OTP

The BaseOTP model will be used to send/verify/resend an OTP based on client request.

Configuration

Following is the OTP configuration that needs to be set in config.json.

"otp": {
    "MAX_FAILED_ATTEMPTS": 3,
    "MAX_RESEND_ATTEMPTS": 3,
    "DEFAULT_TTL": 180000,
    "ENABLE_FAILED_TTL": true,
    "DEFAULT_FAILED_TTL": 900000,
    "MAIL_FROM": "no-reply@otp.oecloud.io",
    "SMS": {
        "FROM": "OECLD",
        "API": "https://sms.gateway.com/",
        "API_KEY": "API_KEY"
    },
    "ENABLE_MAIL": true,
    "ENABLE_SMS": true
}
KEY DEFAULT VALUE DESCRIPTION
otp.MAX_FAILED_ATTEMPTS 3 Max attempts to allow for incorrect OTP verification
otp.MAX_RESEND_ATTEMPTS 3 Max attempts to allow OTP to be resent
otp.DEFAULT_TTL 180000 Expiry time of OTP from creation
otp.ENABLE_FAILED_TTL true Flag whether OTP request to be blocked in case of reaching MAX_FAILED_ATTEMPTS
otp.DEFAULT_FAILED_TTL 900000 Wait time when new OTP can be generated for MAX_FAILED_ATTEMPTS
otp.MAIL_FROM no-reply@otp.oecloud.io Mail shown when OTP delivered through SMTP
otp.SMS.FROM OECLD Name displayed when OTP is sent
otp.SMS.API https://sms.gateway.com/ URL for SMS aggregator
otp.SMS.API_KEY API_KEY API key used by aggregator for authorization
otp.SMS.username username Username used for authorization by SMS aggregator
otp.SMS.password password Password used for authorization by SMS aggregator
otp.ENABLE_MAIL true Enable sending OTP using mail/SMTP
otp.ENABLE_SMS true Enable sending OTP using SMS

All the above default values are optional, except the SMS key which stores details of SMS sender.

NOTE: Email is sent using the default mail model in loopback and uses the emailDs which needs to be configured.

API’s

The BaseOTP model has only three remote methods exposed, which are send, resend and verify.

send:

Used to create a new OTP against either phone or mail and send the OTP.

Request:

{
    "phone": "1234567890",
    "mail": "abc@abc.com"
}

Response:

{
  "sms": {
    "status": "failed",
    "error": "getaddrinfo EAI_AGAIN sms.gateway.com:443"
  },
  "mail": {
    "status": "failed",
    "error": "getaddrinfo EAI_AGAIN smtp.gmail.com:587"
  },
  "otpId": "5b72bfaa5c98d948c74f0a2f"
}

verify

Verifies an OTP based on the otpId and otp values sent in request body.

Request:

{
  "otp": 8365,
  "otpId": "5b72bfaa5c98d948c74f0a2f"
}

Response:

{
  "status": "verified"
}

resend

Send an existing OTP again to the user.

Request:

{
  "otpId": "5b72bfaa5c98d948c74f0a2f"
}

Response:

{
  "sms": {
    "status": "failed",
    "error": "getaddrinfo EAI_AGAIN sms.gateway.com:443"
  },
  "mail": {
    "status": "failed",
    "error": "getaddrinfo EAI_AGAIN smtp.gmail.com:587"
  }
}

Usage

To use the OTP verification method, you would need to extend the BaseOTP model and also overwrite sendSMS and sendMail method which contain logic to send the OTP via SMS and mail respectively.

Following is a sample model definition and the corresponding javascript file to overwrite the above mentioned methods.

app-otp.json:

{
    "name": "AppOTP",
    "description": "This is extended model of BaseOTP model",
    "plural": "AppOTP",
    "base": "BaseOTP"
}

app-otp.js:

var loopback = require('loopback');
var logger = require('oe-logger');
var log = logger('AppOTP');
var request = require('request');

module.exports = function AppOTP(AppOTPModel) {
  AppOTPModel.sendSMS = function sendSMS(data, smsConfig, cb) {
    log.info('Success by default');
    // Logic for sending SMS to be written with appropriate
    // callback with null for first param and error/success for second
    // Success
    cb(null, 'success');
    // Failure
    // cb(null, new Error('failure message'));
  };

  AppOTPModel.sendMail = function sendMail(data, cb) {
    log.info('Success by default');
    // Logic for sending mail to be written with appropriate
    // callback with null for first param always and error/success for second
    // Success
    cb(null, 'success');
    // Failure
    // cb(null, new Error('failure message'));
  };
};