npm - otplib - Versions diffs - 13.2.1 → 13.4.0 - Mend

otplib 13.2.1 → 13.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/README.md +82 -25
package/dist/class.cjs +1 -1
package/dist/class.cjs.map +1 -1
package/dist/class.d.cts +17 -2
package/dist/class.d.ts +17 -2
package/dist/class.js +1 -1
package/dist/class.js.map +1 -1
package/dist/functional.cjs +1 -1
package/dist/functional.cjs.map +1 -1
package/dist/functional.d.cts +1 -1
package/dist/functional.d.ts +1 -1
package/dist/functional.js +1 -1
package/dist/functional.js.map +1 -1
package/dist/index.cjs +1 -1
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +2 -2
package/dist/index.d.ts +2 -2
package/dist/index.global.js +10 -0
package/dist/index.global.js.map +1 -0
package/dist/index.js +1 -1
package/dist/index.js.map +1 -1
package/dist/metafile-cjs.json +1 -1
package/dist/metafile-esm.json +1 -1
package/dist/metafile-iife.json +1 -0
package/dist/{types-Bap9LCID.d.cts → types-BBT_82HF.d.cts} +15 -2
package/dist/{types-Bap9LCID.d.ts → types-BBT_82HF.d.ts} +15 -2
package/package.json +32 -10

package/dist/functional.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/functional.ts","../src/defaults.ts"],"sourcesContent":["import { generateSecret as generateSecretCore, ConfigurationError } from \"@otplib/core\";\nimport {\n generate as generateHOTP,\n generateSync as generateHOTPSync,\n verify as verifyHOTP,\n verifySync as verifyHOTPSync,\n} from \"@otplib/hotp\";\nimport {\n generate as generateTOTP,\n generateSync as generateTOTPSync,\n verify as verifyTOTP,\n verifySync as verifyTOTPSync,\n} from \"@otplib/totp\";\nimport { generateTOTP as generateTOTPURI, generateHOTP as generateHOTURI } from \"@otplib/uri\";\n\nimport {\n defaultCrypto,\n defaultBase32,\n normalizeGenerateOptions,\n normalizeVerifyOptions,\n} from \"./defaults.js\";\n\nimport type {\n OTPGenerateOptions,\n OTPVerifyOptions,\n OTPStrategy,\n StrategyHandlers,\n} from \"./types.js\";\nimport type { CryptoPlugin, Base32Plugin, Digits, HashAlgorithm } from \"@otplib/core\";\nimport type { VerifyResult as HOTPVerifyResult } from \"@otplib/hotp\";\nimport type { VerifyResult as TOTPVerifyResult } from \"@otplib/totp\";\n\nexport type { OTPStrategy };\n\nexport type VerifyResult = TOTPVerifyResult \| HOTPVerifyResult;\n\nfunction executeByStrategy<T>(\n strategy: OTPStrategy,\n counter: number \| undefined,\n handlers: StrategyHandlers<T>,\n): T {\n if (strategy === \"totp\") {\n return handlers.totp();\n }\n if (strategy === \"hotp\") {\n if (counter === undefined) {\n throw new ConfigurationError(\n \"Counter is required for HOTP strategy. Example: { strategy: 'hotp', counter: 0 }\",\n );\n }\n return handlers.hotp(counter);\n }\n throw new ConfigurationError(\n `Unknown OTP strategy: ${strategy}. Valid strategies are 'totp' or 'hotp'.`,\n );\n}\n\n/*\n Generate a random secret key for use with OTP\n \n The secret is encoded in Base32 format for compatibility with\n * Google Authenticator and other authenticator apps.\n \n @param options - Secret generation options\n * @returns Base32-encoded secret key\n \n @example\n * ```ts\n * import { generateSecret } from 'otplib';\n \n const secret = generateSecret();\n * // Returns: 'JBSWY3DPEHPK3PXP'\n * ```\n \n @example With custom plugins\n * ```ts\n * import { generateSecret, NodeCryptoPlugin } from 'otplib';\n \n const secret = generateSecret({\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport function generateSecret(options?: {\n /\n Number of random bytes to generate (default: 20)\n * 20 bytes = 160 bits, which provides a good security margin\n /\n length?: number;\n\n /\n Crypto plugin to use (default: NobleCryptoPlugin)\n /\n crypto?: CryptoPlugin;\n\n /\n Base32 plugin to use (default: ScureBase32Plugin)\n /\n base32?: Base32Plugin;\n}): string {\n const { crypto = defaultCrypto, base32 = defaultBase32, length = 20 } = options \|\| {};\n\n return generateSecretCore({ crypto, base32, length });\n}\n\n/\n Generate an otpauth:// URI for QR code generation\n \n This URI can be used to generate a QR code that can be scanned\n * by Google Authenticator and other authenticator apps.\n \n @param options - URI generation options\n * @returns otpauth:// URI string\n \n @example TOTP\n * ```ts\n * import { generateURI } from 'otplib';\n \n const uri = generateURI({\n * issuer: 'ACME Co',\n * label: 'john@example.com',\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * // Returns: 'otpauth://totp/ACME%20Co:john%40example.com?secret=...'\n * ```\n \n @example HOTP\n * ```ts\n * import { generateURI } from 'otplib';\n \n const uri = generateURI({\n * strategy: 'hotp',\n * issuer: 'ACME Co',\n * label: 'john@example.com',\n * secret: 'JBSWY3DPEHPK3PXP',\n * counter: 5,\n * });\n * // Returns: 'otpauth://hotp/ACME%20Co:john%40example.com?secret=...&counter=5'\n * ```\n /\nexport function generateURI(options: {\n /\n OTP strategy to use (default: 'totp')\n /\n strategy?: OTPStrategy;\n issuer: string;\n label: string;\n /\n Base32-encoded secret key\n \n Note: By default, strings are assumed to be Base32 encoded.\n * If you have a raw string/passphrase, you must convert it to Uint8Array first.\n /\n secret: string;\n algorithm?: HashAlgorithm;\n digits?: Digits;\n period?: number;\n counter?: number;\n}): string {\n const {\n strategy = \"totp\",\n issuer,\n label,\n secret,\n algorithm = \"sha1\",\n digits = 6,\n period = 30,\n counter,\n } = options;\n\n return executeByStrategy(strategy, counter, {\n totp: () => generateTOTPURI({ issuer, label, secret, algorithm, digits, period }),\n hotp: (counter) => generateHOTURI({ issuer, label, secret, algorithm, digits, counter }),\n });\n}\n\n/\n Generate an OTP code\n \n Generates a one-time password based on the specified strategy.\n * - 'totp': Time-based OTP (default)\n * - 'hotp': HMAC-based OTP\n \n @param options - OTP generation options\n * @returns OTP code\n \n @example TOTP\n * ```ts\n * import { generate } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * // Returns: '123456'\n * ```\n \n @example HOTP\n * ```ts\n * import { generate } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * strategy: 'hotp',\n * counter: 0,\n * });\n * ```\n \n @example With custom plugins\n * ```ts\n * import { generate, NodeCryptoPlugin } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport async function generate(options: OTPGenerateOptions): Promise<string> {\n const opts = normalizeGenerateOptions(options);\n const { secret, crypto, base32, algorithm, digits } = opts;\n const commonOptions = { secret, crypto, base32, algorithm, digits };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n generateTOTP({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n generateHOTP({\n ...commonOptions,\n counter,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Generate an OTP code synchronously\n \n This is the synchronous version of {@link generate}. It requires a crypto\n * plugin that supports synchronous HMAC operations.\n \n @param options - OTP generation options\n * @returns OTP code\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n \n @example\n * ```ts\n * import { generateSync } from 'otplib';\n \n const token = generateSync({\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * ```\n /\nexport function generateSync(options: OTPGenerateOptions): string {\n const opts = normalizeGenerateOptions(options);\n const { secret, crypto, base32, algorithm, digits } = opts;\n const commonOptions = { secret, crypto, base32, algorithm, digits };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n generateTOTPSync({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n generateHOTPSync({\n ...commonOptions,\n counter,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Verify an OTP code\n \n Verifies a provided OTP code against the expected value based on the strategy.\n * - 'totp': Time-based OTP (default, Google Authenticator compatible)\n * - 'hotp': HMAC-based OTP\n \n Uses constant-time comparison to prevent timing attacks.\n \n @param options - OTP verification options\n * @returns Verification result with validity and optional delta\n \n @example TOTP\n * ```ts\n * import { verify } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * });\n * // Returns: { valid: true, delta: 0 }\n * ```\n \n @example HOTP\n * ```ts\n * import { verify } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * strategy: 'hotp',\n * counter: 0,\n * });\n * ```\n \n @example With epochTolerance for TOTP\n * ```ts\n * import { verify, NodeCryptoPlugin } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * epochTolerance: 30,\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport async function verify(options: OTPVerifyOptions): Promise<VerifyResult> {\n const opts = normalizeVerifyOptions(options);\n const { secret, token, crypto, base32, algorithm, digits } = opts;\n const commonOptions = { secret, token, crypto, base32, algorithm, digits };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n verifyTOTP({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n epochTolerance: opts.epochTolerance,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n verifyHOTP({\n ...commonOptions,\n counter,\n counterTolerance: opts.counterTolerance,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Verify an OTP code synchronously\n \n This is the synchronous version of {@link verify}. It requires a crypto\n * plugin that supports synchronous HMAC operations.\n \n @param options - OTP verification options\n * @returns Verification result with validity and optional delta\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n \n @example\n * ```ts\n * import { verifySync } from 'otplib';\n \n const result = verifySync({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * });\n * ```\n /\nexport function verifySync(options: OTPVerifyOptions): VerifyResult {\n const opts = normalizeVerifyOptions(options);\n const { secret, token, crypto, base32, algorithm, digits } = opts;\n const commonOptions = { secret, token, crypto, base32, algorithm, digits };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n verifyTOTPSync({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n epochTolerance: opts.epochTolerance,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n verifyHOTPSync({\n ...commonOptions,\n counter,\n counterTolerance: opts.counterTolerance,\n guardrails: opts.guardrails,\n }),\n });\n}\n","/\n Default plugin instances\n \n Shared across functional and class APIs to ensure singleton behavior\n * and reduce memory overhead. Uses pre-instantiated frozen singletons\n * from the plugin packages.\n */\nimport { createGuardrails } from \"@otplib/core\";\nimport { base32 as defaultBase32 } from \"@otplib/plugin-base32-scure\";\nimport { crypto as defaultCrypto } from \"@otplib/plugin-crypto-noble\";\n\nimport type {\n OTPGenerateOptions,\n OTPVerifyOptions,\n OTPGenerateOptionsWithDefaults,\n OTPVerifyOptionsWithDefaults,\n} from \"./types.js\";\n\nexport { defaultCrypto, defaultBase32 };\n\nexport function normalizeGenerateOptions(\n options: OTPGenerateOptions,\n): OTPGenerateOptionsWithDefaults {\n return {\n secret: options.secret,\n strategy: options.strategy ?? \"totp\",\n crypto: options.crypto ?? defaultCrypto,\n base32: options.base32 ?? defaultBase32,\n algorithm: options.algorithm ?? \"sha1\",\n digits: options.digits ?? 6,\n period: options.period ?? 30,\n epoch: options.epoch ?? Math.floor(Date.now() / 1000),\n t0: options.t0 ?? 0,\n counter: options.counter,\n guardrails: options.guardrails ?? createGuardrails(),\n };\n}\n\nexport function normalizeVerifyOptions(options: OTPVerifyOptions): OTPVerifyOptionsWithDefaults {\n return {\n ...normalizeGenerateOptions(options),\n token: options.token,\n epochTolerance: options.epochTolerance ?? 0,\n counterTolerance: options.counterTolerance ?? 0,\n };\n}\n"],"mappings":"yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,cAAAE,EAAA,mBAAAC,EAAA,iBAAAC,EAAA,gBAAAC,EAAA,WAAAC,EAAA,eAAAC,IAAA,eAAAC,EAAAR,GAAA,IAAAS,EAAyE,wBACzEC,EAKO,wBACPC,EAKO,wBACPC,EAAgF,uBCNhF,IAAAC,EAAiC,wBACjCC,EAAwC,uCACxCC,EAAwC,uCAWjC,SAASC,EACdC,EACgC,CAChC,MAAO,CACL,OAAQA,EAAQ,OAChB,SAAUA,EAAQ,UAAY,OAC9B,OAAQA,EAAQ,QAAU,EAAAC,OAC1B,OAAQD,EAAQ,QAAU,EAAAE,OAC1B,UAAWF,EAAQ,WAAa,OAChC,OAAQA,EAAQ,QAAU,EAC1B,OAAQA,EAAQ,QAAU,GAC1B,MAAOA,EAAQ,OAAS,KAAK,MAAM,KAAK,IAAI,EAAI,GAAI,EACpD,GAAIA,EAAQ,IAAM,EAClB,QAASA,EAAQ,QACjB,WAAYA,EAAQ,eAAc,oBAAiB,CACrD,CACF,CAEO,SAASG,EAAuBH,EAAyD,CAC9F,MAAO,CACL,GAAGD,EAAyBC,CAAO,EACnC,MAAOA,EAAQ,MACf,eAAgBA,EAAQ,gBAAkB,EAC1C,iBAAkBA,EAAQ,kBAAoB,CAChD,CACF,CDTA,SAASI,EACPC,EACAC,EACAC,EACG,CACH,GAAIF,IAAa,OACf,OAAOE,EAAS,KAAK,EAEvB,GAAIF,IAAa,OAAQ,CACvB,GAAIC,IAAY,OACd,MAAM,IAAI,qBACR,kFACF,EAEF,OAAOC,EAAS,KAAKD,CAAO,CAC9B,CACA,MAAM,IAAI,qBACR,yBAAyBD,CAAQ,0CACnC,CACF,CA4BO,SAASG,EAAeC,EAgBpB,CACT,GAAM,CAAE,OAAAC,EAAS,EAAAC,OAAe,OAAAC,EAAS,EAAAC,OAAe,OAAAC,EAAS,EAAG,EAAIL,GAAW,CAAC,EAEpF,SAAO,EAAAM,gBAAmB,CAAE,OAAAL,EAAQ,OAAAE,EAAQ,OAAAE,CAAO,CAAC,CACtD,CAqCO,SAASE,EAAYP,EAkBjB,CACT,GAAM,CACJ,SAAAJ,EAAW,OACX,OAAAY,EACA,MAAAC,EACA,OAAAC,EACA,UAAAC,EAAY,OACZ,OAAAC,EAAS,EACT,OAAAC,EAAS,GACT,QAAAhB,CACF,EAAIG,EAEJ,OAAOL,EAAkBC,EAAUC,EAAS,CAC1C,KAAM,OAAM,EAAAiB,cAAgB,CAAE,OAAAN,EAAQ,MAAAC,EAAO,OAAAC,EAAQ,UAAAC,EAAW,OAAAC,EAAQ,OAAAC,CAAO,CAAC,EAChF,KAAOhB,MAAY,EAAAkB,cAAe,CAAE,OAAAP,EAAQ,MAAAC,EAAO,OAAAC,EAAQ,UAAAC,EAAW,OAAAC,EAAQ,QAAAf,CAAQ,CAAC,CACzF,CAAC,CACH,CA2CA,eAAsBmB,EAAShB,EAA8C,CAC3E,IAAMiB,EAAOC,EAAyBlB,CAAO,EACvC,CAAE,OAAAU,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAAIK,EAChDE,EAAgB,CAAE,OAAAT,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAElE,OAAOjB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAG,UAAa,CACX,GAAGD,EACH,OAAQF,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAAwB,UAAa,CACX,GAAGF,EACH,QAAAtB,EACA,WAAYoB,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAqBO,SAASK,EAAatB,EAAqC,CAChE,IAAMiB,EAAOC,EAAyBlB,CAAO,EACvC,CAAE,OAAAU,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAAIK,EAChDE,EAAgB,CAAE,OAAAT,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAElE,OAAOjB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAM,cAAiB,CACf,GAAGJ,EACH,OAAQF,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAA2B,cAAiB,CACf,GAAGL,EACH,QAAAtB,EACA,WAAYoB,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAiDA,eAAsBQ,EAAOzB,EAAkD,CAC7E,IAAMiB,EAAOS,EAAuB1B,CAAO,EACrC,CAAE,OAAAU,EAAQ,MAAAiB,EAAO,OAAA1B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAAIK,EACvDE,EAAgB,CAAE,OAAAT,EAAQ,MAAAiB,EAAO,OAAA1B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAEzE,OAAOjB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAW,QAAW,CACT,GAAGT,EACH,OAAQF,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,eAAgBA,EAAK,eACrB,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAAgC,QAAW,CACT,GAAGV,EACH,QAAAtB,EACA,iBAAkBoB,EAAK,iBACvB,WAAYA,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAsBO,SAASa,EAAW9B,EAAyC,CAClE,IAAMiB,EAAOS,EAAuB1B,CAAO,EACrC,CAAE,OAAAU,EAAQ,MAAAiB,EAAO,OAAA1B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAAIK,EACvDE,EAAgB,CAAE,OAAAT,EAAQ,MAAAiB,EAAO,OAAA1B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAEzE,OAAOjB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAc,YAAe,CACb,GAAGZ,EACH,OAAQF,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,eAAgBA,EAAK,eACrB,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAAmC,YAAe,CACb,GAAGb,EACH,QAAAtB,EACA,iBAAkBoB,EAAK,iBACvB,WAAYA,EAAK,UACnB,CAAC,CACL,CAAC,CACH","names":["functional_exports","__export","generate","generateSecret","generateSync","generateURI","verify","verifySync","__toCommonJS","import_core","import_hotp","import_totp","import_uri","import_core","import_plugin_base32_scure","import_plugin_crypto_noble","normalizeGenerateOptions","options","defaultCrypto","defaultBase32","normalizeVerifyOptions","executeByStrategy","strategy","counter","handlers","generateSecret","options","crypto","defaultCrypto","base32","defaultBase32","length","generateSecretCore","generateURI","issuer","label","secret","algorithm","digits","period","generateTOTPURI","generateHOTURI","generate","opts","normalizeGenerateOptions","commonOptions","generateTOTP","generateHOTP","generateSync","generateTOTPSync","generateHOTPSync","verify","normalizeVerifyOptions","token","verifyTOTP","verifyHOTP","verifySync","verifyTOTPSync","verifyHOTPSync"]}
1	+ {"version":3,"sources":["../src/functional.ts","../src/defaults.ts"],"sourcesContent":["import { generateSecret as generateSecretCore, ConfigurationError } from \"@otplib/core\";\nimport {\n generate as generateHOTP,\n generateSync as generateHOTPSync,\n verify as verifyHOTP,\n verifySync as verifyHOTPSync,\n} from \"@otplib/hotp\";\nimport {\n generate as generateTOTP,\n generateSync as generateTOTPSync,\n verify as verifyTOTP,\n verifySync as verifyTOTPSync,\n} from \"@otplib/totp\";\nimport { generateTOTP as generateTOTPURI, generateHOTP as generateHOTURI } from \"@otplib/uri\";\n\nimport {\n defaultCrypto,\n defaultBase32,\n normalizeGenerateOptions,\n normalizeVerifyOptions,\n} from \"./defaults.js\";\n\nimport type {\n OTPGenerateOptions,\n OTPVerifyOptions,\n OTPStrategy,\n StrategyHandlers,\n} from \"./types.js\";\nimport type { CryptoPlugin, Base32Plugin, Digits, HashAlgorithm } from \"@otplib/core\";\nimport type { VerifyResult as HOTPVerifyResult } from \"@otplib/hotp\";\nimport type { VerifyResult as TOTPVerifyResult } from \"@otplib/totp\";\n\nexport type { OTPStrategy };\n\nexport type VerifyResult = TOTPVerifyResult \| HOTPVerifyResult;\n\nfunction executeByStrategy<T>(\n strategy: OTPStrategy,\n counter: number \| undefined,\n handlers: StrategyHandlers<T>,\n): T {\n if (strategy === \"totp\") {\n return handlers.totp();\n }\n if (strategy === \"hotp\") {\n if (counter === undefined) {\n throw new ConfigurationError(\n \"Counter is required for HOTP strategy. Example: { strategy: 'hotp', counter: 0 }\",\n );\n }\n return handlers.hotp(counter);\n }\n throw new ConfigurationError(\n `Unknown OTP strategy: ${strategy}. Valid strategies are 'totp' or 'hotp'.`,\n );\n}\n\n/*\n Generate a random secret key for use with OTP\n \n The secret is encoded in Base32 format for compatibility with\n * Google Authenticator and other authenticator apps.\n \n @param options - Secret generation options\n * @returns Base32-encoded secret key\n \n @example\n * ```ts\n * import { generateSecret } from 'otplib';\n \n const secret = generateSecret();\n * // Returns: 'JBSWY3DPEHPK3PXP'\n * ```\n \n @example With custom plugins\n * ```ts\n * import { generateSecret, NodeCryptoPlugin } from 'otplib';\n \n const secret = generateSecret({\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport function generateSecret(options?: {\n /\n Number of random bytes to generate (default: 20)\n * 20 bytes = 160 bits, which provides a good security margin\n /\n length?: number;\n\n /\n Crypto plugin to use (default: NobleCryptoPlugin)\n /\n crypto?: CryptoPlugin;\n\n /\n Base32 plugin to use (default: ScureBase32Plugin)\n /\n base32?: Base32Plugin;\n}): string {\n const { crypto = defaultCrypto, base32 = defaultBase32, length = 20 } = options \|\| {};\n\n return generateSecretCore({ crypto, base32, length });\n}\n\n/\n Generate an otpauth:// URI for QR code generation\n \n This URI can be used to generate a QR code that can be scanned\n * by Google Authenticator and other authenticator apps.\n \n @param options - URI generation options\n * @returns otpauth:// URI string\n \n @example TOTP\n * ```ts\n * import { generateURI } from 'otplib';\n \n const uri = generateURI({\n * issuer: 'ACME Co',\n * label: 'john@example.com',\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * // Returns: 'otpauth://totp/ACME%20Co:john%40example.com?secret=...'\n * ```\n \n @example HOTP\n * ```ts\n * import { generateURI } from 'otplib';\n \n const uri = generateURI({\n * strategy: 'hotp',\n * issuer: 'ACME Co',\n * label: 'john@example.com',\n * secret: 'JBSWY3DPEHPK3PXP',\n * counter: 5,\n * });\n * // Returns: 'otpauth://hotp/ACME%20Co:john%40example.com?secret=...&counter=5'\n * ```\n /\nexport function generateURI(options: {\n /\n OTP strategy to use (default: 'totp')\n /\n strategy?: OTPStrategy;\n issuer: string;\n label: string;\n /\n Base32-encoded secret key\n \n Note: By default, strings are assumed to be Base32 encoded.\n * If you have a raw string/passphrase, you must convert it to Uint8Array first.\n /\n secret: string;\n algorithm?: HashAlgorithm;\n digits?: Digits;\n period?: number;\n counter?: number;\n}): string {\n const {\n strategy = \"totp\",\n issuer,\n label,\n secret,\n algorithm = \"sha1\",\n digits = 6,\n period = 30,\n counter,\n } = options;\n\n return executeByStrategy(strategy, counter, {\n totp: () => generateTOTPURI({ issuer, label, secret, algorithm, digits, period }),\n hotp: (counter) => generateHOTURI({ issuer, label, secret, algorithm, digits, counter }),\n });\n}\n\n/\n Generate an OTP code\n \n Generates a one-time password based on the specified strategy.