2017-06-27 17:02:20 +08:00
|
|
|
|
# jsotp
|
|
|
|
|
|
|
|
|
|
|
|
`jsotp`是一个用来生成用来生成及验证一次性密码的js模块,一次性密码通常用来在web应用或者其他登录系统中作为二步验证或多步验证使用。
|
|
|
|
|
|
|
2017-06-27 17:13:28 +08:00
|
|
|
|
该模块基于 [RFC4226](https://tools.ietf.org/html/rfc4226) (HOTP:基于计数器的一次性密码算法)和 [RFC6238](https://tools.ietf.org/html/rfc6238)(TOTP:基于时间的一次性密码算法)实现
|
2017-06-27 17:02:20 +08:00
|
|
|
|
|
|
|
|
|
|
### 功能
|
|
|
|
|
|
|
|
|
|
|
|
* 随机生成base32加密的字符串
|
|
|
|
|
|
* 将base32加密后的字符串生成otpauth链接,可用来生成二维码
|
|
|
|
|
|
* 创建可验证的HOTP对象
|
|
|
|
|
|
* 验证HOTP密码
|
|
|
|
|
|
* 创建可验证的TOTP对象
|
|
|
|
|
|
* 验证TOTP密码
|
|
|
|
|
|
|
|
|
|
|
|
### 安装
|
|
|
|
|
|
|
2017-06-28 17:15:37 +08:00
|
|
|
|
```shell
|
|
|
|
|
|
npm install jsotp
|
|
|
|
|
|
```
|
2017-06-27 17:02:20 +08:00
|
|
|
|
|
|
|
|
|
|
### 模块
|
|
|
|
|
|
|
|
|
|
|
|
全部模块支持:
|
|
|
|
|
|
|
2017-06-28 17:15:37 +08:00
|
|
|
|
```javascript
|
|
|
|
|
|
let jsotp = require('jsotp');
|
|
|
|
|
|
```
|
2017-06-27 17:02:20 +08:00
|
|
|
|
|
|
|
|
|
|
仅 `Base32` 模块支持:
|
|
|
|
|
|
|
2017-06-28 17:15:37 +08:00
|
|
|
|
```javascript
|
|
|
|
|
|
let jsotp = require('jsotp/base32');
|
|
|
|
|
|
```
|
2017-06-27 17:02:20 +08:00
|
|
|
|
|
|
|
|
|
|
仅 `HOTP` 模块支持:
|
|
|
|
|
|
|
2017-06-28 17:15:37 +08:00
|
|
|
|
```javascript
|
|
|
|
|
|
let jsotp = require('jsotp/hotp');
|
|
|
|
|
|
```
|
2017-06-27 17:02:20 +08:00
|
|
|
|
|
|
|
|
|
|
仅 `TOTP` 模块支持:
|
|
|
|
|
|
|
2017-06-28 17:15:37 +08:00
|
|
|
|
```javascript
|
|
|
|
|
|
let jsotp = require('jsotp/totp');
|
|
|
|
|
|
```
|
2017-06-27 17:02:20 +08:00
|
|
|
|
|
|
|
|
|
|
### 使用
|
|
|
|
|
|
|
|
|
|
|
|
#### 基于时间的OTP
|
|
|
|
|
|
|
|
|
|
|
|
```javascript
|
2017-06-27 17:13:28 +08:00
|
|
|
|
// import
|
2017-06-27 17:02:20 +08:00
|
|
|
|
let jsotp = require('jsotp');
|
|
|
|
|
|
|
2017-06-27 17:13:28 +08:00
|
|
|
|
// Create TOTP object
|
2017-06-29 15:32:08 +08:00
|
|
|
|
let totp = jsotp.TOTP('BASE32ENCODEDSECRET');
|
2017-06-27 17:13:28 +08:00
|
|
|
|
totp.now(); // => 432143
|
2017-06-27 17:02:20 +08:00
|
|
|
|
|
2017-06-27 17:13:28 +08:00
|
|
|
|
// Verify for current time
|
|
|
|
|
|
totp.verify(432143); // => true
|
2017-06-27 17:02:20 +08:00
|
|
|
|
|
2017-06-27 17:13:28 +08:00
|
|
|
|
// Verify after 30s
|
|
|
|
|
|
totp.verify(432143); // => false
|
2017-06-27 17:02:20 +08:00
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
#### 基于计数器的OTP
|
|
|
|
|
|
|
|
|
|
|
|
```javascript
|
2017-06-27 17:13:28 +08:00
|
|
|
|
// import
|
2017-06-27 17:02:20 +08:00
|
|
|
|
let jsotp = require('jsotp');
|
|
|
|
|
|
|
2017-06-27 17:13:28 +08:00
|
|
|
|
// Create HOTP object
|
2017-06-29 15:32:08 +08:00
|
|
|
|
let hotp = jsotp.HOTP('BASE32ENCODEDSECRET');
|
2017-06-27 17:13:28 +08:00
|
|
|
|
hotp.at(0); // => 432143
|
|
|
|
|
|
hotp.at(1); // => 231434
|
|
|
|
|
|
hotp.at(2132); // => 242432
|
2017-06-27 17:02:20 +08:00
|
|
|
|
|
2017-06-27 17:13:28 +08:00
|
|
|
|
// Verify with a counter
|
|
|
|
|
|
hotp.verify(242432, 2132); // => true
|
|
|
|
|
|
hotp.verify(242432, 2133); // => false
|
2017-06-27 17:02:20 +08:00
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
#### 生成随机base32加密字符串
|
|
|
|
|
|
|
|
|
|
|
|
```javascript
|
2017-06-27 17:13:28 +08:00
|
|
|
|
// import
|
2017-06-27 17:02:20 +08:00
|
|
|
|
let jsotp = require('jsotp');
|
|
|
|
|
|
|
2017-06-27 17:13:28 +08:00
|
|
|
|
// Generate
|
2017-06-27 17:02:20 +08:00
|
|
|
|
let b32_secret = jsotp.Base32.random_gen();
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
### 接口
|
|
|
|
|
|
|
2017-06-30 15:47:20 +08:00
|
|
|
|
#### • [jsotp.Base32.random_gen(length)](https://github.com/LanceGin/jsotp/blob/master/src/base32.js#L32)
|
2017-06-27 17:02:20 +08:00
|
|
|
|
|
2017-06-30 15:47:20 +08:00
|
|
|
|
param: length
|
|
|
|
|
|
type: int
|
|
|
|
|
|
default: 16
|
|
|
|
|
|
return: String
|
|
|
|
|
|
desc: the length of random base32 encoded string.
|
2017-06-27 17:02:20 +08:00
|
|
|
|
|
2017-06-30 15:47:20 +08:00
|
|
|
|
#### • <del>jsotp.Util.url_gen()</del>
|
2017-06-27 17:02:20 +08:00
|
|
|
|
|
2017-06-30 15:47:20 +08:00
|
|
|
|
#### • [jsotp.TOTP.now()](https://github.com/LanceGin/jsotp/blob/master/src/totp.js#L38)
|
|
|
|
|
|
|
|
|
|
|
|
return: String
|
|
|
|
|
|
desc: get the one-time password with current time.
|
|
|
|
|
|
|
|
|
|
|
|
#### • [jsotp.TOTP.verify(totp)](https://github.com/LanceGin/jsotp/blob/master/src/totp.js#L70)
|
|
|
|
|
|
|
|
|
|
|
|
param: totp
|
|
|
|
|
|
type: string
|
|
|
|
|
|
return: Boolean
|
|
|
|
|
|
desc: verify the totp code.
|
2017-06-27 17:02:20 +08:00
|
|
|
|
|
2017-06-30 15:47:20 +08:00
|
|
|
|
#### • [jsotp.HOTP.at(counter)](https://github.com/LanceGin/jsotp/blob/master/src/hotp.js#L24)
|
2017-06-27 17:02:20 +08:00
|
|
|
|
|
2017-06-30 15:47:20 +08:00
|
|
|
|
param: counter
|
|
|
|
|
|
type: int
|
|
|
|
|
|
return: String
|
|
|
|
|
|
desc: generate one-time password with counter.
|
|
|
|
|
|
|
|
|
|
|
|
#### • [jsotp.HOTP.verify(hotp, count)](https://github.com/LanceGin/jsotp/blob/master/src/hotp.js#L50)
|
|
|
|
|
|
|
|
|
|
|
|
param: hotp
|
|
|
|
|
|
type: string
|
|
|
|
|
|
param: count
|
|
|
|
|
|
type: int
|
|
|
|
|
|
return: Boolean
|
|
|
|
|
|
desc: verify the hotp code.
|
2017-06-27 17:02:20 +08:00
|
|
|
|
|
2017-06-28 17:15:37 +08:00
|
|
|
|
### 开发
|
|
|
|
|
|
|
|
|
|
|
|
* 克隆代码并安装依赖
|
|
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
|
git clone git@github.com:LanceGin/jsotp.git
|
|
|
|
|
|
npm install
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
* 在`src/`文件夹中进行源码编写,执行下面命令将es6代码编译成es2015,命令会生成一个`lib/`本地文件夹。
|
|
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
|
npm run build
|
|
|
|
|
|
```
|
|
|
|
|
|
|
2017-06-29 15:32:08 +08:00
|
|
|
|
* 单元测试
|
|
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
|
npm test
|
|
|
|
|
|
```
|
|
|
|
|
|
|
2017-06-27 17:02:20 +08:00
|
|
|
|
### [README](../README.md)
|
