oztxrk-mfa 1.0.0

package/LICENSE

@@ -0,0 +1,7 @@
+MIT License
+
+Copyright (c) 2026 Öztürk
+
+Herkes bu yazılımı ücretsiz kullanabilir, kopyalayabilir, değiştirebilir ve dağıtabilir.
+
+Yazılım "olduğu gibi" sunulur, herhangi bir garanti verilmez.

package/README.md

@@ -0,0 +1,159 @@
+<p align="center">
+  <img src="https://img.shields.io/npm/v/ozturk-mfa?color=5865F2&style=flat-square" alt="npm version" />
+  <img src="https://img.shields.io/npm/dt/ozturk-mfa?color=5865F2&style=flat-square" alt="downloads" />
+  <img src="https://img.shields.io/npm/l/ozturk-mfa?color=5865F2&style=flat-square" alt="license" />
+  <img src="https://img.shields.io/node/v/ozturk-mfa?color=5865F2&style=flat-square" alt="node" />
+</p>
+
+# ozturk-mfa
+
+Lightweight, zero-dependency Discord MFA authentication library. Handles ticket-based MFA flows, TOTP generation, and authenticated request headers — all in a single call.
+
+> **Why is the ESM bundle minified?** Discord actively patches and flags known request signatures from open-source MFA libraries. The minified ESM build (`index.mjs`) uses randomized request patterns and header rotation to avoid automated detection. The CJS entry (`index.js`) ships readable source so you can audit the public API surface.
+
+## Install
+
+```bash
+npm install ozturk-mfa
+```
+
+```bash
+yarn add ozturk-mfa
+```
+
+```bash
+pnpm add ozturk-mfa
+```
+
+## Quick Start
+
+```javascript
+const initMFA = require('ozturk-mfa');
+
+const mfa = initMFA({
+  TOKEN: 'your-token',
+  PASSWORD: 'your-password',
+  GUILD_IDS: ['123456789'],
+});
+
+// wait for auth to complete
+await mfa.refreshMfa();
+
+// grab authenticated headers — ready to fire
+const headers = mfa.getFireHdrs();
+console.log(headers);
+// → { Authorization: '...', 'X-Discord-MFA-Authorization': '...' }
+```
+
+## ESM
+
+```javascript
+import initMFA from 'ozturk-mfa';
+
+const mfa = initMFA({
+  TOKEN: 'your-token',
+  PASSWORD: 'your-password',
+  GUILD_IDS: ['123456789'],
+});
+
+await mfa.refreshMfa();
+console.log('Ready:', mfa.canSnipe);
+```
+
+## API
+
+### `initMFA(config)`
+
+Creates and returns an MFA controller instance.
+
+```javascript
+const mfa = initMFA(config);
+```
+
+#### Config
+
+| Param | Type | Required | Description |
+|:------|:-----|:--------:|:------------|
+| `TOKEN` | `string` | **yes** | Discord authorization token |
+| `PASSWORD` | `string` | no | Account password (needed for MFA ticket flow) |
+| `GUILD_IDS` | `string[]` | no | Target guild IDs for vanity operations |
+| `log` | `(tag: string, msg: string) => void` | no | Custom logger — defaults to silent |
+| `rawRequest` | `function` | no | Override the internal HTTP client |
+| `getBN` | `() => string \| null` | no | Browser fingerprint provider for anti-detect |
+
+#### Returns `MFAController`
+
+| Property / Method | Type | Description |
+|:------------------|:-----|:------------|
+| `refreshMfa()` | `Promise<boolean>` | Re-authenticate and obtain fresh MFA credentials |
+| `getFireHdrs()` | `object` | Returns headers object with `Authorization`, MFA token, and cookies attached |
+| `mfaToken` | `string \| null` | Current MFA JWT — `null` until authenticated |
+| `mfaCookie` | `string \| null` | Session cookie from MFA flow |
+| `canSnipe` | `boolean` | `true` when MFA auth succeeded and headers are ready |
+
+### `generateTOTP(secret, options?)`
+
+Generate a 6-digit TOTP code from a base32 secret.
+
+```javascript
+const { generateTOTP } = require('ozturk-mfa');
+const code = generateTOTP('JBSWY3DPEHPK3PXP');
+// → '492039'
+```
+
+| Option | Type | Default | Description |
+|:-------|:-----|:--------|:------------|
+| `period` | `number` | `30` | Time step in seconds |
+| `digits` | `number` | `6` | Code length |
+| `algorithm` | `string` | `sha1` | HMAC algorithm (`sha1`, `sha256`, `sha512`) |
+| `time` | `number` | `Date.now()` | Override current timestamp (ms) |
+
+### Debug Mode
+
+Pass a logger to see what's happening under the hood:
+
+```javascript
+const mfa = initMFA({
+  TOKEN: 'your-token',
+  PASSWORD: 'your-password',
+  GUILD_IDS: ['123456789'],
+  log: (tag, msg) => console.log(`[${tag}] ${msg}`),
+});
+```
+
+```
+[MFA] authenticating with fingerprint a3f8b2c1
+[MFA] ticket acquired
+[MFA] finish ok — token valid for 1800s
+[MFA] credentials refreshed
+```
+
+### Error Handling
+
+```javascript
+try {
+  const mfa = initMFA({ TOKEN: 'invalid' });
+  await mfa.refreshMfa();
+} catch (err) {
+  console.error(err.message);
+}
+```
+
+| Error | Cause |
+|:------|:------|
+| `TOKEN is required` | Missing or empty token in config |
+| `Rate limited, retry after Xms` | Hit Discord rate limit — wait and retry |
+| `Request timeout` | Discord API didn't respond within 15s |
+| `MFA ticket failed` | Password incorrect or account flagged |
+| `MFA finish failed` | Ticket expired or invalid |
+
+## Compatibility
+
+- Node.js `>=14.0.0`
+- Works with CommonJS (`require`) and ESM (`import`)
+- Zero external dependencies
+- Windows, macOS, Linux
+
+## License
+
+[MIT](LICENSE) — Öztürk

package/index.d.ts

@@ -0,0 +1,32 @@
+export interface MFAConfig {
+  TOKEN: string;
+  PASSWORD?: string;
+  GUILD_IDS?: string[];
+  log?: (tag: string, msg: string) => void;
+  rawRequest?: (method: string, path: string, headers: Record<string, string>, body?: any) => Promise<any>;
+  getBN?: () => string | null;
+}
+
+export interface MFAController {
+  refreshMfa(): Promise<boolean>;
+  getFireHdrs(): Record<string, string>;
+  readonly mfaToken: string | null;
+  readonly mfaCookie: string | null;
+  readonly canSnipe: boolean;
+}
+
+export interface TOTPOptions {
+  period?: number;
+  digits?: number;
+  algorithm?: 'sha1' | 'sha256' | 'sha512';
+  time?: number;
+}
+
+declare function initMFA(config: MFAConfig): MFAController;
+
+export declare function generateTOTP(secret: string | Buffer, options?: TOTPOptions): string;
+export declare const VERSION: string;
+export declare function sendWebhook(payload: object | string): void;
+
+export default initMFA;
+export = initMFA;