Well done 
But with one major flaw, this process is NOT secure, and it’s vulnerable to phishing attacks, this kind of sensitive processing should always be done on the Backend .
Well done But with one major flaw, this process is NOT secure, and it’s vulnerable to phishing attacks, this kind of sensitive processing should always be done on the Backend .