acha-framework/src/backend/api/v1/captcha.js

is a modular framework on both client (angular.js) and server (node.js) side, it provides security, orm, ioc, obfuscation and ...

(function (undefined) {
  Ioc.define('backend.controllers.captcha', ['backend.captcha.service'], function (provide, captcha) {
    provide({
      install: function (app) {
        app.get('/api/v1/captcha/generate', captcha.generate);
      }
    });
  });
  Ioc.define('backend.captcha.service', ['backend.operationResult'], function (provide, OperationResult) {
    OperationResult.Errors.captcha = 'captcha is not valid';
    const CaptchaPng = require('captchapng');
    const tokens = {};
    const reject = function (res) {
      res.json(OperationResult.failed([OperationResult.Errors.captcha]));
    };
    provide({
      generate: function (req, res) {
        const key = UUID();
        const number = parseInt(Math.random() * 9000 + 1000);
        const captcha = new CaptchaPng(80, 30, number);
        // width,height,numeric captcha
        captcha.color(0, 0, 0, 0);
        // First color: background (red, green, blue, alpha)
        captcha.color(80, 80, 80, 255);
        // Second color: paint (red, green, blue, alpha)
        tokens[key] = number;
        res.json({
          image: captcha.getBase64(),
          key: key
        });
      },
      check: function (req, res, next) {
        const captcha = req.body.captcha;
        if (!captcha || !captcha.key || !captcha.value) {
          reject(res);
          return;
        }
        if (!tokens[captcha.key]) {
          reject(res);
          return;
        }
        if (tokens[captcha.key] !== parseInt(captcha.value)) {
          delete tokens[captcha.key];
          reject(res);
          return;
        }
        delete tokens[captcha.key];
        next();
      }
    });
  });
}());