I’m putting together a clean, single-page logon that asks for the usual email / username and password, immediately followed by a two-factor authentication step. A lightweight CAPTCHA must sit on the form as well to deter bots without slowing genuine users down. Core flow 1. User lands on the single page, enters credentials, completes the CAPTCHA. 2. A six-digit 2FA code (TOTP or comparable) is requested and validated in the same view—no extra pages or pop-ups. 3. Successful verification triggers a simple JSON response I can plug straight into my existing session logic. What you’ll hand over • Front-end markup and styling for the single screen (responsive, modern, and framework-agnostic if possible). • Back-end snippet that generates and validates the 2FA code plus the CAPTCHA check, written cleanly enough for me to re-wire to my own user store. • A short README explaining any environment variables, libraries or API keys (for example, if you wire in Google reCAPTCHA). Acceptance I can drop the code into a fresh repo, run the setup steps, and move from login screen to authenticated session without hitting extra pages—and the CAPTCHA and two-factor validation both reject invalid attempts. If something here needs clarification, let me know before you dive in; otherwise, I’m ready to see your approach.