KalBot/app/api/captcha/route.js

import captcha from 'trek-captcha';
import { NextResponse } from 'next/server';
import crypto from 'crypto';

export const dynamic = 'force-dynamic';

export async function GET() {
    // Generate a 4-character alphanumeric captcha
    const { token, buffer } = await captcha({ size: 4, style: -1 });
    
    const text = token.toLowerCase();
    const secret = process.env.CAPTCHA_SECRET || 'dev_secret_meow';
    const hash = crypto.createHmac('sha256', secret).update(text).digest('hex');

    const response = new NextResponse(buffer, {
        headers: {
            'Content-Type': 'image/gif',
            'Cache-Control': 'no-store, max-age=0'
        }
    });
    
    // Store the expected hash in an HttpOnly cookie
    response.cookies.set('captcha_hash', hash, {
        httpOnly: true,
        path: '/',
        maxAge: 300 // 5 minutes validity
    });
    
    return response;
}