@antmind/otp 0.1.0

package/.github/workflows/test.yaml

@@ -0,0 +1,31 @@
+name: Test
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [22.x, 24.x, 25.x]
+
+    steps:
+    - uses: actions/checkout@v6
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v6
+      with:
+        node-version: ${{ matrix.node-version }}
+    - run: npm ci
+    - run: npm run build --if-present
+    - run: npm test
+      env:
+        CI: true
+    - name: Upload coverage reports to Codecov
+      uses: codecov/codecov-action@v5
+      with:
+        token: ${{ secrets.CODECOV_TOKEN }}

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Chen Su
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,88 @@
+# @antmind/otp
+
+A small, dependency-free TypeScript library for generating and verifying one-time passwords (OTP): HOTP and TOTP.
+
+## Features
+
+- RFC 4226 compliant HOTP
+- RFC 6238 compliant TOTP
+- Supports SHA-1, SHA-256, and SHA-512 hashing algorithms
+- Configurable code length
+- URI generation for easy integration with authenticator apps
+- Compatible with Google Authenticator and similar apps
+- Node.js and browser compatible
+- Simple API with TypeScript types
+
+## Install
+
+Run the following command to install the package:
+
+```bash
+npm install @antmind/otp
+```
+
+## Getting Started
+
+TOTP is time-based and defined by the HOTP of a time counter. Common parameters are a time step (`X`) and start time `T0`.
+
+The time counter is
+
+$$
+T = \left\lfloor \frac{\text{UnixTime} - T_0}{X} \right\rfloor
+$$
+
+Generate and verify a TOTP:
+
+```ts
+import { TOTP } from '@antmind/otp'
+
+const secret = '12345678901234567890';
+const digits = 6;
+const step = 30; // seconds
+
+const totp = new TOTP({ digits, period: step });
+const code = await totp.generate(secret);
+console.log('TOTP:', code);
+
+const valid = await totp.verify(secret, code);
+console.log('valid:', valid)
+```
+
+Adjust `step` and `digits` to match the authenticator you are using.
+
+## API reference
+
+- `class TOTP`: TOTP generator and verifier class.
+  - `generate(secret: string, time?: number): Promise<string>`: Generates a TOTP code for the given secret and time, defaulting to the current time.
+  - `verify(secret: string, token: string, time?: number): Promise<boolean>`: Verifies a TOTP code for the given secret and time.
+  - `getURI(secret: string, account: string): string`: Generates an otpauth URI for the TOTP configuration.
+- `class HOTP`: HOTP generator and verifier class.
+  - `generate(secret: string, counter: number): Promise<string>`: Generates an HOTP code for the given secret and counter.
+  - `verify(secret: string, counter: number, token: string): Promise<boolean>`: Verifies an HOTP code for the given secret and counter.
+  - `getURI(secret: string, account: string, counter?: number): string`: Generates an otpauth URI for the HOTP configuration.
+
+## Testing
+
+Run the test suite with:
+
+```bash
+npm test
+```
+
+Unit tests are located in the `tests/` folder and use Jest.
+
+## Contributing
+
+Contributions are welcome. Please follow these steps:
+
+1. Fork the repository.
+2. Create a feature branch: `git checkout -b feat/my-feature`.
+3. Implement your changes and tests.
+4. Run `npm run build` and `npm test`.
+5. Open a pull request describing your changes.
+
+Please keep changes small and focused. If you plan larger changes, open an issue first to discuss the design.
+
+## License
+
+This project is open-sourced under the terms of the MIT License. See the `LICENSE` file for details.