\n * - 'totp': Time-based OTP (default)\n * - 'hotp': HMAC-based OTP\n \n @param options - OTP generation options\n * @returns OTP code\n \n @example TOTP\n * ```ts\n * import { generate } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * // Returns: '123456'\n * ```\n \n @example HOTP\n * ```ts\n * import { generate } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * strategy: 'hotp',\n * counter: 0,\n * });\n * ```\n \n @example With custom plugins\n * ```ts\n * import { generate, NodeCryptoPlugin } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport async function generate(options: OTPGenerateOptions): Promise<string> {\n const opts = normalizeGenerateOptions(options);\n const { secret, crypto, base32, algorithm, digits, hooks } = opts;\n const commonOptions = { secret, crypto, base32, algorithm, digits, hooks };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n generateTOTP({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n generateHOTP({\n ...commonOptions,\n counter,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Generate an OTP code synchronously\n \n This is the synchronous version of {@link generate}. It requires a crypto\n * plugin that supports synchronous HMAC operations.\n \n @param options - OTP generation options\n * @returns OTP code\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n \n @example\n * ```ts\n * import { generateSync } from 'otplib';\n \n const token = generateSync({\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * ```\n /\nexport function generateSync(options: OTPGenerateOptions): string {\n const opts = normalizeGenerateOptions(options);\n const { secret, crypto, base32, algorithm, digits } = opts;\n const commonOptions = { secret, crypto, base32, algorithm, digits };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n generateTOTPSync({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n generateHOTPSync({\n ...commonOptions,\n counter,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Verify an OTP code\n \n Verifies a provided OTP code against the expected value based on the strategy.\n * - 'totp': Time-based OTP (default, Google Authenticator compatible)\n * - 'hotp': HMAC-based OTP\n \n Uses constant-time comparison to prevent timing attacks.\n \n @param options - OTP verification options\n * @returns Verification result with validity and optional delta\n \n @example TOTP\n * ```ts\n * import { verify } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * });\n * // Returns: { valid: true, delta: 0 }\n * ```\n \n @example HOTP\n * ```ts\n * import { verify } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * strategy: 'hotp',\n * counter: 0,\n * });\n * ```\n \n @example With epochTolerance for TOTP\n * ```ts\n * import { verify, NodeCryptoPlugin } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * epochTolerance: 30,\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport async function verify(options: OTPVerifyOptions): Promise<VerifyResult> {\n const opts = normalizeVerifyOptions(options);\n const { secret, token, crypto, base32, algorithm, digits, hooks } = opts;\n const commonOptions = { secret, token, crypto, base32, algorithm, digits, hooks };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n verifyTOTP({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n epochTolerance: opts.epochTolerance,\n afterTimeStep: opts.afterTimeStep,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n verifyHOTP({\n ...commonOptions,\n counter,\n counterTolerance: opts.counterTolerance,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Verify an OTP code synchronously\n \n This is the synchronous version of {@link verify}. It requires a crypto\n * plugin that supports synchronous HMAC operations.\n \n @param options - OTP verification options\n * @returns Verification result with validity and optional delta\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n \n @example\n * ```ts\n * import { verifySync } from 'otplib';\n \n const result = verifySync({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * });\n * ```\n /\nexport function verifySync(options: OTPVerifyOptions): VerifyResult {\n const opts = normalizeVerifyOptions(options);\n const { secret, token, crypto, base32, algorithm, digits, hooks } = opts;\n const commonOptions = { secret, token, crypto, base32, algorithm, digits, hooks };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n verifyTOTPSync({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n epochTolerance: opts.epochTolerance,\n afterTimeStep: opts.afterTimeStep,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n verifyHOTPSync({\n ...commonOptions,\n counter,\n counterTolerance: opts.counterTolerance,\n guardrails: opts.guardrails,\n }),\n });\n}\n","/\n Default plugin instances\n \n Shared across functional and class APIs to ensure singleton behavior\n * and reduce memory overhead. Uses pre-instantiated frozen singletons\n * from the plugin packages.\n */\nimport { createGuardrails } from \"@otplib/core\";\nimport { base32 as defaultBase32 } from \"@otplib/plugin-base32-scure\";\nimport { crypto as defaultCrypto } from \"@otplib/plugin-crypto-noble\";\n\nimport type {\n OTPGenerateOptions,\n OTPVerifyOptions,\n OTPGenerateOptionsWithDefaults,\n OTPVerifyOptionsWithDefaults,\n} from \"./types.js\";\n\nexport { defaultCrypto, defaultBase32 };\n\nexport function normalizeGenerateOptions(\n options: OTPGenerateOptions,\n): OTPGenerateOptionsWithDefaults {\n return {\n secret: options.secret,\n strategy: options.strategy ?? \"totp\",\n crypto: options.crypto ?? defaultCrypto,\n base32: options.base32 ?? defaultBase32,\n algorithm: options.algorithm ?? \"sha1\",\n digits: options.digits ?? 6,\n period: options.period ?? 30,\n epoch: options.epoch ?? Math.floor(Date.now() / 1000),\n t0: options.t0 ?? 0,\n counter: options.counter,\n guardrails: options.guardrails ?? createGuardrails(),\n hooks: options.hooks,\n };\n}\n\nexport function normalizeVerifyOptions(options: OTPVerifyOptions): OTPVerifyOptionsWithDefaults {\n return {\n ...normalizeGenerateOptions(options),\n token: options.token,\n epochTolerance: options.epochTolerance ?? 0,\n counterTolerance: options.counterTolerance ?? 0,\n afterTimeStep: options.afterTimeStep,\n };\n}\n"],"mappings":"yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,cAAAE,EAAA,mBAAAC,EAAA,iBAAAC,EAAA,gBAAAC,EAAA,WAAAC,EAAA,eAAAC,IAAA,eAAAC,EAAAR,GAAA,IAAAS,EAAyE,wBACzEC,EAKO,wBACPC,EAKO,wBACPC,EAAgF,uBCNhF,IAAAC,EAAiC,wBACjCC,EAAwC,uCACxCC,EAAwC,uCAWjC,SAASC,EACdC,EACgC,CAChC,MAAO,CACL,OAAQA,EAAQ,OAChB,SAAUA,EAAQ,UAAY,OAC9B,OAAQA,EAAQ,QAAU,EAAAC,OAC1B,OAAQD,EAAQ,QAAU,EAAAE,OAC1B,UAAWF,EAAQ,WAAa,OAChC,OAAQA,EAAQ,QAAU,EAC1B,OAAQA,EAAQ,QAAU,GAC1B,MAAOA,EAAQ,OAAS,KAAK,MAAM,KAAK,IAAI,EAAI,GAAI,EACpD,GAAIA,EAAQ,IAAM,EAClB,QAASA,EAAQ,QACjB,WAAYA,EAAQ,eAAc,oBAAiB,EACnD,MAAOA,EAAQ,KACjB,CACF,CAEO,SAASG,EAAuBH,EAAyD,CAC9F,MAAO,CACL,GAAGD,EAAyBC,CAAO,EACnC,MAAOA,EAAQ,MACf,eAAgBA,EAAQ,gBAAkB,EAC1C,iBAAkBA,EAAQ,kBAAoB,EAC9C,cAAeA,EAAQ,aACzB,CACF,CDXA,SAASI,EACPC,EACAC,EACAC,EACG,CACH,GAAIF,IAAa,OACf,OAAOE,EAAS,KAAK,EAEvB,GAAIF,IAAa,OAAQ,CACvB,GAAIC,IAAY,OACd,MAAM,IAAI,qBACR,kFACF,EAEF,OAAOC,EAAS,KAAKD,CAAO,CAC9B,CACA,MAAM,IAAI,qBACR,yBAAyBD,CAAQ,0CACnC,CACF,CA4BO,SAASG,EAAeC,EAgBpB,CACT,GAAM,CAAE,OAAAC,EAAS,EAAAC,OAAe,OAAAC,EAAS,EAAAC,OAAe,OAAAC,EAAS,EAAG,EAAIL,GAAW,CAAC,EAEpF,SAAO,EAAAM,gBAAmB,CAAE,OAAAL,EAAQ,OAAAE,EAAQ,OAAAE,CAAO,CAAC,CACtD,CAqCO,SAASE,EAAYP,EAkBjB,CACT,GAAM,CACJ,SAAAJ,EAAW,OACX,OAAAY,EACA,MAAAC,EACA,OAAAC,EACA,UAAAC,EAAY,OACZ,OAAAC,EAAS,EACT,OAAAC,EAAS,GACT,QAAAhB,CACF,EAAIG,EAEJ,OAAOL,EAAkBC,EAAUC,EAAS,CAC1C,KAAM,OAAM,EAAAiB,cAAgB,CAAE,OAAAN,EAAQ,MAAAC,EAAO,OAAAC,EAAQ,UAAAC,EAAW,OAAAC,EAAQ,OAAAC,CAAO,CAAC,EAChF,KAAOhB,MAAY,EAAAkB,cAAe,CAAE,OAAAP,EAAQ,MAAAC,EAAO,OAAAC,EAAQ,UAAAC,EAAW,OAAAC,EAAQ,QAAAf,CAAQ,CAAC,CACzF,CAAC,CACH,CA2CA,eAAsBmB,EAAShB,EAA8C,CAC3E,IAAMiB,EAAOC,EAAyBlB,CAAO,EACvC,CAAE,OAAAU,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAAIF,EACvDG,EAAgB,CAAE,OAAAV,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAEzE,OAAOxB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAI,UAAa,CACX,GAAGD,EACH,OAAQH,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAAyB,UAAa,CACX,GAAGF,EACH,QAAAvB,EACA,WAAYoB,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAqBO,SAASM,EAAavB,EAAqC,CAChE,IAAMiB,EAAOC,EAAyBlB,CAAO,EACvC,CAAE,OAAAU,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAAIK,EAChDG,EAAgB,CAAE,OAAAV,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAElE,OAAOjB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAO,cAAiB,CACf,GAAGJ,EACH,OAAQH,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAA4B,cAAiB,CACf,GAAGL,EACH,QAAAvB,EACA,WAAYoB,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAiDA,eAAsBS,EAAO1B,EAAkD,CAC7E,IAAMiB,EAAOU,EAAuB3B,CAAO,EACrC,CAAE,OAAAU,EAAQ,MAAAkB,EAAO,OAAA3B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAAIF,EAC9DG,EAAgB,CAAE,OAAAV,EAAQ,MAAAkB,EAAO,OAAA3B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAEhF,OAAOxB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAY,QAAW,CACT,GAAGT,EACH,OAAQH,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,eAAgBA,EAAK,eACrB,cAAeA,EAAK,cACpB,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAAiC,QAAW,CACT,GAAGV,EACH,QAAAvB,EACA,iBAAkBoB,EAAK,iBACvB,WAAYA,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAsBO,SAASc,EAAW/B,EAAyC,CAClE,IAAMiB,EAAOU,EAAuB3B,CAAO,EACrC,CAAE,OAAAU,EAAQ,MAAAkB,EAAO,OAAA3B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAAIF,EAC9DG,EAAgB,CAAE,OAAAV,EAAQ,MAAAkB,EAAO,OAAA3B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAEhF,OAAOxB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAe,YAAe,CACb,GAAGZ,EACH,OAAQH,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,eAAgBA,EAAK,eACrB,cAAeA,EAAK,cACpB,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAAoC,YAAe,CACb,GAAGb,EACH,QAAAvB,EACA,iBAAkBoB,EAAK,iBACvB,WAAYA,EAAK,UACnB,CAAC,CACL,CAAC,CACH","names":["functional_exports","__export","generate","generateSecret","generateSync","generateURI","verify","verifySync","__toCommonJS","import_core","import_hotp","import_totp","import_uri","import_core","import_plugin_base32_scure","import_plugin_crypto_noble","normalizeGenerateOptions","options","defaultCrypto","defaultBase32","normalizeVerifyOptions","executeByStrategy","strategy","counter","handlers","generateSecret","options","crypto","defaultCrypto","base32","defaultBase32","length","generateSecretCore","generateURI","issuer","label","secret","algorithm","digits","period","generateTOTPURI","generateHOTURI","generate","opts","normalizeGenerateOptions","hooks","commonOptions","generateTOTP","generateHOTP","generateSync","generateTOTPSync","generateHOTPSync","verify","normalizeVerifyOptions","token","verifyTOTP","verifyHOTP","verifySync","verifyTOTPSync","verifyHOTPSync"]}

package/dist/functional.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { c as OTPStrategy, a as OTPGenerateOptions, b as OTPVerifyOptions } from './types-Bap9LCID.cjs';
+import { a as OTPGenerateOptions, b as OTPStrategy, c as OTPVerifyOptions } from './types-BBT_82HF.cjs';
 import { CryptoPlugin, Base32Plugin, HashAlgorithm, Digits } from '@otplib/core';
 import { VerifyResult as VerifyResult$2 } from '@otplib/hotp';
 import { VerifyResult as VerifyResult$1 } from '@otplib/totp';

package/dist/functional.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { c as OTPStrategy, a as OTPGenerateOptions, b as OTPVerifyOptions } from './types-Bap9LCID.js';
+import { a as OTPGenerateOptions, b as OTPStrategy, c as OTPVerifyOptions } from './types-BBT_82HF.js';
 import { CryptoPlugin, Base32Plugin, HashAlgorithm, Digits } from '@otplib/core';
 import { VerifyResult as VerifyResult$2 } from '@otplib/hotp';
 import { VerifyResult as VerifyResult$1 } from '@otplib/totp';

package/dist/functional.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{generateSecret as m,ConfigurationError as T}from"@otplib/core";import{generate as d,generateSync as h,verify as P,verifySync as S}from"@otplib/hotp";import{generate as V,generateSync as b,verify as x,verifySync as H}from"@otplib/totp";import{generateTOTP as R,generateHOTP as v}from"@otplib/uri";import{createGuardrails as O}from"@otplib/core";import{base32 as l}from"@otplib/plugin-base32-scure";import{crypto as y}from"@otplib/plugin-crypto-noble";function u(t){return{secret:t.secret,strategy:t.strategy??"totp",crypto:t.crypto??y,base32:t.base32??l,algorithm:t.algorithm??"sha1",digits:t.digits??6,period:t.period??30,epoch:t.epoch??Math.floor(Date.now()/1e3),t0:t.t0??0,counter:t.counter,guardrails:t.guardrails??O()}}function f(t){return{...u(t),token:t.token,epochTolerance:t.epochTolerance??0,counterTolerance:t.counterTolerance??0}}function g(t,e,r){if(t==="totp")return r.totp();if(t==="hotp"){if(e===void 0)throw new T("Counter is required for HOTP strategy. Example: { strategy: 'hotp', counter: 0 }");return r.hotp(e)}throw new T(`Unknown OTP strategy: ${t}. Valid strategies are 'totp' or 'hotp'.`)}function I(t){let{crypto:e=y,base32:r=l,length:o=20}=t||{};return m({crypto:e,base32:r,length:o})}function j(t){let{strategy:e="totp",issuer:r,label:o,secret:i,algorithm:s="sha1",digits:p=6,period:n=30,counter:a}=t;return g(e,a,{totp:()=>R({issuer:r,label:o,secret:i,algorithm:s,digits:p,period:n}),hotp:c=>v({issuer:r,label:o,secret:i,algorithm:s,digits:p,counter:c})})}async function A(t){let e=u(t),{secret:r,crypto:o,base32:i,algorithm:s,digits:p}=e,n={secret:r,crypto:o,base32:i,algorithm:s,digits:p};return g(e.strategy,e.counter,{totp:()=>V({...n,period:e.period,epoch:e.epoch,t0:e.t0,guardrails:e.guardrails}),hotp:a=>d({...n,counter:a,guardrails:e.guardrails})})}function E(t){let e=u(t),{secret:r,crypto:o,base32:i,algorithm:s,digits:p}=e,n={secret:r,crypto:o,base32:i,algorithm:s,digits:p};return g(e.strategy,e.counter,{totp:()=>b({...n,period:e.period,epoch:e.epoch,t0:e.t0,guardrails:e.guardrails}),hotp:a=>h({...n,counter:a,guardrails:e.guardrails})})}async function q(t){let e=f(t),{secret:r,token:o,crypto:i,base32:s,algorithm:p,digits:n}=e,a={secret:r,token:o,crypto:i,base32:s,algorithm:p,digits:n};return g(e.strategy,e.counter,{totp:()=>x({...a,period:e.period,epoch:e.epoch,t0:e.t0,epochTolerance:e.epochTolerance,guardrails:e.guardrails}),hotp:c=>P({...a,counter:c,counterTolerance:e.counterTolerance,guardrails:e.guardrails})})}function M(t){let e=f(t),{secret:r,token:o,crypto:i,base32:s,algorithm:p,digits:n}=e,a={secret:r,token:o,crypto:i,base32:s,algorithm:p,digits:n};return g(e.strategy,e.counter,{totp:()=>H({...a,period:e.period,epoch:e.epoch,t0:e.t0,epochTolerance:e.epochTolerance,guardrails:e.guardrails}),hotp:c=>S({...a,counter:c,counterTolerance:e.counterTolerance,guardrails:e.guardrails})})}export{A as generate,I as generateSecret,E as generateSync,j as generateURI,q as verify,M as verifySync};
+import{generateSecret as h,ConfigurationError as m}from"@otplib/core";import{generate as d,generateSync as P,verify as S,verifySync as V}from"@otplib/hotp";import{generate as b,generateSync as x,verify as H,verifySync as R}from"@otplib/totp";import{generateTOTP as k,generateHOTP as v}from"@otplib/uri";import{createGuardrails as O}from"@otplib/core";import{base32 as y}from"@otplib/plugin-base32-scure";import{crypto as f}from"@otplib/plugin-crypto-noble";function u(t){return{secret:t.secret,strategy:t.strategy??"totp",crypto:t.crypto??f,base32:t.base32??y,algorithm:t.algorithm??"sha1",digits:t.digits??6,period:t.period??30,epoch:t.epoch??Math.floor(Date.now()/1e3),t0:t.t0??0,counter:t.counter,guardrails:t.guardrails??O(),hooks:t.hooks}}function T(t){return{...u(t),token:t.token,epochTolerance:t.epochTolerance??0,counterTolerance:t.counterTolerance??0,afterTimeStep:t.afterTimeStep}}function g(t,e,r){if(t==="totp")return r.totp();if(t==="hotp"){if(e===void 0)throw new m("Counter is required for HOTP strategy. Example: { strategy: 'hotp', counter: 0 }");return r.hotp(e)}throw new m(`Unknown OTP strategy: ${t}. Valid strategies are 'totp' or 'hotp'.`)}function j(t){let{crypto:e=f,base32:r=y,length:o=20}=t||{};return h({crypto:e,base32:r,length:o})}function A(t){let{strategy:e="totp",issuer:r,label:o,secret:a,algorithm:i="sha1",digits:n=6,period:s=30,counter:p}=t;return g(e,p,{totp:()=>k({issuer:r,label:o,secret:a,algorithm:i,digits:n,period:s}),hotp:c=>v({issuer:r,label:o,secret:a,algorithm:i,digits:n,counter:c})})}async function E(t){let e=u(t),{secret:r,crypto:o,base32:a,algorithm:i,digits:n,hooks:s}=e,p={secret:r,crypto:o,base32:a,algorithm:i,digits:n,hooks:s};return g(e.strategy,e.counter,{totp:()=>b({...p,period:e.period,epoch:e.epoch,t0:e.t0,guardrails:e.guardrails}),hotp:c=>d({...p,counter:c,guardrails:e.guardrails})})}function q(t){let e=u(t),{secret:r,crypto:o,base32:a,algorithm:i,digits:n}=e,s={secret:r,crypto:o,base32:a,algorithm:i,digits:n};return g(e.strategy,e.counter,{totp:()=>x({...s,period:e.period,epoch:e.epoch,t0:e.t0,guardrails:e.guardrails}),hotp:p=>P({...s,counter:p,guardrails:e.guardrails})})}async function M(t){let e=T(t),{secret:r,token:o,crypto:a,base32:i,algorithm:n,digits:s,hooks:p}=e,c={secret:r,token:o,crypto:a,base32:i,algorithm:n,digits:s,hooks:p};return g(e.strategy,e.counter,{totp:()=>H({...c,period:e.period,epoch:e.epoch,t0:e.t0,epochTolerance:e.epochTolerance,afterTimeStep:e.afterTimeStep,guardrails:e.guardrails}),hotp:l=>S({...c,counter:l,counterTolerance:e.counterTolerance,guardrails:e.guardrails})})}function $(t){let e=T(t),{secret:r,token:o,crypto:a,base32:i,algorithm:n,digits:s,hooks:p}=e,c={secret:r,token:o,crypto:a,base32:i,algorithm:n,digits:s,hooks:p};return g(e.strategy,e.counter,{totp:()=>R({...c,period:e.period,epoch:e.epoch,t0:e.t0,epochTolerance:e.epochTolerance,afterTimeStep:e.afterTimeStep,guardrails:e.guardrails}),hotp:l=>V({...c,counter:l,counterTolerance:e.counterTolerance,guardrails:e.guardrails})})}export{E as generate,j as generateSecret,q as generateSync,A as generateURI,M as verify,$ as verifySync};
 //# sourceMappingURL=functional.js.map

