1.0.7

jest.config.js

@@ -0,0 +1,7 @@
+/** @type {import('ts-jest').JestConfigWithTsJest} **/
+export default {
+ testEnvironment: "node",
+ transform: {
+ "^.+.tsx?$": ["ts-jest",{}],
+ },
+};

package.json

@@ -1,7 +1,7 @@
 {
  "name": "one-time-pass",
  "description": "Zero dependencies Node/Browser module for TOTP and HOTP generator based on RFC 6238 and RFC 4226",
- "version": "1.0.6",
+ "version": "1.0.7",
  "author": "Haikel Fazzani",
  "type": "module",
  "browser": "dist/index.umd.js",
@@ -16,12 +16,11 @@
  },
  "devDependencies": {
  "@jest/globals": "^29.7.0",
+ "@types/jest": "^29.5.12",
  "@types/node": "^20.12.12",
- "crypto": "^1.0.1",
  "dts-bundle-generator": "^9.5.1",
  "jest": "^29.7.0",
- "totp-generator": "^1.0.0",
- "ts-jest": "^29.1.3",
+ "ts-jest": "^29.2.4",
  "typescript": "^5.5.4",
  "vite": "^5.4.0"
  },

src/index.ts

@@ -1,89 +1,25 @@
-import { options } from "./types";
+import base32ToBytes from "./utils/base32ToBytes";
+import dec2hex from "./utils/dec2hex";
+import hexToBytes from "./utils/hexToBytes";
+import leftpad from "./utils/leftpad";
+import truncate from "./utils/truncate";
 
-function base32ToBytes(key: string) {
- key = key.trim().replace(/=/g, '');
- const alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
- const byteLength = Math.floor(key.length * 5 / 8);
- const uint8Array = new Uint8Array(byteLength);
- let value = 0;
- let bits = 0;
- let index = 0;
-
- for (let i = 0; i < key.length; i++) {
- const charIndex = alphabet.indexOf(key[i].toUpperCase());
- if (charIndex === -1) throw new Error('Invalid base32 character: ' + key[i]);
-
- value = (value * 32) + charIndex;
- bits += 5;
-
- while (bits >= 8) {
- uint8Array[index++] = Math.floor(value / Math.pow(2, bits - 8));
- value %= Math.pow(2, bits - 8);
- bits -= 8;
- }
- }
-
- return uint8Array;
-};
-
-function leftpad(str: string, len: number, pad: string) {
- if (len + 1 >= str.length) {
- str = Array(len + 1 - str.length).join(pad) + str
- }
- return str
-}
-
-function dec2hex(dec: number) {
- return (dec < 15.5 ? "0" : "") + Math.round(dec).toString(16)
-}
-
-function hexToBytes(hex: string) {
- if (hex.length % 2 !== 0) {
- throw new Error('Invalid hex string');
- }
- const bytes = new Uint8Array(hex.length / 2);
- for (let i = 0; i < hex.length; i += 2) {
- bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);
- }
- return bytes;
-}
-
-// rfc4226 section 5.4
-function truncate(bytes: Uint8Array, digits: number) {
- if (digits <= 0 || !Number.isInteger(digits)) {
- throw new Error("Digits must be a positive integer.");
- }
-
- const offset = bytes[bytes.length - 1] & 0x0f;
-
- const code =
- ((bytes[offset] & 0x7f) << 24) |
- ((bytes[offset + 1] & 0xff) << 16) |
- ((bytes[offset + 2] & 0xff) << 8) |
- (bytes[offset + 3] & 0xff);
-
- const divisor = Math.pow(10, digits);
- const truncatedCode = code % divisor;
-
- return truncatedCode.toString().padStart(digits, '0');
-}
-
-export async function generateHOTP(secretKey: string, counter: number, hash: string, digits: number) {
+export async function generateHOTP(secretKey: string, counter: number, hash: string, digits: number = 6) {
  const key = await crypto.subtle.importKey('raw', base32ToBytes(secretKey), { name: 'HMAC', hash: { name: hash } }, false, ['sign']);
  const hmac = await crypto.subtle.sign('HMAC', key, hexToBytes(leftpad(dec2hex(counter), 16, '0')));
  return truncate(new Uint8Array(hmac), digits);
 }
 