package/dist/crypto.d.ts

@@ -0,0 +1,14 @@
+/**
+ * The supported HMAC algorithms.
+ */
+export type Algorithm = 'SHA1' | 'SHA256' | 'SHA512';
+/**
+ * Generates an HMAC digest for the given message using the specified algorithm and key.
+ *
+ * @param algorithm The HMAC algorithm to use. Default is 'SHA1'.
+ * @param key The secret key used for HMAC generation.
+ * @param message The message to be hashed.
+ * @returns The generated HMAC digest as a Uint8Array.
+ */
+export declare const hmac: (algorithm: Algorithm | undefined, key: Uint8Array, message: Uint8Array) => Promise<Uint8Array<ArrayBuffer>>;
+//# sourceMappingURL=crypto.d.ts.map

package/dist/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAErD;;;;;;;GAOG;AACH,eAAO,MAAM,IAAI,GACf,WAAW,SAAS,YAAS,EAC7B,KAAK,UAAU,EACf,SAAS,UAAU,qCAMpB,CAAA"}

package/dist/crypto.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hmac = void 0;
+const crypto_1 = require("crypto");
+/**
+ * Generates an HMAC digest for the given message using the specified algorithm and key.
+ *
+ * @param algorithm The HMAC algorithm to use. Default is 'SHA1'.
+ * @param key The secret key used for HMAC generation.
+ * @param message The message to be hashed.
+ * @returns The generated HMAC digest as a Uint8Array.
+ */
+const hmac = async (algorithm = 'SHA1', key, message) => {
+    const hmac = (0, crypto_1.createHmac)(algorithm, key);
+    hmac.update(message);
+    return new Uint8Array(hmac.digest());
+};
+exports.hmac = hmac;
+//# sourceMappingURL=crypto.js.map

package/dist/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":";;;AAAA,mCAAoC;AAOpC;;;;;;;GAOG;AACI,MAAM,IAAI,GAAG,KAAK,EACvB,YAAuB,MAAM,EAC7B,GAAe,EACf,OAAmB,EACnB,EAAE;IACF,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IACxC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAErB,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;AACvC,CAAC,CAAA;AATY,QAAA,IAAI,QAShB"}

package/dist/hotp.d.ts

@@ -0,0 +1,33 @@
+import { OTP } from './otp';
+/**
+ * HMAC-based One-Time Password (HOTP) generator and verifier.
+ */
+export declare class HOTP extends OTP {
+    /**
+     * Generates an HOTP code based on the provided secret and counter.
+     *
+     * @param secret The shared secret key used for generating the HOTP code.
+     * @param counter The counter value used for generating the HOTP code.
+     * @returns The generated HOTP code as a string.
+     */
+    generate(secret: string, counter?: number): Promise<string>;
+    /**
+     * Verifies the provided HOTP code against the generated code for the given secret and counter.
+     *
+     * @param secret The shared secret key used for generating the HOTP code.
+     * @param token The HOTP code to verify.
+     * @param counter The counter value used for generating the HOTP code.
+     * @returns A boolean indicating whether the HOTP code is valid.
+     */
+    verify(secret: string, token: string, counter?: number): Promise<boolean>;
+    /**
+     * Generates the OTP URI for the given parameters.
+     *
+     * @param secret The shared secret key used for generating the HOTP code.
+     * @param accountName The account name associated with the OTP.
+     * @param counter The counter value used for generating the HOTP code.
+     * @returns The generated OTP URI as a string.
+     */
+    getURI(secret: string, accountName: string, counter?: number): string;
+}
+//# sourceMappingURL=hotp.d.ts.map

package/dist/hotp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hotp.d.ts","sourceRoot":"","sources":["../src/hotp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC;AAE5B;;GAEG;AACH,qBAAa,IAAK,SAAQ,GAAG;IAC3B;;;;;;OAMG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIjE;;;;;;;OAOG;IACG,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAI/E;;;;;;;OAOG;IACH,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM;CAStE"}

