express-vericode

Verification Code flow to protect sensitive operations

Usage no npm install needed!

<script type="module">
  import expressVericode from 'https://cdn.skypack.dev/express-vericode';
</script>

README

express-vericode

Verification code flow to protect sensitive operations requiring double confirmation the operator's identity

HOW TO Use:

  1. Use whitelist to define the URL that should be protected. Only Regexp are supported.
  2. First, call /code api with identity as parameter to retrieve the code
  3. Second, call /validate to validate the identity and code combination is correct then retrieve vericode_token
  4. Third, call the target protected URL with parameter vericode_token in query parameter or form body
  5. Finally, this module will check if the vericode_token is valid and pass vericode_token to next middleware in res.locals.vericode_token.
  6. Consecutive middleware may retrieve identity from res.locals.vericode_token.

TODO

  1. Rate Limiting - Don't resend verification code in short period