@standardnotes/authenticator 2.3.5

package/app/lib/otp.js

@@ -0,0 +1,184 @@
+import { base32ToHex, bufToHex, decToHex, hextoBuf, hexToBytes, leftpad } from '@Lib/utils'
+export { parseKeyUri, secretPattern } from '@Lib/utils'
+
+class Hotp {
+  /**
+   * Generate a counter based One Time Password
+   *
+   * @return {String} the one time password
+   *
+   * Arguments:
+   *
+   *  args
+   *     key - Key for the one time password.  This should be unique and secret for
+   *         every user as this is the seed that is used to calculate the HMAC
+   *
+   *     counter - Counter value.  This should be stored by the application, must
+   *         be user specific, and be incremented for each request.
+   *
+   */
+  async gen(secret, opt) {
+    var key = base32ToHex(secret) || ''
+    opt = opt || {}
+    var counter = opt.counter || 0
+
+    var hexCounter = leftpad(decToHex(counter), 16, '0')
+    var digest = await this.createHmac('SHA-1', key, hexCounter)
+    var h = hexToBytes(digest)
+
+    // Truncate
+    var offset = h[h.length - 1] & 0xf
+    var v =
+      ((h[offset] & 0x7f) << 24) |
+      ((h[offset + 1] & 0xff) << 16) |
+      ((h[offset + 2] & 0xff) << 8) |
+      (h[offset + 3] & 0xff)
+
+    v = (v % 1000000) + ''
+
+    return Array(7 - v.length).join('0') + v
+  }
+
+  /**
+   * Check a One Time Password based on a counter.
+   *
+   * @return {Object} null if failure, { delta: # } on success
+   * delta is the time step difference between the client and the server
+   *
+   * Arguments:
+   *
+   *  args
+   *     key - Key for the one time password.  This should be unique and secret for
+   *         every user as it is the seed used to calculate the HMAC
+   *
+   *     token - Passcode to validate.
+   *
+   *     window - The allowable margin for the counter.  The function will check
+   *         'W' codes in the future against the provided passcode.  Note,
+   *         it is the calling applications responsibility to keep track of
+   *         'W' and increment it for each password check, and also to adjust
+   *         it accordingly in the case where the client and server become
+   *         out of sync (second argument returns non zero).
+   *         E.g. if W = 100, and C = 5, this function will check the passcode
+   *         against all One Time Passcodes between 5 and 105.
+   *
+   *         Default - 50
+   *
+   *     counter - Counter value.  This should be stored by the application, must
+   *         be user specific, and be incremented for each request.
+   *
+   */
+  async verify(token, key, opt) {
+    opt = opt || {}
+    var window = opt.window || 50
+    var counter = opt.counter || 0
+
+    // Now loop through from C to C + W to determine if there is
+    // a correct code
+    for (var i = counter - window; i <= counter + window; ++i) {
+      opt.counter = i
+      if ((await this.gen(key, opt)) === token) {
+        // We have found a matching code, trigger callback
+        // and pass offset
+        return { delta: i - counter }
+      }
+    }
+
+    // If we get to here then no codes have matched, return null
+    return null
+  }
+
+  async createHmac(alg, key, str) {
+    const hmacKey = await window.crypto.subtle.importKey(
+      'raw', // raw format of the key - should be Uint8Array
+      hextoBuf(key),
+      {
+        // algorithm details
+        name: 'HMAC',
+        hash: { name: alg },
+      },
+      false, // export = false
+      ['sign'], // what this key can do
+    )
+    const sig = await window.crypto.subtle.sign('HMAC', hmacKey, hextoBuf(str))
+    return bufToHex(sig)
+  }
+}
+
+export const hotp = new Hotp()
+
+class Totp {
+  /**
+   * Generate a time based One Time Password
+   *
+   * @return {String} the one time password
+   *
+   * Arguments:
+   *
+   *  args
+   *     key - Key for the one time password.  This should be unique and secret for
+   *         every user as it is the seed used to calculate the HMAC
+   *
+   *     time - The time step of the counter.  This must be the same for
+   *         every request and is used to calculat C.
+   *
+   *         Default - 30
+   *
+   */
+  async gen(key, opt) {
+    opt = opt || {}
+    var time = opt.time || 30
+    var _t = Date.now()
+
+    // Determine the value of the counter, C
+    // This is the number of time steps in seconds since T0
+    opt.counter = Math.floor(_t / 1000 / time)
+
+    return hotp.gen(key, opt)
+  }
+
+  /**
+   * Check a One Time Password based on a timer.
+   *
+   * @return {Object} null if failure, { delta: # } on success
+   * delta is the time step difference between the client and the server
+   *
+   * Arguments:
+   *
+   *  args
+   *     key - Key for the one time password.  This should be unique and secret for
+   *         every user as it is the seed used to calculate the HMAC
+   *
+   *     token - Passcode to validate.
+   *
+   *     window - The allowable margin for the counter.  The function will check
+   *         'W' codes either side of the provided counter.  Note,
+   *         it is the calling applications responsibility to keep track of
+   *         'W' and increment it for each password check, and also to adjust
+   *         it accordingly in the case where the client and server become
+   *         out of sync (second argument returns non zero).
+   *         E.g. if W = 5, and C = 1000, this function will check the passcode
+   *         against all One Time Passcodes between 995 and 1005.
+   *
+   *         Default - 6
+   *
+   *     time - The time step of the counter.  This must be the same for
+   *         every request and is used to calculate C.
+   *
+   *         Default - 30
+   *
+   */
+  async verify(token, key, opt) {
+    opt = opt || {}
+    var time = opt.time || 30
+    var _t = Date.now()
+
+    // Determine the value of the counter, C
+    // This is the number of time steps in seconds since T0
+    opt.counter = Math.floor(_t / 1000 / time)
+
+    return hotp.verify(token, key, opt)
+  }
+}
+
+export const totp = new Totp()

package/app/lib/utils.js

@@ -0,0 +1,185 @@
+const base32chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'
+export const secretPattern = `^[${base32chars}]{16,}$`
+
+export function hexToBytes(hex) {
+  var bytes = []
+  for (var c = 0, C = hex.length; c < C; c += 2) {
+    bytes.push(parseInt(hex.substr(c, 2), 16))
+  }
+  return bytes
+}
+
+export function decToHex(s) {
+  return (s < 15.5 ? '0' : '') + Math.round(s).toString(16)
+}
+
+export function bufToHex(buf) {
+  return Array.prototype.map.call(new Uint8Array(buf), (x) => ('00' + x.toString(16)).slice(-2)).join('')
+}
+
+export function hextoBuf(hex) {
+  var view = new Uint8Array(hex.length / 2)
+
+  for (var i = 0; i < hex.length; i += 2) {
+    view[i / 2] = parseInt(hex.substring(i, i + 2), 16)
+  }
+
+  return view.buffer
+}
+
+export function base32ToHex(base32) {
+  var bits, chunk, hex, i, val
+  bits = ''
+  hex = ''
+  i = 0
+  while (i < base32.length) {
+    val = base32chars.indexOf(base32.charAt(i).toUpperCase())
+    bits += leftpad(val.toString(2), 5, '0')
+    i++
+  }
+  i = 0
+  while (i + 4 <= bits.length) {
+    chunk = bits.substr(i, 4)
+    hex = hex + parseInt(chunk, 2).toString(16)
+    i += 4
+  }
+  return hex
+}
+
+export function leftpad(str, len, pad) {
+  if (len + 1 >= str.length) {
+    str = Array(len + 1 - str.length).join(pad) + str
+  }
+  return str
+}
+
+/**
+ * This function takes an otpauth:// style key URI and parses it into an object with keys for the
+ * various parts of the URI
+ *
+ * @param {String} uri The otpauth:// uri that you want to parse
+ *
+ * @return {Object} The parsed URI or null on failure. The URI object looks like this:
+ *
+ * {
+ *  type: 'totp',
+ *  label: { issuer: 'ACME Co', account: 'jane@example.com' },
+ *  query: {
+ *   secret: 'JBSWY3DPEHPK3PXP',
+ *   digits: '6'
+ *  }
+ * }
+ *
+ * @see <a href="https://github.com/google/google-authenticator/wiki/Key-Uri-Format">otpauth Key URI Format</a>
+ */
+export function parseKeyUri(uri) {
+  // Quick sanity check
+  if (typeof uri !== 'string' || uri.length < 7) return null
+
+  // I would like to just use new URL(), but the behavior is different between node and browsers, so
+  // we have to do some of the work manually with regex.
