Increased security.

- Increased minimum number of options from 2 to 4.
- Added random non-visual noise in the images and audio files.

Related to desirepath41/visualCaptcha#2 and desirepath41/visualCaptcha#17

Author: Bruno Bernardino

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2014 emotionLoop
+Copyright (c) 2015 emotionLoop
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in

README.md

@@ -79,3 +79,7 @@ By default, they're populated using the ./audios.json file.
     - `index` is index of the image in the session images array to send;
     - `response` is Node's response object;
     - `isRetina`, boolean, defaults to `false`.
+
+
+## License
+View the [LICENSE](LICENSE) file.

package.json

@@ -1,5 +1,5 @@
 {
-    "version": "0.1.0",
+    "version": "0.1.1",
     "name": "visualcaptcha",
     "description": "Node.js module for visualCaptcha. Still requires you to have the front-end companion.",
     "keywords": [

visualCaptcha.js

@@ -37,6 +37,11 @@ visualCaptcha = {
             numberOfOptions = 5;
         }
 
+        // Set the minimum numberOfOptions to four
+        if ( numberOfOptions < 4 ) {
+            numberOfOptions = 4;
+        }
+
         // Shuffle all imageOptions
         this.imageOptions = _.shuffle( this.imageOptions );
 
@@ -166,19 +171,37 @@ visualCaptcha = {
                     response.set( 'pragma', 'no-cache' );
                     response.set( 'expires', 0 );
 
-                    stream = fs.createReadStream( audioFilePath )
-                        .pipe( response );
+                    stream = fs.createReadStream( audioFilePath );
+                    var responseData = [];
 
                     if ( stream ) {
+                        stream.on( 'data', function( chunk ) {
+                          responseData.push( chunk );
+                        });
+
                         stream.on( 'end', function() {
                             if ( ! response.headerSent ) {
-                                response.status( 200 ).send( 'Ok' );
+                                var finalData = Buffer.concat( responseData );
+                                response.write( finalData );
+
+                                // Add some noise randomly, so audio files can't be saved and matched easily by filesize or checksum
+                                var noiseData = crypto.randomBytes(Math.round((Math.random() * 1999)) + 501).toString('hex');
+                                response.write( noiseData );
+
+                                response.end();
                             }
                         });
 
                         stream.on( 'close', function() {
                             if ( ! response.headerSent ) {
-                                response.status( 200 ).send( 'Ok' );
+                                var finalData = Buffer.concat( responseData );
+                                response.write( finalData );
+
+                                // Add some noise randomly, so audio files can't be saved and matched easily by filesize or checksum
+                                var noiseData = crypto.randomBytes(Math.round((Math.random() * 1999)) + 501).toString('hex');
+                                response.write( noiseData );
+
+                                response.end();
                             }
                         });
                     } else {
@@ -233,19 +256,37 @@ visualCaptcha = {
                     response.set( 'pragma', 'no-cache' );
                     response.set( 'expires', 0 );
 
-                    stream = fs.createReadStream( imageFilePath )
-                        .pipe( response );
-                        
+                    stream = fs.createReadStream( imageFilePath );
+                    var responseData = [];
+
                     if ( stream ) {
+                        stream.on( 'data', function( chunk ) {
+                          responseData.push( chunk );
+                        });
+
                         stream.on( 'end', function() {
                             if ( ! response.headerSent ) {
-                                response.status( 200 ).send( 'Ok' );
+                                var finalData = Buffer.concat( responseData );
+                                response.write( finalData );
+
+                                // Add some noise randomly, so images can't be saved and matched easily by filesize or checksum
+                                var noiseData = crypto.randomBytes(Math.round((Math.random() * 1999)) + 501).toString('hex');
+                                response.write( noiseData );
+
+                                response.end();
                             }
                         });
 
                         stream.on( 'close', function() {
                             if ( ! response.headerSent ) {
-                                response.status( 200 ).send( 'Ok' );
+                                var finalData = Buffer.concat( responseData );
+                                response.write( finalData );
+
+                                // Add some noise randomly, so images can't be saved and matched easily by filesize or checksum
+                                var noiseData = crypto.randomBytes(Math.round((Math.random() * 1999)) + 501).toString('hex');
+                                response.write( noiseData );
+
+                                response.end();
                             }
                         });
                     } else {