package/dist/hotp.js

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HOTP = void 0;
+const otp_1 = require("./otp");
+/**
+ * HMAC-based One-Time Password (HOTP) generator and verifier.
+ */
+class HOTP extends otp_1.OTP {
+    /**
+     * Generates an HOTP code based on the provided secret and counter.
+     *
+     * @param secret The shared secret key used for generating the HOTP code.
+     * @param counter The counter value used for generating the HOTP code.
+     * @returns The generated HOTP code as a string.
+     */
+    async generate(secret, counter) {
+        return this.generateCode(secret, counter || 0);
+    }
+    /**
+     * Verifies the provided HOTP code against the generated code for the given secret and counter.
+     *
+     * @param secret The shared secret key used for generating the HOTP code.
+     * @param token The HOTP code to verify.
+     * @param counter The counter value used for generating the HOTP code.
+     * @returns A boolean indicating whether the HOTP code is valid.
+     */
+    async verify(secret, token, counter) {
+        return this.verifyCode(secret, token, counter || 0);
+    }
+    /**
+     * Generates the OTP URI for the given parameters.
+     *
+     * @param secret The shared secret key used for generating the HOTP code.
+     * @param accountName The account name associated with the OTP.
+     * @param counter The counter value used for generating the HOTP code.
+     * @returns The generated OTP URI as a string.
+     */
+    getURI(secret, accountName, counter) {
+        const params = {};
+        if (counter) {
+            params['counter'] = counter.toString();
+        }
+        return this.buildURI('hotp', secret, accountName, params);
+    }
+}
+exports.HOTP = HOTP;
+//# sourceMappingURL=hotp.js.map

package/dist/hotp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hotp.js","sourceRoot":"","sources":["../src/hotp.ts"],"names":[],"mappings":";;;AAAA,+BAA4B;AAE5B;;GAEG;AACH,MAAa,IAAK,SAAQ,SAAG;IAC3B;;;;;;OAMG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAc,EAAE,OAAgB;QAC7C,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,IAAI,CAAC,CAAC,CAAC;IACjD,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,MAAM,CAAC,MAAc,EAAE,KAAa,EAAE,OAAgB;QAC1D,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,IAAI,CAAC,CAAC,CAAC;IACtD,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,MAAc,EAAE,WAAmB,EAAE,OAAgB;QAC1D,MAAM,MAAM,GAA2B,EAAE,CAAC;QAE1C,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,SAAS,CAAC,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;QACzC,CAAC;QAED,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;IAC5D,CAAC;CACF;AAzCD,oBAyCC"}

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+export { Algorithm } from './crypto';
+export { TOTP, TOTPOptions } from './totp';
+export { HOTP } from './hotp';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAC3C,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC"}

package/dist/index.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HOTP = exports.TOTP = void 0;
+var totp_1 = require("./totp");
+Object.defineProperty(exports, "TOTP", { enumerable: true, get: function () { return totp_1.TOTP; } });
+var hotp_1 = require("./hotp");
+Object.defineProperty(exports, "HOTP", { enumerable: true, get: function () { return hotp_1.HOTP; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AACA,+BAA2C;AAAlC,4FAAA,IAAI,OAAA;AACb,+BAA8B;AAArB,4FAAA,IAAI,OAAA"}

