@rexfng/tfa v2.20.0

Tfa

Description

TFA is a wrapper that provides helpers to generate and validate 2 factor code according to google authenticator format. It generates google uri and qr code images. Package such as @rexfng/auth, uses this module for 2fa protection or password reset.

ES6

It was built with Class so it is extensible.

Define Environment Variables

Define the follow environment variable. They are all required. | Variable Name | Description | |---------------|-------------| | APP_NAME | Defining project name, which is one of the argument in generating the token. | | APP_URL | Defining project url, which will be use to redirect ie "http://example.com". | | AUTH_SECRET | secret for encrpytion the token. | | EMAIL_PASS | Sendgrid api key. | | TWILIO_API_KEY | Twilio api key |

Initialize TFA (new Tfa())

Neither issuer nor account name may themselves contain a colon.

const Tfa = require('@rexfng/tfa').init;
let TfaOptions = {
	label: String, // username 
	//values below are optional
	issuer: String, // issuer of tfa token (if null, it looks up value from APP_NAME environment variable)
	algorithm: String, // example "SHA1", "SHA256" and "SHA512" (default to "SHA256") [Also Supports](https://nodejs.org/api/crypto.html#crypto_crypto_createhmac_algorithm_key). Do not use SHA1 as it is [outdated and already broken into](https://shattered.io/)
	digits: Integer, // 6 or 8 (default to 6)
	period: Integer, // seconds to invalidate the code (default to 30)
	secret: String // secret between user and server (note that user will be able to see this value when the code is produced) example: "NB2W45DFOIZB"
}
let tfa = new Tfa(TfaOptions);

Tfa().generate()

let code = tfa.generate({
	qrSize: "150" // value in pixel (default to "150", this option is optional)
})

let token = code.token // 123412
let uri = code.uri // Google Authenticator key URI
let qr = code.qr // url of qrcode image

Tfa().validate()

let validation = tfa.validate({
	token: Integer // 123412
})

console.log(validation) // return true or false in Boolean

Tfa Express Routers

/api/getcode

{
	issuer: String // default to process.env.APP_NAME,
	label: String, // unique token identifier in alphabetical characters, no numbers allowed
	period: Inteer, // period to expire the verification, default to 30,
	digits: Integer //default to 6	
}

/api/verifycode

{
	issuer: String // default to process.env.APP_NAME,
	label: String, // unique token identifier in alphabetical characters, no numbers allowed
	period: Inteer, period to expire the verification, default to 30,
	digits: Integer //digits of the verification code, choose between 4-10 default to 6	
	code: String // verification code identified by "label"
}

/sms/getcode

{
	"phone_number": String, //"6047229494"
	"country_code": String, //"1"
	"code_length": Integer //4-10 default to 6
}

/sms/verifycode

{
	"phone_number": String, //"6047229494"
	"country_code": String, //"1"
	"verification_code": String //"2421"
}

/email/getcode

{
    from: "John<john@example.com>", // sender address
    to: "Paul<paul@example.com>", // list of receivers
    subject: "Welcome Message", // Subject line
	tpl: "Welcome to our service. Please verify with the following code {{code}}", // plain text or html
	tpl: "<h1>Welcome to our service. Please verify with the following url: {{&url}}</h1>", the template use for rendering the email body. {{&url}} or {{code}} will be replaced by verification_code or verification_url
	label: "somerandomstring", //unique verifycode identifier, strings only
	period: Integer, // 900
	redirect_success: "https://your-app.com/redirect_success", || null, if empty, {{code}} will be used, if provided, {{&url}} will be used.
	redirect_fail: "https://your-app.com/fail" || null if empty, {{code}} will be used, if provided, {{&url}} will be used.
}

/email/verifycode GET

This endpoint generates a link at /verification?t={bearer_token}