package/dist/functional.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/functional.ts","../src/defaults.ts"],"sourcesContent":["import { generateSecret as generateSecretCore, ConfigurationError } from \"@otplib/core\";\nimport {\n generate as generateHOTP,\n generateSync as generateHOTPSync,\n verify as verifyHOTP,\n verifySync as verifyHOTPSync,\n} from \"@otplib/hotp\";\nimport {\n generate as generateTOTP,\n generateSync as generateTOTPSync,\n verify as verifyTOTP,\n verifySync as verifyTOTPSync,\n} from \"@otplib/totp\";\nimport { generateTOTP as generateTOTPURI, generateHOTP as generateHOTURI } from \"@otplib/uri\";\n\nimport {\n defaultCrypto,\n defaultBase32,\n normalizeGenerateOptions,\n normalizeVerifyOptions,\n} from \"./defaults.js\";\n\nimport type {\n OTPGenerateOptions,\n OTPVerifyOptions,\n OTPStrategy,\n StrategyHandlers,\n} from \"./types.js\";\nimport type { CryptoPlugin, Base32Plugin, Digits, HashAlgorithm } from \"@otplib/core\";\nimport type { VerifyResult as HOTPVerifyResult } from \"@otplib/hotp\";\nimport type { VerifyResult as TOTPVerifyResult } from \"@otplib/totp\";\n\nexport type { OTPStrategy };\n\nexport type VerifyResult = TOTPVerifyResult \| HOTPVerifyResult;\n\nfunction executeByStrategy<T>(\n strategy: OTPStrategy,\n counter: number \| undefined,\n handlers: StrategyHandlers<T>,\n): T {\n if (strategy === \"totp\") {\n return handlers.totp();\n }\n if (strategy === \"hotp\") {\n if (counter === undefined) {\n throw new ConfigurationError(\n \"Counter is required for HOTP strategy. Example: { strategy: 'hotp', counter: 0 }\",\n );\n }\n return handlers.hotp(counter);\n }\n throw new ConfigurationError(\n `Unknown OTP strategy: ${strategy}. Valid strategies are 'totp' or 'hotp'.`,\n );\n}\n\n/*\n Generate a random secret key for use with OTP\n \n The secret is encoded in Base32 format for compatibility with\n * Google Authenticator and other authenticator apps.\n \n @param options - Secret generation options\n * @returns Base32-encoded secret key\n \n @example\n * ```ts\n * import { generateSecret } from 'otplib';\n \n const secret = generateSecret();\n * // Returns: 'JBSWY3DPEHPK3PXP'\n * ```\n \n @example With custom plugins\n * ```ts\n * import { generateSecret, NodeCryptoPlugin } from 'otplib';\n \n const secret = generateSecret({\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport function generateSecret(options?: {\n /\n Number of random bytes to generate (default: 20)\n * 20 bytes = 160 bits, which provides a good security margin\n /\n length?: number;\n\n /\n Crypto plugin to use (default: NobleCryptoPlugin)\n /\n crypto?: CryptoPlugin;\n\n /\n Base32 plugin to use (default: ScureBase32Plugin)\n /\n base32?: Base32Plugin;\n}): string {\n const { crypto = defaultCrypto, base32 = defaultBase32, length = 20 } = options \|\| {};\n\n return generateSecretCore({ crypto, base32, length });\n}\n\n/\n Generate an otpauth:// URI for QR code generation\n \n This URI can be used to generate a QR code that can be scanned\n * by Google Authenticator and other authenticator apps.\n \n @param options - URI generation options\n * @returns otpauth:// URI string\n \n @example TOTP\n * ```ts\n * import { generateURI } from 'otplib';\n \n const uri = generateURI({\n * issuer: 'ACME Co',\n * label: 'john@example.com',\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * // Returns: 'otpauth://totp/ACME%20Co:john%40example.com?secret=...'\n * ```\n \n @example HOTP\n * ```ts\n * import { generateURI } from 'otplib';\n \n const uri = generateURI({\n * strategy: 'hotp',\n * issuer: 'ACME Co',\n * label: 'john@example.com',\n * secret: 'JBSWY3DPEHPK3PXP',\n * counter: 5,\n * });\n * // Returns: 'otpauth://hotp/ACME%20Co:john%40example.com?secret=...&counter=5'\n * ```\n /\nexport function generateURI(options: {\n /\n OTP strategy to use (default: 'totp')\n /\n strategy?: OTPStrategy;\n issuer: string;\n label: string;\n /\n Base32-encoded secret key\n \n Note: By default, strings are assumed to be Base32 encoded.\n * If you have a raw string/passphrase, you must convert it to Uint8Array first.\n /\n secret: string;\n algorithm?: HashAlgorithm;\n digits?: Digits;\n period?: number;\n counter?: number;\n}): string {\n const {\n strategy = \"totp\",\n issuer,\n label,\n secret,\n algorithm = \"sha1\",\n digits = 6,\n period = 30,\n counter,\n } = options;\n\n return executeByStrategy(strategy, counter, {\n totp: () => generateTOTPURI({ issuer, label, secret, algorithm, digits, period }),\n hotp: (counter) => generateHOTURI({ issuer, label, secret, algorithm, digits, counter }),\n });\n}\n\n/\n Generate an OTP code\n \n Generates a one-time password based on the specified strategy.\n * - 'totp': Time-based OTP (default)\n * - 'hotp': HMAC-based OTP\n \n @param options - OTP generation options\n * @returns OTP code\n \n @example TOTP\n * ```ts\n * import { generate } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * // Returns: '123456'\n * ```\n \n @example HOTP\n * ```ts\n * import { generate } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * strategy: 'hotp',\n * counter: 0,\n * });\n * ```\n \n @example With custom plugins\n * ```ts\n * import { generate, NodeCryptoPlugin } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport async function generate(options: OTPGenerateOptions): Promise<string> {\n const opts = normalizeGenerateOptions(options);\n const { secret, crypto, base32, algorithm, digits } = opts;\n const commonOptions = { secret, crypto, base32, algorithm, digits };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n generateTOTP({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n generateHOTP({\n ...commonOptions,\n counter,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Generate an OTP code synchronously\n \n This is the synchronous version of {@link generate}. It requires a crypto\n * plugin that supports synchronous HMAC operations.\n \n @param options - OTP generation options\n * @returns OTP code\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n \n @example\n * ```ts\n * import { generateSync } from 'otplib';\n \n const token = generateSync({\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * ```\n /\nexport function generateSync(options: OTPGenerateOptions): string {\n const opts = normalizeGenerateOptions(options);\n const { secret, crypto, base32, algorithm, digits } = opts;\n const commonOptions = { secret, crypto, base32, algorithm, digits };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n generateTOTPSync({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n generateHOTPSync({\n ...commonOptions,\n counter,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Verify an OTP code\n \n Verifies a provided OTP code against the expected value based on the strategy.\n * - 'totp': Time-based OTP (default, Google Authenticator compatible)\n * - 'hotp': HMAC-based OTP\n \n Uses constant-time comparison to prevent timing attacks.\n \n @param options - OTP verification options\n * @returns Verification result with validity and optional delta\n \n @example TOTP\n * ```ts\n * import { verify } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * });\n * // Returns: { valid: true, delta: 0 }\n * ```\n \n @example HOTP\n * ```ts\n * import { verify } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * strategy: 'hotp',\n * counter: 0,\n * });\n * ```\n \n @example With epochTolerance for TOTP\n * ```ts\n * import { verify, NodeCryptoPlugin } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * epochTolerance: 30,\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport async function verify(options: OTPVerifyOptions): Promise<VerifyResult> {\n const opts = normalizeVerifyOptions(options);\n const { secret, token, crypto, base32, algorithm, digits } = opts;\n const commonOptions = { secret, token, crypto, base32, algorithm, digits };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n verifyTOTP({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n epochTolerance: opts.epochTolerance,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n verifyHOTP({\n ...commonOptions,\n counter,\n counterTolerance: opts.counterTolerance,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Verify an OTP code synchronously\n \n This is the synchronous version of {@link verify}. It requires a crypto\n * plugin that supports synchronous HMAC operations.\n \n @param options - OTP verification options\n * @returns Verification result with validity and optional delta\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n \n @example\n * ```ts\n * import { verifySync } from 'otplib';\n \n const result = verifySync({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * });\n * ```\n /\nexport function verifySync(options: OTPVerifyOptions): VerifyResult {\n const opts = normalizeVerifyOptions(options);\n const { secret, token, crypto, base32, algorithm, digits } = opts;\n const commonOptions = { secret, token, crypto, base32, algorithm, digits };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n verifyTOTPSync({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n epochTolerance: opts.epochTolerance,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n verifyHOTPSync({\n ...commonOptions,\n counter,\n counterTolerance: opts.counterTolerance,\n guardrails: opts.guardrails,\n }),\n });\n}\n","/\n Default plugin instances\n \n Shared across functional and class APIs to ensure singleton behavior\n * and reduce memory overhead. Uses pre-instantiated frozen singletons\n * from the plugin packages.\n */\nimport { createGuardrails } from \"@otplib/core\";\nimport { base32 as defaultBase32 } from \"@otplib/plugin-base32-scure\";\nimport { crypto as defaultCrypto } from \"@otplib/plugin-crypto-noble\";\n\nimport type {\n OTPGenerateOptions,\n OTPVerifyOptions,\n OTPGenerateOptionsWithDefaults,\n OTPVerifyOptionsWithDefaults,\n} from \"./types.js\";\n\nexport { defaultCrypto, defaultBase32 };\n\nexport function normalizeGenerateOptions(\n options: OTPGenerateOptions,\n): OTPGenerateOptionsWithDefaults {\n return {\n secret: options.secret,\n strategy: options.strategy ?? \"totp\",\n crypto: options.crypto ?? defaultCrypto,\n base32: options.base32 ?? defaultBase32,\n algorithm: options.algorithm ?? \"sha1\",\n digits: options.digits ?? 6,\n period: options.period ?? 30,\n epoch: options.epoch ?? Math.floor(Date.now() / 1000),\n t0: options.t0 ?? 0,\n counter: options.counter,\n guardrails: options.guardrails ?? createGuardrails(),\n };\n}\n\nexport function normalizeVerifyOptions(options: OTPVerifyOptions): OTPVerifyOptionsWithDefaults {\n return {\n ...normalizeGenerateOptions(options),\n token: options.token,\n epochTolerance: options.epochTolerance ?? 0,\n counterTolerance: options.counterTolerance ?? 0,\n };\n}\n"],"mappings":"AAAA,OAAS,kBAAkBA,EAAoB,sBAAAC,MAA0B,eACzE,OACE,YAAYC,EACZ,gBAAgBC,EAChB,UAAUC,EACV,cAAcC,MACT,eACP,OACE,YAAYC,EACZ,gBAAgBC,EAChB,UAAUC,EACV,cAAcC,MACT,eACP,OAAS,gBAAgBC,EAAiB,gBAAgBC,MAAsB,cCNhF,OAAS,oBAAAC,MAAwB,eACjC,OAAS,UAAUC,MAAqB,8BACxC,OAAS,UAAUC,MAAqB,8BAWjC,SAASC,EACdC,EACgC,CAChC,MAAO,CACL,OAAQA,EAAQ,OAChB,SAAUA,EAAQ,UAAY,OAC9B,OAAQA,EAAQ,QAAUC,EAC1B,OAAQD,EAAQ,QAAUE,EAC1B,UAAWF,EAAQ,WAAa,OAChC,OAAQA,EAAQ,QAAU,EAC1B,OAAQA,EAAQ,QAAU,GAC1B,MAAOA,EAAQ,OAAS,KAAK,MAAM,KAAK,IAAI,EAAI,GAAI,EACpD,GAAIA,EAAQ,IAAM,EAClB,QAASA,EAAQ,QACjB,WAAYA,EAAQ,YAAcG,EAAiB,CACrD,CACF,CAEO,SAASC,EAAuBJ,EAAyD,CAC9F,MAAO,CACL,GAAGD,EAAyBC,CAAO,EACnC,MAAOA,EAAQ,MACf,eAAgBA,EAAQ,gBAAkB,EAC1C,iBAAkBA,EAAQ,kBAAoB,CAChD,CACF,CDTA,SAASK,EACPC,EACAC,EACAC,EACG,CACH,GAAIF,IAAa,OACf,OAAOE,EAAS,KAAK,EAEvB,GAAIF,IAAa,OAAQ,CACvB,GAAIC,IAAY,OACd,MAAM,IAAIE,EACR,kFACF,EAEF,OAAOD,EAAS,KAAKD,CAAO,CAC9B,CACA,MAAM,IAAIE,EACR,yBAAyBH,CAAQ,0CACnC,CACF,CA4BO,SAASI,EAAeC,EAgBpB,CACT,GAAM,CAAE,OAAAC,EAASC,EAAe,OAAAC,EAASC,EAAe,OAAAC,EAAS,EAAG,EAAIL,GAAW,CAAC,EAEpF,OAAOM,EAAmB,CAAE,OAAAL,EAAQ,OAAAE,EAAQ,OAAAE,CAAO,CAAC,CACtD,CAqCO,SAASE,EAAYP,EAkBjB,CACT,GAAM,CACJ,SAAAL,EAAW,OACX,OAAAa,EACA,MAAAC,EACA,OAAAC,EACA,UAAAC,EAAY,OACZ,OAAAC,EAAS,EACT,OAAAC,EAAS,GACT,QAAAjB,CACF,EAAII,EAEJ,OAAON,EAAkBC,EAAUC,EAAS,CAC1C,KAAM,IAAMkB,EAAgB,CAAE,OAAAN,EAAQ,MAAAC,EAAO,OAAAC,EAAQ,UAAAC,EAAW,OAAAC,EAAQ,OAAAC,CAAO,CAAC,EAChF,KAAOjB,GAAYmB,EAAe,CAAE,OAAAP,EAAQ,MAAAC,EAAO,OAAAC,EAAQ,UAAAC,EAAW,OAAAC,EAAQ,QAAAhB,CAAQ,CAAC,CACzF,CAAC,CACH,CA2CA,eAAsBoB,EAAShB,EAA8C,CAC3E,IAAMiB,EAAOC,EAAyBlB,CAAO,EACvC,CAAE,OAAAU,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAAIK,EAChDE,EAAgB,CAAE,OAAAT,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAElE,OAAOlB,EAAkBuB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,IACJG,EAAa,CACX,GAAGD,EACH,OAAQF,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOrB,GACLyB,EAAa,CACX,GAAGF,EACH,QAAAvB,EACA,WAAYqB,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAqBO,SAASK,EAAatB,EAAqC,CAChE,IAAMiB,EAAOC,EAAyBlB,CAAO,EACvC,CAAE,OAAAU,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAAIK,EAChDE,EAAgB,CAAE,OAAAT,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAElE,OAAOlB,EAAkBuB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,IACJM,EAAiB,CACf,GAAGJ,EACH,OAAQF,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOrB,GACL4B,EAAiB,CACf,GAAGL,EACH,QAAAvB,EACA,WAAYqB,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAiDA,eAAsBQ,EAAOzB,EAAkD,CAC7E,IAAMiB,EAAOS,EAAuB1B,CAAO,EACrC,CAAE,OAAAU,EAAQ,MAAAiB,EAAO,OAAA1B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAAIK,EACvDE,EAAgB,CAAE,OAAAT,EAAQ,MAAAiB,EAAO,OAAA1B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAEzE,OAAOlB,EAAkBuB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,IACJW,EAAW,CACT,GAAGT,EACH,OAAQF,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,eAAgBA,EAAK,eACrB,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOrB,GACLiC,EAAW,CACT,GAAGV,EACH,QAAAvB,EACA,iBAAkBqB,EAAK,iBACvB,WAAYA,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAsBO,SAASa,EAAW9B,EAAyC,CAClE,IAAMiB,EAAOS,EAAuB1B,CAAO,EACrC,CAAE,OAAAU,EAAQ,MAAAiB,EAAO,OAAA1B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAAIK,EACvDE,EAAgB,CAAE,OAAAT,EAAQ,MAAAiB,EAAO,OAAA1B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAEzE,OAAOlB,EAAkBuB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,IACJc,EAAe,CACb,GAAGZ,EACH,OAAQF,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,eAAgBA,EAAK,eACrB,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOrB,GACLoC,EAAe,CACb,GAAGb,EACH,QAAAvB,EACA,iBAAkBqB,EAAK,iBACvB,WAAYA,EAAK,UACnB,CAAC,CACL,CAAC,CACH","names":["generateSecretCore","ConfigurationError","generateHOTP","generateHOTPSync","verifyHOTP","verifyHOTPSync","generateTOTP","generateTOTPSync","verifyTOTP","verifyTOTPSync","generateTOTPURI","generateHOTURI","createGuardrails","defaultBase32","defaultCrypto","normalizeGenerateOptions","options","defaultCrypto","defaultBase32","createGuardrails","normalizeVerifyOptions","executeByStrategy","strategy","counter","handlers","ConfigurationError","generateSecret","options","crypto","defaultCrypto","base32","defaultBase32","length","generateSecretCore","generateURI","issuer","label","secret","algorithm","digits","period","generateTOTPURI","generateHOTURI","generate","opts","normalizeGenerateOptions","commonOptions","generateTOTP","generateHOTP","generateSync","generateTOTPSync","generateHOTPSync","verify","normalizeVerifyOptions","token","verifyTOTP","verifyHOTP","verifySync","verifyTOTPSync","verifyHOTPSync"]}
1	+ {"version":3,"sources":["../src/functional.ts","../src/defaults.ts"],"sourcesContent":["import { generateSecret as generateSecretCore, ConfigurationError } from \"@otplib/core\";\nimport {\n generate as generateHOTP,\n generateSync as generateHOTPSync,\n verify as verifyHOTP,\n verifySync as verifyHOTPSync,\n} from \"@otplib/hotp\";\nimport {\n generate as generateTOTP,\n generateSync as generateTOTPSync,\n verify as verifyTOTP,\n verifySync as verifyTOTPSync,\n} from \"@otplib/totp\";\nimport { generateTOTP as generateTOTPURI, generateHOTP as generateHOTURI } from \"@otplib/uri\";\n\nimport {\n defaultCrypto,\n defaultBase32,\n normalizeGenerateOptions,\n normalizeVerifyOptions,\n} from \"./defaults.js\";\n\nimport type {\n OTPGenerateOptions,\n OTPVerifyOptions,\n OTPStrategy,\n StrategyHandlers,\n} from \"./types.js\";\nimport type { CryptoPlugin, Base32Plugin, Digits, HashAlgorithm } from \"@otplib/core\";\nimport type { VerifyResult as HOTPVerifyResult } from \"@otplib/hotp\";\nimport type { VerifyResult as TOTPVerifyResult } from \"@otplib/totp\";\n\nexport type { OTPStrategy };\n\nexport type VerifyResult = TOTPVerifyResult \| HOTPVerifyResult;\n\nfunction executeByStrategy<T>(\n strategy: OTPStrategy,\n counter: number \| undefined,\n handlers: StrategyHandlers<T>,\n): T {\n if (strategy === \"totp\") {\n return handlers.totp();\n }\n if (strategy === \"hotp\") {\n if (counter === undefined) {\n throw new ConfigurationError(\n \"Counter is required for HOTP strategy. Example: { strategy: 'hotp', counter: 0 }\",\n );\n }\n return handlers.hotp(counter);\n }\n throw new ConfigurationError(\n `Unknown OTP strategy: ${strategy}. Valid strategies are 'totp' or 'hotp'.`,\n );\n}\n\n/*\n Generate a random secret key for use with OTP\n \n The secret is encoded in Base32 format for compatibility with\n * Google Authenticator and other authenticator apps.\n \n @param options - Secret generation options\n * @returns Base32-encoded secret key\n \n @example\n * ```ts\n * import { generateSecret } from 'otplib';\n \n const secret = generateSecret();\n * // Returns: 'JBSWY3DPEHPK3PXP'\n * ```\n \n @example With custom plugins\n * ```ts\n * import { generateSecret, NodeCryptoPlugin } from 'otplib';\n \n const secret = generateSecret({\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport function generateSecret(options?: {\n /\n Number of random bytes to generate (default: 20)\n * 20 bytes = 160 bits, which provides a good security margin\n /\n length?: number;\n\n /\n Crypto plugin to use (default: NobleCryptoPlugin)\n /\n crypto?: CryptoPlugin;\n\n /\n Base32 plugin to use (default: ScureBase32Plugin)\n /\n base32?: Base32Plugin;\n}): string {\n const { crypto = defaultCrypto, base32 = defaultBase32, length = 20 } = options \|\| {};\n\n return generateSecretCore({ crypto, base32, length });\n}\n\n/\n Generate an otpauth:// URI for QR code generation\n \n This URI can be used to generate a QR code that can be scanned\n * by Google Authenticator and other authenticator apps.\n \n @param options - URI generation options\n * @returns otpauth:// URI string\n \n @example TOTP\n * ```ts\n * import { generateURI } from 'otplib';\n \n const uri = generateURI({\n * issuer: 'ACME Co',\n * label: 'john@example.com',\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * // Returns: 'otpauth://totp/ACME%20Co:john%40example.com?secret=...'\n * ```\n \n @example HOTP\n * ```ts\n * import { generateURI } from 'otplib';\n \n const uri = generateURI({\n * strategy: 'hotp',\n * issuer: 'ACME Co',\n * label: 'john@example.com',\n * secret: 'JBSWY3DPEHPK3PXP',\n * counter: 5,\n * });\n * // Returns: 'otpauth://hotp/ACME%20Co:john%40example.com?secret=...&counter=5'\n * ```\n /\nexport function generateURI(options: {\n /\n OTP strategy to use (default: 'totp')\n /\n strategy?: OTPStrategy;\n issuer: string;\n label: string;\n /\n Base32-encoded secret key\n \n Note: By default, strings are assumed to be Base32 encoded.\n * If you have a raw string/passphrase, you must convert it to Uint8Array first.\n /\n secret: string;\n algorithm?: HashAlgorithm;\n digits?: Digits;\n period?: number;\n counter?: number;\n}): string {\n const {\n strategy = \"totp\",\n issuer,\n label,\n secret,\n algorithm = \"sha1\",\n digits = 6,\n period = 30,\n counter,\n } = options;\n\n return executeByStrategy(strategy, counter, {\n totp: () => generateTOTPURI({ issuer, label, secret, algorithm, digits, period }),\n hotp: (counter) => generateHOTURI({ issuer, label, secret, algorithm, digits, counter }),\n });\n}\n\n/\n Generate an OTP code\n \n Generates a one-time password based on the specified strategy.\n * - 'totp': Time-based OTP (default)\n * - 'hotp': HMAC-based OTP\n \n @param options - OTP generation options\n * @returns OTP code\n \n @example TOTP\n * ```ts\n * import { generate } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * // Returns: '123456'\n * ```\n \n @example HOTP\n * ```ts\n * import { generate } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * strategy: 'hotp',\n * counter: 0,\n * });\n * ```\n \n @example With custom plugins\n * ```ts\n * import { generate, NodeCryptoPlugin } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport async function generate(options: OTPGenerateOptions): Promise<string> {\n const opts = normalizeGenerateOptions(options);\n const { secret, crypto, base32, algorithm, digits, hooks } = opts;\n const commonOptions = { secret, crypto, base32, algorithm, digits, hooks };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n generateTOTP({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n generateHOTP({\n ...commonOptions,\n counter,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Generate an OTP code synchronously\n \n This is the synchronous version of {@link generate}. It requires a crypto\n * plugin that supports synchronous HMAC operations.\n \n @param options - OTP generation options\n * @returns OTP code\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n \n @example\n * ```ts\n * import { generateSync } from 'otplib';\n \n const token = generateSync({\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * ```\n /\nexport function generateSync(options: OTPGenerateOptions): string {\n const opts = normalizeGenerateOptions(options);\n const { secret, crypto, base32, algorithm, digits } = opts;\n const commonOptions = { secret, crypto, base32, algorithm, digits };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n generateTOTPSync({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n generateHOTPSync({\n ...commonOptions,\n counter,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Verify an OTP code\n \n Verifies a provided OTP code against the expected value based on the strategy.\n * - 'totp': Time-based OTP (default, Google Authenticator compatible)\n * - 'hotp': HMAC-based OTP\n \n Uses constant-time comparison to prevent timing attacks.\n \n @param options - OTP verification options\n * @returns Verification result with validity and optional delta\n \n @example TOTP\n * ```ts\n * import { verify } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * });\n * // Returns: { valid: true, delta: 0 }\n * ```\n \n @example HOTP\n * ```ts\n * import { verify } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * strategy: 'hotp',\n * counter: 0,\n * });\n * ```\n \n @example With epochTolerance for TOTP\n * ```ts\n * import { verify, NodeCryptoPlugin } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * epochTolerance: 30,\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport async function verify(options: OTPVerifyOptions): Promise<VerifyResult> {\n const opts = normalizeVerifyOptions(options);\n const { secret, token, crypto, base32, algorithm, digits, hooks } = opts;\n const commonOptions = { secret, token, crypto, base32, algorithm, digits, hooks };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n verifyTOTP({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n epochTolerance: opts.epochTolerance,\n afterTimeStep: opts.afterTimeStep,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n verifyHOTP({\n ...commonOptions,\n counter,\n counterTolerance: opts.counterTolerance,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Verify an OTP code synchronously\n \n This is the synchronous version of {@link verify}. It requires a crypto\n * plugin that supports synchronous HMAC operations.