1.0.2 • Published 5 months ago

2factor-auth v1.0.2

Weekly downloads
35
License
MIT
Repository
github
Last release
5 months ago

2factor-auth

NPM

Module for generating and verifying 2FA codes (specifically TOTP and HOTP).

Also contains utilities for handling common 2FA business logic, such as generating backup codes and otpauth urls.

Install

npm install --save 2factor-auth

Usage

with async/await (or promises)

const tfa = require('2factor-auth');

function registerUserTwoFactor() {
  // Name of your service (will appear on top of the authenticator app)
  const serviceName = 'Cool service that is 2FA protected';

  // Account name of the user (will also appear in the authenticator app)
  const account = 'myUsername@email.com';

  // generate crypto-secure hex key with 32 characters
  const key = await tfa.generateKeyPromise(32);

  // generate 8 crypto-secure backups codes with in a user-friendly pattern (xxxx-xxxx)
  // [ '7818-b7b8', '3526-d3f2', 'be3c-5d9f', ... ]
  const codes = await tfa.generateBackupCodesPromise(8);

  // generate a URL for the user to open in their 2FA app
  const url = tfa.generateURL(serviceName, account, key);
  // otpauth://totp/...
  
  // send this URL to the user, generate a QR code, etc.

  /** SAVE THE CODES AND KEY IN YOUR BACKEND/DB associated to the user **/
}

function verifyTwoFactorCode(secret_key, receivedCode) {

  // verify the received code without drift
  const valid = tfa.verifyTOTP(secret_key, receivedCode);
  
  // verify the received code with drift (allows for some time difference between the server and the client)
  const validWithDrift = tfa.verifyTOTP(secret_key, receivedCode, {
    beforeDrift: 2,
    afterDrift: 2
  });

  return valid;
}

with Callbacks

const tfa = require('2factor-auth');

function registerUserTwoFactor(callback) {
  // Name of your service (will appear on top of the authenticator app)
  const serviceName = 'Cool service that is 2FA protected';

  // Account name of the user (will also appear in the authenticator app)
  const account = 'myUsername@email.com';

  // generate crypto-secure hex key with 32 characters
  tfa.generateKey(32, (err, key) => {
    if (err) {
      callback(err);
      return;
    }

    // generate 8 crypto-secure backups codes with in a user-friendly pattern (xxxx-xxxx)
    // [ '7818-b7b8', '3526-d3f2', 'be3c-5d9f', ... ]
    tfa.generateBackupCodes(8, (err, codes) => {
      if (err) {
        callback(err);
        return;
      }

      // generate a URL for the user to open in their 2FA app
      const url = tfa.generateURL(serviceName, account, key);
      // otpauth://totp/...
      
      // send this URL to the user, generate a QR code, etc.

      /** SAVE THE CODES AND KEY IN YOUR BACKEND/DB associated to the user **/
      callback(null);
    });
  });
}

function verifyTwoFactorCode(secret_key, receivedCode) {
  // verify the received code without drift
  const valid = tfa.verifyTOTP(secret_key, receivedCode);
  
  // verify the received code with drift (allows for some time difference between the server and the client)
  const validWithDrift = tfa.verifyTOTP(secret_key, receivedCode, {
    beforeDrift: 2,
    afterDrift: 2
  });


  return valid;
}