package/dist/otp.d.ts

@@ -0,0 +1,72 @@
+import { Algorithm } from './crypto';
+export interface OTPOptions {
+    /**
+     * The algorithm used for the OTP generation, typically 'SHA1', 'SHA256', or 'SHA512'.
+     * Default is 'SHA1'.
+     */
+    algorithm?: Algorithm;
+    /**
+     * The number of digits in the generated OTP, typically 6 or 8. Default is 6.
+     */
+    digits?: number;
+    /**
+     * The issuer name to be included in the OTP URI.
+     */
+    issuer?: string;
+}
+export declare abstract class OTP {
+    /**
+     * The algorithm used for the OTP generation, typically 'SHA1', 'SHA256', or 'SHA512'.
+     * Default is 'SHA1'.
+     */
+    algorithm?: Algorithm;
+    /**
+     * The number of digits in the generated OTP, typically 6 or 8. Default is 6.
+     */
+    digits?: number;
+    /**
+     * The issuer name to be included in the OTP URI.
+     */
+    issuer?: string | undefined;
+    private base32?;
+    constructor(options?: OTPOptions);
+    abstract generate(secret: string, counterOrTime?: number): Promise<string>;
+    abstract verify(secret: string, token: string, counterOrTime?: number): Promise<boolean>;
+    /**
+     * Verifies the provided OTP code against the generated code for the given secret and counter or
+     * time.
+     *
+     * @param secret The shared secret key used for generating the OTP code.
+     * @param token The OTP code to verify.
+     * @param counter The counter or time value used for generating the OTP code.
+     * @returns A boolean indicating whether the OTP code is valid.
+     */
+    protected verifyCode(secret: string, token: string, counter: number): Promise<boolean>;
+    /**
+     * Generates an OTP code based on the provided secret and counter or time.
+     *
+     * @param secret The shared secret key used for generating the OTP code.
+     * @param counter The counter or time value used for generating the OTP code.
+     * @returns The generated OTP code as a string.
+     */
+    protected generateCode(secret: string, counter: number): Promise<string>;
+    /**
+     * Builds the OTP URI for the given OTP type, secret, account name, and other parameters.
+     *
+     * @param type The type of OTP, either 'totp' or 'hotp'.
+     * @param secret The shared secret key used for generating the OTP code.
+     * @param accountName The account name associated with the OTP.
+     * @param otherParams Additional parameters to include in the OTP URI.
+     * @returns The generated OTP URI as a string.
+     */
+    protected buildURI(type: 'totp' | 'hotp', secret: string, accountName: string, otherParams: {
+        [key: string]: string | number;
+    }): string;
+    /**
+     * Gets the Base32 encoding instance.
+     *
+     * @returns The base32 encoding instance.
+     */
+    private getBase32;
+}
+//# sourceMappingURL=otp.d.ts.map

package/dist/otp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"otp.d.ts","sourceRoot":"","sources":["../src/otp.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAQ,MAAM,UAAU,CAAC;AAK3C,MAAM,WAAW,UAAU;IACzB;;;OAGG;IACH,SAAS,CAAC,EAAE,SAAS,CAAC;IAEtB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,8BAAsB,GAAG;IACvB;;;OAGG;IACH,SAAS,CAAC,EAAE,SAAS,CAAC;IAEtB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAE5B,OAAO,CAAC,MAAM,CAAC,CAAiB;gBAEpB,OAAO,CAAC,EAAE,UAAU;IAMhC,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAE1E,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAExF;;;;;;;;OAQG;cACa,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAM5F;;;;;;OAMG;cACa,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAkB9E;;;;;;;;OAQG;IACH,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE;QAC1F,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;KAChC,GAAG,MAAM;IA4BV;;;;OAIG;IACH,OAAO,CAAC,SAAS;CAOlB"}