\n \n @param options - OTP verification options\n * @returns Verification result with validity and optional delta\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n \n @example\n * ```ts\n * import { verifySync } from 'otplib';\n \n const result = verifySync({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * });\n * ```\n /\nexport function verifySync(options: OTPVerifyOptions): VerifyResult {\n const opts = normalizeVerifyOptions(options);\n const { secret, token, crypto, base32, algorithm, digits, hooks } = opts;\n const commonOptions = { secret, token, crypto, base32, algorithm, digits, hooks };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n verifyTOTPSync({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n epochTolerance: opts.epochTolerance,\n afterTimeStep: opts.afterTimeStep,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n verifyHOTPSync({\n ...commonOptions,\n counter,\n counterTolerance: opts.counterTolerance,\n guardrails: opts.guardrails,\n }),\n });\n}\n","/\n Default plugin instances\n \n Shared across functional and class APIs to ensure singleton behavior\n * and reduce memory overhead. Uses pre-instantiated frozen singletons\n * from the plugin packages.\n */\nimport { createGuardrails } from \"@otplib/core\";\nimport { base32 as defaultBase32 } from \"@otplib/plugin-base32-scure\";\nimport { crypto as defaultCrypto } from \"@otplib/plugin-crypto-noble\";\n\nimport type {\n OTPGenerateOptions,\n OTPVerifyOptions,\n OTPGenerateOptionsWithDefaults,\n OTPVerifyOptionsWithDefaults,\n} from \"./types.js\";\n\nexport { defaultCrypto, defaultBase32 };\n\nexport function normalizeGenerateOptions(\n options: OTPGenerateOptions,\n): OTPGenerateOptionsWithDefaults {\n return {\n secret: options.secret,\n strategy: options.strategy ?? \"totp\",\n crypto: options.crypto ?? defaultCrypto,\n base32: options.base32 ?? defaultBase32,\n algorithm: options.algorithm ?? \"sha1\",\n digits: options.digits ?? 6,\n period: options.period ?? 30,\n epoch: options.epoch ?? Math.floor(Date.now() / 1000),\n t0: options.t0 ?? 0,\n counter: options.counter,\n guardrails: options.guardrails ?? createGuardrails(),\n hooks: options.hooks,\n };\n}\n\nexport function normalizeVerifyOptions(options: OTPVerifyOptions): OTPVerifyOptionsWithDefaults {\n return {\n ...normalizeGenerateOptions(options),\n token: options.token,\n epochTolerance: options.epochTolerance ?? 0,\n counterTolerance: options.counterTolerance ?? 0,\n afterTimeStep: options.afterTimeStep,\n };\n}\n"],"mappings":"AAAA,OAAS,kBAAkBA,EAAoB,sBAAAC,MAA0B,eACzE,OACE,YAAYC,EACZ,gBAAgBC,EAChB,UAAUC,EACV,cAAcC,MACT,eACP,OACE,YAAYC,EACZ,gBAAgBC,EAChB,UAAUC,EACV,cAAcC,MACT,eACP,OAAS,gBAAgBC,EAAiB,gBAAgBC,MAAsB,cCNhF,OAAS,oBAAAC,MAAwB,eACjC,OAAS,UAAUC,MAAqB,8BACxC,OAAS,UAAUC,MAAqB,8BAWjC,SAASC,EACdC,EACgC,CAChC,MAAO,CACL,OAAQA,EAAQ,OAChB,SAAUA,EAAQ,UAAY,OAC9B,OAAQA,EAAQ,QAAUC,EAC1B,OAAQD,EAAQ,QAAUE,EAC1B,UAAWF,EAAQ,WAAa,OAChC,OAAQA,EAAQ,QAAU,EAC1B,OAAQA,EAAQ,QAAU,GAC1B,MAAOA,EAAQ,OAAS,KAAK,MAAM,KAAK,IAAI,EAAI,GAAI,EACpD,GAAIA,EAAQ,IAAM,EAClB,QAASA,EAAQ,QACjB,WAAYA,EAAQ,YAAcG,EAAiB,EACnD,MAAOH,EAAQ,KACjB,CACF,CAEO,SAASI,EAAuBJ,EAAyD,CAC9F,MAAO,CACL,GAAGD,EAAyBC,CAAO,EACnC,MAAOA,EAAQ,MACf,eAAgBA,EAAQ,gBAAkB,EAC1C,iBAAkBA,EAAQ,kBAAoB,EAC9C,cAAeA,EAAQ,aACzB,CACF,CDXA,SAASK,EACPC,EACAC,EACAC,EACG,CACH,GAAIF,IAAa,OACf,OAAOE,EAAS,KAAK,EAEvB,GAAIF,IAAa,OAAQ,CACvB,GAAIC,IAAY,OACd,MAAM,IAAIE,EACR,kFACF,EAEF,OAAOD,EAAS,KAAKD,CAAO,CAC9B,CACA,MAAM,IAAIE,EACR,yBAAyBH,CAAQ,0CACnC,CACF,CA4BO,SAASI,EAAeC,EAgBpB,CACT,GAAM,CAAE,OAAAC,EAASC,EAAe,OAAAC,EAASC,EAAe,OAAAC,EAAS,EAAG,EAAIL,GAAW,CAAC,EAEpF,OAAOM,EAAmB,CAAE,OAAAL,EAAQ,OAAAE,EAAQ,OAAAE,CAAO,CAAC,CACtD,CAqCO,SAASE,EAAYP,EAkBjB,CACT,GAAM,CACJ,SAAAL,EAAW,OACX,OAAAa,EACA,MAAAC,EACA,OAAAC,EACA,UAAAC,EAAY,OACZ,OAAAC,EAAS,EACT,OAAAC,EAAS,GACT,QAAAjB,CACF,EAAII,EAEJ,OAAON,EAAkBC,EAAUC,EAAS,CAC1C,KAAM,IAAMkB,EAAgB,CAAE,OAAAN,EAAQ,MAAAC,EAAO,OAAAC,EAAQ,UAAAC,EAAW,OAAAC,EAAQ,OAAAC,CAAO,CAAC,EAChF,KAAOjB,GAAYmB,EAAe,CAAE,OAAAP,EAAQ,MAAAC,EAAO,OAAAC,EAAQ,UAAAC,EAAW,OAAAC,EAAQ,QAAAhB,CAAQ,CAAC,CACzF,CAAC,CACH,CA2CA,eAAsBoB,EAAShB,EAA8C,CAC3E,IAAMiB,EAAOC,EAAyBlB,CAAO,EACvC,CAAE,OAAAU,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAAIF,EACvDG,EAAgB,CAAE,OAAAV,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAEzE,OAAOzB,EAAkBuB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,IACJI,EAAa,CACX,GAAGD,EACH,OAAQH,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOrB,GACL0B,EAAa,CACX,GAAGF,EACH,QAAAxB,EACA,WAAYqB,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAqBO,SAASM,EAAavB,EAAqC,CAChE,IAAMiB,EAAOC,EAAyBlB,CAAO,EACvC,CAAE,OAAAU,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAAIK,EAChDG,EAAgB,CAAE,OAAAV,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAElE,OAAOlB,EAAkBuB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,IACJO,EAAiB,CACf,GAAGJ,EACH,OAAQH,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOrB,GACL6B,EAAiB,CACf,GAAGL,EACH,QAAAxB,EACA,WAAYqB,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAiDA,eAAsBS,EAAO1B,EAAkD,CAC7E,IAAMiB,EAAOU,EAAuB3B,CAAO,EACrC,CAAE,OAAAU,EAAQ,MAAAkB,EAAO,OAAA3B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAAIF,EAC9DG,EAAgB,CAAE,OAAAV,EAAQ,MAAAkB,EAAO,OAAA3B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAEhF,OAAOzB,EAAkBuB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,IACJY,EAAW,CACT,GAAGT,EACH,OAAQH,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,eAAgBA,EAAK,eACrB,cAAeA,EAAK,cACpB,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOrB,GACLkC,EAAW,CACT,GAAGV,EACH,QAAAxB,EACA,iBAAkBqB,EAAK,iBACvB,WAAYA,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAsBO,SAASc,EAAW/B,EAAyC,CAClE,IAAMiB,EAAOU,EAAuB3B,CAAO,EACrC,CAAE,OAAAU,EAAQ,MAAAkB,EAAO,OAAA3B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAAIF,EAC9DG,EAAgB,CAAE,OAAAV,EAAQ,MAAAkB,EAAO,OAAA3B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAEhF,OAAOzB,EAAkBuB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,IACJe,EAAe,CACb,GAAGZ,EACH,OAAQH,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,eAAgBA,EAAK,eACrB,cAAeA,EAAK,cACpB,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOrB,GACLqC,EAAe,CACb,GAAGb,EACH,QAAAxB,EACA,iBAAkBqB,EAAK,iBACvB,WAAYA,EAAK,UACnB,CAAC,CACL,CAAC,CACH","names":["generateSecretCore","ConfigurationError","generateHOTP","generateHOTPSync","verifyHOTP","verifyHOTPSync","generateTOTP","generateTOTPSync","verifyTOTP","verifyTOTPSync","generateTOTPURI","generateHOTURI","createGuardrails","defaultBase32","defaultCrypto","normalizeGenerateOptions","options","defaultCrypto","defaultBase32","createGuardrails","normalizeVerifyOptions","executeByStrategy","strategy","counter","handlers","ConfigurationError","generateSecret","options","crypto","defaultCrypto","base32","defaultBase32","length","generateSecretCore","generateURI","issuer","label","secret","algorithm","digits","period","generateTOTPURI","generateHOTURI","generate","opts","normalizeGenerateOptions","hooks","commonOptions","generateTOTP","generateHOTP","generateSync","generateTOTPSync","generateHOTPSync","verify","normalizeVerifyOptions","token","verifyTOTP","verifyHOTP","verifySync","verifyTOTPSync","verifyHOTPSync"]}

package/dist/index.cjs CHANGED Viewed

@@ -1,2 +1,2 @@
-"use strict";var G=Object.defineProperty;var I=Object.getOwnPropertyDescriptor;var w=Object.getOwnPropertyNames;var k=Object.prototype.hasOwnProperty;var j=(t,e)=>{for(var r in e)G(t,r,{get:e[r],enumerable:!0})},z=(t,e,r,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let a of w(e))!k.call(t,a)&&a!==r&&G(t,a,{get:()=>e[a],enumerable:!(i=I(e,a))||i.enumerable});return t};var W=t=>z(G({},"__esModule",{value:!0}),t);var E={};j(E,{HOTP:()=>U.HOTP,NobleCryptoPlugin:()=>A.NobleCryptoPlugin,OTP:()=>R,ScureBase32Plugin:()=>D.ScureBase32Plugin,TOTP:()=>B.TOTP,createGuardrails:()=>u.createGuardrails,generate:()=>d,generateSecret:()=>C,generateSync:()=>b,generateURI:()=>h,stringToBytes:()=>u.stringToBytes,verify:()=>S,verifySync:()=>V,wrapResult:()=>u.wrapResult,wrapResultAsync:()=>u.wrapResultAsync});module.exports=W(E);var f=require("@otplib/core"),y=require("@otplib/hotp"),g=require("@otplib/totp"),P=require("@otplib/uri");var v=require("@otplib/core"),l=require("@otplib/plugin-base32-scure"),c=require("@otplib/plugin-crypto-noble");function T(t){return{secret:t.secret,strategy:t.strategy??"totp",crypto:t.crypto??c.crypto,base32:t.base32??l.base32,algorithm:t.algorithm??"sha1",digits:t.digits??6,period:t.period??30,epoch:t.epoch??Math.floor(Date.now()/1e3),t0:t.t0??0,counter:t.counter,guardrails:t.guardrails??(0,v.createGuardrails)()}}function H(t){return{...T(t),token:t.token,epochTolerance:t.epochTolerance??0,counterTolerance:t.counterTolerance??0}}function m(t,e,r){if(t==="totp")return r.totp();if(t==="hotp"){if(e===void 0)throw new f.ConfigurationError("Counter is required for HOTP strategy. Example: { strategy: 'hotp', counter: 0 }");return r.hotp(e)}throw new f.ConfigurationError(`Unknown OTP strategy: ${t}. Valid strategies are 'totp' or 'hotp'.`)}function C(t){let{crypto:e=c.crypto,base32:r=l.base32,length:i=20}=t||{};return(0,f.generateSecret)({crypto:e,base32:r,length:i})}function h(t){let{strategy:e="totp",issuer:r,label:i,secret:a,algorithm:o="sha1",digits:p=6,period:s=30,counter:n}=t;return m(e,n,{totp:()=>(0,P.generateTOTP)({issuer:r,label:i,secret:a,algorithm:o,digits:p,period:s}),hotp:O=>(0,P.generateHOTP)({issuer:r,label:i,secret:a,algorithm:o,digits:p,counter:O})})}async function d(t){let e=T(t),{secret:r,crypto:i,base32:a,algorithm:o,digits:p}=e,s={secret:r,crypto:i,base32:a,algorithm:o,digits:p};return m(e.strategy,e.counter,{totp:()=>(0,g.generate)({...s,period:e.period,epoch:e.epoch,t0:e.t0,guardrails:e.guardrails}),hotp:n=>(0,y.generate)({...s,counter:n,guardrails:e.guardrails})})}function b(t){let e=T(t),{secret:r,crypto:i,base32:a,algorithm:o,digits:p}=e,s={secret:r,crypto:i,base32:a,algorithm:o,digits:p};return m(e.strategy,e.counter,{totp:()=>(0,g.generateSync)({...s,period:e.period,epoch:e.epoch,t0:e.t0,guardrails:e.guardrails}),hotp:n=>(0,y.generateSync)({...s,counter:n,guardrails:e.guardrails})})}async function S(t){let e=H(t),{secret:r,token:i,crypto:a,base32:o,algorithm:p,digits:s}=e,n={secret:r,token:i,crypto:a,base32:o,algorithm:p,digits:s};return m(e.strategy,e.counter,{totp:()=>(0,g.verify)({...n,period:e.period,epoch:e.epoch,t0:e.t0,epochTolerance:e.epochTolerance,guardrails:e.guardrails}),hotp:O=>(0,y.verify)({...n,counter:O,counterTolerance:e.counterTolerance,guardrails:e.guardrails})})}function V(t){let e=H(t),{secret:r,token:i,crypto:a,base32:o,algorithm:p,digits:s}=e,n={secret:r,token:i,crypto:a,base32:o,algorithm:p,digits:s};return m(e.strategy,e.counter,{totp:()=>(0,g.verifySync)({...n,period:e.period,epoch:e.epoch,t0:e.t0,epochTolerance:e.epochTolerance,guardrails:e.guardrails}),hotp:O=>(0,y.verifySync)({...n,counter:O,counterTolerance:e.counterTolerance,guardrails:e.guardrails})})}var x=require("@otplib/core");var R=class{strategy;crypto;base32;guardrails;constructor(e={}){let{strategy:r="totp",crypto:i=c.crypto,base32:a=l.base32,guardrails:o}=e;this.strategy=r,this.crypto=i,this.base32=a,this.guardrails=(0,x.createGuardrails)(o)}getStrategy(){return this.strategy}generateSecret(e=20){return(0,x.generateSecret)({crypto:this.crypto,base32:this.base32,length:e})}async generate(e){return d({...e,strategy:this.strategy,crypto:this.crypto,base32:this.base32,guardrails:e.guardrails??this.guardrails})}generateSync(e){return b({...e,strategy:this.strategy,crypto:this.crypto,base32:this.base32,guardrails:e.guardrails??this.guardrails})}async verify(e){return S({...e,strategy:this.strategy,crypto:this.crypto,base32:this.base32,guardrails:e.guardrails??this.guardrails})}verifySync(e){return V({...e,strategy:this.strategy,crypto:this.crypto,base32:this.base32,guardrails:e.guardrails??this.guardrails})}generateURI(e){return h({...e,strategy:this.strategy})}};var U=require("@otplib/hotp"),B=require("@otplib/totp"),u=require("@otplib/core"),A=require("@otplib/plugin-crypto-noble"),D=require("@otplib/plugin-base32-scure");0&&(module.exports={HOTP,NobleCryptoPlugin,OTP,ScureBase32Plugin,TOTP,createGuardrails,generate,generateSecret,generateSync,generateURI,stringToBytes,verify,verifySync,wrapResult,wrapResultAsync});
+"use strict";var H=Object.defineProperty;var I=Object.getOwnPropertyDescriptor;var w=Object.getOwnPropertyNames;var j=Object.prototype.hasOwnProperty;var z=(t,e)=>{for(var r in e)H(t,r,{get:e[r],enumerable:!0})},W=(t,e,r,o)=>{if(e&&typeof e=="object"||typeof e=="function")for(let a of w(e))!j.call(t,a)&&a!==r&&H(t,a,{get:()=>e[a],enumerable:!(o=I(e,a))||o.enumerable});return t};var E=t=>W(H({},"__esModule",{value:!0}),t);var F={};z(F,{HOTP:()=>U.HOTP,NobleCryptoPlugin:()=>A.NobleCryptoPlugin,OTP:()=>R,ScureBase32Plugin:()=>D.ScureBase32Plugin,TOTP:()=>B.TOTP,createGuardrails:()=>l.createGuardrails,generate:()=>d,generateSecret:()=>k,generateSync:()=>b,generateURI:()=>P,stringToBytes:()=>l.stringToBytes,verify:()=>S,verifySync:()=>V,wrapResult:()=>l.wrapResult,wrapResultAsync:()=>l.wrapResultAsync});module.exports=E(F);var O=require("@otplib/core"),u=require("@otplib/hotp"),g=require("@otplib/totp"),h=require("@otplib/uri");var C=require("@otplib/core"),c=require("@otplib/plugin-base32-scure"),f=require("@otplib/plugin-crypto-noble");function m(t){return{secret:t.secret,strategy:t.strategy??"totp",crypto:t.crypto??f.crypto,base32:t.base32??c.base32,algorithm:t.algorithm??"sha1",digits:t.digits??6,period:t.period??30,epoch:t.epoch??Math.floor(Date.now()/1e3),t0:t.t0??0,counter:t.counter,guardrails:t.guardrails??(0,C.createGuardrails)(),hooks:t.hooks}}function v(t){return{...m(t),token:t.token,epochTolerance:t.epochTolerance??0,counterTolerance:t.counterTolerance??0,afterTimeStep:t.afterTimeStep}}function T(t,e,r){if(t==="totp")return r.totp();if(t==="hotp"){if(e===void 0)throw new O.ConfigurationError("Counter is required for HOTP strategy. Example: { strategy: 'hotp', counter: 0 }");return r.hotp(e)}throw new O.ConfigurationError(`Unknown OTP strategy: ${t}. Valid strategies are 'totp' or 'hotp'.`)}function k(t){let{crypto:e=f.crypto,base32:r=c.base32,length:o=20}=t||{};return(0,O.generateSecret)({crypto:e,base32:r,length:o})}function P(t){let{strategy:e="totp",issuer:r,label:o,secret:a,algorithm:i="sha1",digits:s=6,period:n=30,counter:p}=t;return T(e,p,{totp:()=>(0,h.generateTOTP)({issuer:r,label:o,secret:a,algorithm:i,digits:s,period:n}),hotp:y=>(0,h.generateHOTP)({issuer:r,label:o,secret:a,algorithm:i,digits:s,counter:y})})}async function d(t){let e=m(t),{secret:r,crypto:o,base32:a,algorithm:i,digits:s,hooks:n}=e,p={secret:r,crypto:o,base32:a,algorithm:i,digits:s,hooks:n};return T(e.strategy,e.counter,{totp:()=>(0,g.generate)({...p,period:e.period,epoch:e.epoch,t0:e.t0,guardrails:e.guardrails}),hotp:y=>(0,u.generate)({...p,counter:y,guardrails:e.guardrails})})}function b(t){let e=m(t),{secret:r,crypto:o,base32:a,algorithm:i,digits:s}=e,n={secret:r,crypto:o,base32:a,algorithm:i,digits:s};return T(e.strategy,e.counter,{totp:()=>(0,g.generateSync)({...n,period:e.period,epoch:e.epoch,t0:e.t0,guardrails:e.guardrails}),hotp:p=>(0,u.generateSync)({...n,counter:p,guardrails:e.guardrails})})}async function S(t){let e=v(t),{secret:r,token:o,crypto:a,base32:i,algorithm:s,digits:n,hooks:p}=e,y={secret:r,token:o,crypto:a,base32:i,algorithm:s,digits:n,hooks:p};return T(e.strategy,e.counter,{totp:()=>(0,g.verify)({...y,period:e.period,epoch:e.epoch,t0:e.t0,epochTolerance:e.epochTolerance,afterTimeStep:e.afterTimeStep,guardrails:e.guardrails}),hotp:x=>(0,u.verify)({...y,counter:x,counterTolerance:e.counterTolerance,guardrails:e.guardrails})})}function V(t){let e=v(t),{secret:r,token:o,crypto:a,base32:i,algorithm:s,digits:n,hooks:p}=e,y={secret:r,token:o,crypto:a,base32:i,algorithm:s,digits:n,hooks:p};return T(e.strategy,e.counter,{totp:()=>(0,g.verifySync)({...y,period:e.period,epoch:e.epoch,t0:e.t0,epochTolerance:e.epochTolerance,afterTimeStep:e.afterTimeStep,guardrails:e.guardrails}),hotp:x=>(0,u.verifySync)({...y,counter:x,counterTolerance:e.counterTolerance,guardrails:e.guardrails})})}var G=require("@otplib/core");var R=class{strategy;crypto;base32;guardrails;constructor(e={}){let{strategy:r="totp",crypto:o=f.crypto,base32:a=c.base32,guardrails:i}=e;this.strategy=r,this.crypto=o,this.base32=a,this.guardrails=(0,G.createGuardrails)(i)}getStrategy(){return this.strategy}generateSecret(e=20){return(0,G.generateSecret)({crypto:this.crypto,base32:this.base32,length:e})}async generate(e){return d({...e,strategy:this.strategy,crypto:this.crypto,base32:this.base32,guardrails:e.guardrails??this.guardrails})}generateSync(e){return b({...e,strategy:this.strategy,crypto:this.crypto,base32:this.base32,guardrails:e.guardrails??this.guardrails})}async verify(e){return S({...e,strategy:this.strategy,crypto:this.crypto,base32:this.base32,guardrails:e.guardrails??this.guardrails})}verifySync(e){return V({...e,strategy:this.strategy,crypto:this.crypto,base32:this.base32,guardrails:e.guardrails??this.guardrails})}generateURI(e){return P({...e,strategy:this.strategy})}};var U=require("@otplib/hotp"),B=require("@otplib/totp"),l=require("@otplib/core"),A=require("@otplib/plugin-crypto-noble"),D=require("@otplib/plugin-base32-scure");0&&(module.exports={HOTP,NobleCryptoPlugin,OTP,ScureBase32Plugin,TOTP,createGuardrails,generate,generateSecret,generateSync,generateURI,stringToBytes,verify,verifySync,wrapResult,wrapResultAsync});
 //# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts","../src/functional.ts","../src/defaults.ts","../src/class.ts"],"sourcesContent":["export type {\n OTPAuthOptions,\n TOTPOptions,\n OTPGenerateOptions as OTPFunctionalOptions,\n OTPVerifyOptions as OTPVerifyFunctionalOptions,\n} from \"./types.js\";\n\nexport {\n generateSecret,\n generateURI,\n generate,\n generateSync,\n verify,\n verifySync,\n type OTPStrategy,\n} from \"./functional.js\";\n\nexport {\n OTP,\n type OTPClassOptions,\n type OTPGenerateOptions,\n type OTPVerifyOptions,\n type OTPURIGenerateOptions,\n} from \"./class.js\";\n\nexport type {\n Base32Plugin,\n CryptoPlugin,\n HashAlgorithm,\n OTPResult,\n OTPGuardrails,\n} from \"@otplib/core\";\nexport type { VerifyResult } from \"@otplib/totp\";\n\nexport { HOTP } from \"@otplib/hotp\";\nexport { TOTP } from \"@otplib/totp\";\n\nexport { createGuardrails, stringToBytes, wrapResult, wrapResultAsync } from \"@otplib/core\";\n\n// Default Plugins\nexport { NobleCryptoPlugin } from \"@otplib/plugin-crypto-noble\";\nexport { ScureBase32Plugin } from \"@otplib/plugin-base32-scure\";\n","import { generateSecret as generateSecretCore, ConfigurationError } from \"@otplib/core\";\nimport {\n generate as generateHOTP,\n generateSync as generateHOTPSync,\n verify as verifyHOTP,\n verifySync as verifyHOTPSync,\n} from \"@otplib/hotp\";\nimport {\n generate as generateTOTP,\n generateSync as generateTOTPSync,\n verify as verifyTOTP,\n verifySync as verifyTOTPSync,\n} from \"@otplib/totp\";\nimport { generateTOTP as generateTOTPURI, generateHOTP as generateHOTURI } from \"@otplib/uri\";\n\nimport {\n defaultCrypto,\n defaultBase32,\n normalizeGenerateOptions,\n normalizeVerifyOptions,\n} from \"./defaults.js\";\n\nimport type {\n OTPGenerateOptions,\n OTPVerifyOptions,\n OTPStrategy,\n StrategyHandlers,\n} from \"./types.js\";\nimport type { CryptoPlugin, Base32Plugin, Digits, HashAlgorithm } from \"@otplib/core\";\nimport type { VerifyResult as HOTPVerifyResult } from \"@otplib/hotp\";\nimport type { VerifyResult as TOTPVerifyResult } from \"@otplib/totp\";\n\nexport type { OTPStrategy };\n\nexport type VerifyResult = TOTPVerifyResult \| HOTPVerifyResult;\n\nfunction executeByStrategy<T>(\n strategy: OTPStrategy,\n counter: number \| undefined,\n handlers: StrategyHandlers<T>,\n): T {\n if (strategy === \"totp\") {\n return handlers.totp();\n }\n if (strategy === \"hotp\") {\n if (counter === undefined) {\n throw new ConfigurationError(\n \"Counter is required for HOTP strategy. Example: { strategy: 'hotp', counter: 0 }\",\n );\n }\n return handlers.hotp(counter);\n }\n throw new ConfigurationError(\n `Unknown OTP strategy: ${strategy}. Valid strategies are 'totp' or 'hotp'.`,\n );\n}\n\n/*\n Generate a random secret key for use with OTP\n \n The secret is encoded in Base32 format for compatibility with\n * Google Authenticator and other authenticator apps.\n \n @param options - Secret generation options\n * @returns Base32-encoded secret key\n \n @example\n * ```ts\n * import { generateSecret } from 'otplib';\n \n const secret = generateSecret();\n * // Returns: 'JBSWY3DPEHPK3PXP'\n * ```\n \n @example With custom plugins\n * ```ts\n * import { generateSecret, NodeCryptoPlugin } from 'otplib';\n \n const secret = generateSecret({\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport function generateSecret(options?: {\n /\n Number of random bytes to generate (default: 20)\n * 20 bytes = 160 bits, which provides a good security margin\n /\n length?: number;\n\n /\n Crypto plugin to use (default: NobleCryptoPlugin)\n /\n crypto?: CryptoPlugin;\n\n /\n Base32 plugin to use (default: ScureBase32Plugin)\n /\n base32?: Base32Plugin;\n}): string {\n const { crypto = defaultCrypto, base32 = defaultBase32, length = 20 } = options \|\| {};\n\n return generateSecretCore({ crypto, base32, length });\n}\n\n/\n Generate an otpauth:// URI for QR code generation\n \n This URI can be used to generate a QR code that can be scanned\n * by Google Authenticator and other authenticator apps.