-export async function generateTOTP(secretKey: string, ops: options) {
+export async function generateTOTP(secretKey: string, options: { timeStep?: number, digits?: number, timestamp?: number, hash?: string } = {}) {
 
- const options = {
- hash: 'sha-1',
+ const defaults = {
+ hash: 'SHA-1',
  timeStep: 30,
  digits: 6,
  timestamp: Date.now(),
- ...ops
- }
+ };
 
- const counter = Math.floor((options.timestamp / 1000.0) / options.timeStep);
- return generateHOTP(secretKey, counter, options.hash, options.digits);
+ const mergedOptions = { ...defaults, ...options };
+ const counter = Math.floor((mergedOptions.timestamp / 1000.0) / mergedOptions.timeStep);
+ return generateHOTP(secretKey, counter, mergedOptions.hash, mergedOptions.digits);
 }

src/utils/base32ToBytes.ts

@@ -0,0 +1,25 @@
+export default function base32ToBytes(key: string) {
+ key = key.trim().replace(/=/g, '');
+ const alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
+ const byteLength = Math.floor(key.length * 5 / 8);
+ const uint8Array = new Uint8Array(byteLength);
+ let value = 0;
+ let bits = 0;
+ let index = 0;
+
+ for (let i = 0; i < key.length; i++) {
+ const charIndex = alphabet.indexOf(key[i].toUpperCase());
+ if (charIndex === -1) throw new Error('Invalid base32 character: ' + key[i]);
+
+ value = (value * 32) + charIndex;
+ bits += 5;
+
+ while (bits >= 8) {
+ uint8Array[index++] = Math.floor(value / Math.pow(2, bits - 8));
+ value %= Math.pow(2, bits - 8);
+ bits -= 8;
+ }
+ }
+
+ return uint8Array;
+};

src/utils/dec2hex.ts

@@ -0,0 +1,3 @@
+export default function dec2hex(dec: number) {
+ return dec.toString(16).padStart(2, '0');
+}

src/utils/hexToBytes.ts

@@ -0,0 +1,7 @@
+export default function hexToBytes(hex: string): Uint8Array {
+ if (hex.length % 2 !== 0) {
+ throw new Error('Invalid hex string');
+ }
+
+ return new Uint8Array(hex.match(/.{2}/g).map(byte => parseInt(byte, 16)));
+}

src/utils/leftpad.ts

@@ -0,0 +1,3 @@
+export default function leftpad(str: string, len: number, pad: string) {
+ return str.padStart(len, pad);
+}

src/utils/truncate.ts

@@ -0,0 +1,19 @@
+// rfc4226 section 5.4
+export default function truncate(bytes: Uint8Array, digits: number) {
+ if (digits <= 0 || !Number.isInteger(digits)) {
+ throw new Error("Digits must be a positive integer.");
+ }
+
+ const offset = bytes[bytes.length - 1] & 0x0f;
+
+ const code =
+ ((bytes[offset] & 0x7f) << 24) |
+ ((bytes[offset + 1] & 0xff) << 16) |
+ ((bytes[offset + 2] & 0xff) << 8) |
+ (bytes[offset + 3] & 0xff);
+
+ const divisor = Math.pow(10, digits);
+ const truncatedCode = code % divisor;
+
+ return truncatedCode.toString().padStart(digits, '0');
+}

tests/index.test.js → tests/index.test.ts

@@ -1,5 +1,5 @@
-const { describe, expect, test } = require('@jest/globals');
-const { generateTOTP, generateHOTP } = require('../dist/index.cjs');
+import { describe, expect, test } from '@jest/globals';
+import { generateTOTP, generateHOTP } from '../src/index';
 
 describe('generate HOPT and TOPT code', () => {
  // tests from https://github.com/hectorm/otpauth/blob/master/test/test.mjs