package/dist/otp.js

@@ -0,0 +1,107 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OTP = void 0;
+const encoding_1 = require("@antmind/encoding");
+const crypto_1 = require("./crypto");
+const DefaultAlgorithm = 'SHA1';
+const DefaultDigits = 6;
+class OTP {
+    /**
+     * The algorithm used for the OTP generation, typically 'SHA1', 'SHA256', or 'SHA512'.
+     * Default is 'SHA1'.
+     */
+    algorithm;
+    /**
+     * The number of digits in the generated OTP, typically 6 or 8. Default is 6.
+     */
+    digits;
+    /**
+     * The issuer name to be included in the OTP URI.
+     */
+    issuer;
+    base32;
+    constructor(options) {
+        this.algorithm = options?.algorithm || DefaultAlgorithm;
+        this.digits = options?.digits || DefaultDigits;
+        this.issuer = options?.issuer;
+    }
+    /**
+     * Verifies the provided OTP code against the generated code for the given secret and counter or
+     * time.
+     *
+     * @param secret The shared secret key used for generating the OTP code.
+     * @param token The OTP code to verify.
+     * @param counter The counter or time value used for generating the OTP code.
+     * @returns A boolean indicating whether the OTP code is valid.
+     */
+    async verifyCode(secret, token, counter) {
+        const generatedCode = await this.generateCode(secret, counter);
+        return generatedCode === token;
+    }
+    /**
+     * Generates an OTP code based on the provided secret and counter or time.
+     *
+     * @param secret The shared secret key used for generating the OTP code.
+     * @param counter The counter or time value used for generating the OTP code.
+     * @returns The generated OTP code as a string.
+     */
+    async generateCode(secret, counter) {
+        const message = new Uint8Array(8);
+        const view = new DataView(message.buffer);
+        view.setUint32(4, counter, false);
+        const secretBytes = new TextEncoder().encode(secret);
+        const hash = await (0, crypto_1.hmac)(this.algorithm, secretBytes, message);
+        const offset = (hash[hash.length - 1] || 0) & 0x0f;
+        const code = (((hash[offset] || 0) & 0x7F) << 24)
+            | (((hash[offset + 1] || 0) & 0xFF) << 16)
+            | (((hash[offset + 2] || 0) & 0xFF) << 8)
+            | ((hash[offset + 3] || 0) & 0xFF);
+        const mod = 10 ** (this.digits || DefaultDigits);
+        const otp = (code % mod).toString().padStart(this.digits || DefaultDigits, '0');
+        return otp;
+    }
+    /**
+     * Builds the OTP URI for the given OTP type, secret, account name, and other parameters.
+     *
+     * @param type The type of OTP, either 'totp' or 'hotp'.
+     * @param secret The shared secret key used for generating the OTP code.
+     * @param accountName The account name associated with the OTP.
+     * @param otherParams Additional parameters to include in the OTP URI.
+     * @returns The generated OTP URI as a string.
+     */
+    buildURI(type, secret, accountName, otherParams) {
+        const params = new URLSearchParams();
+        const base32 = this.getBase32();
+        const secretBase32 = base32.encode(secret);
+        params.append('secret', secretBase32);
+        if (this.issuer) {
+            params.append('issuer', this.issuer);
+        }
+        if (this.algorithm && this.algorithm !== DefaultAlgorithm) {
+            params.append('algorithm', this.algorithm);
+        }
+        if (this.digits && this.digits !== DefaultDigits) {
+            params.append('digits', (this.digits).toString());
+        }
+        for (const [key, value] of Object.entries(otherParams)) {
+            params.append(key, value.toString());
+        }
+        const path = this.issuer
+            ? `${encodeURIComponent(this.issuer)}:${encodeURIComponent(accountName)}`
+            : encodeURIComponent(accountName);
+        return `otpauth://${type}/${path}?${params.toString()}`;
+    }
+    /**
+     * Gets the Base32 encoding instance.
+     *
+     * @returns The base32 encoding instance.
+     */
+    getBase32() {
+        if (!this.base32) {
+            this.base32 = new encoding_1.Base32Encoding({ padChar: '' });
+        }
+        return this.base32;
+    }
+}
+exports.OTP = OTP;
+//# sourceMappingURL=otp.js.map

package/dist/otp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"otp.js","sourceRoot":"","sources":["../src/otp.ts"],"names":[],"mappings":";;;AAAA,gDAAmD;AACnD,qCAA2C;AAE3C,MAAM,gBAAgB,GAAc,MAAM,CAAC;AAC3C,MAAM,aAAa,GAAG,CAAC,CAAC;AAoBxB,MAAsB,GAAG;IACvB;;;OAGG;IACH,SAAS,CAAa;IAEtB;;OAEG;IACH,MAAM,CAAU;IAEhB;;OAEG;IACH,MAAM,CAAsB;IAEpB,MAAM,CAAkB;IAEhC,YAAY,OAAoB;QAC9B,IAAI,CAAC,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,gBAAgB,CAAC;QACxD,IAAI,CAAC,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,aAAa,CAAC;QAC/C,IAAI,CAAC,MAAM,GAAG,OAAO,EAAE,MAAM,CAAC;IAChC,CAAC;IAMD;;;;;;;;OAQG;IACO,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,KAAa,EAAE,OAAe;QACvE,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAE/D,OAAO,aAAa,KAAK,KAAK,CAAC;IACjC,CAAC;IAED;;;;;;OAMG;IACO,KAAK,CAAC,YAAY,CAAC,MAAc,EAAE,OAAe;QAC1D,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;QAClC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QAClC,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAErD,MAAM,IAAI,GAAG,MAAM,IAAA,aAAI,EAAC,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QACnD,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;cAC7C,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;cACtC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;cACrC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,aAAa,CAAC,CAAC;QACjD,MAAM,GAAG,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,IAAI,aAAa,EAAE,GAAG,CAAC,CAAC;QAEhF,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;OAQG;IACO,QAAQ,CAAC,IAAqB,EAAE,MAAc,EAAE,WAAmB,EAAE,WAE9E;QACC,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QAErC,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAEtC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;QACD,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,KAAK,gBAAgB,EAAE,CAAC;YAC1D,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;YACjD,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YACvD,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QACvC,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM;YACtB,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,kBAAkB,CAAC,WAAW,CAAC,EAAE;YACzE,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAEpC,OAAO,aAAa,IAAI,IAAI,IAAI,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC1D,CAAC;IAED;;;;OAIG;IACK,SAAS;QACf,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,GAAG,IAAI,yBAAc,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;CACF;AAxHD,kBAwHC"}

