This diagram illustrates the architecture and flow of an OTP (One-Time Password) generation and verification system. The system ensures secure email-based OTP delivery and verification, leveraging Redis for temporary storage and a Bull queue for job processing.
Components and Flow
1. User Interaction
- Generate OTP:
- The user initiates the OTP generation process by hitting the
otp/generate
endpoint (a POST request).
- The user initiates the OTP generation process by hitting the
- Verify OTP:
- Once the user receives the OTP via email, they enter it and call the
otp/verify
endpoint (a POST request) for verification.
- Once the user receives the OTP via email, they enter it and call the
2. Generate OTP Endpoint
- When the user calls the
otp/generate
endpoint:- A request is sent to the Bull Queue Producer, which is responsible for queuing the task.
- The Bull Queue Producer adds the job to the OTP Jobs Queue.
- The expected body is
3. OTP Jobs Queue
- The OTP Jobs Queue acts as a middleware between job creation and processing. It:
- Receives queued tasks from the Bull Queue Producer.
- Passes the tasks to the Processor for execution.
4. Processor
- The Processor is a critical component responsible for:
- Generating the OTP.
- Temporarily storing the OTP in Redis with a Time-to-Live (TTL) value with 10 minute expiry.
- Forwarding the OTP and email details to the Mailer.
5. Mailer
- The Mailer calls an external email service to send the generated OTP to the user’s submitted email address. Once the email is sent:
- The mailer service uses an
otp.hbs
file for the mail template located in mailer folder. - The OTP is stored in Redis (TTL ensures automatic deletion after expiry).
- A success acknowledgment is returned.
- The mailer service uses an
6. Verify OTP Endpoint
- The
otp/verify
endpoint:- Retrieves the user-submitted OTP.
- Checks the OTP stored in Redis.
- If the OTP matches and is valid (not expired), it returns a positive response (e.g.,
OTP is correct
). - If the OTP does not match or is expired, it returns an error response (e.g.,
OTP is incorrect
). - Expected payload in body