Nodejs Generating SVG graphics Verification code

Background: SMS interface has a call limit, if malicious attack, it is easy to explode, so need a series of authentication mechanism, the back end of the use of signature encryption, and the front-end to man machine recognition, there are two requirements:

1) can not use text-style verification code, very simple to get

2) All verification logic should be done on the server, or it will be easily bypassed

Workaround: Use the Svg-captcha plugin to generate the SVG format verification code in node. js.

1. Installation

NPM Install--save Svg-captcha

2. How to use

var svgcaptcha = require (' Svg-captcha '); var data = svgcaptcha.create ({   //}) console.log (data)// {data: ' <svg>......</svg> ', text: ' Fdsafasdf '}

Use in Express

varSvgcaptcha = require (' Svg-captcha '));varRouter = require (' Express '). Router (); Router.get ('/get-img-verify ',function(req, res) {Console.log (req.query); varoption =Req.query; //Verification Code, there are two attributes, text is a character, data is the SVG code    varCode =svgcaptcha.create (option); //Save to session, ignore casereq.session["Randomcode"] =code.text.toLowerCase (); //return data directly into the page element displayres.send ({img:code.data});});

Client Get Verification Code

/** Get Image Verification Code*/Getimagecode:function () {        var_this = This; $("#image_code"). Val (""); $.ajax ({type:"Get", URL:"/get-img-verify", data: {size:6,//Verification Code Lengthwidth:200, Height:150, background:"#f4f3f2",//number of interfering linesNoise:2, FontSize:32, Ignorechars:' 0o1i ',//Verify code characters exclude ' 0o1i 'Colortrue //the character of the verification code is color, default is not, if the background is set, the default is}, DataType:' JSON '}). Done (function(data) {$ (". Getimagecode"). HTML (DATA.IMG); $(". Getimagecode"). Off ("click"). On ("click",function() {_this.getimagecode ();        });    }); }                            

3. Verification method

All the authentication logic is to be done on the server, otherwise this verification code will not be used, so the correct logic should be, when the request for a sensitive interface, the client input verification code along with the parameters required by the interface to the node layer, In node to determine the user input verification code is not the same as before the verification code stored in the session, if not consistent, the validation does not pass, directly return data, do not request the background, if the same, then verify through, and then the node initiated the request, to invoke the background interface.

Router.get ('/cerification-codeservice/send-verification-code ',function(req, res, next) {varurl = urlmap.useraccountserver + '/cerification-codeservice/new-send-verification-code '; varImagecode =req.query.imageCode.toLowerCase (); varQS =Req.query;  for(Let keyinchQs) {        if(Key = = = ' Imagecode ')) {            DeleteQs[key]; }    }    if(Imagecode!== req.session["Randomcode"]) {res.send ({code:4        }); return false; }    varOptions ={Url:url, method:' GET ', JSON:true, Qs:qs};    ClusterUtility.API.optionsFilter (req, options); Request (Options,function(Error, response, body) {res.send (body); });});

Plug-ins also have some other configuration items and APIs, specifically visible Https://github.com/lemonce/svg-captcha

Nodejs Generating SVG graphics Verification code