Why daming

Sms verification looks simple at the beginning, but actually it has lots of non-functional requirements.

Here is some of them:

Set rate limit to sms verification code sending, e.g Sends no more than once to a given phone number in 60 seconds.
Set a retry cap, e.g. Invalidate the code given 5 failure verification attempts.
Any phone number should be masked before logging
Set a short expiry to the verification code, e.g 2 minutes
Invalidate the original verification code when a new code is generated for a given phone number.

You get a vulnerable implementation if you don't tackle these requirements, so it takes more time than you expect.

Project daming aims to provide battle tested components so that you can embed them into your project with minor configuration effort.

快速入门
- 两分钟了解Daming
- 十五分钟了解Daming
文档
- 为什么要开发Daming
- 集成模式
- 安装Daming
- Sms Verification Scope
- 集成短信供应商
- 什么是Sms Verification JWT
- API
- 非生产环境支持
  - 短信发送白名单
  - 绕过短信验证码发送
- 防止验证码暴力破解
- 验证码发送限流
- 设置验证码有效期
- 微服务模式的SDK (TBD)
- 已知问题
  - 兼容Spring Boot 1.x
示例
- 短信登录
- @SmsVerificationRequired
变更历史（TBD）

Why daming

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally