totp

A basic rfc6238 compliant TOTP creator and checker library in V for easy MFA/2FA.

Documentation

Public structs

pub struct Authenticator {
pub:
    secret 		string			// Base32 encoded secret
    time_step 	int		= 30	// Time step in seconds - default 30
    digits		int		= 6		// Digits is how long the returned code is. 6-8
}

Public functions

pub fn new () !Authenticator

Returns a new Authenticator struct with sane defaults.

pub fn (auth Authenticator) check (token string, window int) !bool

Given an authenticator struct, returns true if the provided token is within the provided window.

Security notes:

Codes are generated by the interval of Authenticator.time_step seconds. Most applications shoud use a window of 0 to enforce the current correct code. HOWEVER, If you find you are having user clock-drift to the extent that it exceeds acceptable UX, then increase the window.

For example, a window of 3 would make all of these codes valid.

A window of 2 would make all of the codes marked with 0 1 or 2 valid, etc.

3: 157345

2: 924743

1: 548362

0: 105612 <-- Current Valid Code

1: 000353

2: 228123

3: 495432

Start with maximum restriction (0) and only reduce security if absolutely required.

pub fn (auth Authenticator) generate_totp (now i64) !string

Given an authenticator struct, and the current time (time.now().unix()), return a string representing a valid TOTP code or error.

pub fn (auth Authenticator) generate_uri (issuer string, account string) string

Given an authenticator struct, and the issuing organization as a string, and the issued-to account as a string, return an TOTP URI that can later be turned into a QR code or distributed in some other means. Be aware, this contains the secret key and needs to be kept secure.

pub fn generate_secret(size int) !string

Generate and return a base32 encoded secret of random information or error. Uses crypto.rand from the V standard library.