otp-process

1.0.4 • Public • Published

Otp-process

This piece of code will used to generate "OTP" on the server and as well as verify the otp on the server side without storing otp in database

Example with project

// importing module
const Otp = require("otp-process");

class UserController {
    // for sending signup otp
    async sendOtp(req , res){
        
        // destructuring the body
        const {email , mobile} = req.body;

        // validation
        if(!email && !mobile){
            return res.json({msg:"Email or Mobile required" , flag : false});
        };

        // creating otp
        const otp = Otp.createOtp(4 , {data : email?email:mobile} , 1 , process.env.OTP_SECRET);

        // cheking where to send otp

        // if user requested with email
        if(email){
            // validating otp
            if(otp.error){
                return res.json({msg:otp.error , flag : false});
            };

            // sent otp to email but here i am consoling the otp
            console.log(otp.otp);
            
            return res.json({hash : otp.hash , data : otp.data , flag:true});

        }
        // if user requested with mobile
        else if(mobile){
            // validating otp
            if(otp.error){
                return res.json({msg:otp.error , flag : false});
            };

            // sent otp to mobile but here i am consoling the otp
            console.log(otp.otp);
            
            return res.json({hash : otp.hash , data : otp.data , flag:true});
        }
    };

    // verify otp and create user account
    async verifyOtp(req , res){
        // destructuring data
        const {hash , data , otp} = req.body;

        // validating
        if(!hash || !data || !otp){
            return res.json({msg:"All fields are required" , flag : false});
        };

        // verifying otp
        const isVerify = Otp.verify(hash , data , otp , process.env.OTP_SECRET);

        if(isVerify.error){
            return res.json({msg:isVerify.error , flag:false});
        }

        // now user verified you can also verify one more time by the code given below
        
        if(isVerify.flag){
            // now fully confirmed that user is verified
            // Now you can do your signup process here
        }

    }
}

module.exports = new UserController();

In given example you can easily understand, how this module works. In verifyOtp controller, you will get Otp, Hash and Data from the request.body. User will receive email or message via sendOtp api, In sendOtp hash and data will travel via response object but Otp will travel via message or email and then Hash, Data and Otp will travel via request.body.


How to use

import otp-process

const otp = require("otp-process");

Basic, How to create OTP

const Otp = otp.createOtp();

if (!Otp.error) {
  const { error, ...data } = Otp;
  console.log(data);
}

Basic, How to VerifyOtp

// To verify it we need to {hash , data , otp}
// verifying otp
const isVerify = otp.verify(Otp.hash, Otp.data, Otp.otp);
console.log(isVerify);

/*
Output will be
{ error: false, data: {}, flag: 'Otp verified' }
*/

In upper code we created unsecure otp system and verified it.


Let's learn about createOtp here

In createOtp we have four arguments there -

Otp Length

Otp length decides your otp length it have length restrictions here

  1. Minimum length should not be less than 4.
  2. Max length should be less than 13.
  3. Only Integer will be accepted here.

Data

Data is a javascript Object this will be used to make your Otp system more secure and this have no restrictions here.

Expiry

This argument is useful in verifying process. it will decide that, "Is this otp expired or not". And only one restriction is there that only Integer will be accepted here.

Secret

By default it set tobe None but it is not good, this argument is highly sensitive and you should keep it in .env files, Anybody can easily bypass this otp system with this secret that's why you have to make your ''Secret'' more strong.


Let's create a secure otp using createOtp

// creating data
const data = {
  email: "example@gmail.com",
  name: "Abcd",
};

// creating expiry time for 1 minute
const expiry = 1;

// setting length 6 char
const length = 6;

// creating otp
const Otp = otp.createOtp(length, data, expiry, process.env.OTP_SECRET);

// logging otp
console.log(Otp);
/*
  Output
  {
    error: false,
    otp: 876186,
    flag: true,
    data: { email: 'example@gmail.com', name: 'Abcd' },
    hash: '9b365348306e109c2f00f5128864114570a8ec39fe0e9837f30e1cee9d35c842.1656484856707'
  }
*/

// Now verifying otp
if (!Otp.error) {
  const { hash, data, otp: userOtp } = Otp;
  const isVerify = otp.verify(hash, data, userOtp, process.env.OTP_SECRET);
}

Install

npm i otp-process

DownloadsWeekly Downloads

5

Version

1.0.4

License

MIT

Unpacked Size

11.5 kB

Total Files

5

Last publish

Collaborators

  • keepcoding