2fa-utils 中文文档教程

Question

Two-Factor Authentication

使用RFC 4226，可以生成和验证基于HMAC的一次性密码（HOTP）和基于时间的一次性密码（TOTP） .

Features

• Generate base-32 encoded secrets.
• Generate HMAC-based one-time passwords (HOTP) at a specific length.
• Generate time-based HOTPs at a specific amount of windows.
• Verify generated tokens.

Usage

Generating Secret

对于每个帐户，必须生成一个秘密并在服务器和客户端之间共享。 这个秘密将用于创建和验证 HOTP。

const secret = twoFA.generateSecret();

Generating HOTP

HOTP 需要一个 base32 编码的秘密和一个带有时间步长的计数器。

// Generate base32 secret
const secret = twoFA.generateSecret();
// Create counter with 30 seconds interval 
const counter = Math.floor(Date.now() / 30000);

const hotp = twoFA.generateHOTP(secret, counter, 6)

Generating TOTP

生成 TOTP 允许您在特定时间窗口内获得 HOTP。

const secret = twoFA.generateSecret();

// Get the current time window's token
const currentTotp = twoFA.generateTOTP(secret, 0);

// Get the future time window's token (1 window ahead)
const futureTotp = twoFA.generateTOTP(secret, 1);

// Get the past time window's token (1 window behind)
const pastTotp = twoFA.generateTOTP(secret, -1);

Verifying HOTP

验证通过用户输入提供的令牌。

function verifyHOTP(inputToken) {
  const secret = twoFA.generateSecret();
  const counter = Math.floor(Date.now() / 30000);

  // Actual token generated by the server
  const actualToken = twoFA.generateHOTP(secret, counter)

  if (inputToken === actualToken) return true;
  return false
}

Verifying TOTP

验证通过具有时间容差的用户输入提供的令牌。

const secret = twoFA.generateSecret();

const inputToken = '111111';

/* This will return true if the input token 
  - is currently valid,
  - was previously valid in the last window,
  - will be valid in the next window.
*/
const isTokenValid = twoFA.verifyTOTP(inputToken, secret, 1);

Dependencies

• hi-base32

Author

• Boran Seckin

License

该项目根据 MIT 许可证获得许可 - 有关详细信息，请参阅 LICENSE 文件。