@rexfng/tfa
v2.20.0
Published
TFA helper
Downloads
2
Readme
Tfa
Description
TFA is a wrapper that provides helpers to generate and validate 2 factor code according to google authenticator format. It generates google uri and qr code images. Package such as @rexfng/auth, uses this module for 2fa protection or password reset.
ES6
It was built with Class so it is extensible.
Define Environment Variables
Define the follow environment variable. They are all required. | Variable Name | Description | |---------------|-------------| | APP_NAME | Defining project name, which is one of the argument in generating the token. | | APP_URL | Defining project url, which will be use to redirect ie "http://example.com". | | AUTH_SECRET | secret for encrpytion the token. | | EMAIL_PASS | Sendgrid api key. | | TWILIO_API_KEY | Twilio api key |
Initialize TFA (new Tfa())
Neither issuer nor account name may themselves contain a colon.
const Tfa = require('@rexfng/tfa').init;
let TfaOptions = {
label: String, // username
//values below are optional
issuer: String, // issuer of tfa token (if null, it looks up value from APP_NAME environment variable)
algorithm: String, // example "SHA1", "SHA256" and "SHA512" (default to "SHA256") [Also Supports](https://nodejs.org/api/crypto.html#crypto_crypto_createhmac_algorithm_key). Do not use SHA1 as it is [outdated and already broken into](https://shattered.io/)
digits: Integer, // 6 or 8 (default to 6)
period: Integer, // seconds to invalidate the code (default to 30)
secret: String // secret between user and server (note that user will be able to see this value when the code is produced) example: "NB2W45DFOIZB"
}
let tfa = new Tfa(TfaOptions);
Tfa().generate()
let code = tfa.generate({
qrSize: "150" // value in pixel (default to "150", this option is optional)
})
let token = code.token // 123412
let uri = code.uri // Google Authenticator key URI
let qr = code.qr // url of qrcode image
Tfa().validate()
let validation = tfa.validate({
token: Integer // 123412
})
console.log(validation) // return true or false in Boolean
Tfa Express Routers
| Base Endpoint | Method Example | HTTP Action | |---------------|-------------|-------------| | /api/getcode | app.use('/', Tfa.routes.api.getcode) | POST | | /api/verifycode | app.use('/', Tfa.routes.email.verifycode) | POST | | /sms/getcode | app.use('/', Tfa.routes.sms.getcode) | POST | | /sms/verifycode | app.use('/', Tfa.routes.sms.verifycode) | POST | | /email/getcode | app.use('/', Tfa.routes.email.getcode) | POST | | /verification | app.use('/', Tfa.routes.email.verifycode) | GET |
/api/getcode
{
issuer: String // default to process.env.APP_NAME,
label: String, // unique token identifier in alphabetical characters, no numbers allowed
period: Inteer, // period to expire the verification, default to 30,
digits: Integer //default to 6
}
/api/verifycode
{
issuer: String // default to process.env.APP_NAME,
label: String, // unique token identifier in alphabetical characters, no numbers allowed
period: Inteer, period to expire the verification, default to 30,
digits: Integer //digits of the verification code, choose between 4-10 default to 6
code: String // verification code identified by "label"
}
/sms/getcode
{
"phone_number": String, //"6047229494"
"country_code": String, //"1"
"code_length": Integer //4-10 default to 6
}
/sms/verifycode
{
"phone_number": String, //"6047229494"
"country_code": String, //"1"
"verification_code": String //"2421"
}
/email/getcode
{
from: "John<[email protected]>", // sender address
to: "Paul<[email protected]>", // list of receivers
subject: "Welcome Message", // Subject line
tpl: "Welcome to our service. Please verify with the following code {{code}}", // plain text or html
tpl: "<h1>Welcome to our service. Please verify with the following url: {{&url}}</h1>", the template use for rendering the email body. {{&url}} or {{code}} will be replaced by verification_code or verification_url
label: "somerandomstring", //unique verifycode identifier, strings only
period: Integer, // 900
redirect_success: "https://your-app.com/redirect_success", || null, if empty, {{code}} will be used, if provided, {{&url}} will be used.
redirect_fail: "https://your-app.com/fail" || null if empty, {{code}} will be used, if provided, {{&url}} will be used.
}
/email/verifycode GET
This endpoint generates a link at /verification?t={bearer_token}