Nodejs does not require a login verification code

With the development of the Internet, verification codes have become an important tool to ensure website security. Many websites require users to enter verification codes when performing sensitive operations, registration, login, etc. to prevent malicious programs and robot attacks and ensure the security and authenticity of the website. However, in some scenarios, in order to improve user experience and operational convenience, it is necessary to provide some verification code services that do not require login. At this time, Node.js, which JavaScript depends on, can exert its excellent features.

The asynchronous architecture of Node.js and the ease of learning JavaScript syntax make it very practical for verification code services. Through the features of Node.js, we can easily implement verification code services that do not require login, and deployment and maintenance are very simple.

First of all, we need to understand the principle and composition of the verification code. Generally speaking, the verification code service has the following components:

1. Verification code generator: used to generate verification code images.
2. Verification code recognizer: Used to identify verification code characters in verification code pictures.
3. Cache: used to temporarily store the generated verification code characters and corresponding verification results.

When the user is in a scenario where a verification code is required, the server will randomly generate a set of verification code images, which contain several verification code characters. Users need to enter the correct verification code characters to proceed with subsequent operations. After the user enters the verification code, the server will compare the verification code characters entered by the user with the corresponding results in the cache to determine whether the user's input is correct.

In Node.js, you can use third-party libraries to implement various components of the verification code service. Here is an example of using the Canvas and nodemailer libraries to implement the verification code service.

First, install the necessary dependent libraries:

npm install canvas nodemailer

Next, write the code:

const express = require('express');
const Canvas = require('canvas');
const nodemailer = require('nodemailer');

const app = express();
const PORT = process.env.PORT || 3000;
const WIDTH = 100;
const HEIGHT = 50;

// 生成随机字符串
const randomString = () => {
  const CHARACTERS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
  let result = '';
  for (let i = 0; i < 6; i++) {
    result += CHARACTERS.charAt(Math.floor(Math.random() * CHARACTERS.length));
  }
  return result;
};

// 生成验证码图片
const generateCaptcha = () => {
  const canvas = Canvas.createCanvas(WIDTH, HEIGHT);
  const ctx = canvas.getContext('2d');
  const captcha = randomString();
  ctx.clearRect(0, 0, WIDTH, HEIGHT);
  ctx.font = 'bold 25px sans-serif';
  ctx.fillStyle = '#333';
  ctx.fillText(captcha, 20, 35);
  return { captcha, dataURL: canvas.toDataURL() };
};

// 初始化缓存
const cache = {};

app.use(express.static('public'));

// 根路由返回验证码图片
app.get('/', (req, res) => {
  const captcha = generateCaptcha();
  cache[captcha.captcha] = true;
  res.send(`<img src="${captcha.dataURL}">`);
});

// 验证码验证路由
app.get('/captcha', (req, res) => {
  const { captcha } = req.query;
  if (captcha && cache[captcha]) {
    delete cache[captcha];
    res.send({ success: true });
  } else {
    res.send({ success: false });
  }
});

// 发送邮件路由
app.get('/email', (req, res) => {
  const { email } = req.query;
  if (email) {
    const captcha = generateCaptcha();
    cache[captcha.captcha] = email;
    const transporter = nodemailer.createTransport({
      host: 'smtp.ethereal.email',
      port: 587,
      secure: false,
      auth: {
        user: testAccount.user,
        pass: testAccount.pass
      }
    });
    const message = {
      from: 'nodejs-captcha@example.com',
      to: email,
      subject: '验证码',
      text: captcha.captcha,
      html: `<img src="${captcha.dataURL}">`
    };
    transporter.sendMail(message, (err, info) => {
      if (err) {
        console.log(err);
        res.send({ success: false });
      } else {
        console.log(info);
        res.send({ success: true });
      }
    });
  } else {
    res.send({ success: false });
  }
});

app.listen(PORT, () => {
  console.log(`Server is running on port ${PORT}`);
});

In this example, we use the Canvas library to generate a verification of size 100x50 Code pictures. And use the nodemailer library to send an email to the specified mailbox, and the email contains the generated verification code image. At the same time, on the server side, we use a cache (a JavaScript object is used here) to temporarily store the verification code characters and the corresponding email address or verification result. In the verification code verification route, the server will compare the verification code characters entered by the user with the corresponding results in the cache.

When the user accesses the root route, the server generates a new verification code image and stores the verification code characters as key names in the cache to ensure the uniqueness of each verification code character. The generated verification code image is then returned directly to the browser via HTTP. Users can access this route to obtain the verification code image even if they are not logged in.

When the user needs to perform verification code verification, the server will automatically generate a new verification code image and store the verification code characters as key names. The user needs to enter the verification code characters. After the user enters the verification code characters, the server will compare them with the corresponding key names in the cache to determine whether they are correct.

In order to improve the security of the verification code service, more complex verification code generation algorithms and more rigorous verification logic can be used. At the same time, in actual production environments, you need to pay attention to details such as cache cleaning and limiting interface access frequency.

In short, using Node.js is very suitable for implementing verification code services that do not require login. The above example is just a small example. You can implement customized verification code services according to your own needs.

The above is the detailed content of Nodejs does not require a login verification code. For more information, please follow other related articles on the PHP Chinese website!