captcha-canvas
Version:
A captcha generator by using skia-canvas module.
42 lines (41 loc) • 1.45 kB
JavaScript
;
/**
* Security utilities for CAPTCHA generation
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.constantTimeDelay = constantTimeDelay;
exports.generateSessionToken = generateSessionToken;
exports.hashSolution = hashSolution;
exports.verifySolution = verifySolution;
/**
* Adds consistent timing to prevent timing attacks
*/
async function constantTimeDelay(minMs = 100, maxMs = 300) {
const delay = Math.random() * (maxMs - minMs) + minMs;
return new Promise(resolve => setTimeout(resolve, delay));
}
/**
* Generates a secure session token for CAPTCHA verification
*/
function generateSessionToken() {
const { randomBytes } = require('crypto');
return randomBytes(32).toString('hex');
}
/**
* Creates a hash of the CAPTCHA solution for secure storage
*/
function hashSolution(solution, salt) {
const crypto = require('crypto');
const actualSalt = salt || randomBytes(16).toString('hex');
const hash = crypto.pbkdf2Sync(solution.toUpperCase(), actualSalt, 10000, 64, 'sha512');
return `${actualSalt}:${hash.toString('hex')}`;
}
/**
* Verifies a CAPTCHA solution against its hash
*/
function verifySolution(solution, hashedSolution) {
const crypto = require('crypto');
const [salt, hash] = hashedSolution.split(':');
const verifyHash = crypto.pbkdf2Sync(solution.toUpperCase(), salt, 10000, 64, 'sha512');
return hash === verifyHash.toString('hex');
}