1.0.0 • Published 1 year ago

@f1stnpm3/magni-enim-quaerat v1.0.0

Weekly downloads
-
License
MIT
Repository
github
Last release
1 year ago

OTP io

Typed library to work 2fa via Google Authenticator/Time-based TOTP/Hmac-based HOTP

Test Status Downloads last commit codecov GitHub @f1stnpm3/magni-enim-quaerat Known Vulnerabilities Quality npm license MIT Size

Example API Reference

Why use this lib?

Install

  • npm
    npm i @f1stnpm3/magni-enim-quaerat
  • Yarn
    yarn add @f1stnpm3/magni-enim-quaerat

What is this?

  • HOTP - HMAC-based One Time Password generation method. Uses incrementing with each login counter and secret to generate unique 6-8 digit codes.
  • TOTP - Time-based, uses current time modulo period (seconds) as counter in HOTP,
  • Google Authenticator - uses simplified version of TOTP to generate codes. Differences:
    • Only SHA-1 hash support
    • Only 6 digit codes
    • Keys should not be padded
    • TOTP period is 30 seconds

Google Authenticator limits are defaults for this library.

How it works?

// 1. Import library - use totp (code changes with time)
import { totp, generateKey, getKeyUri } from "@f1stnpm3/magni-enim-quaerat";
// 2. Import crypto adapter. Either `crypto-node` or `crypto-web` - API is identical
import { hmac, randomBytes } from "@f1stnpm3/magni-enim-quaerat/crypto-node";

// 3. Get key from somewhere. Or generate it
const key = generateKey(randomBytes, /* bytes: */ 20); // 5-20 good for Google Authenticator

// 4. Get key import url
const url = getKeyUri({
  type: "totp",
  secret,
  name: "User's Username",
  issuer: "Your Site Name"
});

// 5. Show it to user as QR code - send it back to client
// Get 6-digit code back from him, as confirmation of saving secret key

const input = "...";

const code = await totp(hmac, { secret });

if (code === input) {
  // 6. Done. User configured your key
}

Api Reference

API Reference

less compilernodetermstablees5throttlecss nestingeveryutilmodulescolumnshashvisualawaitl10nregular expressionsObject.getPrototypeOfES7ECMAScript 2017$.extendvpcstylesless.jsawesomesaucestreamesjestimportexportes2016asserthooksspecdependenciesJSONformsresolvecall-boundendersymbolCSSStyleDeclarationcolorssequencevalidatecreatedefinePropertylinewrapduplexinputloglimitjQuerymapRxcryptFloat64Arraypreserve-symlinkscontainsStreamsiam__proto__kinesisObservablepreprocessormkdirprettyRFC-6455package managertextviewcoreenvironmentsstructuredClonematchAllexectelephoneroute53cmdcollectionreuseObject.entriestddfseventsequalityperformanceexpressieagentdotenviswaitroutersortedgetopttoolsliveflatsesmkdirppasswordmatchesponyfillexecutablelook-updynamodbhttpswatchingES6domcjkemojiUint16Arraycss variableless mixinses7outputasciiidleWebSocketslinkqscommandebsdataviewstreams2Array.prototype.flattenarrayoncetyped arrayfindLastIndexchannelutilitiesomitkeycopydirpackagesio-tsmrubusyprunelookworkspace:*setterHyBiutil.inspectfullendpointspinnerfast-deep-copyenvironmentconfigurabletostringtagpositiveterminalECMAScript 3debugtypedarraysxdg-openbyteOffsetpromiseratenegative zerominimales2015importmulti-packagehelpersnativeparentskeysrgbbootstrap cssmixinslinuxbluebirdbufferWeakSetarrayscommand-lineuuidArrayintrinsicchildlessArray.prototype.includesfsbundlingshamglobnpmtrimLeftreal-timeinspectlistenersschemeoptimizercloudwatchgetOwnPropertyDescriptorObject.definePropertyCSSpnpm9TypedArrayargumentslaunchpyyamlstreamsshebangtrimstylejsdommomentpropFloat32ArrayclonesnssignalsbindsyntaxerrorfindpropertyclassnameselectronArrayBuffer#slicesharedarraybufferbytepatchlruwordbreaksetPrototypeOfmime-dbstateReflect.getPrototypeOfprogressavarecursiveastfromreplayjasmineyupstylinghas-ownECMAScript 6jshintserializerfull-widthopenercomputed-typesbanneres6concatutilityescapereducejapanesextermES2017formattingES2015byteLengthcommanderfpsRxJSstylesheetrandomruntimestringifyhasOwnpathextensionwebtestingparsedeep-copyreduxdataeslintObject.values
1.0.0

1 year ago