foronce 0.0.1 → 0.0.3

package/LICENSE

@@ -0,0 +1,20 @@
+MIT License
+
+Copyright (c) 2024 reaper <ahoy@barelyhuman.dev>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/README.md

@@ -1 +1,89 @@
 # foronce
+
+- [foronce](#foronce)
+  - [Usage](#usage)
+    - [Examples](#examples)
+      - [One Time Email Validation](#one-time-email-validation)
+  - [API](#api)
+
+> TOTP in a few functions
+
+## Usage
+
+- Install the `foronce` library
+
+```sh
+; npm install foronce
+```
+
+### Examples
+
+#### One Time Email Validation
+
+```ts
+import { generateTOTPSecret, totp, isTOTPValid } from 'foronce'
+
+app.post('/login', (req, res) => {
+  const email = req.body.email
+  const secret = generateTOTPSecret()
+
+  const user = new User()
+  user.email = email
+  user.OTPSecret = secret
+  await user.save()
+
+  const otp = totp(secret)
+
+  EmailProvider.sendLoginEmail(email, otp)
+})
+
+app.post('/verify', (req, res) => {
+  const { email, otp } = req.body
+  const user = await User.find({
+    where: {
+      email: email,
+    },
+  })
+
+  if (!isTOTPValid(user.OTPSecret, otp)) {
+    res.status(400)
+    res.send({ message: 'Invalid OTP' })
+    return
+  }
+
+  res.send(generateLoginToken(user))
+  return
+})
+```
+
+## API
+
+```ts
+export function totp(
+  secret: string,
+  when?: number,
+  options?: {
+    period?: number
+    algorithm?: 'sha1' | 'sha256' | 'sha512'
+  }
+): string
+
+export function isTOTPValid(
+  secret: string,
+  token: string,
+  options?: {
+    period?: number
+    algorithm?: 'sha1' | 'sha256' | 'sha512'
+  }
+): boolean
+
+export function generateTOTPURL(
+  secret: string,
+  options: {
+    company: string
+    email: string
+  }
+): string
+
+export function generateTOTPSecret(num?: number): string
+```

