-
-
Save rakibulhaq/f53c90e510da8f8f2b6c90d21f2cdd87 to your computer and use it in GitHub Desktop.
OTP verification without database, full sample source code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const otpGenerator = require("otp-generator"); | |
const crypto = require("crypto"); | |
const key = "verysecretkey"; // Key for cryptograpy. Keep it secret | |
function createNewOTP(phone){ | |
// Generate a 6 digit numeric OTP | |
const otp = otpGenerator.generate(6, {alphabets: false, upperCase: false, specialChars: false}); | |
const ttl = 5 * 60 * 1000; //5 Minutes in miliseconds | |
const expires = Date.now() + ttl; //timestamp to 5 minutes in the future | |
const data = `${phone}.${otp}.${expires}`; // phone.otp.expiry_timestamp | |
const hash = crypto.createHmac("sha256",key).update(data).digest("hex"); // creating SHA256 hash of the data | |
const fullHash = `${hash}.${expires}`; // Hash.expires, format to send to the user | |
// you have to implement the function to send SMS yourself. For demo purpose. let's assume it's called sendSMS | |
sendSMS(phone,`Your OTP is ${otp}. it will expire in 5 minutes`); | |
return fullHash; | |
} | |
function verifyOTP(phone,hash,otp){ | |
// Seperate Hash value and expires from the hash returned from the user | |
let [hashValue,expires] = hash.split("."); | |
// Check if expiry time has passed | |
let now = Date.now(); | |
if(now>parseInt(expires)) return false; | |
// Calculate new hash with the same key and the same algorithm | |
let data = `${phone}.${otp}.${expires}`; | |
let newCalculatedHash = crypto.createHmac("sha256",key).update(data).digest("hex"); | |
// Match the hashes | |
if(newCalculatedHash === hashValue){ | |
return true; | |
} | |
return false; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment