foronce 0.0.2 → 0.0.3

package/LICENSE

@@ -0,0 +1,20 @@
+MIT License
+
+Copyright (c) 2024 reaper <ahoy@barelyhuman.dev>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/README.md

@@ -1 +1,89 @@
 # foronce
+
+- [foronce](#foronce)
+  - [Usage](#usage)
+    - [Examples](#examples)
+      - [One Time Email Validation](#one-time-email-validation)
+  - [API](#api)
+
+> TOTP in a few functions
+
+## Usage
+
+- Install the `foronce` library
+
+```sh
+; npm install foronce
+```
+
+### Examples
+
+#### One Time Email Validation
+
+```ts
+import { generateTOTPSecret, totp, isTOTPValid } from 'foronce'
+
+app.post('/login', (req, res) => {
+  const email = req.body.email
+  const secret = generateTOTPSecret()
+
+  const user = new User()
+  user.email = email
+  user.OTPSecret = secret
+  await user.save()
+
+  const otp = totp(secret)
+
+  EmailProvider.sendLoginEmail(email, otp)
+})
+
+app.post('/verify', (req, res) => {
+  const { email, otp } = req.body
+  const user = await User.find({
+    where: {
+      email: email,
+    },
+  })
+
+  if (!isTOTPValid(user.OTPSecret, otp)) {
+    res.status(400)
+    res.send({ message: 'Invalid OTP' })
+    return
+  }
+
+  res.send(generateLoginToken(user))
+  return
+})
+```
+
+## API
+
+```ts
+export function totp(
+  secret: string,
+  when?: number,
+  options?: {
+    period?: number
+    algorithm?: 'sha1' | 'sha256' | 'sha512'
+  }
+): string
+
+export function isTOTPValid(
+  secret: string,
+  token: string,
+  options?: {
+    period?: number
+    algorithm?: 'sha1' | 'sha256' | 'sha512'
+  }
+): boolean
+
+export function generateTOTPURL(
+  secret: string,
+  options: {
+    company: string
+    email: string
+  }
+): string
+
+export function generateTOTPSecret(num?: number): string
+```

package/dist/index.cjs

@@ -4,14 +4,13 @@ var node_crypto = require('node:crypto');
 var node_buffer = require('node:buffer');
 var base32 = require('./base32.cjs');
 
-/**
- * Simplified implementation of TOTP with existing node libs
- *
- * helpers to handle the following
- * - generate QR codes with the otpauth:// URL scheme
- * - algo and implmentation taken from https://drewdevault.com/2022/10/18/TOTP-is-easy.html
+/*!
+ * base-32.js
+ * Copyright(c) 2024 Reaper
+ * MIT Licensed
  */
 
+
 const { floor } = Math;
 
 /**
@@ -20,14 +19,15 @@ const { floor } = Math;
  * @param {number} when
  * @param {object} [options]
  * @param {number} [options.period] in seconds (eg: 30 => 30 seconds)
+ * @param {"sha1" | "sha256" | "sha512"} [options.algorithm] (default: sha512)
  * @returns {string}
  */
 function totp(secret, when = floor(Date.now() / 1000), options = {}) {
-  const _options = Object.assign({ period: 30 }, options);
+  const _options = Object.assign({ period: 30, algorithm: 'sha512' }, options);
   const now = floor(when / _options.period);
   const key = base32.decode(secret);
   const buff = bigEndian64(BigInt(now));
-  const hmac = node_crypto.createHmac('sha512', key).update(buff).digest();
+  const hmac = node_crypto.createHmac(_options.algorithm, key).update(buff).digest();
   const offset = hmac[hmac.length - 1] & 0xf;
   const truncatedHash = hmac.subarray(offset, offset + 4);
   const otp = (
@@ -42,10 +42,11 @@ function totp(secret, when = floor(Date.now() / 1000), options = {}) {
  * @param {string} token
  * @param {object} [options]
  * @param {number} [options.period] in seconds (eg: 30 => 30 seconds)
+ * @param {"sha1" | "sha256" | "sha512"} [options.algorithm] (default: sha512)
  * @returns {boolean}
  */
-function isValid(secret, token, options = {}) {
-  const _options = Object.assign({ period: 30 }, options);
+function isTOTPValid(secret, token, options = {}) {
+  const _options = Object.assign({ period: 30, algorithm: 'sha512' }, options);
   for (let index = -2; index < 3; index += 1) {
     const fromSys = totp(secret, Date.now() / 1000 + index, _options);
     const valid = fromSys === token;
@@ -88,5 +89,5 @@ function generateTOTPSecret(num = 32) {
 
 exports.generateTOTPSecret = generateTOTPSecret;
 exports.generateTOTPURL = generateTOTPURL;
-exports.isValid = isValid;
+exports.isTOTPValid = isTOTPValid;
 exports.totp = totp;

package/dist/index.d.ts

@@ -1,8 +1,10 @@
 export function totp(secret: string, when?: number, options?: {
     period?: number;
+    algorithm?: "sha1" | "sha256" | "sha512";
 }): string;
-export function isValid(secret: string, token: string, options?: {
+export function isTOTPValid(secret: string, token: string, options?: {
     period?: number;
+    algorithm?: "sha1" | "sha256" | "sha512";
 }): boolean;
 export function generateTOTPURL(secret: string, options: {
     company: string;

package/package.json

@@ -1,6 +1,7 @@
 {
   "name": "foronce",
-  "version": "0.0.2",
+  "version": "0.0.3",
+  "description": "TOTP in a few functions",
   "repository": "git@github.com:dumbjs/foronce.git",
   "license": "MIT",
   "author": "Reaper <ahoy@barelyhuman.dev>",
@@ -39,10 +40,6 @@
     "*.{js,css,md,json}": "prettier --write"
   },
   "prettier": "@barelyhuman/prettier-config",
-  "dependencies": {
-    "hi-base32": "^0.5.1",
-    "uncrypto": "^0.1.3"
-  },
   "devDependencies": {
     "@barelyhuman/prettier-config": "^1.0.0",
     "@types/node": "^20.10.8",

package/src/index.js

@@ -1,3 +1,9 @@
+/*!
+ * base-32.js
+ * Copyright(c) 2024 Reaper
+ * MIT Licensed
+ */
+
 /**
  * Simplified implementation of TOTP with existing node libs
  *
@@ -17,14 +23,15 @@ const { floor } = Math
  * @param {number} when
  * @param {object} [options]
  * @param {number} [options.period] in seconds (eg: 30 => 30 seconds)
+ * @param {"sha1" | "sha256" | "sha512"} [options.algorithm] (default: sha512)
  * @returns {string}
  */
 export function totp(secret, when = floor(Date.now() / 1000), options = {}) {
-  const _options = Object.assign({ period: 30 }, options)
+  const _options = Object.assign({ period: 30, algorithm: 'sha512' }, options)
   const now = floor(when / _options.period)
   const key = decode(secret)
   const buff = bigEndian64(BigInt(now))
-  const hmac = createHmac('sha512', key).update(buff).digest()
+  const hmac = createHmac(_options.algorithm, key).update(buff).digest()
   const offset = hmac[hmac.length - 1] & 0xf
   const truncatedHash = hmac.subarray(offset, offset + 4)
   const otp = (
@@ -39,10 +46,11 @@ export function totp(secret, when = floor(Date.now() / 1000), options = {}) {
  * @param {string} token
  * @param {object} [options]
  * @param {number} [options.period] in seconds (eg: 30 => 30 seconds)
+ * @param {"sha1" | "sha256" | "sha512"} [options.algorithm] (default: sha512)
  * @returns {boolean}
  */
-export function isValid(secret, token, options = {}) {
-  const _options = Object.assign({ period: 30 }, options)
+export function isTOTPValid(secret, token, options = {}) {
+  const _options = Object.assign({ period: 30, algorithm: 'sha512' }, options)
   for (let index = -2; index < 3; index += 1) {
     const fromSys = totp(secret, Date.now() / 1000 + index, _options)
     const valid = fromSys === token