package/dist/base32.cjs

@@ -0,0 +1,153 @@
+'use strict';
+
+/*!
+ * base-32.js
+ * Copyright(c) 2024 Reaper
+ * MIT Licensed
+ */
+
+// Simple implementation based of RFC 4648 for base32 encoding and decoding
+
+const pad = '=';
+const base32alphaMap = {
+  0: 'A',
+  1: 'B',
+  2: 'C',
+  3: 'D',
+  4: 'E',
+  5: 'F',
+  6: 'G',
+  7: 'H',
+  8: 'I',
+  9: 'J',
+  10: 'K',
+  11: 'L',
+  12: 'M',
+  13: 'N',
+  14: 'O',
+  15: 'P',
+  16: 'Q',
+  17: 'R',
+  18: 'S',
+  19: 'T',
+  20: 'U',
+  21: 'V',
+  22: 'W',
+  23: 'X',
+  24: 'Y',
+  25: 'Z',
+  26: '2',
+  27: '3',
+  28: '4',
+  29: '5',
+  30: '6',
+  31: '7',
+};
+
+const base32alphaMapDecode = Object.fromEntries(
+  Object.entries(base32alphaMap).map(([k, v]) => [v, k])
+);
+
+/**
+ * @param {string} str
+ */
+const encode = str => {
+  const splits = str.split('');
+
+  if (!splits.length) {
+    return ''
+  }
+
+  let binaryGroup = [];
+  let bitText = '';
+
+  splits.forEach(c => {
+    bitText += toBinary(c);
+
+    if (bitText.length == 40) {
+      binaryGroup.push(bitText);
+      bitText = '';
+    }
+  });
+
+  if (bitText.length > 0) {
+    binaryGroup.push(bitText);
+    bitText = '';
+  }
+
+  return binaryGroup
+    .map(x => {
+      let fiveBitGrouping = [];
+      let lex = '';
+      let bitOn = x;
+
+      bitOn.split('').forEach(d => {
+        lex += d;
+        if (lex.length == 5) {
+          fiveBitGrouping.push(lex);
+          lex = '';
+        }
+      });
+
+      if (lex.length > 0) {
+        fiveBitGrouping.push(lex.padEnd(5, '0'));
+        lex = '';
+      }
+
+      let paddedArray = Array.from(fiveBitGrouping);
+      paddedArray.length = 8;
+      paddedArray = paddedArray.fill('-1', fiveBitGrouping.length, 8);
+
+      return paddedArray
+        .map(f => {
+          if (f == '-1') {
+            return pad
+          }
+          return base32alphaMap[parseInt(f, 2).toString(10)]
+        })
+        .join('')
+    })
+    .join('')
+};
+
+/**
+ * @param {string} str
+ * @returns
+ */
+const decode = str => {
+  const overallBinary = str
+    .split('')
+    .map(x => {
+      if (x === pad) {
+        return '00000'
+      }
+      const d = base32alphaMapDecode[x];
+      const binary = parseInt(d, 10).toString(2);
+      return binary.padStart(5, '0')
+    })
+    .join('');
+
+  const characterBitGrouping = chunk(overallBinary.split(''), 8);
+  return characterBitGrouping
+    .map(x => {
+      const binaryL = x.join('');
+      const str = String.fromCharCode(+parseInt(binaryL, 2).toString(10));
+      return str.replace('\x00', '')
+    })
+    .join('')
+};
+
+const toBinary = (char, padLimit = 8) => {
+  const binary = String(char).charCodeAt(0).toString(2);
+  return binary.padStart(padLimit, '0')
+};
+
+const chunk = (arr, chunkSize = 1, cache = []) => {
+  const tmp = [...arr];
+  if (chunkSize <= 0) return cache
+  while (tmp.length) cache.push(tmp.splice(0, chunkSize));
+  return cache
+};
+
+exports.decode = decode;
+exports.encode = encode;

package/dist/base32.d.ts

@@ -0,0 +1,2 @@
+export function encode(str: string): string;
+export function decode(str: string): string;

package/dist/index.cjs

@@ -2,16 +2,15 @@
 
 var node_crypto = require('node:crypto');
 var node_buffer = require('node:buffer');
-var base32 = require('hi-base32');
+var base32 = require('./base32.cjs');
 
-/**
- * Simplified implementation of TOTP with existing node libs
- *
- * helpers to handle the following
- * - generate QR codes with the otpauth:// URL scheme
- * - algo and implmentation taken from https://drewdevault.com/2022/10/18/TOTP-is-easy.html
+/*!
+ * base-32.js
+ * Copyright(c) 2024 Reaper
+ * MIT Licensed
  */
 
+
 const { floor } = Math;
 
 /**
@@ -20,14 +19,15 @@ const { floor } = Math;
  * @param {number} when
  * @param {object} [options]
  * @param {number} [options.period] in seconds (eg: 30 => 30 seconds)
+ * @param {"sha1" | "sha256" | "sha512"} [options.algorithm] (default: sha512)
  * @returns {string}
  */
 function totp(secret, when = floor(Date.now() / 1000), options = {}) {
-  const _options = Object.assign({ period: 30 }, options);
+  const _options = Object.assign({ period: 30, algorithm: 'sha512' }, options);
   const now = floor(when / _options.period);
   const key = base32.decode(secret);
   const buff = bigEndian64(BigInt(now));
-  const hmac = node_crypto.createHmac('sha512', key).update(buff).digest();
+  const hmac = node_crypto.createHmac(_options.algorithm, key).update(buff).digest();
   const offset = hmac[hmac.length - 1] & 0xf;
   const truncatedHash = hmac.subarray(offset, offset + 4);
   const otp = (
@@ -42,10 +42,11 @@ function totp(secret, when = floor(Date.now() / 1000), options = {}) {
  * @param {string} token
  * @param {object} [options]
  * @param {number} [options.period] in seconds (eg: 30 => 30 seconds)
+ * @param {"sha1" | "sha256" | "sha512"} [options.algorithm] (default: sha512)
  * @returns {boolean}
  */
-function isValid(secret, token, options = {}) {
-  const _options = Object.assign({ period: 30 }, options);
+function isTOTPValid(secret, token, options = {}) {
+  const _options = Object.assign({ period: 30, algorithm: 'sha512' }, options);
   for (let index = -2; index < 3; index += 1) {
     const fromSys = totp(secret, Date.now() / 1000 + index, _options);
     const valid = fromSys === token;
@@ -88,5 +89,5 @@ function generateTOTPSecret(num = 32) {
 
 exports.generateTOTPSecret = generateTOTPSecret;
 exports.generateTOTPURL = generateTOTPURL;
-exports.isValid = isValid;
+exports.isTOTPValid = isTOTPValid;
 exports.totp = totp;

package/dist/index.d.ts

@@ -1,8 +1,10 @@
 export function totp(secret: string, when?: number, options?: {
     period?: number;
+    algorithm?: "sha1" | "sha256" | "sha512";
 }): string;
-export function isValid(secret: string, token: string, options?: {
+export function isTOTPValid(secret: string, token: string, options?: {
     period?: number;
+    algorithm?: "sha1" | "sha256" | "sha512";
 }): boolean;
 export function generateTOTPURL(secret: string, options: {
     company: string;

package/package.json

@@ -1,6 +1,7 @@
 {
   "name": "foronce",
-  "version": "0.0.1",
+  "version": "0.0.3",
+  "description": "TOTP in a few functions",
   "repository": "git@github.com:dumbjs/foronce.git",
   "license": "MIT",
   "author": "Reaper <ahoy@barelyhuman.dev>",
@@ -11,6 +12,11 @@
       "import": "./src/index.js",
       "require": "./dist/index.cjs"
     },
+    "./base32": {
+      "types": "./dist/base32.d.ts",
+      "import": "./src/base32.js",
+      "require": "./dist/base32.cjs"
+    },
     "./package.json": "./package.json"
   },
   "main": "./dist/index.cjs",
@@ -34,10 +40,6 @@
     "*.{js,css,md,json}": "prettier --write"
   },
   "prettier": "@barelyhuman/prettier-config",
-  "dependencies": {
-    "hi-base32": "^0.5.1",
-    "uncrypto": "^0.1.3"
-  },
   "devDependencies": {
     "@barelyhuman/prettier-config": "^1.0.0",
     "@types/node": "^20.10.8",
@@ -63,7 +65,8 @@
     "files": [
       "dist/*.dts",
       "dist/*.ts",
-      "dist/*.js"
+      "dist/*.js",
+      "dist/*.cjs"
     ]
   }
 }

package/src/base32.js

@@ -0,0 +1,150 @@
+/*!
+ * base-32.js
+ * Copyright(c) 2024 Reaper
+ * MIT Licensed
+ */
+
+// Simple implementation based of RFC 4648 for base32 encoding and decoding
+
+const pad = '='
+const base32alphaMap = {
+  0: 'A',
+  1: 'B',
+  2: 'C',
+  3: 'D',
+  4: 'E',
+  5: 'F',
+  6: 'G',
+  7: 'H',
+  8: 'I',
+  9: 'J',
+  10: 'K',
+  11: 'L',
+  12: 'M',
+  13: 'N',
+  14: 'O',
+  15: 'P',
+  16: 'Q',
+  17: 'R',
+  18: 'S',
+  19: 'T',
+  20: 'U',
+  21: 'V',
+  22: 'W',
+  23: 'X',
+  24: 'Y',
+  25: 'Z',
+  26: '2',
+  27: '3',
+  28: '4',
+  29: '5',
+  30: '6',
+  31: '7',
+}
+
+const base32alphaMapDecode = Object.fromEntries(
+  Object.entries(base32alphaMap).map(([k, v]) => [v, k])
+)
+
+/**
+ * @param {string} str
+ */
+export const encode = str => {
+  const splits = str.split('')
+
+  if (!splits.length) {
+    return ''
+  }
+
+  let binaryGroup = []
+  let bitText = ''
+
+  splits.forEach(c => {
+    bitText += toBinary(c)
+
+    if (bitText.length == 40) {
+      binaryGroup.push(bitText)
+      bitText = ''
+    }
+  })
+
+  if (bitText.length > 0) {
+    binaryGroup.push(bitText)
+    bitText = ''
+  }
+
+  return binaryGroup
+    .map(x => {
+      let fiveBitGrouping = []
+      let lex = ''
+      let bitOn = x
+
+      bitOn.split('').forEach(d => {
+        lex += d
+        if (lex.length == 5) {
+          fiveBitGrouping.push(lex)
+          lex = ''
+        }
+      })
+
+      if (lex.length > 0) {
+        fiveBitGrouping.push(lex.padEnd(5, '0'))
+        lex = ''
+      }
+
+      let paddedArray = Array.from(fiveBitGrouping)
+      paddedArray.length = 8
+      paddedArray = paddedArray.fill('-1', fiveBitGrouping.length, 8)
+
+      return paddedArray
+        .map(f => {
+          if (f == '-1') {
+            return pad
+          }
+          return base32alphaMap[parseInt(f, 2).toString(10)]
+        })
+        .join('')
+    })
+    .join('')
+}
+
+/**
+ * @param {string} str
+ * @returns
+ */
+export const decode = str => {
+  const overallBinary = str
+    .split('')
+    .map(x => {
+      if (x === pad) {
+        return '00000'
+      }
+      const d = base32alphaMapDecode[x]
+      const binary = parseInt(d, 10).toString(2)
+      return binary.padStart(5, '0')
+    })
+    .join('')
+
+  const characterBitGrouping = chunk(overallBinary.split(''), 8)
+  return characterBitGrouping
+    .map(x => {
+      const binaryL = x.join('')
+      const str = String.fromCharCode(+parseInt(binaryL, 2).toString(10))
+      return str.replace('\x00', '')
+    })
+    .join('')
+
+  return ''
+}
+
+const toBinary = (char, padLimit = 8) => {
+  const binary = String(char).charCodeAt(0).toString(2)
+  return binary.padStart(padLimit, '0')
+}
+
+const chunk = (arr, chunkSize = 1, cache = []) => {
+  const tmp = [...arr]
+  if (chunkSize <= 0) return cache
+  while (tmp.length) cache.push(tmp.splice(0, chunkSize))
+  return cache
+}

package/src/index.js

@@ -1,3 +1,9 @@
+/*!
+ * base-32.js
+ * Copyright(c) 2024 Reaper
+ * MIT Licensed
+ */
+
 /**
  * Simplified implementation of TOTP with existing node libs
  *
@@ -7,7 +13,7 @@
  */
 import { createHmac, randomBytes } from 'node:crypto'
 import { Buffer } from 'buffer'
-import base32 from 'hi-base32'
+import { decode, encode } from './base32.js'
 
 const { floor } = Math
 
@@ -17,14 +23,15 @@ const { floor } = Math
  * @param {number} when
  * @param {object} [options]
  * @param {number} [options.period] in seconds (eg: 30 => 30 seconds)
+ * @param {"sha1" | "sha256" | "sha512"} [options.algorithm] (default: sha512)
  * @returns {string}
  */
 export function totp(secret, when = floor(Date.now() / 1000), options = {}) {
-  const _options = Object.assign({ period: 30 }, options)
+  const _options = Object.assign({ period: 30, algorithm: 'sha512' }, options)
   const now = floor(when / _options.period)
-  const key = base32.decode(secret)
+  const key = decode(secret)
   const buff = bigEndian64(BigInt(now))
-  const hmac = createHmac('sha512', key).update(buff).digest()
+  const hmac = createHmac(_options.algorithm, key).update(buff).digest()
   const offset = hmac[hmac.length - 1] & 0xf
   const truncatedHash = hmac.subarray(offset, offset + 4)
   const otp = (
@@ -39,10 +46,11 @@ export function totp(secret, when = floor(Date.now() / 1000), options = {}) {
  * @param {string} token
  * @param {object} [options]
  * @param {number} [options.period] in seconds (eg: 30 => 30 seconds)
+ * @param {"sha1" | "sha256" | "sha512"} [options.algorithm] (default: sha512)
  * @returns {boolean}
  */
-export function isValid(secret, token, options = {}) {
-  const _options = Object.assign({ period: 30 }, options)
+export function isTOTPValid(secret, token, options = {}) {
+  const _options = Object.assign({ period: 30, algorithm: 'sha512' }, options)
   for (let index = -2; index < 3; index += 1) {
     const fromSys = totp(secret, Date.now() / 1000 + index, _options)
     const valid = fromSys === token
@@ -80,5 +88,5 @@ function bigEndian64(hash) {
 }
 
 export function generateTOTPSecret(num = 32) {
-  return base32.encode(randomBytes(num).toString('ascii'))
+  return encode(randomBytes(num).toString('ascii'))
 }

package/dist/index.js

@@ -1,89 +0,0 @@
-'use strict';
-
-var node_crypto = require('node:crypto');
-var node_buffer = require('node:buffer');
-var base32 = require('hi-base32');
-
-/**
- * Simplified implementation of TOTP with existing node libs
- *
- * helpers to handle the following
- * - generate QR codes with the otpauth:// URL scheme
- * - algo and implmentation taken from https://drewdevault.com/2022/10/18/TOTP-is-easy.html
- */
-
-const { floor } = Math;
-
-/**
- *
- * @param {string} secret
- * @param {number} when
- * @param {object} [options]
- * @param {number} [options.period]
- * @returns {string}
- */
-function totp(secret, when = floor(Date.now() / 1000), options = {}) {
-  const _options = Object.assign({ period: 30 }, options);
-  const now = floor(when / _options.period);
-  const key = base32.decode(secret);
-  const buff = bigEndian64(BigInt(now));
-  const hmac = node_crypto.createHmac('sha1', key).update(buff).digest();
-  const offset = hmac[hmac.length - 1] & 0xf;
-  const truncatedHash = hmac.subarray(offset, offset + 4);
-  const otp = (
-    (truncatedHash.readInt32BE() & 0x7f_ff_ff_ff) %
-    1_000_000
-  ).toString(10);
-  return otp.length < 6 ? `${otp}`.padStart(6, '0') : otp
-}
-
-/**
- * @param {string} secret
- * @param {string} token
- * @returns {boolean}
- */
-function isValid(secret, token) {
-  for (let index = -2; index < 3; index += 1) {
-    const fromSys = totp(secret, Date.now() / 1000 + index);
-    const valid = fromSys === token;
-    if (valid) return true
-  }
-  return false
-}
-
-/**
- * @param {string} secret
- * @param {object} options
- * @param {string} options.company
- * @param {string} options.email
- * @returns {string}
- */
-function generateTOTPURL(secret, options) {
-  const parameters = new URLSearchParams();
-  parameters.append('secret', secret);
-  parameters.append('issuer', options.company);
-  parameters.append('digits', '6');
-  const url = `otpauth://totp/${options.company}:${
-    options.email
-  }?${parameters.toString()}`;
-  return new URL(url).toString()
-}
-
-/**
- * @param {bigint} hash
- * @returns {Buffer}
- */
-function bigEndian64(hash) {
-  const buf = node_buffer.Buffer.allocUnsafe(64 / 8);
-  buf.writeBigInt64BE(hash, 0);
-  return buf
-}
-
-function generateTOTPSecret(num = 32) {
-  return base32.encode(node_crypto.randomBytes(num).toString('ascii'))
-}
-
-exports.generateTOTPSecret = generateTOTPSecret;
-exports.generateTOTPURL = generateTOTPURL;
-exports.isValid = isValid;
-exports.totp = totp;