGET,OP.EQ, submitBtnId),//提交按鈕的點(diǎn)擊事件
new Rule(COND.FOCUS,OP.EXIST),//存在焦點(diǎn)事件
new Rule(COND.BLUR,OP.EXIST),//存在失焦事件
new Rule(COND.TAP_INTERVAL,OP.GE,"15"),//按下抬起間隔>=15ms
new Rule(COND.LOCATION,OP.MATCH,"http://wanke.9game.cn/xxx/comment"),//發(fā)出請求的頁面的地址格式滿足正則表達(dá)式
new Rule(COND.PAGE_STAY,OP.GE,"2000")//頁面停留時(shí)間最少2000ms
});
}
1.5者甲、業(yè)務(wù)方后臺請求ua.js及token
當(dāng)部署結(jié)構(gòu)滿足下圖時(shí)春感,只需上述四步即可完成接入:
但,當(dāng)運(yùn)維不支持將antibot_server直接對外提供/ua.js和/utk時(shí)过牙,只能通過業(yè)務(wù)方web后臺(即圖中wk_web)向antibot_server轉(zhuǎn)調(diào)這兩個(gè)接口甥厦,并將結(jié)果返回給瀏覽器。這種情況下寇钉,業(yè)務(wù)方web后臺需要再寫兩個(gè)方法刀疙,用于響應(yīng)瀏覽器的/ua.js和/utk請求,代碼如下:
public class UajsController extends Controller {
private static UajsApiService uajsServ = RPC.look(UajsApiService.class);
/**
* 響應(yīng)ua.js
*
* @param siteId
* 業(yè)務(wù)方站點(diǎn)id
* @param siteId
* void
*/
@UnneedAccountSdkHandle
@NoUcidPretreat
@DisableBeforeCache
public static void serveUajs(String siteId) {
Map<String,Object> resp = uajsServ.getUajs(buildSearchStr(siteId));
String jsContent = (String)resp.get("content");
throw new RenderJS(jsContent);
}
static class RenderJS extends Result {
String text;
public RenderJS(CharSequence text) {
this.text = text.toString();
}
public void apply(Request request, Response response) {
try {
jws.Logger.debug("[UajsController RenderJS] apply...");
setContentTypeIfNotSet(response, "application/javascript; charset=utf-8");
response.out.write(text.getBytes("utf-8"));
jws.Logger.debug("[UajsController RenderJS] apply finished.");
} catch (Exception e) {
throw new UnexpectedException(e);
}
}
}
/**
* 響應(yīng)頁面token請求
*
* @param siteId
* 業(yè)務(wù)方站點(diǎn)id 生成動態(tài)token
*/
@UnneedAccountSdkHandle
@NoUcidPretreat
@DisableBeforeCache
public static void serveToken(String siteId) {
throw new RenderText(uajsServ.getToken(buildSearchStr(siteId)));
}
private static String buildSearchStr(String siteId){
if(StringUtils.isNotBlank(siteId)){
return String.format("?siteId=%s", siteId);
}else{
return "";
}
}
}
同時(shí)扫倡,需要再業(yè)務(wù)方web后臺的routes中谦秧,新增如下配置:
GET /ua.js UajsController.serveUajs
GET /utk UajsController.serveToken