JaySabva
commented
2 weeks ago @Brinda-Sorathiya can you assign it to me?.
Closed Brinda-Sorathiya closed 2 weeks ago
JaySabva
commented
2 weeks ago @Brinda-Sorathiya can you assign it to me?.
JaySabva
commented
2 weeks ago @Brinda-Sorathiya i think i have already added this logic in previous commit. Mongo OTP Schema has Time To Live of around 60 seconds and i have added necessary check for otp existence.
server/controllers/login_controll.js
const existingOtp = await Otp.exists({email: email});
if (existingOtp) {
return res.status(400).json({
error: {
message: "An OTP has already been sent to this email"
}
});
}server/models/otp.js
const otpSchema = new mongoose.Schema({
email: {
type: String,
required: true
},
otp: {
type: String,
required: true
},
createdAt: {
type: Date,
default: Date.now,
expires: 5 // This will make the document expire after 10 minutes
}
});
Brinda-Sorathiya
commented
2 weeks ago This issue is assigned to @JaySabva
JaySabva
commented
2 weeks ago @Brinda-Sorathiya You can close this issue because code of this issue is already done.
Brinda-Sorathiya
commented
2 weeks ago The code you shared does not contain the "Send OTP Again" feature yet. The current implementation prevents sending a new OTP if an OTP has already been sent to the user's email, without providing the option to resend it after a certain cooldown period.
JaySabva
commented
2 weeks ago i think that part should be handled in frontend
JaySabva
commented
2 weeks ago is Cooldown == OTP Expire time?
JaySabva
commented
2 weeks ago There is TTL in db so user can use the send OTP API again It serves the same purpose
Brinda-Sorathiya
commented
2 weeks ago is Cooldown == OTP Expire time?
The expiration time is different. If you have sent the OTP on mail and due to some anomaly user couldn't receive the OTP before it expires then the user can again demand the new OTP that's it. If expire time is 10 minutes and the cooldown is 60 secs then after 60secs the user can demand a new OTP although the previous one is not expired yet.
JaySabva
commented
2 weeks ago Got it
We need to implement a "Send OTP Again" feature that allows users to request another OTP after a cooldown period (e.g., 60 seconds). This will prevent spamming of OTP requests.
Backend Tasks: Rate Limiting OTP Requests: Modify the /login/req-otp route to prevent multiple OTP requests within a short period (e.g., 60 seconds). Add logic to check when the last OTP was sent to the user, and only allow another OTP to be sent after the cooldown period. Update OTP Schema: Add a lastOtpSentAt field in the OTP model to store the timestamp of when the OTP was last sent. Check Cooldown in the requestOtp function: Add a check before generating a new OTP to ensure the user hasn’t requested one in the last 60 seconds. Tags: