Node.js

How to use SMS registration on the site?

Good afternoon.
I use node.js, mongodb and passport.
I am making a registration system on the site via SMS. All you need to register is a phone number. The password is sent via SMS. If you look at the details, then here's the picture:
The user enters his phone number in the input field and presses the submit button.
On the server side, it checks if the user is registered, if not, a message is displayed on successful registration. In both cases, after verification, a new field appears - the password.
After entering and submitting the password, login occurs or an error is displayed.
I'm afraid that's what - registration by bots will begin, that is, they will write anything in the input field. I know that it is possible to make a check with RegExps, while I have implemented a simple check of the length (10 characters) and the composition of the string (only numbers). It is impossible to check for the correctness of entering the phone, that is, if the user made a mistake when entering one digit, then, accordingly, the code will come to another person. What do you think, maybe after checking for registration, if the user is not registered, then do not register him, but show the button - send an SMS with a code so that the user can once again make sure that his number is entered correctly?
One more question. As I said earlier, there is a high probability of spamming by bots, or just bad people who want to play. Is it possible to make some kind of restriction on node.js? I don't know what to put. Let's say IP restriction for a few hours. The guest entered 3 numbers for SMS in a row, if he did not enter from any of them, then do a ban by IP. Please tell me how can this be done? More precisely, even how would it be better to implement such a check? Of course, there is also a CAPTCHA, but I would not want to let the user enter it right away.