\n \n @param options - URI generation options\n * @returns otpauth:// URI string\n \n @example TOTP\n * ```ts\n * import { generateURI } from 'otplib';\n \n const uri = generateURI({\n * issuer: 'ACME Co',\n * label: 'john@example.com',\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * // Returns: 'otpauth://totp/ACME%20Co:john%40example.com?secret=...'\n * ```\n \n @example HOTP\n * ```ts\n * import { generateURI } from 'otplib';\n \n const uri = generateURI({\n * strategy: 'hotp',\n * issuer: 'ACME Co',\n * label: 'john@example.com',\n * secret: 'JBSWY3DPEHPK3PXP',\n * counter: 5,\n * });\n * // Returns: 'otpauth://hotp/ACME%20Co:john%40example.com?secret=...&counter=5'\n * ```\n /\nexport function generateURI(options: {\n /\n OTP strategy to use (default: 'totp')\n /\n strategy?: OTPStrategy;\n issuer: string;\n label: string;\n /\n Base32-encoded secret key\n \n Note: By default, strings are assumed to be Base32 encoded.\n * If you have a raw string/passphrase, you must convert it to Uint8Array first.\n /\n secret: string;\n algorithm?: HashAlgorithm;\n digits?: Digits;\n period?: number;\n counter?: number;\n}): string {\n const {\n strategy = \"totp\",\n issuer,\n label,\n secret,\n algorithm = \"sha1\",\n digits = 6,\n period = 30,\n counter,\n } = options;\n\n return executeByStrategy(strategy, counter, {\n totp: () => generateTOTPURI({ issuer, label, secret, algorithm, digits, period }),\n hotp: (counter) => generateHOTURI({ issuer, label, secret, algorithm, digits, counter }),\n });\n}\n\n/\n Generate an OTP code\n \n Generates a one-time password based on the specified strategy.\n * - 'totp': Time-based OTP (default)\n * - 'hotp': HMAC-based OTP\n \n @param options - OTP generation options\n * @returns OTP code\n \n @example TOTP\n * ```ts\n * import { generate } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * // Returns: '123456'\n * ```\n \n @example HOTP\n * ```ts\n * import { generate } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * strategy: 'hotp',\n * counter: 0,\n * });\n * ```\n \n @example With custom plugins\n * ```ts\n * import { generate, NodeCryptoPlugin } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport async function generate(options: OTPGenerateOptions): Promise<string> {\n const opts = normalizeGenerateOptions(options);\n const { secret, crypto, base32, algorithm, digits } = opts;\n const commonOptions = { secret, crypto, base32, algorithm, digits };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n generateTOTP({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n generateHOTP({\n ...commonOptions,\n counter,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Generate an OTP code synchronously\n \n This is the synchronous version of {@link generate}. It requires a crypto\n * plugin that supports synchronous HMAC operations.\n \n @param options - OTP generation options\n * @returns OTP code\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n \n @example\n * ```ts\n * import { generateSync } from 'otplib';\n \n const token = generateSync({\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * ```\n /\nexport function generateSync(options: OTPGenerateOptions): string {\n const opts = normalizeGenerateOptions(options);\n const { secret, crypto, base32, algorithm, digits } = opts;\n const commonOptions = { secret, crypto, base32, algorithm, digits };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n generateTOTPSync({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n generateHOTPSync({\n ...commonOptions,\n counter,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Verify an OTP code\n \n Verifies a provided OTP code against the expected value based on the strategy.\n * - 'totp': Time-based OTP (default, Google Authenticator compatible)\n * - 'hotp': HMAC-based OTP\n \n Uses constant-time comparison to prevent timing attacks.\n \n @param options - OTP verification options\n * @returns Verification result with validity and optional delta\n \n @example TOTP\n * ```ts\n * import { verify } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * });\n * // Returns: { valid: true, delta: 0 }\n * ```\n \n @example HOTP\n * ```ts\n * import { verify } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * strategy: 'hotp',\n * counter: 0,\n * });\n * ```\n \n @example With epochTolerance for TOTP\n * ```ts\n * import { verify, NodeCryptoPlugin } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * epochTolerance: 30,\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport async function verify(options: OTPVerifyOptions): Promise<VerifyResult> {\n const opts = normalizeVerifyOptions(options);\n const { secret, token, crypto, base32, algorithm, digits } = opts;\n const commonOptions = { secret, token, crypto, base32, algorithm, digits };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n verifyTOTP({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n epochTolerance: opts.epochTolerance,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n verifyHOTP({\n ...commonOptions,\n counter,\n counterTolerance: opts.counterTolerance,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Verify an OTP code synchronously\n \n This is the synchronous version of {@link verify}. It requires a crypto\n * plugin that supports synchronous HMAC operations.\n \n @param options - OTP verification options\n * @returns Verification result with validity and optional delta\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n \n @example\n * ```ts\n * import { verifySync } from 'otplib';\n \n const result = verifySync({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * });\n * ```\n /\nexport function verifySync(options: OTPVerifyOptions): VerifyResult {\n const opts = normalizeVerifyOptions(options);\n const { secret, token, crypto, base32, algorithm, digits } = opts;\n const commonOptions = { secret, token, crypto, base32, algorithm, digits };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n verifyTOTPSync({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n epochTolerance: opts.epochTolerance,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n verifyHOTPSync({\n ...commonOptions,\n counter,\n counterTolerance: opts.counterTolerance,\n guardrails: opts.guardrails,\n }),\n });\n}\n","/\n Default plugin instances\n \n Shared across functional and class APIs to ensure singleton behavior\n * and reduce memory overhead. Uses pre-instantiated frozen singletons\n * from the plugin packages.\n /\nimport { createGuardrails } from \"@otplib/core\";\nimport { base32 as defaultBase32 } from \"@otplib/plugin-base32-scure\";\nimport { crypto as defaultCrypto } from \"@otplib/plugin-crypto-noble\";\n\nimport type {\n OTPGenerateOptions,\n OTPVerifyOptions,\n OTPGenerateOptionsWithDefaults,\n OTPVerifyOptionsWithDefaults,\n} from \"./types.js\";\n\nexport { defaultCrypto, defaultBase32 };\n\nexport function normalizeGenerateOptions(\n options: OTPGenerateOptions,\n): OTPGenerateOptionsWithDefaults {\n return {\n secret: options.secret,\n strategy: options.strategy ?? \"totp\",\n crypto: options.crypto ?? defaultCrypto,\n base32: options.base32 ?? defaultBase32,\n algorithm: options.algorithm ?? \"sha1\",\n digits: options.digits ?? 6,\n period: options.period ?? 30,\n epoch: options.epoch ?? Math.floor(Date.now() / 1000),\n t0: options.t0 ?? 0,\n counter: options.counter,\n guardrails: options.guardrails ?? createGuardrails(),\n };\n}\n\nexport function normalizeVerifyOptions(options: OTPVerifyOptions): OTPVerifyOptionsWithDefaults {\n return {\n ...normalizeGenerateOptions(options),\n token: options.token,\n epochTolerance: options.epochTolerance ?? 0,\n counterTolerance: options.counterTolerance ?? 0,\n };\n}\n","/\n OTP Wrapper Class\n \n A unified class that dynamically handles TOTP and HOTP strategies.\n /\n\nimport { createGuardrails, generateSecret as generateSecretCore } from \"@otplib/core\";\n\nimport { defaultCrypto, defaultBase32 } from \"./defaults.js\";\nimport {\n generate as functionalGenerate,\n generateSync as functionalGenerateSync,\n verify as functionalVerify,\n verifySync as functionalVerifySync,\n generateURI as functionalGenerateURI,\n} from \"./functional.js\";\n\nimport type { OTPStrategy } from \"./functional.js\";\nimport type {\n CryptoPlugin,\n Digits,\n HashAlgorithm,\n Base32Plugin,\n OTPGuardrails,\n} from \"@otplib/core\";\nimport type { VerifyResult as HOTPVerifyResult } from \"@otplib/hotp\";\nimport type { VerifyResult as TOTPVerifyResult } from \"@otplib/totp\";\n\n/\n Combined verify result that works for both TOTP and HOTP\n /\nexport type VerifyResult = TOTPVerifyResult \| HOTPVerifyResult;\n\n/\n Options for the OTP class\n /\nexport type OTPClassOptions = {\n /\n OTP strategy to use\n * - 'totp': Time-based OTP (default)\n * - 'hotp': HMAC-based OTP\n /\n strategy?: OTPStrategy;\n\n /\n Crypto plugin to use (default: NobleCryptoPlugin)\n /\n crypto?: CryptoPlugin;\n\n /\n Base32 plugin to use (default: ScureBase32Plugin)\n /\n base32?: Base32Plugin;\n\n /\n Validation guardrails\n /\n guardrails?: OTPGuardrails;\n};\n\n/\n Options for generating a token with the OTP class\n /\nexport type OTPGenerateOptions = {\n /\n Base32-encoded secret key\n \n Note: By default, strings are assumed to be Base32 encoded.\n * If you have a raw string/passphrase, you must convert it to Uint8Array first.\n /\n secret: string \| Uint8Array;\n\n /\n Hash algorithm (default: 'sha1')\n /\n algorithm?: HashAlgorithm;\n\n /\n Number of digits (default: 6)\n /\n digits?: Digits;\n\n /\n Current Unix epoch timestamp in seconds (default: now)\n * Used by TOTP strategy\n /\n epoch?: number;\n\n /\n Initial Unix time to start counting time steps (default: 0)\n * Used by TOTP strategy\n /\n t0?: number;\n\n /\n Time step in seconds (default: 30)\n * Used by TOTP strategy\n /\n period?: number;\n\n /\n Counter value\n * Used by HOTP strategy (required)\n /\n counter?: number;\n\n /\n Validation guardrails\n /\n guardrails?: OTPGuardrails;\n};\n\n/\n Options for verifying a token with the OTP class\n /\nexport type OTPVerifyOptions = {\n /\n Base32-encoded secret key\n \n Note: By default, strings are assumed to be Base32 encoded.\n * If you have a raw string/passphrase, you must convert it to Uint8Array first.\n /\n secret: string \| Uint8Array;\n\n /\n OTP code to verify\n /\n token: string;\n\n /\n Hash algorithm (default: 'sha1')\n /\n algorithm?: HashAlgorithm;\n\n /\n Number of digits (default: 6)\n /\n digits?: Digits;\n\n /\n Current Unix epoch timestamp in seconds (default: now)\n * Used by TOTP strategy\n /\n epoch?: number;\n\n /\n Initial Unix time to start counting time steps (default: 0)\n * Used by TOTP strategy\n /\n t0?: number;\n\n /\n Time step in seconds (default: 30)\n * Used by TOTP strategy\n /\n period?: number;\n\n /\n Counter value\n * Used by HOTP strategy (required)\n /\n counter?: number;\n\n /\n Time tolerance in seconds for TOTP verification (default: 0)\n * - Number: symmetric tolerance (same for past and future)\n * - Tuple [past, future]: asymmetric tolerance\n * Use [5, 0] for RFC-compliant past-only verification.\n /\n epochTolerance?: number \| [number, number];\n\n /\n Counter tolerance for HOTP verification (default: 0)\n * - Number: creates look-ahead only tolerance [0, n]\n * - Tuple [past, future]: explicit window control\n /\n counterTolerance?: number \| [number, number];\n\n /\n Validation guardrails\n /\n guardrails?: OTPGuardrails;\n};\n\n/\n Options for generating URI with the OTP class\n /\nexport type OTPURIGenerateOptions = {\n /\n Issuer name (e.g., 'ACME Co')\n /\n issuer: string;\n\n /\n Label/Account name (e.g., 'john@example.com')\n /\n label: string;\n\n /\n Base32-encoded secret key\n \n Note: By default, strings are assumed to be Base32 encoded.\n * If you have a raw string/passphrase, you must convert it to Uint8Array first.\n /\n secret: string;\n\n /\n Hash algorithm (default: 'sha1')\n /\n algorithm?: HashAlgorithm;\n\n /\n Number of digits (default: 6)\n /\n digits?: Digits;\n\n /\n Time step in seconds (default: 30)\n * Used by TOTP strategy\n /\n period?: number;\n\n /\n Counter value (default: 0)\n * Used by HOTP strategy\n /\n counter?: number;\n};\n\n/\n OTP Class\n \n A wrapper class that dynamically handles TOTP and HOTP strategies.\n \n @example\n * ```ts\n * import { OTP } from 'otplib';\n \n // Create OTP instance with TOTP strategy (default)\n * const otp = new OTP({ strategy: 'totp' });\n \n // Generate and verify\n * const secret = otp.generateSecret();\n * const token = await otp.generate({ secret });\n * const result = await otp.verify({ secret, token });\n * ```\n \n @example With HOTP strategy\n * ```ts\n * import { OTP } from 'otplib';\n \n const otp = new OTP({ strategy: 'hotp' });\n * const token = await otp.generate({ secret: 'ABC123', counter: 0 });\n * ```\n \n @example Generating otpauth:// URI for authenticator apps\n * ```ts\n * import { OTP } from 'otplib';\n \n const otp = new OTP({ strategy: 'totp' });\n * const uri = otp.generateURI({\n * issuer: 'MyApp',\n * label: 'user@example.com',\n * secret: 'ABC123',\n * });\n * ```\n /\nexport class OTP {\n private readonly strategy: OTPStrategy;\n private readonly crypto: CryptoPlugin;\n private readonly base32: Base32Plugin;\n private readonly guardrails: OTPGuardrails;\n\n constructor(options: OTPClassOptions = {}) {\n const {\n strategy = \"totp\",\n crypto = defaultCrypto,\n base32 = defaultBase32,\n guardrails,\n } = options;\n\n this.strategy = strategy;\n this.crypto = crypto;\n this.base32 = base32;\n this.guardrails = createGuardrails(guardrails);\n }\n\n /\n Get the current strategy\n /\n getStrategy(): OTPStrategy {\n return this.strategy;\n }\n\n /\n Generate a random secret key\n \n @param length - Number of random bytes (default: 20)\n * @returns Base32-encoded secret key\n /\n generateSecret(length: number = 20): string {\n return generateSecretCore({ crypto: this.crypto, base32: this.base32, length });\n }\n\n /\n Generate an OTP token based on the configured strategy\n \n @param options - Generation options\n * @returns OTP code\n /\n async generate(options: OTPGenerateOptions): Promise<string> {\n return functionalGenerate({\n ...options,\n strategy: this.strategy,\n crypto: this.crypto,\n base32: this.base32,\n guardrails: options.guardrails ?? this.guardrails,\n });\n }\n\n /\n Generate an OTP token based on the configured strategy synchronously\n \n @param options - Generation options\n * @returns OTP code\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n /\n generateSync(options: OTPGenerateOptions): string {\n return functionalGenerateSync({\n ...options,\n strategy: this.strategy,\n crypto: this.crypto,\n base32: this.base32,\n guardrails: options.guardrails ?? this.guardrails,\n });\n }\n\n /\n Verify an OTP token based on the configured strategy\n \n @param options - Verification options\n * @returns Verification result with validity and optional delta\n /\n async verify(options: OTPVerifyOptions): Promise<VerifyResult> {\n return functionalVerify({\n ...options,\n strategy: this.strategy,\n crypto: this.crypto,\n base32: this.base32,\n guardrails: options.guardrails ?? this.guardrails,\n });\n }\n\n /\n Verify an OTP token based on the configured strategy synchronously\n \n @param options - Verification options\n * @returns Verification result with validity and optional delta\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n /\n verifySync(options: OTPVerifyOptions): VerifyResult {\n return functionalVerifySync({\n ...options,\n strategy: this.strategy,\n crypto: this.crypto,\n base32: this.base32,\n guardrails: options.guardrails ?? this.guardrails,\n });\n }\n\n /\n Generate an otpauth:// URI for QR code generation\n \n Supports both TOTP and HOTP strategies.\n \n @param options - URI generation options\n * @returns otpauth:// URI string\n */\n generateURI(options: OTPURIGenerateOptions): string {\n return functionalGenerateURI({\n ...options,\n strategy: this.strategy,\n });\n }\n}\n"],"mappings":"yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,mEAAAE,EAAA,+GAAAC,EAAA,mBAAAC,EAAA,iBAAAC,EAAA,gBAAAC,EAAA,6CAAAC,EAAA,eAAAC,EAAA,mFAAAC,EAAAT,GCAA,IAAAU,EAAyE,wBACzEC,EAKO,wBACPC,EAKO,wBACPC,EAAgF,uBCNhF,IAAAC,EAAiC,wBACjCC,EAAwC,uCACxCC,EAAwC,uCAWjC,SAASC,EACdC,EACgC,CAChC,MAAO,CACL,OAAQA,EAAQ,OAChB,SAAUA,EAAQ,UAAY,OAC9B,OAAQA,EAAQ,QAAU,EAAAC,OAC1B,OAAQD,EAAQ,QAAU,EAAAE,OAC1B,UAAWF,EAAQ,WAAa,OAChC,OAAQA,EAAQ,QAAU,EAC1B,OAAQA,EAAQ,QAAU,GAC1B,MAAOA,EAAQ,OAAS,KAAK,MAAM,KAAK,IAAI,EAAI,GAAI,EACpD,GAAIA,EAAQ,IAAM,EAClB,QAASA,EAAQ,QACjB,WAAYA,EAAQ,eAAc,oBAAiB,CACrD,CACF,CAEO,SAASG,EAAuBH,EAAyD,CAC9F,MAAO,CACL,GAAGD,EAAyBC,CAAO,EACnC,MAAOA,EAAQ,MACf,eAAgBA,EAAQ,gBAAkB,EAC1C,iBAAkBA,EAAQ,kBAAoB,CAChD,CACF,CDTA,SAASI,EACPC,EACAC,EACAC,EACG,CACH,GAAIF,IAAa,OACf,OAAOE,EAAS,KAAK,EAEvB,GAAIF,IAAa,OAAQ,CACvB,GAAIC,IAAY,OACd,MAAM,IAAI,qBACR,kFACF,EAEF,OAAOC,EAAS,KAAKD,CAAO,CAC9B,CACA,MAAM,IAAI,qBACR,yBAAyBD,CAAQ,0CACnC,CACF,CA4BO,SAASG,EAAeC,EAgBpB,CACT,GAAM,CAAE,OAAAC,EAAS,EAAAC,OAAe,OAAAC,EAAS,EAAAC,OAAe,OAAAC,EAAS,EAAG,EAAIL,GAAW,CAAC,EAEpF,SAAO,EAAAM,gBAAmB,CAAE,OAAAL,EAAQ,OAAAE,EAAQ,OAAAE,CAAO,CAAC,CACtD,CAqCO,SAASE,EAAYP,EAkBjB,CACT,GAAM,CACJ,SAAAJ,EAAW,OACX,OAAAY,EACA,MAAAC,EACA,OAAAC,EACA,UAAAC,EAAY,OACZ,OAAAC,EAAS,EACT,OAAAC,EAAS,GACT,QAAAhB,CACF,EAAIG,EAEJ,OAAOL,EAAkBC,EAAUC,EAAS,CAC1C,KAAM,OAAM,EAAAiB,cAAgB,CAAE,OAAAN,EAAQ,MAAAC,EAAO,OAAAC,EAAQ,UAAAC,EAAW,OAAAC,EAAQ,OAAAC,CAAO,CAAC,EAChF,KAAOhB,MAAY,EAAAkB,cAAe,CAAE,OAAAP,EAAQ,MAAAC,EAAO,OAAAC,EAAQ,UAAAC,EAAW,OAAAC,EAAQ,QAAAf,CAAQ,CAAC,CACzF,CAAC,CACH,CA2CA,eAAsBmB,EAAShB,EAA8C,CAC3E,IAAMiB,EAAOC,EAAyBlB,CAAO,EACvC,CAAE,OAAAU,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAAIK,EAChDE,EAAgB,CAAE,OAAAT,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAElE,OAAOjB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAG,UAAa,CACX,GAAGD,EACH,OAAQF,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAAwB,UAAa,CACX,GAAGF,EACH,QAAAtB,EACA,WAAYoB,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAqBO,SAASK,EAAatB,EAAqC,CAChE,IAAMiB,EAAOC,EAAyBlB,CAAO,EACvC,CAAE,OAAAU,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAAIK,EAChDE,EAAgB,CAAE,OAAAT,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAElE,OAAOjB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAM,cAAiB,CACf,GAAGJ,EACH,OAAQF,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAA2B,cAAiB,CACf,GAAGL,EACH,QAAAtB,EACA,WAAYoB,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAiDA,eAAsBQ,EAAOzB,EAAkD,CAC7E,IAAMiB,EAAOS,EAAuB1B,CAAO,EACrC,CAAE,OAAAU,EAAQ,MAAAiB,EAAO,OAAA1B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAAIK,EACvDE,EAAgB,CAAE,OAAAT,EAAQ,MAAAiB,EAAO,OAAA1B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAEzE,OAAOjB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAW,QAAW,CACT,GAAGT,EACH,OAAQF,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,eAAgBA,EAAK,eACrB,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAAgC,QAAW,CACT,GAAGV,EACH,QAAAtB,EACA,iBAAkBoB,EAAK,iBACvB,WAAYA,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAsBO,SAASa,EAAW9B,EAAyC,CAClE,IAAMiB,EAAOS,EAAuB1B,CAAO,EACrC,CAAE,OAAAU,EAAQ,MAAAiB,EAAO,OAAA1B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAAIK,EACvDE,EAAgB,CAAE,OAAAT,EAAQ,MAAAiB,EAAO,OAAA1B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAEzE,OAAOjB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAc,YAAe,CACb,GAAGZ,EACH,OAAQF,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,eAAgBA,EAAK,eACrB,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAAmC,YAAe,CACb,GAAGb,EACH,QAAAtB,EACA,iBAAkBoB,EAAK,iBACvB,WAAYA,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CEvYA,IAAAgB,EAAuE,wBAqQhE,IAAMC,EAAN,KAAU,CACE,SACA,OACA,OACA,WAEjB,YAAYC,EAA2B,CAAC,EAAG,CACzC,GAAM,CACJ,SAAAC,EAAW,OACX,OAAAC,EAAS,EAAAC,OACT,OAAAC,EAAS,EAAAC,OACT,WAAAC,CACF,EAAIN,EAEJ,KAAK,SAAWC,EAChB,KAAK,OAASC,EACd,KAAK,OAASE,EACd,KAAK,cAAa,oBAAiBE,CAAU,CAC/C,CAKA,aAA2B,CACzB,OAAO,KAAK,QACd,CAQA,eAAeC,EAAiB,GAAY,CAC1C,SAAO,EAAAC,gBAAmB,CAAE,OAAQ,KAAK,OAAQ,OAAQ,KAAK,OAAQ,OAAAD,CAAO,CAAC,CAChF,CAQA,MAAM,SAASP,EAA8C,CAC3D,OAAOS,EAAmB,CACxB,GAAGT,EACH,SAAU,KAAK,SACf,OAAQ,KAAK,OACb,OAAQ,KAAK,OACb,WAAYA,EAAQ,YAAc,KAAK,UACzC,CAAC,CACH,CASA,aAAaA,EAAqC,CAChD,OAAOU,EAAuB,CAC5B,GAAGV,EACH,SAAU,KAAK,SACf,OAAQ,KAAK,OACb,OAAQ,KAAK,OACb,WAAYA,EAAQ,YAAc,KAAK,UACzC,CAAC,CACH,CAQA,MAAM,OAAOA,EAAkD,CAC7D,OAAOW,EAAiB,CACtB,GAAGX,EACH,SAAU,KAAK,SACf,OAAQ,KAAK,OACb,OAAQ,KAAK,OACb,WAAYA,EAAQ,YAAc,KAAK,UACzC,CAAC,CACH,CASA,WAAWA,EAAyC,CAClD,OAAOY,EAAqB,CAC1B,GAAGZ,EACH,SAAU,KAAK,SACf,OAAQ,KAAK,OACb,OAAQ,KAAK,OACb,WAAYA,EAAQ,YAAc,KAAK,UACzC,CAAC,CACH,CAUA,YAAYA,EAAwC,CAClD,OAAOa,EAAsB,CAC3B,GAAGb,EACH,SAAU,KAAK,QACjB,CAAC,CACH,CACF,EH9VA,IAAAc,EAAqB,wBACrBC,EAAqB,wBAErBC,EAA6E,wBAG7EC,EAAkC,uCAClCC,EAAkC","names":["src_exports","__export","OTP","generate","generateSecret","generateSync","generateURI","verify","verifySync","__toCommonJS","import_core","import_hotp","import_totp","import_uri","import_core","import_plugin_base32_scure","import_plugin_crypto_noble","normalizeGenerateOptions","options","defaultCrypto","defaultBase32","normalizeVerifyOptions","executeByStrategy","strategy","counter","handlers","generateSecret","options","crypto","defaultCrypto","base32","defaultBase32","length","generateSecretCore","generateURI","issuer","label","secret","algorithm","digits","period","generateTOTPURI","generateHOTURI","generate","opts","normalizeGenerateOptions","commonOptions","generateTOTP","generateHOTP","generateSync","generateTOTPSync","generateHOTPSync","verify","normalizeVerifyOptions","token","verifyTOTP","verifyHOTP","verifySync","verifyTOTPSync","verifyHOTPSync","import_core","OTP","options","strategy","crypto","defaultCrypto","base32","defaultBase32","guardrails","length","generateSecretCore","generate","generateSync","verify","verifySync","generateURI","import_hotp","import_totp","import_core","import_plugin_crypto_noble","import_plugin_base32_scure"]}
1	+ {"version":3,"sources":["../src/index.ts","../src/functional.ts","../src/defaults.ts","../src/class.ts"],"sourcesContent":["export type {\n OTPAuthOptions,\n TOTPOptions,\n OTPGenerateOptions as OTPFunctionalOptions,\n OTPVerifyOptions as OTPVerifyFunctionalOptions,\n} from \"./types.js\";\n\nexport {\n generateSecret,\n generateURI,\n generate,\n generateSync,\n verify,\n verifySync,\n type OTPStrategy,\n} from \"./functional.js\";\n\nexport {\n OTP,\n type OTPClassOptions,\n type OTPGenerateOptions,\n type OTPVerifyOptions,\n type OTPURIGenerateOptions,\n} from \"./class.js\";\n\nexport type {\n Base32Plugin,\n CryptoPlugin,\n HashAlgorithm,\n OTPResult,\n OTPGuardrails,\n OTPGuardrailsConfig,\n} from \"@otplib/core\";\nexport type { VerifyResult } from \"@otplib/totp\";\n\nexport { HOTP } from \"@otplib/hotp\";\nexport { TOTP } from \"@otplib/totp\";\n\nexport { createGuardrails, stringToBytes, wrapResult, wrapResultAsync } from \"@otplib/core\";\n\n// Default Plugins\nexport { NobleCryptoPlugin } from \"@otplib/plugin-crypto-noble\";\nexport { ScureBase32Plugin } from \"@otplib/plugin-base32-scure\";\n","import { generateSecret as generateSecretCore, ConfigurationError } from \"@otplib/core\";\nimport {\n generate as generateHOTP,\n generateSync as generateHOTPSync,\n verify as verifyHOTP,\n verifySync as verifyHOTPSync,\n} from \"@otplib/hotp\";\nimport {\n generate as generateTOTP,\n generateSync as generateTOTPSync,\n verify as verifyTOTP,\n verifySync as verifyTOTPSync,\n} from \"@otplib/totp\";\nimport { generateTOTP as generateTOTPURI, generateHOTP as generateHOTURI } from \"@otplib/uri\";\n\nimport {\n defaultCrypto,\n defaultBase32,\n normalizeGenerateOptions,\n normalizeVerifyOptions,\n} from \"./defaults.js\";\n\nimport type {\n OTPGenerateOptions,\n OTPVerifyOptions,\n OTPStrategy,\n StrategyHandlers,\n} from \"./types.js\";\nimport type { CryptoPlugin, Base32Plugin, Digits, HashAlgorithm } from \"@otplib/core\";\nimport type { VerifyResult as HOTPVerifyResult } from \"@otplib/hotp\";\nimport type { VerifyResult as TOTPVerifyResult } from \"@otplib/totp\";\n\nexport type { OTPStrategy };\n\nexport type VerifyResult = TOTPVerifyResult \| HOTPVerifyResult;\n\nfunction executeByStrategy<T>(\n strategy: OTPStrategy,\n counter: number \| undefined,\n handlers: StrategyHandlers<T>,\n): T {\n if (strategy === \"totp\") {\n return handlers.totp();\n }\n if (strategy === \"hotp\") {\n if (counter === undefined) {\n throw new ConfigurationError(\n \"Counter is required for HOTP strategy. Example: { strategy: 'hotp', counter: 0 }\",\n );\n }\n return handlers.hotp(counter);\n }\n throw new ConfigurationError(\n `Unknown OTP strategy: ${strategy}. Valid strategies are 'totp' or 'hotp'.`,\n );\n}\n\n/*\n Generate a random secret key for use with OTP\n \n The secret is encoded in Base32 format for compatibility with\n * Google Authenticator and other authenticator apps.\n \n @param options - Secret generation options\n * @returns Base32-encoded secret key\n \n @example\n * ```ts\n * import { generateSecret } from 'otplib';\n \n const secret = generateSecret();\n * // Returns: 'JBSWY3DPEHPK3PXP'\n * ```\n \n @example With custom plugins\n * ```ts\n * import { generateSecret, NodeCryptoPlugin } from 'otplib';\n \n const secret = generateSecret({\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport function generateSecret(options?: {\n /\n Number of random bytes to generate (default: 20)\n * 20 bytes = 160 bits, which provides a good security margin\n /\n length?: number;\n\n /\n Crypto plugin to use (default: NobleCryptoPlugin)\n /\n crypto?: CryptoPlugin;\n\n /\n Base32 plugin to use (default: ScureBase32Plugin)\n /\n base32?: Base32Plugin;\n}): string {\n const { crypto = defaultCrypto, base32 = defaultBase32, length = 20 } = options \|\| {};\n\n return generateSecretCore({ crypto, base32, length });\n}\n\n/\n Generate an otpauth:// URI for QR code generation\n \n This URI can be used to generate a QR code that can be scanned\n * by Google Authenticator and other authenticator apps.\n \n @param options - URI generation options\n * @returns otpauth:// URI string\n \n @example TOTP\n * ```ts\n * import { generateURI } from 'otplib';\n \n const uri = generateURI({\n * issuer: 'ACME Co',\n * label: 'john@example.com',\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * // Returns: 'otpauth://totp/ACME%20Co:john%40example.com?secret=...'\n * ```\n \n @example HOTP\n * ```ts\n * import { generateURI } from 'otplib';\n \n const uri = generateURI({\n * strategy: 'hotp',\n * issuer: 'ACME Co',\n * label: 'john@example.com',\n * secret: 'JBSWY3DPEHPK3PXP',\n * counter: 5,\n * });\n * // Returns: 'otpauth://hotp/ACME%20Co:john%40example.com?secret=...&counter=5'\n * ```\n /\nexport function generateURI(options: {\n /\n OTP strategy to use (default: 'totp')\n /\n strategy?: OTPStrategy;\n issuer: string;\n label: string;\n /\n Base32-encoded secret key\n \n Note: By default, strings are assumed to be Base32 encoded.\n * If you have a raw string/passphrase, you must convert it to Uint8Array first.\n /\n secret: string;\n algorithm?: HashAlgorithm;\n digits?: Digits;\n period?: number;\n counter?: number;\n}): string {\n const {\n strategy = \"totp\",\n issuer,\n label,\n secret,\n algorithm = \"sha1\",\n digits = 6,\n period = 30,\n counter,\n } = options;\n\n return executeByStrategy(strategy, counter, {\n totp: () => generateTOTPURI({ issuer, label, secret, algorithm, digits, period }),\n hotp: (counter) => generateHOTURI({ issuer, label, secret, algorithm, digits, counter }),\n });\n}\n\n/\n Generate an OTP code\n \n Generates a one-time password based on the specified strategy.\n * - 'totp': Time-based OTP (default)\n * - 'hotp': HMAC-based OTP\n \n @param options - OTP generation options\n * @returns OTP code\n \n @example TOTP\n * ```ts\n * import { generate } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * // Returns: '123456'\n * ```\n \n @example HOTP\n * ```ts\n * import { generate } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * strategy: 'hotp',\n * counter: 0,\n * });\n * ```\n \n @example With custom plugins\n * ```ts\n * import { generate, NodeCryptoPlugin } from 'otplib';\n \n const token = await generate({\n * secret: 'JBSWY3DPEHPK3PXP',\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport async function generate(options: OTPGenerateOptions): Promise<string> {\n const opts = normalizeGenerateOptions(options);\n const { secret, crypto, base32, algorithm, digits, hooks } = opts;\n const commonOptions = { secret, crypto, base32, algorithm, digits, hooks };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n generateTOTP({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n generateHOTP({\n ...commonOptions,\n counter,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Generate an OTP code synchronously\n \n This is the synchronous version of {@link generate}. It requires a crypto\n * plugin that supports synchronous HMAC operations.\n \n @param options - OTP generation options\n * @returns OTP code\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n \n @example\n * ```ts\n * import { generateSync } from 'otplib';\n \n const token = generateSync({\n * secret: 'JBSWY3DPEHPK3PXP',\n * });\n * ```\n /\nexport function generateSync(options: OTPGenerateOptions): string {\n const opts = normalizeGenerateOptions(options);\n const { secret, crypto, base32, algorithm, digits } = opts;\n const commonOptions = { secret, crypto, base32, algorithm, digits };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n generateTOTPSync({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n generateHOTPSync({\n ...commonOptions,\n counter,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Verify an OTP code\n \n Verifies a provided OTP code against the expected value based on the strategy.\n * - 'totp': Time-based OTP (default, Google Authenticator compatible)\n * - 'hotp': HMAC-based OTP\n \n Uses constant-time comparison to prevent timing attacks.\n \n @param options - OTP verification options\n * @returns Verification result with validity and optional delta\n \n @example TOTP\n * ```ts\n * import { verify } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * });\n * // Returns: { valid: true, delta: 0 }\n * ```\n \n @example HOTP\n * ```ts\n * import { verify } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * strategy: 'hotp',\n * counter: 0,\n * });\n * ```\n \n @example With epochTolerance for TOTP\n * ```ts\n * import { verify, NodeCryptoPlugin } from 'otplib';\n \n const result = await verify({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * epochTolerance: 30,\n * crypto: new NodeCryptoPlugin(),\n * });\n * ```\n /\nexport async function verify(options: OTPVerifyOptions): Promise<VerifyResult> {\n const opts = normalizeVerifyOptions(options);\n const { secret, token, crypto, base32, algorithm, digits, hooks } = opts;\n const commonOptions = { secret, token, crypto, base32, algorithm, digits, hooks };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n verifyTOTP({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n epochTolerance: opts.epochTolerance,\n afterTimeStep: opts.afterTimeStep,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n verifyHOTP({\n ...commonOptions,\n counter,\n counterTolerance: opts.counterTolerance,\n guardrails: opts.guardrails,\n }),\n });\n}\n\n/\n Verify an OTP code synchronously\n \n This is the synchronous version of {@link verify}. It requires a crypto\n * plugin that supports synchronous HMAC operations.\n \n @param options - OTP verification options\n * @returns Verification result with validity and optional delta\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n \n @example\n * ```ts\n * import { verifySync } from 'otplib';\n \n const result = verifySync({\n * secret: 'JBSWY3DPEHPK3PXP',\n * token: '123456',\n * });\n * ```\n /\nexport function verifySync(options: OTPVerifyOptions): VerifyResult {\n const opts = normalizeVerifyOptions(options);\n const { secret, token, crypto, base32, algorithm, digits, hooks } = opts;\n const commonOptions = { secret, token, crypto, base32, algorithm, digits, hooks };\n\n return executeByStrategy(opts.strategy, opts.counter, {\n totp: () =>\n verifyTOTPSync({\n ...commonOptions,\n period: opts.period,\n epoch: opts.epoch,\n t0: opts.t0,\n epochTolerance: opts.epochTolerance,\n afterTimeStep: opts.afterTimeStep,\n guardrails: opts.guardrails,\n }),\n hotp: (counter) =>\n verifyHOTPSync({\n ...commonOptions,\n counter,\n counterTolerance: opts.counterTolerance,\n guardrails: opts.guardrails,\n }),\n });\n}\n","/\n Default plugin instances\n \n Shared across functional and class APIs to ensure singleton behavior\n * and reduce memory overhead. Uses pre-instantiated frozen singletons\n * from the plugin packages.\n /\nimport { createGuardrails } from \"@otplib/core\";\nimport { base32 as defaultBase32 } from \"@otplib/plugin-base32-scure\";\nimport { crypto as defaultCrypto } from \"@otplib/plugin-crypto-noble\";\n\nimport type {\n OTPGenerateOptions,\n OTPVerifyOptions,\n OTPGenerateOptionsWithDefaults,\n OTPVerifyOptionsWithDefaults,\n} from \"./types.js\";\n\nexport { defaultCrypto, defaultBase32 };\n\nexport function normalizeGenerateOptions(\n options: OTPGenerateOptions,\n): OTPGenerateOptionsWithDefaults {\n return {\n secret: options.secret,\n strategy: options.strategy ?? \"totp\",\n crypto: options.crypto ?? defaultCrypto,\n base32: options.base32 ?? defaultBase32,\n algorithm: options.algorithm ?? \"sha1\",\n digits: options.digits ?? 6,\n period: options.period ?? 30,\n epoch: options.epoch ?? Math.floor(Date.now() / 1000),\n t0: options.t0 ?? 0,\n counter: options.counter,\n guardrails: options.guardrails ?? createGuardrails(),\n hooks: options.hooks,\n };\n}\n\nexport function normalizeVerifyOptions(options: OTPVerifyOptions): OTPVerifyOptionsWithDefaults {\n return {\n ...normalizeGenerateOptions(options),\n token: options.token,\n epochTolerance: options.epochTolerance ?? 0,\n counterTolerance: options.counterTolerance ?? 0,\n afterTimeStep: options.afterTimeStep,\n };\n}\n","/\n OTP Wrapper Class\n \n A unified class that dynamically handles TOTP and HOTP strategies.\n /\n\nimport { createGuardrails, generateSecret as generateSecretCore } from \"@otplib/core\";\n\nimport { defaultCrypto, defaultBase32 } from \"./defaults.js\";\nimport {\n generate as functionalGenerate,\n generateSync as functionalGenerateSync,\n verify as functionalVerify,\n verifySync as functionalVerifySync,\n generateURI as functionalGenerateURI,\n} from \"./functional.js\";\n\nimport type { OTPStrategy } from \"./functional.js\";\nimport type {\n CryptoPlugin,\n Digits,\n HashAlgorithm,\n Base32Plugin,\n OTPGuardrails,\n OTPHooks,\n} from \"@otplib/core\";\nimport type { VerifyResult as HOTPVerifyResult } from \"@otplib/hotp\";\nimport type { VerifyResult as TOTPVerifyResult } from \"@otplib/totp\";\n\n/\n Combined verify result that works for both TOTP and HOTP\n /\nexport type VerifyResult = TOTPVerifyResult \| HOTPVerifyResult;\n\n/\n Options for the OTP class\n /\nexport type OTPClassOptions = {\n /\n OTP strategy to use\n * - 'totp': Time-based OTP (default)\n * - 'hotp': HMAC-based OTP\n /\n strategy?: OTPStrategy;\n\n /\n Crypto plugin to use (default: NobleCryptoPlugin)\n /\n crypto?: CryptoPlugin;\n\n /\n Base32 plugin to use (default: ScureBase32Plugin)\n /\n base32?: Base32Plugin;\n\n /\n Validation guardrails\n /\n guardrails?: OTPGuardrails;\n};\n\n/\n Options for generating a token with the OTP class\n /\nexport type OTPGenerateOptions = {\n /\n Base32-encoded secret key\n \n Note: By default, strings are assumed to be Base32 encoded.\n * If you have a raw string/passphrase, you must convert it to Uint8Array first.\n /\n secret: string \| Uint8Array;\n\n /\n Hash algorithm (default: 'sha1')\n /\n algorithm?: HashAlgorithm;\n\n /\n Number of digits (default: 6)\n /\n digits?: Digits;\n\n /\n Current Unix epoch timestamp in seconds (default: now)\n * Used by TOTP strategy\n /\n epoch?: number;\n\n /\n Initial Unix time to start counting time steps (default: 0)\n * Used by TOTP strategy\n /\n t0?: number;\n\n /\n Time step in seconds (default: 30)\n * Used by TOTP strategy\n /\n period?: number;\n\n /\n Counter value\n * Used by HOTP strategy (required)\n /\n counter?: number;\n\n /\n Validation guardrails\n /\n guardrails?: OTPGuardrails;\n\n /\n Hooks for customizing token encoding and validation\n /\n hooks?: OTPHooks;\n};\n\n/\n Options for verifying a token with the OTP class\n /\nexport type OTPVerifyOptions = {\n /\n Base32-encoded secret key\n \n Note: By default, strings are assumed to be Base32 encoded.\n * If you have a raw string/passphrase, you must convert it to Uint8Array first.\n /\n secret: string \| Uint8Array;\n\n /\n OTP code to verify\n /\n token: string;\n\n /\n Hash algorithm (default: 'sha1')\n /\n algorithm?: HashAlgorithm;\n\n /\n Number of digits (default: 6)\n /\n digits?: Digits;\n\n /\n Current Unix epoch timestamp in seconds (default: now)\n * Used by TOTP strategy\n /\n epoch?: number;\n\n /\n Initial Unix time to start counting time steps (default: 0)\n * Used by TOTP strategy\n /\n t0?: number;\n\n /\n Time step in seconds (default: 30)\n * Used by TOTP strategy\n /\n period?: number;\n\n /\n Counter value\n * Used by HOTP strategy (required)\n /\n counter?: number;\n\n /\n Time tolerance in seconds for TOTP verification (default: 0)\n * - Number: symmetric tolerance (same for past and future)\n * - Tuple [past, future]: asymmetric tolerance\n * Use [5, 0] for RFC-compliant past-only verification.\n /\n epochTolerance?: number \| [number, number];\n\n /\n Counter tolerance for HOTP verification (default: 0)\n * - Number: creates look-ahead only tolerance [0, n]\n * - Tuple [past, future]: explicit window control\n /\n counterTolerance?: number \| [number, number];\n\n /\n Minimum allowed TOTP time step for replay protection (optional)\n \n Rejects tokens with timeStep <= afterTimeStep.\n * Only used by TOTP strategy.\n /\n afterTimeStep?: number;\n\n /\n Validation guardrails\n /\n guardrails?: OTPGuardrails;\n\n /\n Hooks for customizing token encoding and validation\n /\n hooks?: OTPHooks;\n};\n\n/\n Options for generating URI with the OTP class\n /\nexport type OTPURIGenerateOptions = {\n /\n Issuer name (e.g., 'ACME Co')\n /\n issuer: string;\n\n /\n Label/Account name (e.g., 'john@example.com')\n /\n label: string;\n\n /\n Base32-encoded secret key\n \n Note: By default, strings are assumed to be Base32 encoded.\n * If you have a raw string/passphrase, you must convert it to Uint8Array first.\n /\n secret: string;\n\n /\n Hash algorithm (default: 'sha1')\n /\n algorithm?: HashAlgorithm;\n\n /\n Number of digits (default: 6)\n /\n digits?: Digits;\n\n /\n Time step in seconds (default: 30)\n * Used by TOTP strategy\n /\n period?: number;\n\n /\n Counter value (default: 0)\n * Used by HOTP strategy\n /\n counter?: number;\n};\n\n/\n OTP Class\n \n A wrapper class that dynamically handles TOTP and HOTP strategies.\n \n @example\n * ```ts\n * import { OTP } from 'otplib';\n \n // Create OTP instance with TOTP strategy (default)\n * const otp = new OTP({ strategy: 'totp' });\n \n // Generate and verify\n * const secret = otp.generateSecret();\n * const token = await otp.generate({ secret });\n * const result = await otp.verify({ secret, token });\n * ```\n \n @example With HOTP strategy\n * ```ts\n * import { OTP } from 'otplib';\n \n const otp = new OTP({ strategy: 'hotp' });\n * const token = await otp.generate({ secret: 'ABC123', counter: 0 });\n * ```\n \n @example Generating otpauth:// URI for authenticator apps\n * ```ts\n * import { OTP } from 'otplib';\n \n const otp = new OTP({ strategy: 'totp' });\n * const uri = otp.generateURI({\n * issuer: 'MyApp',\n * label: 'user@example.com',\n * secret: 'ABC123',\n * });\n * ```\n /\nexport class OTP {\n private readonly strategy: OTPStrategy;\n private readonly crypto: CryptoPlugin;\n private readonly base32: Base32Plugin;\n private readonly guardrails: OTPGuardrails;\n\n constructor(options: OTPClassOptions = {}) {\n const {\n strategy = \"totp\",\n crypto = defaultCrypto,\n base32 = defaultBase32,\n guardrails,\n } = options;\n\n this.strategy = strategy;\n this.crypto = crypto;\n this.base32 = base32;\n this.guardrails = createGuardrails(guardrails);\n }\n\n /\n Get the current strategy\n /\n getStrategy(): OTPStrategy {\n return this.strategy;\n }\n\n /\n Generate a random secret key\n \n @param length - Number of random bytes (default: 20)\n * @returns Base32-encoded secret key\n /\n generateSecret(length: number = 20): string {\n return generateSecretCore({ crypto: this.crypto, base32: this.base32, length });\n }\n\n /\n Generate an OTP token based on the configured strategy\n \n @param options - Generation options\n * @returns OTP code\n /\n async generate(options: OTPGenerateOptions): Promise<string> {\n return functionalGenerate({\n ...options,\n strategy: this.strategy,\n crypto: this.crypto,\n base32: this.base32,\n guardrails: options.guardrails ?? this.guardrails,\n });\n }\n\n /\n Generate an OTP token based on the configured strategy synchronously\n \n @param options - Generation options\n * @returns OTP code\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n /\n generateSync(options: OTPGenerateOptions): string {\n return functionalGenerateSync({\n ...options,\n strategy: this.strategy,\n crypto: this.crypto,\n base32: this.base32,\n guardrails: options.guardrails ?? this.guardrails,\n });\n }\n\n /\n Verify an OTP token based on the configured strategy\n \n @param options - Verification options\n * @returns Verification result with validity and optional delta\n /\n async verify(options: OTPVerifyOptions): Promise<VerifyResult> {\n return functionalVerify({\n ...options,\n strategy: this.strategy,\n crypto: this.crypto,\n base32: this.base32,\n guardrails: options.guardrails ?? this.guardrails,\n });\n }\n\n /\n Verify an OTP token based on the configured strategy synchronously\n \n @param options - Verification options\n * @returns Verification result with validity and optional delta\n * @throws {HMACError} If the crypto plugin doesn't support sync operations\n /\n verifySync(options: OTPVerifyOptions): VerifyResult {\n return functionalVerifySync({\n ...options,\n strategy: this.strategy,\n crypto: this.crypto,\n base32: this.base32,\n guardrails: options.guardrails ?? this.guardrails,\n });\n }\n\n /\n Generate an otpauth:// URI for QR code generation\n \n Supports both TOTP and HOTP strategies.\n \n @param options - URI generation options\n * @returns otpauth:// URI string\n */\n generateURI(options: OTPURIGenerateOptions): string {\n return functionalGenerateURI({\n ...options,\n strategy: this.strategy,\n });\n }\n}\n"],"mappings":"yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,mEAAAE,EAAA,+GAAAC,EAAA,mBAAAC,EAAA,iBAAAC,EAAA,gBAAAC,EAAA,6CAAAC,EAAA,eAAAC,EAAA,mFAAAC,EAAAT,GCAA,IAAAU,EAAyE,wBACzEC,EAKO,wBACPC,EAKO,wBACPC,EAAgF,uBCNhF,IAAAC,EAAiC,wBACjCC,EAAwC,uCACxCC,EAAwC,uCAWjC,SAASC,EACdC,EACgC,CAChC,MAAO,CACL,OAAQA,EAAQ,OAChB,SAAUA,EAAQ,UAAY,OAC9B,OAAQA,EAAQ,QAAU,EAAAC,OAC1B,OAAQD,EAAQ,QAAU,EAAAE,OAC1B,UAAWF,EAAQ,WAAa,OAChC,OAAQA,EAAQ,QAAU,EAC1B,OAAQA,EAAQ,QAAU,GAC1B,MAAOA,EAAQ,OAAS,KAAK,MAAM,KAAK,IAAI,EAAI,GAAI,EACpD,GAAIA,EAAQ,IAAM,EAClB,QAASA,EAAQ,QACjB,WAAYA,EAAQ,eAAc,oBAAiB,EACnD,MAAOA,EAAQ,KACjB,CACF,CAEO,SAASG,EAAuBH,EAAyD,CAC9F,MAAO,CACL,GAAGD,EAAyBC,CAAO,EACnC,MAAOA,EAAQ,MACf,eAAgBA,EAAQ,gBAAkB,EAC1C,iBAAkBA,EAAQ,kBAAoB,EAC9C,cAAeA,EAAQ,aACzB,CACF,CDXA,SAASI,EACPC,EACAC,EACAC,EACG,CACH,GAAIF,IAAa,OACf,OAAOE,EAAS,KAAK,EAEvB,GAAIF,IAAa,OAAQ,CACvB,GAAIC,IAAY,OACd,MAAM,IAAI,qBACR,kFACF,EAEF,OAAOC,EAAS,KAAKD,CAAO,CAC9B,CACA,MAAM,IAAI,qBACR,yBAAyBD,CAAQ,0CACnC,CACF,CA4BO,SAASG,EAAeC,EAgBpB,CACT,GAAM,CAAE,OAAAC,EAAS,EAAAC,OAAe,OAAAC,EAAS,EAAAC,OAAe,OAAAC,EAAS,EAAG,EAAIL,GAAW,CAAC,EAEpF,SAAO,EAAAM,gBAAmB,CAAE,OAAAL,EAAQ,OAAAE,EAAQ,OAAAE,CAAO,CAAC,CACtD,CAqCO,SAASE,EAAYP,EAkBjB,CACT,GAAM,CACJ,SAAAJ,EAAW,OACX,OAAAY,EACA,MAAAC,EACA,OAAAC,EACA,UAAAC,EAAY,OACZ,OAAAC,EAAS,EACT,OAAAC,EAAS,GACT,QAAAhB,CACF,EAAIG,EAEJ,OAAOL,EAAkBC,EAAUC,EAAS,CAC1C,KAAM,OAAM,EAAAiB,cAAgB,CAAE,OAAAN,EAAQ,MAAAC,EAAO,OAAAC,EAAQ,UAAAC,EAAW,OAAAC,EAAQ,OAAAC,CAAO,CAAC,EAChF,KAAOhB,MAAY,EAAAkB,cAAe,CAAE,OAAAP,EAAQ,MAAAC,EAAO,OAAAC,EAAQ,UAAAC,EAAW,OAAAC,EAAQ,QAAAf,CAAQ,CAAC,CACzF,CAAC,CACH,CA2CA,eAAsBmB,EAAShB,EAA8C,CAC3E,IAAMiB,EAAOC,EAAyBlB,CAAO,EACvC,CAAE,OAAAU,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAAIF,EACvDG,EAAgB,CAAE,OAAAV,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAEzE,OAAOxB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAI,UAAa,CACX,GAAGD,EACH,OAAQH,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAAyB,UAAa,CACX,GAAGF,EACH,QAAAvB,EACA,WAAYoB,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAqBO,SAASM,EAAavB,EAAqC,CAChE,IAAMiB,EAAOC,EAAyBlB,CAAO,EACvC,CAAE,OAAAU,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAAIK,EAChDG,EAAgB,CAAE,OAAAV,EAAQ,OAAAT,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,CAAO,EAElE,OAAOjB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAO,cAAiB,CACf,GAAGJ,EACH,OAAQH,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAA4B,cAAiB,CACf,GAAGL,EACH,QAAAvB,EACA,WAAYoB,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAiDA,eAAsBS,EAAO1B,EAAkD,CAC7E,IAAMiB,EAAOU,EAAuB3B,CAAO,EACrC,CAAE,OAAAU,EAAQ,MAAAkB,EAAO,OAAA3B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAAIF,EAC9DG,EAAgB,CAAE,OAAAV,EAAQ,MAAAkB,EAAO,OAAA3B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAEhF,OAAOxB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAY,QAAW,CACT,GAAGT,EACH,OAAQH,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,eAAgBA,EAAK,eACrB,cAAeA,EAAK,cACpB,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAAiC,QAAW,CACT,GAAGV,EACH,QAAAvB,EACA,iBAAkBoB,EAAK,iBACvB,WAAYA,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CAsBO,SAASc,EAAW/B,EAAyC,CAClE,IAAMiB,EAAOU,EAAuB3B,CAAO,EACrC,CAAE,OAAAU,EAAQ,MAAAkB,EAAO,OAAA3B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAAIF,EAC9DG,EAAgB,CAAE,OAAAV,EAAQ,MAAAkB,EAAO,OAAA3B,EAAQ,OAAAE,EAAQ,UAAAQ,EAAW,OAAAC,EAAQ,MAAAO,CAAM,EAEhF,OAAOxB,EAAkBsB,EAAK,SAAUA,EAAK,QAAS,CACpD,KAAM,OACJ,EAAAe,YAAe,CACb,GAAGZ,EACH,OAAQH,EAAK,OACb,MAAOA,EAAK,MACZ,GAAIA,EAAK,GACT,eAAgBA,EAAK,eACrB,cAAeA,EAAK,cACpB,WAAYA,EAAK,UACnB,CAAC,EACH,KAAOpB,MACL,EAAAoC,YAAe,CACb,GAAGb,EACH,QAAAvB,EACA,iBAAkBoB,EAAK,iBACvB,WAAYA,EAAK,UACnB,CAAC,CACL,CAAC,CACH,CEzYA,IAAAiB,EAAuE,wBAwRhE,IAAMC,EAAN,KAAU,CACE,SACA,OACA,OACA,WAEjB,YAAYC,EAA2B,CAAC,EAAG,CACzC,GAAM,CACJ,SAAAC,EAAW,OACX,OAAAC,EAAS,EAAAC,OACT,OAAAC,EAAS,EAAAC,OACT,WAAAC,CACF,EAAIN,EAEJ,KAAK,SAAWC,EAChB,KAAK,OAASC,EACd,KAAK,OAASE,EACd,KAAK,cAAa,oBAAiBE,CAAU,CAC/C,CAKA,aAA2B,CACzB,OAAO,KAAK,QACd,CAQA,eAAeC,EAAiB,GAAY,CAC1C,SAAO,EAAAC,gBAAmB,CAAE,OAAQ,KAAK,OAAQ,OAAQ,KAAK,OAAQ,OAAAD,CAAO,CAAC,CAChF,CAQA,MAAM,SAASP,EAA8C,CAC3D,OAAOS,EAAmB,CACxB,GAAGT,EACH,SAAU,KAAK,SACf,OAAQ,KAAK,OACb,OAAQ,KAAK,OACb,WAAYA,EAAQ,YAAc,KAAK,UACzC,CAAC,CACH,CASA,aAAaA,EAAqC,CAChD,OAAOU,EAAuB,CAC5B,GAAGV,EACH,SAAU,KAAK,SACf,OAAQ,KAAK,OACb,OAAQ,KAAK,OACb,WAAYA,EAAQ,YAAc,KAAK,UACzC,CAAC,CACH,CAQA,MAAM,OAAOA,EAAkD,CAC7D,OAAOW,EAAiB,CACtB,GAAGX,EACH,SAAU,KAAK,SACf,OAAQ,KAAK,OACb,OAAQ,KAAK,OACb,WAAYA,EAAQ,YAAc,KAAK,UACzC,CAAC,CACH,CASA,WAAWA,EAAyC,CAClD,OAAOY,EAAqB,CAC1B,GAAGZ,EACH,SAAU,KAAK,SACf,OAAQ,KAAK,OACb,OAAQ,KAAK,OACb,WAAYA,EAAQ,YAAc,KAAK,UACzC,CAAC,CACH,CAUA,YAAYA,EAAwC,CAClD,OAAOa,EAAsB,CAC3B,GAAGb,EACH,SAAU,KAAK,QACjB,CAAC,CACH,CACF,EHhXA,IAAAc,EAAqB,wBACrBC,EAAqB,wBAErBC,EAA6E,wBAG7EC,EAAkC,uCAClCC,EAAkC","names":["src_exports","__export","OTP","generate","generateSecret","generateSync","generateURI","verify","verifySync","__toCommonJS","import_core","import_hotp","import_totp","import_uri","import_core","import_plugin_base32_scure","import_plugin_crypto_noble","normalizeGenerateOptions","options","defaultCrypto","defaultBase32","normalizeVerifyOptions","executeByStrategy","strategy","counter","handlers","generateSecret","options","crypto","defaultCrypto","base32","defaultBase32","length","generateSecretCore","generateURI","issuer","label","secret","algorithm","digits","period","generateTOTPURI","generateHOTURI","generate","opts","normalizeGenerateOptions","hooks","commonOptions","generateTOTP","generateHOTP","generateSync","generateTOTPSync","generateHOTPSync","verify","normalizeVerifyOptions","token","verifyTOTP","verifyHOTP","verifySync","verifyTOTPSync","verifyHOTPSync","import_core","OTP","options","strategy","crypto","defaultCrypto","base32","defaultBase32","guardrails","length","generateSecretCore","generate","generateSync","verify","verifySync","generateURI","import_hotp","import_totp","import_core","import_plugin_crypto_noble","import_plugin_base32_scure"]}

package/dist/index.d.cts CHANGED Viewed

@@ -1,7 +1,7 @@
-export { O as OTPAuthOptions, a as OTPFunctionalOptions, c as OTPStrategy, b as OTPVerifyFunctionalOptions } from './types-Bap9LCID.cjs';
+export { O as OTPAuthOptions, a as OTPFunctionalOptions, b as OTPStrategy, c as OTPVerifyFunctionalOptions } from './types-BBT_82HF.cjs';
 export { generate, generateSecret, generateSync, generateURI, verify, verifySync } from './functional.cjs';
 export { OTP, OTPClassOptions, OTPGenerateOptions, OTPURIGenerateOptions, OTPVerifyOptions } from './class.cjs';
-export { Base32Plugin, CryptoPlugin, HashAlgorithm, OTPGuardrails, OTPResult, createGuardrails, stringToBytes, wrapResult, wrapResultAsync } from '@otplib/core';
+export { Base32Plugin, CryptoPlugin, HashAlgorithm, OTPGuardrails, OTPGuardrailsConfig, OTPResult, createGuardrails, stringToBytes, wrapResult, wrapResultAsync } from '@otplib/core';
 export { TOTP, TOTPOptions, VerifyResult } from '@otplib/totp';
 export { HOTP } from '@otplib/hotp';
 export { NobleCryptoPlugin } from '@otplib/plugin-crypto-noble';

package/dist/index.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
-export { O as OTPAuthOptions, a as OTPFunctionalOptions, c as OTPStrategy, b as OTPVerifyFunctionalOptions } from './types-Bap9LCID.js';
+export { O as OTPAuthOptions, a as OTPFunctionalOptions, b as OTPStrategy, c as OTPVerifyFunctionalOptions } from './types-BBT_82HF.js';
 export { generate, generateSecret, generateSync, generateURI, verify, verifySync } from './functional.js';
 export { OTP, OTPClassOptions, OTPGenerateOptions, OTPURIGenerateOptions, OTPVerifyOptions } from './class.js';
-export { Base32Plugin, CryptoPlugin, HashAlgorithm, OTPGuardrails, OTPResult, createGuardrails, stringToBytes, wrapResult, wrapResultAsync } from '@otplib/core';
+export { Base32Plugin, CryptoPlugin, HashAlgorithm, OTPGuardrails, OTPGuardrailsConfig, OTPResult, createGuardrails, stringToBytes, wrapResult, wrapResultAsync } from '@otplib/core';
 export { TOTP, TOTPOptions, VerifyResult } from '@otplib/totp';
 export { HOTP } from '@otplib/hotp';
 export { NobleCryptoPlugin } from '@otplib/plugin-crypto-noble';

package/dist/index.global.js ADDED Viewed

@@ -0,0 +1,10 @@
+"use strict";var otplib=(()=>{var Rt=Object.defineProperty;var Nr=Object.getOwnPropertyDescriptor;var $r=Object.getOwnPropertyNames;var qr=Object.prototype.hasOwnProperty;var Fr=(t,e)=>{for(var r in e)Rt(t,r,{get:e[r],enumerable:!0})},jr=(t,e,r,o)=>{if(e&&typeof e=="object"||typeof e=="function")for(let n of $r(e))!qr.call(t,n)&&n!==r&&Rt(t,n,{get:()=>e[n],enumerable:!(o=Nr(e,n))||o.enumerable});return t};var Wr=t=>jr(Rt({},"__esModule",{value:!0}),t);var un={};Fr(un,{HOTP:()=>Ne,NobleCryptoPlugin:()=>Ke,OTP:()=>wt,ScureBase32Plugin:()=>je,TOTP:()=>qe,createGuardrails:()=>m,generate:()=>Tt,generateSecret:()=>Lr,generateSync:()=>Ot,generateURI:()=>bt,stringToBytes:()=>De,verify:()=>Et,verifySync:()=>Pt,wrapResult:()=>_t,wrapResultAsync:()=>Gt});var P=class extends Error{constructor(e,r){super(e,r),this.name="OTPError"}},oe=class extends P{constructor(e){super(e),this.name="SecretError"}},se=class extends oe{constructor(e,r){super(`Secret must be at least ${e} bytes (${e*8} bits), got ${r} bytes`),this.name="SecretTooShortError"}},ie=class extends oe{constructor(e,r){super(`Secret must not exceed ${e} bytes, got ${r} bytes`),this.name="SecretTooLongError"}},K=class extends P{constructor(e){super(e),this.name="CounterError"}},ae=class extends K{constructor(){super("Counter must be non-negative"),this.name="CounterNegativeError"}},J=class extends K{constructor(){super("Counter exceeds maximum safe integer value"),this.name="CounterOverflowError"}},ce=class extends K{constructor(){super("Counter must be a finite integer"),this.name="CounterNotIntegerError"}},ue=class extends P{constructor(e){super(e),this.name="TimeError"}},le=class extends ue{constructor(){super("Time must be non-negative"),this.name="TimeNegativeError"}},pe=class extends ue{constructor(){super("Time must be a finite number"),this.name="TimeNotFiniteError"}},fe=class extends P{constructor(e){super(e),this.name="PeriodError"}},de=class extends fe{constructor(e){super(`Period must be at least ${e} second(s)`),this.name="PeriodTooSmallError"}},he=class extends fe{constructor(e){super(`Period must not exceed ${e} seconds`),this.name="PeriodTooLargeError"}};var ge=class extends P{constructor(e){super(e),this.name="TokenError"}},xe=class extends ge{constructor(e,r){super(`Token must be ${e} digits, got ${r}`),this.name="TokenLengthError"}},ye=class extends ge{constructor(){super("Token must contain only digits"),this.name="TokenFormatError"}},me=class extends P{constructor(e,r){super(e,r),this.name="CryptoError"}},v=class extends me{constructor(e,r){super(`HMAC computation failed: ${e}`,r),this.name="HMACError"}},be=class extends me{constructor(e,r){super(`Random byte generation failed: ${e}`,r),this.name="RandomBytesError"}};var V=class extends P{constructor(e){super(e),this.name="CounterToleranceError"}},Te=class extends V{constructor(e,r){super(`Counter tolerance validation failed: total checks (${r}) exceeds MAX_WINDOW (${e})`),this.name="CounterToleranceTooLargeError"}},Oe=class extends V{constructor(){super("Counter tolerance cannot contain negative values"),this.name="CounterToleranceNegativeError"}},N=class extends P{constructor(e){super(e),this.name="EpochToleranceError"}},Ee=class extends N{constructor(){super("Epoch tolerance cannot contain negative values"),this.name="EpochToleranceNegativeError"}},Pe=class extends N{constructor(e,r){super(`Epoch tolerance must not exceed ${e} seconds, got ${r}. Large tolerances can cause performance issues.`),this.name="EpochToleranceTooLargeError"}},we=class extends P{constructor(e){super(e),this.name="PluginError"}},Ae=class extends we{constructor(){super("Crypto plugin is required."),this.name="CryptoPluginMissingError"}},Se=class extends we{constructor(){super("Base32 plugin is required."),this.name="Base32PluginMissingError"}},T=class extends P{constructor(e){super(e),this.name="ConfigurationError"}},Ce=class extends T{constructor(){super("Secret is required. Use generateSecret() to create one, or provide via { secret: 'YOUR_BASE32_SECRET' }"),this.name="SecretMissingError"}},Be=class extends T{constructor(){super("Label is required for URI generation. Example: { label: 'user@example.com' }"),this.name="LabelMissingError"}},Re=class extends T{constructor(){super("Issuer is required for URI generation. Example: { issuer: 'MyApp' }"),this.name="IssuerMissingError"}},Ie=class extends T{constructor(){super("Class API requires secret to be a Base32 string, not Uint8Array. Use generateSecret() or provide a Base32-encoded string."),this.name="SecretTypeError"}},Q=class extends P{constructor(e){super(e),this.name="AfterTimeStepError"}},He=class extends Q{constructor(){super("afterTimeStep must be >= 0"),this.name="AfterTimeStepNegativeError"}},Ue=class extends Q{constructor(){super("Invalid afterTimeStep: non-integer value"),this.name="AfterTimeStepNotIntegerError"}},ve=class extends Q{constructor(){super("Invalid afterTimeStep: cannot be greater than current time step plus window"),this.name="AfterTimeStepRangeExceededError"}};var Xr=new TextEncoder,hn=new TextDecoder,tr=16,rr=64,nr=20,or=1,sr=3600,ir=30,ar=Number.MAX_SAFE_INTEGER,cr=99,ur=Symbol("otplib.guardrails.override");function Z(t,e,r){if(typeof e!="number"||!Number.isSafeInteger(e))throw new T(`Guardrail '${t}' must be a safe integer`);if(e<r)throw new T(`Guardrail '${t}' must be >= ${r}`)}var $=Object.freeze({MIN_SECRET_BYTES:tr,MAX_SECRET_BYTES:rr,MIN_PERIOD:or,MAX_PERIOD:sr,MAX_COUNTER:ar,MAX_WINDOW:cr,[ur]:!1});function m(t){if(!t)return $;t.MIN_SECRET_BYTES!==void 0&&Z("MIN_SECRET_BYTES",t.MIN_SECRET_BYTES,1),t.MAX_SECRET_BYTES!==void 0&&Z("MAX_SECRET_BYTES",t.MAX_SECRET_BYTES,1),t.MIN_PERIOD!==void 0&&Z("MIN_PERIOD",t.MIN_PERIOD,1),t.MAX_PERIOD!==void 0&&Z("MAX_PERIOD",t.MAX_PERIOD,1),t.MAX_COUNTER!==void 0&&Z("MAX_COUNTER",t.MAX_COUNTER,0),t.MAX_WINDOW!==void 0&&Z("MAX_WINDOW",t.MAX_WINDOW,1);let e={...$,...t};if(e.MIN_SECRET_BYTES>e.MAX_SECRET_BYTES)throw new T("Guardrail 'MIN_SECRET_BYTES' must be <= 'MAX_SECRET_BYTES'");if(e.MIN_PERIOD>e.MAX_PERIOD)throw new T("Guardrail 'MIN_PERIOD' must be <= 'MAX_PERIOD'");return Object.freeze({...e,[ur]:!0})}function q(t,e=$){if(t.length<e.MIN_SECRET_BYTES)throw new se(e.MIN_SECRET_BYTES,t.length);if(t.length>e.MAX_SECRET_BYTES)throw new ie(e.MAX_SECRET_BYTES,t.length)}function et(t,e=$){if(typeof t=="number"){if(!Number.isFinite(t)||!Number.isInteger(t))throw new ce;if(!Number.isSafeInteger(t))throw new J}let r=typeof t=="bigint"?t:BigInt(t);if(r<0n)throw new ae;if(r>BigInt(e.MAX_COUNTER))throw new J}function tt(t){if(!Number.isFinite(t))throw new pe;if(t<0)throw new le}function rt(t,e=$){if(!Number.isInteger(t)||t<e.MIN_PERIOD)throw new de(e.MIN_PERIOD);if(t>e.MAX_PERIOD)throw new he(e.MAX_PERIOD)}function _e(t,e){if(t.length!==e)throw new xe(e,t.length);if(!/^\d+$/.test(t))throw new ye}function It(t,e=$){let[r,o]=st(t);if(!Number.isSafeInteger(r)||!Number.isSafeInteger(o))throw new V("Counter tolerance values must be safe integers");if(r<0||o<0)throw new Oe;let n=r+o+1;if(n>e.MAX_WINDOW)throw new Te(e.MAX_WINDOW,n)}function Ht(t,e=ir,r=$){let[o,n]=Array.isArray(t)?t:[t,t];if(!Number.isSafeInteger(o)||!Number.isSafeInteger(n))throw new N("Epoch tolerance values must be safe integers");if(o<0||n<0)throw new Ee;let s=(r.MAX_WINDOW-1)*e,i=o+n;if(i>s)throw new Pe(s,i)}function Ut(t){let e=typeof t=="bigint"?t:BigInt(t),r=new ArrayBuffer(8);return new DataView(r).setBigUint64(0,e,!1),new Uint8Array(r)}function nt(t){let e=t[t.length-1]&15;return(t[e]&127)<<24|t[e+1]<<16|t[e+2]<<8|t[e+3]}function ot(t,e){let r=10**e;return(t%r).toString().padStart(e,"0")}function lr(t,e){return t.length===e.length}function vt(t,e){let r=De(t),o=De(e);if(!lr(r,o))return!1;let n=0;for(let s=0;s<r.length;s++)n|=r[s]^o[s];return n===0}function De(t){return typeof t=="string"?Xr.encode(t):t}function F(t,e){return typeof t=="string"?(j(e),e.decode(t)):t}function I(t){let{crypto:e,base32:r,length:o=nr}=t;b(e),j(r);let n=e.randomBytes(o);return r.encode(n,{padding:!1})}function st(t=0){return Array.isArray(t)?t:[0,t]}function Dt(t=0){return Array.isArray(t)?t:[t,t]}function b(t){if(!t)throw new Ae}function j(t){if(!t)throw new Se}function O(t){if(!t)throw new Ce}function Ge(t){if(!t)throw new Be}function ke(t){if(!t)throw new Re}function Me(t){if(typeof t!="string")throw new Ie}function pr(t){return{ok:!0,value:t}}function fr(t){return{ok:!1,error:t}}function _t(t){return(...e)=>{try{return pr(t(...e))}catch(r){return fr(r)}}}function Gt(t){return async(...e)=>{try{return pr(await t(...e))}catch(r){return fr(r)}}}var it=class{constructor(e){this.crypto=e}get plugin(){return this.crypto}async hmac(e,r,o){try{let n=this.crypto.hmac(e,r,o);return n instanceof Promise?await n:n}catch(n){let s=n instanceof Error?n.message:String(n);throw new v(s,{cause:n})}}hmacSync(e,r,o){try{let n=this.crypto.hmac(e,r,o);if(n instanceof Promise)throw new v("Crypto plugin does not support synchronous HMAC operations");return n}catch(n){if(n instanceof v)throw n;let s=n instanceof Error?n.message:String(n);throw new v(s,{cause:n})}}randomBytes(e){try{return this.crypto.randomBytes(e)}catch(r){let o=r instanceof Error?r.message:String(r);throw new be(o,{cause:r})}}};function kt(t){return new it(t)}function Mt(t){let{type:e,label:r,params:o}=t,n=r.split(":").map(a=>encodeURIComponent(a)).join(":"),s=`otpauth://${e}/${n}?`,i=[];return o.secret&&i.push(`secret=${encodeURIComponent(o.secret)}`),o.issuer&&i.push(`issuer=${encodeURIComponent(o.issuer)}`),o.algorithm&&o.algorithm!=="sha1"&&i.push(`algorithm=${o.algorithm.toUpperCase()}`),o.digits&&o.digits!==6&&i.push(`digits=${o.digits}`),e==="hotp"&&o.counter!==void 0&&i.push(`counter=${o.counter}`),e==="totp"&&o.period!==void 0&&o.period!==30&&i.push(`period=${o.period}`),s+=i.join("&"),s}function Le(t){let{issuer:e,label:r,secret:o,algorithm:n="sha1",digits:s=6,period:i=30}=t,a=e?`${e}:${r}`:r;return Mt({type:"totp",label:a,params:{secret:o,issuer:e,algorithm:n,digits:s,period:i}})}function Ve(t){let{issuer:e,label:r,secret:o,counter:n=0,algorithm:s="sha1",digits:i=6}=t,a=e?