package/dist/totp.d.ts

@@ -0,0 +1,45 @@
+import { OTP, OTPOptions } from './otp';
+export interface TOTPOptions extends OTPOptions {
+    /**
+     * The time period in seconds for which a TOTP code is valid. Default is 30 seconds.
+     */
+    period?: number;
+}
+/**
+ * Time-based One-Time Password (TOTP) generator and verifier.
+ */
+export declare class TOTP extends OTP {
+    /**
+     * The time period in seconds for which a TOTP code is valid. Default is 30 seconds.
+     */
+    period?: number;
+    constructor(options?: TOTPOptions);
+    /**
+     * Generates a TOTP code for the given secret and time.
+     *
+     * @param secret The shared secret key used for generating the TOTP code.
+     * @param time The specific time (in seconds since epoch) for which to generate the TOTP code.
+     * If not provided, the current time will be used.
+     * @returns The generated TOTP code as a string.
+     */
+    generate(secret: string, time?: number): Promise<string>;
+    /**
+     * Verifies a TOTP code for the given secret and time.
+     *
+     * @param secret The shared secret key used for generating the TOTP code.
+     * @param token The TOTP code to verify.
+     * @param time The specific time (in seconds since epoch) for which to verify the TOTP code.
+     * If not provided, the current time will be used.
+     * @returns A boolean indicating whether the TOTP code is valid.
+     */
+    verify(secret: string, token: string, time?: number): Promise<boolean>;
+    /**
+     * Generates the OTP URI for provisioning.
+     *
+     * @param secret The shared secret key used for generating the TOTP code.
+     * @param accountName The account name (e.g., user email) to be included in the URI.
+     * @returns The generated OTP URI as a string.
+     */
+    getURI(secret: string, accountName: string): string;
+}
+//# sourceMappingURL=totp.d.ts.map

package/dist/totp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"totp.d.ts","sourceRoot":"","sources":["../src/totp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,OAAO,CAAC;AAIxC,MAAM,WAAW,WAAY,SAAQ,UAAU;IAC7C;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,IAAK,SAAQ,GAAG;IAC3B;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;gBAEJ,OAAO,CAAC,EAAE,WAAW;IAKjC;;;;;;;OAOG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAS9D;;;;;;;;OAQG;IACG,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAS5E;;;;;;OAMG;IACH,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM;CASpD"}