+  const parts = /otpauth:\/\/([A-Za-z]+)\/([^?]+)\??(.*)?/i.exec(uri)
+
+  if (!parts || parts.length < 3) {
+    return null
+  }
+
+  // eslint-disable-next-line no-unused-vars
+  const [fullUri, type, fullLabel] = parts
+
+  // Sanity check type and label
+  if (!type || !fullLabel) {
+    return null
+  }
+
+  // Parse the label
+  const decodedLabel = decodeURIComponent(fullLabel)
+
+  const labelParts = decodedLabel.split(/: ?/)
+
+  const label =
+    labelParts && labelParts.length === 2
+      ? { issuer: labelParts[0], account: labelParts[1] }
+      : { issuer: '', account: decodedLabel }
+
+  // Parse query string
+  const qs = parts[3] ? new URLSearchParams(parts[3]) : []
+
+  const query = [...qs].reduce((acc, [key, value]) => {
+    acc[key] = value
+
+    return acc
+  }, {})
+
+  // Returned the parsed parts of the URI
+  return { type: type.toLowerCase(), label, query }
+}
+
+/**
+ * Converts a hex color string to an object containing RGB values.
+ */
+export function hexColorToRGB(hexColor) {
+  // Expand the shorthand form (e.g. "0AB") to full form (e.g. "00AABB")
+  const shortHandFormRegex = /^#?([a-f\d])([a-f\d])([a-f\d])$/i
+  hexColor = hexColor.replace(shortHandFormRegex, function (m, red, green, blue) {
+    return red + red + green + green + blue + blue
+  })
+  const result = /^#?([a-f\d]{2})([a-f\d]{2})([a-f\d]{2})$/i.exec(hexColor)
+  return result
+    ? {
+        red: parseInt(result[1], 16),
+        green: parseInt(result[2], 16),
+        blue: parseInt(result[3], 16),
+      }
+    : null
+}
+
+export const defaultBgColor = '#FFF'
+
+/**
+ * Gets the color variable to be used based on the calculated constrast of a color.
+ */
+export function getVarColorForContrast(backgroundColor) {
+  const styleKitColors = {
+    foreground: '--sn-stylekit-contrast-foreground-color',
+    background: '--sn-stylekit-contrast-background-color',
+  }
+  if (!backgroundColor) {
+    return styleKitColors.foreground
+  }
+  const colorContrast = Math.round(
+    (parseInt(backgroundColor.red) * 299 +
+      parseInt(backgroundColor.green) * 587 +
+      parseInt(backgroundColor.blue) * 114) /
+      1000,
+  )
+  return colorContrast > 70 ? styleKitColors.background : styleKitColors.foreground
+}
+
+function getPropertyValue(document, propertyName) {
+  return getComputedStyle(document.documentElement).getPropertyValue(propertyName).trim().toUpperCase()
+}
+
+export const contextualColors = ['info', 'success', 'neutral', 'warning']
+
+export function getContextualColor(document, colorName) {
+  if (!contextualColors.includes(colorName)) {
+    return
+  }
+
+  return getPropertyValue(document, `--sn-stylekit-${colorName}-color`)
+}
+
+export function getEntryColor(document, entry) {
+  const { color } = entry
+
+  if (!contextualColors.includes(color)) {
+    return color
+  }
+
+  return getContextualColor(document, color)
+}
+
+export function getAllContextualColors(document) {
+  return contextualColors.map((colorName) => getContextualColor(document, colorName))
+}