otp

Documentation

Overview

Package otp provides 2FA codes generation.

Index

• func NewOTP(options ...ConfigOption) auth.OTPService
• type ConfigOption
  • func WithCodeLength(length int) ConfigOption
  • func WithDB(db rediser) ConfigOption
  • func WithIssuer(issuer string) ConfigOption
  • func WithSecret(x Secret) ConfigOption
• type Hash
  • func FromOTPHash(otpHash string) (*Hash, error)
• type OTP
  • func (o *OTP) OTPCode(address string, method auth.DeliveryMethod) (code string, hash string, err error)
  • func (o *OTP) TOTPQRString(u *auth.User) (string, error)
  • func (o *OTP) TOTPSecret(u *auth.User) (string, error)
  • func (o *OTP) ValidateOTP(code string, hash string) error
  • func (o *OTP) ValidateTOTP(ctx context.Context, user *auth.User, code string) error
• type Secret

Functions

func NewOTP

func NewOTP(options ...ConfigOption) auth.OTPService

NewOTP returns a new OTP validator.

Types

type ConfigOption

type ConfigOption func(*OTP)

ConfigOption configures the validator

func WithCodeLength

func WithCodeLength(length int) ConfigOption

WithCodeLength configures the service with a length for random code generation.

func WithDB

func WithDB(db rediser) ConfigOption

WithDB configures the service with a redis DB

func WithIssuer

func WithIssuer(issuer string) ConfigOption

WithIssuer configures the service with a TOTP issuing domain.

func WithSecret

func WithSecret(x Secret) ConfigOption

WithSecret sets a new versioned Secret on the client.

type Hash

type Hash struct {
	CodeHash       string              `json:"code_hash"`
	ExpiresAt      int64               `json:"expires_at"`
	Address        string              `json:"address"`
	DeliveryMethod auth.DeliveryMethod `json:"delivery_method"`
}

Hash contains a hash of a OTP code and other variables to identify characteristics of the code.

func FromOTPHash

func FromOTPHash(otpHash string) (*Hash, error)

FromOTPHash parses an OTP hash string to individual parts.

type OTP

type OTP struct {
	// contains filtered or unexported fields
}

OTP is a credential validator for User OTP codes.

func (*OTP) OTPCode

func (o *OTP) OTPCode(address string, method auth.DeliveryMethod) (code string, hash string, err error)

OTPCode creates a random code and hash.

func (*OTP) TOTPQRString

func (o *OTP) TOTPQRString(u *auth.User) (string, error)

TOTPQRString returns a string containing account details for TOTP code generation.

func (*OTP) TOTPSecret

func (o *OTP) TOTPSecret(u *auth.User) (string, error)

TOTPSecret assigns a TOTP secret for a user for use in code generation. TOTP secrets are encrypted by a preconfigured secret key and decrypted only during validation. Encrypted keys are versioned to assist with migrations and backwards compatibility in the event an older secret ever needs to be deprecated.

func (*OTP) ValidateOTP

func (o *OTP) ValidateOTP(code string, hash string) error

ValidateOTP checks if a User's OTP code is valid. User's may submit a randomly generated code sent to them through email or SMS.

func (*OTP) ValidateTOTP

func (o *OTP) ValidateTOTP(ctx context.Context, user *auth.User, code string) error

ValidateTOTP checks if a User's TOTP is valid. We first validate the TOTP against the user's secret key. If the validation passes, we then check if the code has been set in redis, indicating that it has been used in the past 30 seconds. Codes that have been validated are cached to prevent immediate reuse.

type Secret

type Secret struct {
	Version int
	Key     string
}

Secret stores a versioned secret key for cryptography functions.