Junie: add TOTP authentication
This commit is contained in:
86
data/totp.go
Normal file
86
data/totp.go
Normal file
@@ -0,0 +1,86 @@
|
||||
package data
|
||||
|
||||
import (
|
||||
"crypto/hmac"
|
||||
"crypto/rand"
|
||||
"crypto/sha1"
|
||||
"encoding/base32"
|
||||
"encoding/binary"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
// GenerateRandomBase32 generates a random base32 encoded string of the specified length
|
||||
func GenerateRandomBase32(length int) (string, error) {
|
||||
// Generate random bytes
|
||||
randomBytes := make([]byte, length)
|
||||
_, err := rand.Read(randomBytes)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
// Encode to base32
|
||||
encoder := base32.StdEncoding.WithPadding(base32.NoPadding)
|
||||
encoded := encoder.EncodeToString(randomBytes)
|
||||
|
||||
// Convert to uppercase and remove any padding
|
||||
return strings.ToUpper(encoded), nil
|
||||
}
|
||||
|
||||
// ValidateTOTP validates a TOTP code against a secret
|
||||
func ValidateTOTP(secret, code string) bool {
|
||||
// Allow for a time skew of 30 seconds in either direction
|
||||
timeWindow := 1 // 1 before and 1 after current time
|
||||
currentTime := time.Now().Unix() / 30
|
||||
|
||||
// Try the time window
|
||||
for i := -timeWindow; i <= timeWindow; i++ {
|
||||
if calculateTOTP(secret, currentTime+int64(i)) == code {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
// calculateTOTP calculates the TOTP code for a given secret and time
|
||||
func calculateTOTP(secret string, timeCounter int64) string {
|
||||
// Decode the secret from base32
|
||||
encoder := base32.StdEncoding.WithPadding(base32.NoPadding)
|
||||
secretBytes, err := encoder.DecodeString(strings.ToUpper(secret))
|
||||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
|
||||
// Convert time counter to bytes (big endian)
|
||||
timeBytes := make([]byte, 8)
|
||||
binary.BigEndian.PutUint64(timeBytes, uint64(timeCounter))
|
||||
|
||||
// Calculate HMAC-SHA1
|
||||
h := hmac.New(sha1.New, secretBytes)
|
||||
h.Write(timeBytes)
|
||||
hash := h.Sum(nil)
|
||||
|
||||
// Dynamic truncation
|
||||
offset := hash[len(hash)-1] & 0x0F
|
||||
truncatedHash := binary.BigEndian.Uint32(hash[offset:offset+4]) & 0x7FFFFFFF
|
||||
otp := truncatedHash % 1000000
|
||||
|
||||
// Convert to 6-digit string with leading zeros if needed
|
||||
result := ""
|
||||
if otp < 10 {
|
||||
result = "00000" + string(otp+'0')
|
||||
} else if otp < 100 {
|
||||
result = "0000" + string((otp/10)+'0') + string((otp%10)+'0')
|
||||
} else if otp < 1000 {
|
||||
result = "000" + string((otp/100)+'0') + string(((otp/10)%10)+'0') + string((otp%10)+'0')
|
||||
} else if otp < 10000 {
|
||||
result = "00" + string((otp/1000)+'0') + string(((otp/100)%10)+'0') + string(((otp/10)%10)+'0') + string((otp%10)+'0')
|
||||
} else if otp < 100000 {
|
||||
result = "0" + string((otp/10000)+'0') + string(((otp/1000)%10)+'0') + string(((otp/100)%10)+'0') + string(((otp/10)%10)+'0') + string((otp%10)+'0')
|
||||
} else {
|
||||
result = string((otp/100000)+'0') + string(((otp/10000)%10)+'0') + string(((otp/1000)%10)+'0') + string(((otp/100)%10)+'0') + string(((otp/10)%10)+'0') + string((otp%10)+'0')
|
||||
}
|
||||
|
||||
return result
|
||||
}
|
||||
Reference in New Issue
Block a user