`${e}:${r}`:r;return Mt({type:"hotp",label:a,params:{secret:o,issuer:e,algorithm:s,digits:i,counter:n}})}var Ne=class{options;guardrails;constructor(e={}){this.options=e,this.guardrails=m(e.guardrails)}generateSecret(){let{crypto:e,base32:r}=this.options;return b(e),j(r),I({crypto:e,base32:r})}async generate(e,r){let o={...this.options,...r},{secret:n,crypto:s,base32:i,algorithm:a="sha1",digits:c=6}=o;O(n),b(s);let u=r?.guardrails??this.guardrails;return W({secret:n,counter:e,algorithm:a,digits:c,crypto:s,base32:i,guardrails:u,hooks:o.hooks})}async verify(e,r){let o={...this.options,...r},{secret:n,crypto:s,base32:i,algorithm:a="sha1",digits:c=6,counterTolerance:u=0}=o;O(n),b(s);let l=r?.guardrails??this.guardrails;return at({secret:n,token:e.token,counter:e.counter,algorithm:a,digits:c,counterTolerance:u,crypto:s,base32:i,guardrails:l,hooks:o.hooks})}toURI(e=0){let{issuer:r,label:o,secret:n,algorithm:s="sha1",digits:i=6}=this.options;return O(n),Ge(o),ke(r),Me(n),Ve({issuer:r,label:o,secret:n,algorithm:s,digits:i,counter:e})}};function dr(t){let{secret:e,counter:r,algorithm:o="sha1",digits:n=6,crypto:s,base32:i,guardrails:a,hooks:c}=t;O(e),b(s);let u=F(e,i);q(u,a),et(r,a);let l=kt(s),p=Ut(r);return{ctx:l,algorithm:o,digits:n,secretBytes:u,counterBytes:p,hooks:c}}async function W(t){let{ctx:e,algorithm:r,digits:o,secretBytes:n,counterBytes:s,hooks:i}=dr(t),a=await e.hmac(r,n,s),c=i?.truncateDigest?i.truncateDigest(a):nt(a);return i?.encodeToken?i.encodeToken(c,o):ot(c,o)}function $e(t){let{ctx:e,algorithm:r,digits:o,secretBytes:n,counterBytes:s,hooks:i}=dr(t),a=e.hmacSync(r,n,s),c=i?.truncateDigest?i.truncateDigest(a):nt(a);return i?.encodeToken?i.encodeToken(c,o):ot(c,o)}function hr(t){let{secret:e,counter:r,token:o,algorithm:n="sha1",digits:s=6,crypto:i,base32:a,counterTolerance:c=0,guardrails:u=m(),hooks:l}=t;O(e),b(i);let p=F(e,a);q(p,u),et(r,u),l?.validateToken?l.validateToken(o,s):_e(o,s),It(c,u);let f=typeof r=="bigint"?Number(r):r,[h,g]=st(c),x=h+g+1;return{token:o,counterNum:f,past:h,future:g,totalChecks:x,crypto:i,getGenerateOptions:E=>({secret:p,counter:E,algorithm:n,digits:s,crypto:i,guardrails:u,hooks:l})}}async function at(t){let{token:e,counterNum:r,past:o,totalChecks:n,crypto:s,getGenerateOptions:i}=hr(t),a=Math.max(0,o-r);for(let c=a;c<n;c++){let u=c-o,l=r+u,p=await W(i(l));if(s.constantTimeEqual(p,e))return{valid:!0,delta:u|0}}return{valid:!1}}function gr(t){let{token:e,counterNum:r,past:o,totalChecks:n,crypto:s,getGenerateOptions:i}=hr(t),a=Math.max(0,o-r);for(let c=a;c<n;c++){let u=c-o,l=r+u,p=$e(i(l));if(s.constantTimeEqual(p,e))return{valid:!0,delta:u|0}}return{valid:!1}}var qe=class{options;guardrails;constructor(e={}){this.options=e,this.guardrails=m(e.guardrails)}generateSecret(){let{crypto:e,base32:r}=this.options;return b(e),j(r),I({crypto:e,base32:r})}async generate(e){let r={...this.options,...e},{secret:o,crypto:n,base32:s,algorithm:i="sha1",digits:a=6,period:c=30,epoch:u,t0:l=0}=r;O(o),b(n);let p=e?.guardrails??this.guardrails;return Fe({secret:o,algorithm:i,digits:a,period:c,epoch:u??Math.floor(Date.now()/1e3),t0:l,crypto:n,base32:s,guardrails:p,hooks:r.hooks})}async verify(e,r){let o={...this.options,...r},{secret:n,crypto:s,base32:i,algorithm:a="sha1",digits:c=6,period:u=30,epoch:l,t0:p=0,epochTolerance:f=0,afterTimeStep:h}=o;O(n),b(s);let g=r?.guardrails??this.guardrails;return ct({secret:n,token:e,algorithm:a,digits:c,period:u,epoch:l??Math.floor(Date.now()/1e3),t0:p,epochTolerance:f,afterTimeStep:h,crypto:s,base32:i,guardrails:g,hooks:o.hooks})}toURI(e){let{issuer:r,label:o,secret:n,algorithm:s="sha1",digits:i=6,period:a=30}=this.options,c=e?.label??o,u=e?.issuer??r,l=e?.secret??n;return O(l),Ge(c),ke(u),Me(l),Le({issuer:u,label:c,secret:l,algorithm:s,digits:i,period:a})}};function xr(t){let{secret:e,epoch:r=Math.floor(Date.now()/1e3),t0:o=0,period:n=30,algorithm:s="sha1",digits:i=6,crypto:a,base32:c,guardrails:u=m(),hooks:l}=t;O(e),b(a);let p=F(e,c);q(p,u),tt(r),rt(n,u);let f=Math.floor((r-o)/n);return{secret:p,counter:f,algorithm:s,digits:i,crypto:a,guardrails:u,hooks:l}}async function Fe(t){let e=xr(t);return W(e)}function Lt(t){let e=xr(t);return $e(e)}function Yr(t,e){if(t!==void 0){if(t<0)throw new He;if(!Number.isSafeInteger(t))throw new Ue;if(t>e)throw new ve}}function yr(t,e){return e!==void 0&&t<=e}function mr(t){let{secret:e,token:r,epoch:o=Math.floor(Date.now()/1e3),t0:n=0,period:s=30,algorithm:i="sha1",digits:a=6,crypto:c,base32:u,epochTolerance:l=0,afterTimeStep:p,guardrails:f=m(),hooks:h}=t;O(e),b(c);let g=F(e,u);q(g,f),tt(o),rt(s,f),h?.validateToken?h.validateToken(r,a):_e(r,a),Ht(l,s,f);let x=Math.floor((o-n)/s),[E,M]=Dt(l),L=Math.max(0,Math.floor((o-E-n)/s)),d=Math.floor((o+M-n)/s);return Yr(p,d),{token:r,crypto:c,minCounter:L,maxCounter:d,currentCounter:x,t0:n,period:s,afterTimeStep:p,getGenerateOptions:S=>({secret:g,epoch:S*s+n,t0:n,period:s,algorithm:i,digits:a,crypto:c,guardrails:f,hooks:h})}}async function ct(t){let{token:e,crypto:r,minCounter:o,maxCounter:n,currentCounter:s,t0:i,period:a,afterTimeStep:c,getGenerateOptions:u}=mr(t);for(let l=o;l<=n;l++){if(yr(l,c))continue;let p=await Fe(u(l));if(r.constantTimeEqual(p,e))return{valid:!0,delta:l-s,epoch:l*a+i,timeStep:l}}return{valid:!1}}function br(t){let{token:e,crypto:r,minCounter:o,maxCounter:n,currentCounter:s,t0:i,period:a,afterTimeStep:c,getGenerateOptions:u}=mr(t);for(let l=o;l<=n;l++){if(yr(l,c))continue;let p=Lt(u(l));if(r.constantTimeEqual(p,e))return{valid:!0,delta:l-s,epoch:l*a+i,timeStep:l}}return{valid:!1}}function zr(t){return t instanceof Uint8Array||ArrayBuffer.isView(t)&&t.constructor.name==="Uint8Array"}function Or(t,e){return Array.isArray(e)?e.length===0?!0:t?e.every(r=>typeof r=="string"):e.every(r=>Number.isSafeInteger(r)):!1}function ut(t,e){if(typeof e!="string")throw new Error(`${t}: string expected`);return!0}function $t(t){if(!Number.isSafeInteger(t))throw new Error(`invalid integer: ${t}`)}function Nt(t){if(!Array.isArray(t))throw new Error("array expected")}function lt(t,e){if(!Or(!0,e))throw new Error(`${t}: array of strings expected`)}function Kr(t,e){if(!Or(!1,e))throw new Error(`${t}: array of numbers expected`)}function Jr(...t){let e=s=>s,r=(s,i)=>a=>s(i(a)),o=t.map(s=>s.encode).reduceRight(r,e),n=t.map(s=>s.decode).reduce(r,e);return{encode:o,decode:n}}function Qr(t){let e=typeof t=="string"?t.split(""):t,r=e.length;lt("alphabet",e);let o=new Map(e.map((n,s)=>[n,s]));return{encode:n=>(Nt(n),n.map(s=>{if(!Number.isSafeInteger(s)||s<0||s>=r)throw new Error(`alphabet.encode: digit index outside alphabet "${s}". Allowed: ${t}`);return e[s]})),decode:n=>(Nt(n),n.map(s=>{ut("alphabet.decode",s);let i=o.get(s);if(i===void 0)throw new Error(`Unknown letter: "${s}". Allowed: ${t}`);return i}))}}function Zr(t=""){return ut("join",t),{encode:e=>(lt("join.decode",e),e.join(t)),decode:e=>(ut("join.decode",e),e.split(t))}}function en(t,e="="){return $t(t),ut("padding",e),{encode(r){for(lt("padding.encode",r);r.length*t%8;)r.push(e);return r},decode(r){lt("padding.decode",r);let o=r.length;if(o*t%8)throw new Error("padding: invalid, string should have whole number of bytes");for(;o>0&&r[o-1]===e;o--)if((o-1)*t%8===0)throw new Error("padding: invalid, string has too much padding");return r.slice(0,o)}}}var Er=(t,e)=>e===0?t:Er(e,t%e),pt=(t,e)=>t+(e-Er(t,e)),Vt=(()=>{let t=[];for(let e=0;e<40;e++)t.push(2**e);return t})();function Tr(t,e,r,o){if(Nt(t),e<=0||e>32)throw new Error(`convertRadix2: wrong from=${e}`);if(r<=0||r>32)throw new Error(`convertRadix2: wrong to=${r}`);if(pt(e,r)>32)throw new Error(`convertRadix2: carry overflow from=${e} to=${r} carryBits=${pt(e,r)}`);let n=0,s=0,i=Vt[e],a=Vt[r]-1,c=[];for(let u of t){if($t(u),u>=i)throw new Error(`convertRadix2: invalid data word=${u} from=${e}`);if(n=n<<e|u,s+e>32)throw new Error(`convertRadix2: carry overflow pos=${s} from=${e}`);for(s+=e;s>=r;s-=r)c.push((n>>s-r&a)>>>0);let l=Vt[s];if(l===void 0)throw new Error("invalid carry");n&=l-1}if(n=n<<r-s&a,!o&&s>=e)throw new Error("Excess padding");if(!o&&n>0)throw new Error(`Non-zero padding: ${n}`);return o&&s>0&&c.push(n>>>0),c}function tn(t,e=!1){if($t(t),t<=0||t>32)throw new Error("radix2: bits should be in (0..32]");if(pt(8,t)>32||pt(t,8)>32)throw new Error("radix2: carry overflow");return{encode:r=>{if(!zr(r))throw new Error("radix2.encode input should be Uint8Array");return Tr(Array.from(r),8,t,!e)},decode:r=>(Kr("radix2.decode",r),Uint8Array.from(Tr(r,t,8,e)))}}var qt=Jr(tn(5),Qr("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"),en(5),Zr(""));var je=class{name="scure";encode(e,r={}){let{padding:o=!1}=r,n=qt.encode(e);return o?n:n.replace(/=+$/,"")}decode(e){try{let r=e.toUpperCase(),o=r.padEnd(Math.ceil(r.length/8)*8,"=");return qt.decode(o)}catch(r){throw r instanceof Error?new Error(`Invalid Base32 string: ${r.message}`):new Error("Invalid Base32 string")}}},ee=Object.freeze(new je);function rn(t){return t instanceof Uint8Array||ArrayBuffer.isView(t)&&t.constructor.name==="Uint8Array"}function Pr(t,e=""){if(!Number.isSafeInteger(t)||t<0){let r=e&&`"${e}" `;throw new Error(`${r}expected integer >= 0, got ${t}`)}}function te(t,e,r=""){let o=rn(t),n=t?.length,s=e!==void 0;if(!o||s&&n!==e){let i=r&&`"${r}" `,a=s?` of length ${e}`:"",c=o?`length=${n}`:`type=${typeof t}`;throw new Error(i+"expected Uint8Array"+a+", got "+c)}return t}function wr(t){if(typeof t!="function"||typeof t.create!="function")throw new Error("Hash must wrapped by utils.createHasher");Pr(t.outputLen),Pr(t.blockLen)}function re(t,e=!0){if(t.destroyed)throw new Error("Hash instance has been destroyed");if(e&&t.finished)throw new Error("Hash#digest() has already been called")}function Ar(t,e){te(t,void 0,"digestInto() output");let r=e.outputLen;if(t.length<r)throw new Error('"digestInto() output" expected to be of length >='+r)}function w(...t){for(let e=0;e<t.length;e++)t[e].fill(0)}function ft(t){return new DataView(t.buffer,t.byteOffset,t.byteLength)}function A(t,e){return t<<32-e|t>>>e}function dt(t,e){return t<<e|t>>>32-e>>>0}function We(t,e={}){let r=(n,s)=>t(s).update(n).digest(),o=t(void 0);return r.outputLen=o.outputLen,r.blockLen=o.blockLen,r.create=n=>t(n),Object.assign(r,e),Object.freeze(r)}function Sr(t=32){let e=typeof globalThis=="object"?globalThis.crypto:null;if(typeof e?.getRandomValues!="function")throw new Error("crypto.getRandomValues must be defined");return e.getRandomValues(new Uint8Array(t))}var Ft=t=>({oid:Uint8Array.from([6,9,96,134,72,1,101,3,4,2,t])});var ht=class{oHash;iHash;blockLen;outputLen;finished=!1;destroyed=!1;constructor(e,r){if(wr(e),te(r,void 0,"key"),this.iHash=e.create(),typeof this.iHash.update!="function")throw new Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;let o=this.blockLen,n=new Uint8Array(o);n.set(r.length>o?e.create().update(r).digest():r);for(let s=0;s<n.length;s++)n[s]^=54;this.iHash.update(n),this.oHash=e.create();for(let s=0;s<n.length;s++)n[s]^=106;this.oHash.update(n),w(n)}update(e){return re(this),this.iHash.update(e),this}digestInto(e){re(this),te(e,this.outputLen,"output"),this.finished=!0,this.iHash.digestInto(e),this.oHash.update(e),this.oHash.digestInto(e),this.destroy()}digest(){let e=new Uint8Array(this.oHash.outputLen);return this.digestInto(e),e}_cloneInto(e){e||=Object.create(Object.getPrototypeOf(this),{});let{oHash:r,iHash:o,finished:n,destroyed:s,blockLen:i,outputLen:a}=this;return e=e,e.finished=n,e.destroyed=s,e.blockLen=i,e.outputLen=a,e.oHash=r._cloneInto(e.oHash),e.iHash=o._cloneInto(e.iHash),e}clone(){return this._cloneInto()}destroy(){this.destroyed=!0,this.oHash.destroy(),this.iHash.destroy()}},jt=(t,e,r)=>new ht(t,e).update(r).digest();jt.create=(t,e)=>new ht(t,e);function gt(t,e,r){return t&e^~t&r}function xt(t,e,r){return t&e^t&r^e&r}var X=class{blockLen;outputLen;padOffset;isLE;buffer;view;finished=!1;length=0;pos=0;destroyed=!1;constructor(e,r,o,n){this.blockLen=e,this.outputLen=r,this.padOffset=o,this.isLE=n,this.buffer=new Uint8Array(e),this.view=ft(this.buffer)}update(e){re(this),te(e);let{view:r,buffer:o,blockLen:n}=this,s=e.length;for(let i=0;i<s;){let a=Math.min(n-this.pos,s-i);if(a===n){let c=ft(e);for(;n<=s-i;i+=n)this.process(c,i);continue}o.set(e.subarray(i,i+a),this.pos),this.pos+=a,i+=a,this.pos===n&&(this.process(r,0),this.pos=0)}return this.length+=e.length,this.roundClean(),this}digestInto(e){re(this),Ar(e,this),this.finished=!0;let{buffer:r,view:o,blockLen:n,isLE:s}=this,{pos:i}=this;r[i++]=128,w(this.buffer.subarray(i)),this.padOffset>n-i&&(this.process(o,0),i=0);for(let p=i;p<n;p++)r[p]=0;o.setBigUint64(n-8,BigInt(this.length*8),s),this.process(o,0);let a=ft(e),c=this.outputLen;if(c%4)throw new Error("_sha2: outputLen must be aligned to 32bit");let u=c/4,l=this.get();if(u>l.length)throw new Error("_sha2: outputLen bigger than state");for(let p=0;p<u;p++)a.setUint32(4*p,l[p],s)}digest(){let{buffer:e,outputLen:r}=this;this.digestInto(e);let o=e.slice(0,r);return this.destroy(),o}_cloneInto(e){e||=new this.constructor,e.set(...this.get());let{blockLen:r,buffer:o,length:n,finished:s,destroyed:i,pos:a}=this;return e.destroyed=i,e.finished=s,e.length=n,e.pos=a,n%r&&e.buffer.set(o),e}clone(){return this._cloneInto()}},H=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]);var y=Uint32Array.from([1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209]);var Xe=Uint32Array.from([1732584193,4023233417,2562383102,271733878,3285377520]),D=new Uint32Array(80),Wt=class extends X{A=Xe[0]|0;B=Xe[1]|0;C=Xe[2]|0;D=Xe[3]|0;E=Xe[4]|0;constructor(){super(64,20,8,!1)}get(){let{A:e,B:r,C:o,D:n,E:s}=this;return[e,r,o,n,s]}set(e,r,o,n,s){this.A=e|0,this.B=r|0,this.C=o|0,this.D=n|0,this.E=s|0}process(e,r){for(let c=0;c<16;c++,r+=4)D[c]=e.getUint32(r,!1);for(let c=16;c<80;c++)D[c]=dt(D[c-3]^D[c-8]^D[c-14]^D[c-16],1);let{A:o,B:n,C:s,D:i,E:a}=this;for(let c=0;c<80;c++){let u,l;c<20?(u=gt(n,s,i),l=1518500249):c<40?(u=n^s^i,l=1859775393):c<60?(u=xt(n,s,i),l=2400959708):(u=n^s^i,l=3395469782);let p=dt(o,5)+u+a+l+D[c]|0;a=i,i=s,s=dt(n,30),n=o,o=p}o=o+this.A|0,n=n+this.B|0,s=s+this.C|0,i=i+this.D|0,a=a+this.E|0,this.set(o,n,s,i,a)}roundClean(){w(D)}destroy(){this.set(0,0,0,0,0),w(this.buffer)}},Cr=We(()=>new Wt);var yt=BigInt(4294967295),Br=BigInt(32);function nn(t,e=!1){return e?{h:Number(t&yt),l:Number(t>>Br&yt)}:{h:Number(t>>Br&yt)|0,l:Number(t&yt)|0}}function Rr(t,e=!1){let r=t.length,o=new Uint32Array(r),n=new Uint32Array(r);for(let s=0;s<r;s++){let{h:i,l:a}=nn(t[s],e);[o[s],n[s]]=[i,a]}return[o,n]}var Xt=(t,e,r)=>t>>>r,Yt=(t,e,r)=>t<<32-r|e>>>r,Y=(t,e,r)=>t>>>r|e<<32-r,z=(t,e,r)=>t<<32-r|e>>>r,Ye=(t,e,r)=>t<<64-r|e>>>r-32,ze=(t,e,r)=>t>>>r-32|e<<64-r;function C(t,e,r,o){let n=(e>>>0)+(o>>>0);return{h:t+r+(n/2**32|0)|0,l:n|0}}var Ir=(t,e,r)=>(t>>>0)+(e>>>0)+(r>>>0),Hr=(t,e,r,o)=>e+r+o+(t/2**32|0)|0,Ur=(t,e,r,o)=>(t>>>0)+(e>>>0)+(r>>>0)+(o>>>0),vr=(t,e,r,o,n)=>e+r+o+n+(t/2**32|0)|0,Dr=(t,e,r,o,n)=>(t>>>0)+(e>>>0)+(r>>>0)+(o>>>0)+(n>>>0),_r=(t,e,r,o,n,s)=>e+r+o+n+s+(t/2**32|0)|0;var sn=Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),_=new Uint32Array(64),zt=class extends X{constructor(e){super(64,e,8,!1)}get(){let{A:e,B:r,C:o,D:n,E:s,F:i,G:a,H:c}=this;return[e,r,o,n,s,i,a,c]}set(e,r,o,n,s,i,a,c){this.A=e|0,this.B=r|0,this.C=o|0,this.D=n|0,this.E=s|0,this.F=i|0,this.G=a|0,this.H=c|0}process(e,r){for(let p=0;p<16;p++,r+=4)_[p]=e.getUint32(r,!1);for(let p=16;p<64;p++){let f=_[p-15],h=_[p-2],g=A(f,7)^A(f,18)^f>>>3,x=A(h,17)^A(h,19)^h>>>10;_[p]=x+_[p-7]+g+_[p-16]|0}let{A:o,B:n,C:s,D:i,E:a,F:c,G:u,H:l}=this;for(let p=0;p<64;p++){let f=A(a,6)^A(a,11)^A(a,25),h=l+f+gt(a,c,u)+sn[p]+_[p]|0,x=(A(o,2)^A(o,13)^A(o,22))+xt(o,n,s)|0;l=u,u=c,c=a,a=i+h|0,i=s,s=n,n=o,o=h+x|0}o=o+this.A|0,n=n+this.B|0,s=s+this.C|0,i=i+this.D|0,a=a+this.E|0,c=c+this.F|0,u=u+this.G|0,l=l+this.H|0,this.set(o,n,s,i,a,c,u,l)}roundClean(){w(_)}destroy(){this.set(0,0,0,0,0,0,0,0),w(this.buffer)}},Kt=class extends zt{A=H[0]|0;B=H[1]|0;C=H[2]|0;D=H[3]|0;E=H[4]|0;F=H[5]|0;G=H[6]|0;H=H[7]|0;constructor(){super(32)}};var Gr=Rr(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map(t=>BigInt(t))),an=Gr[0],cn=Gr[1],G=new Uint32Array(80),k=new Uint32Array(80),Jt=class extends X{constructor(e){super(128,e,16,!1)}get(){let{Ah:e,Al:r,Bh:o,Bl:n,Ch:s,Cl:i,Dh:a,Dl:c,Eh:u,El:l,Fh:p,Fl:f,Gh:h,Gl:g,Hh:x,Hl:E}=this;return[e,r,o,n,s,i,a,c,u,l,p,f,h,g,x,E]}set(e,r,o,n,s,i,a,c,u,l,p,f,h,g,x,E){this.Ah=e|0,this.Al=r|0,this.Bh=o|0,this.Bl=n|0,this.Ch=s|0,this.Cl=i|0,this.Dh=a|0,this.Dl=c|0,this.Eh=u|0,this.El=l|0,this.Fh=p|0,this.Fl=f|0,this.Gh=h|0,this.Gl=g|0,this.Hh=x|0,this.Hl=E|0}process(e,r){for(let d=0;d<16;d++,r+=4)G[d]=e.getUint32(r),k[d]=e.getUint32(r+=4);for(let d=16;d<80;d++){let S=G[d-15]|0,U=k[d-15]|0,At=Y(S,U,1)^Y(S,U,8)^Xt(S,U,7),St=z(S,U,1)^z(S,U,8)^Yt(S,U,7),B=G[d-2]|0,R=k[d-2]|0,Qe=Y(B,R,19)^Ye(B,R,61)^Xt(B,R,6),Ct=z(B,R,19)^ze(B,R,61)^Yt(B,R,6),Ze=Ur(St,Ct,k[d-7],k[d-16]),Bt=vr(Ze,At,Qe,G[d-7],G[d-16]);G[d]=Bt|0,k[d]=Ze|0}let{Ah:o,Al:n,Bh:s,Bl:i,Ch:a,Cl:c,Dh:u,Dl:l,Eh:p,El:f,Fh:h,Fl:g,Gh:x,Gl:E,Hh:M,Hl:L}=this;for(let d=0;d<80;d++){let S=Y(p,f,14)^Y(p,f,18)^Ye(p,f,41),U=z(p,f,14)^z(p,f,18)^ze(p,f,41),At=p&h^~p&x,St=f&g^~f&E,B=Dr(L,U,St,cn[d],k[d]),R=_r(B,M,S,At,an[d],G[d]),Qe=B|0,Ct=Y(o,n,28)^Ye(o,n,34)^Ye(o,n,39),Ze=z(o,n,28)^ze(o,n,34)^ze(o,n,39),Bt=o&s^o&a^s&a,Vr=n&i^n&c^i&c;M=x|0,L=E|0,x=h|0,E=g|0,h=p|0,g=f|0,{h:p,l:f}=C(u|0,l|0,R|0,Qe|0),u=a|0,l=c|0,a=s|0,c=i|0,s=o|0,i=n|0;let er=Ir(Qe,Ze,Vr);o=Hr(er,R,Ct,Bt),n=er|0}({h:o,l:n}=C(this.Ah|0,this.Al|0,o|0,n|0)),{h:s,l:i}=C(this.Bh|0,this.Bl|0,s|0,i|0),{h:a,l:c}=C(this.Ch|0,this.Cl|0,a|0,c|0),{h:u,l}=C(this.Dh|0,this.Dl|0,u|0,l|0),{h:p,l:f}=C(this.Eh|0,this.El|0,p|0,f|0),{h,l:g}=C(this.Fh|0,this.Fl|0,h|0,g|0),{h:x,l:E}=C(this.Gh|0,this.Gl|0,x|0,E|0),{h:M,l:L}=C(this.Hh|0,this.Hl|0,M|0,L|0),this.set(o,n,s,i,a,c,u,l,p,f,h,g,x,E,M,L)}roundClean(){w(G,k)}destroy(){w(this.buffer),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}},Qt=class extends Jt{Ah=y[0]|0;Al=y[1]|0;Bh=y[2]|0;Bl=y[3]|0;Ch=y[4]|0;Cl=y[5]|0;Dh=y[6]|0;Dl=y[7]|0;Eh=y[8]|0;El=y[9]|0;Fh=y[10]|0;Fl=y[11]|0;Gh=y[12]|0;Gl=y[13]|0;Hh=y[14]|0;Hl=y[15]|0;constructor(){super(64)}};var kr=We(()=>new Kt,Ft(1));var Mr=We(()=>new Qt,Ft(3));var Ke=class{name="noble";hmac(e,r,o){return jt(e==="sha1"?Cr:e==="sha256"?kr:Mr,r,o)}randomBytes(e){return Sr(e)}constantTimeEqual(e,r){return vt(e,r)}},ne=Object.freeze(new Ke);function mt(t){return{secret:t.secret,strategy:t.strategy??"totp",crypto:t.crypto??ne,base32:t.base32??ee,algorithm:t.algorithm??"sha1",digits:t.digits??6,period:t.period??30,epoch:t.epoch??Math.floor(Date.now()/1e3),t0:t.t0??0,counter:t.counter,guardrails:t.guardrails??m(),hooks:t.hooks}}function Zt(t){return{...mt(t),token:t.token,epochTolerance:t.epochTolerance??0,counterTolerance:t.counterTolerance??0,afterTimeStep:t.afterTimeStep}}function Je(t,e,r){if(t==="totp")return r.totp();if(t==="hotp"){if(e===void 0)throw new T("Counter is required for HOTP strategy. Example: { strategy: 'hotp', counter: 0 }");return r.hotp(e)}throw new T(`Unknown OTP strategy: ${t}. Valid strategies are 'totp' or 'hotp'.`)}function Lr(t){let{crypto:e=ne,base32:r=ee,length:o=20}=t||{};return I({crypto:e,base32:r,length:o})}function bt(t){let{strategy:e="totp",issuer:r,label:o,secret:n,algorithm:s="sha1",digits:i=6,period:a=30,counter:c}=t;return Je(e,c,{totp:()=>Le({issuer:r,label:o,secret:n,algorithm:s,digits:i,period:a}),hotp:u=>Ve({issuer:r,label:o,secret:n,algorithm:s,digits:i,counter:u})})}async function Tt(t){let e=mt(t),{secret:r,crypto:o,base32:n,algorithm:s,digits:i,hooks:a}=e,c={secret:r,crypto:o,base32:n,algorithm:s,digits:i,hooks:a};return Je(e.strategy,e.counter,{totp:()=>Fe({...c,period:e.period,epoch:e.epoch,t0:e.t0,guardrails:e.guardrails}),hotp:u=>W({...c,counter:u,guardrails:e.guardrails})})}function Ot(t){let e=mt(t),{secret:r,crypto:o,base32:n,algorithm:s,digits:i}=e,a={secret:r,crypto:o,base32:n,algorithm:s,digits:i};return Je(e.strategy,e.counter,{totp:()=>Lt({...a,period:e.period,epoch:e.epoch,t0:e.t0,guardrails:e.guardrails}),hotp:c=>$e({...a,counter:c,guardrails:e.guardrails})})}async function Et(t){let e=Zt(t),{secret:r,token:o,crypto:n,base32:s,algorithm:i,digits:a,hooks:c}=e,u={secret:r,token:o,crypto:n,base32:s,algorithm:i,digits:a,hooks:c};return Je(e.strategy,e.counter,{totp:()=>ct({...u,period:e.period,epoch:e.epoch,t0:e.t0,epochTolerance:e.epochTolerance,afterTimeStep:e.afterTimeStep,guardrails:e.guardrails}),hotp:l=>at({...u,counter:l,counterTolerance:e.counterTolerance,guardrails:e.guardrails})})}function Pt(t){let e=Zt(t),{secret:r,token:o,crypto:n,base32:s,algorithm:i,digits:a,hooks:c}=e,u={secret:r,token:o,crypto:n,base32:s,algorithm:i,digits:a,hooks:c};return Je(e.strategy,e.counter,{totp:()=>br({...u,period:e.period,epoch:e.epoch,t0:e.t0,epochTolerance:e.epochTolerance,afterTimeStep:e.afterTimeStep,guardrails:e.guardrails}),hotp:l=>gr({...u,counter:l,counterTolerance:e.counterTolerance,guardrails:e.guardrails})})}var wt=class{strategy;crypto;base32;guardrails;constructor(e={}){let{strategy:r="totp",crypto:o=ne,base32:n=ee,guardrails:s}=e;this.strategy=r,this.crypto=o,this.base32=n,this.guardrails=m(s)}getStrategy(){return this.strategy}generateSecret(e=20){return I({crypto:this.crypto,base32:this.base32,length:e})}async generate(e){return Tt({...e,strategy:this.strategy,crypto:this.crypto,base32:this.base32,guardrails:e.guardrails??this.guardrails})}generateSync(e){return Ot({...e,strategy:this.strategy,crypto:this.crypto,base32:this.base32,guardrails:e.guardrails??this.guardrails})}async verify(e){return Et({...e,strategy:this.strategy,crypto:this.crypto,base32:this.base32,guardrails:e.guardrails??this.guardrails})}verifySync(e){return Pt({...e,strategy:this.strategy,crypto:this.crypto,base32:this.base32,guardrails:e.guardrails??this.guardrails})}generateURI(e){return bt({...e,strategy:this.strategy})}};return Wr(un);})();
+/*! Bundled license information:
+@scure/base/index.js:
+  (*! scure-base - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+@noble/hashes/utils.js:
+  (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+*/
+//# sourceMappingURL=index.global.js.map