package/dist/totp.js

@@ -0,0 +1,65 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TOTP = void 0;
+const otp_1 = require("./otp");
+const DefaultPeriod = 30;
+/**
+ * Time-based One-Time Password (TOTP) generator and verifier.
+ */
+class TOTP extends otp_1.OTP {
+    /**
+     * The time period in seconds for which a TOTP code is valid. Default is 30 seconds.
+     */
+    period;
+    constructor(options) {
+        super(options);
+        this.period = options?.period || DefaultPeriod;
+    }
+    /**
+     * Generates a TOTP code for the given secret and time.
+     *
+     * @param secret The shared secret key used for generating the TOTP code.
+     * @param time The specific time (in seconds since epoch) for which to generate the TOTP code.
+     * If not provided, the current time will be used.
+     * @returns The generated TOTP code as a string.
+     */
+    async generate(secret, time) {
+        if (!time) {
+            time = Math.floor(Date.now() / 1000);
+        }
+        const counter = Math.floor(time / (this.period || DefaultPeriod));
+        return this.generateCode(secret, counter);
+    }
+    /**
+     * Verifies a TOTP code for the given secret and time.
+     *
+     * @param secret The shared secret key used for generating the TOTP code.
+     * @param token The TOTP code to verify.
+     * @param time The specific time (in seconds since epoch) for which to verify the TOTP code.
+     * If not provided, the current time will be used.
+     * @returns A boolean indicating whether the TOTP code is valid.
+     */
+    async verify(secret, token, time) {
+        if (!time) {
+            time = Math.floor(Date.now() / 1000);
+        }
+        const counter = Math.floor(time / (this.period || DefaultPeriod));
+        return this.verifyCode(secret, token, counter);
+    }
+    /**
+     * Generates the OTP URI for provisioning.
+     *
+     * @param secret The shared secret key used for generating the TOTP code.
+     * @param accountName The account name (e.g., user email) to be included in the URI.
+     * @returns The generated OTP URI as a string.
+     */
+    getURI(secret, accountName) {
+        const params = {};
+        if (this.period && this.period !== DefaultPeriod) {
+            params['period'] = this.period;
+        }
+        return this.buildURI('totp', secret, accountName, params);
+    }
+}
+exports.TOTP = TOTP;
+//# sourceMappingURL=totp.js.map

package/dist/totp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"totp.js","sourceRoot":"","sources":["../src/totp.ts"],"names":[],"mappings":";;;AAAA,+BAAwC;AAExC,MAAM,aAAa,GAAG,EAAE,CAAC;AASzB;;GAEG;AACH,MAAa,IAAK,SAAQ,SAAG;IAC3B;;OAEG;IACH,MAAM,CAAU;IAEhB,YAAY,OAAqB;QAC/B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,aAAa,CAAC;IACjD,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAc,EAAE,IAAa;QAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACvC,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,aAAa,CAAC,CAAC,CAAC;QAElE,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,MAAM,CAAC,MAAc,EAAE,KAAa,EAAE,IAAa;QACvD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACvC,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,aAAa,CAAC,CAAC,CAAC;QAElE,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IACjD,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,MAAc,EAAE,WAAmB;QACxC,MAAM,MAAM,GAAoC,EAAE,CAAC;QAEnD,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;YACjD,MAAM,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;QACjC,CAAC;QAED,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;IAC5D,CAAC;CACF;AA9DD,oBA8DC"}

package/dist/utils.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Encodes a string into a Uint8Array using UTF-8 encoding.
+ *
+ * @param str The string to encode.
+ * @returns The encoded Uint8Array.
+ */
+export declare const encodeString: (str: string) => Uint8Array;
+//# sourceMappingURL=utils.d.ts.map

package/dist/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,eAAO,MAAM,YAAY,GAAI,KAAK,MAAM,KAAG,UAE1C,CAAC"}

package/dist/utils.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encodeString = void 0;
+/**
+ * Encodes a string into a Uint8Array using UTF-8 encoding.
+ *
+ * @param str The string to encode.
+ * @returns The encoded Uint8Array.
+ */
+const encodeString = (str) => {
+    return new TextEncoder().encode(str);
+};
+exports.encodeString = encodeString;
+//# sourceMappingURL=utils.js.map

package/dist/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";;;AAAA;;;;;GAKG;AACI,MAAM,YAAY,GAAG,CAAC,GAAW,EAAc,EAAE;IACtD,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AACvC,CAAC,CAAC;AAFW,QAAA,YAAY,gBAEvB"}

package/jest.config.js

@@ -0,0 +1,8 @@
+module.exports = {
+  preset: 'ts-jest',
+  testEnvironment: 'node',
+  testMatch: ['**/tests/**/*.test.ts'],
+  collectCoverage: true,
+  coverageDirectory: 'coverage',
+  coverageReporters: ['text', 'lcov']
+};