Sravan
/
BizGaze_Remote
關註 0
收藏 0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
暫無描述
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17 Commit
3 分支
目錄樹: 0a739ee2fd
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from '0a739ee2fd'
${ noResults }
BizGaze_Remote/server/auth.js

auth.js 2.8KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 
  1. // Auth utilities — password hashing (scrypt), tokens, and TOTP MFA.

  2. // Uses only Node's built-in crypto, no external auth deps.

  3. const crypto = require('crypto');

  4. 

  5. // ---- Passwords (scrypt) ----

  6. function hashPassword(password, salt = crypto.randomBytes(16).toString('hex')) {

  7.   const hash = crypto.scryptSync(password, salt, 64).toString('hex');

  8.   return { hash, salt };

  9. }

  10. function verifyPassword(password, salt, expectedHash) {

  11.   const hash = crypto.scryptSync(password, salt, 64).toString('hex');

  12.   return crypto.timingSafeEqual(Buffer.from(hash), Buffer.from(expectedHash));

  13. }

  14. 

  15. // ---- Random tokens ----

  16. const token = (bytes = 24) => crypto.randomBytes(bytes).toString('hex');

  17. const id = () => crypto.randomBytes(8).toString('hex');

  18. const numericCode = (digits = 6) =>

  19.   String(crypto.randomInt(0, 10 ** digits)).padStart(digits, '0');

  20. 

  21. // ---- TOTP (RFC 6238), SHA-1, 30s, 6 digits ----

  22. const B32 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';

  23. function base32Encode(buf) {

  24.   let bits = 0, value = 0, out = '';

  25.   for (const byte of buf) {

  26.     value = (value << 8) | byte; bits += 8;

  27.     while (bits >= 5) { out += B32[(value >>> (bits - 5)) & 31]; bits -= 5; }

  28.   }

  29.   if (bits > 0) out += B32[(value << (5 - bits)) & 31];

  30.   return out;

  31. }

  32. function base32Decode(str) {

  33.   const clean = str.replace(/=+$/, '').toUpperCase();

  34.   let bits = 0, value = 0; const out = [];

  35.   for (const ch of clean) {

  36.     const idx = B32.indexOf(ch);

  37.     if (idx === -1) continue;

  38.     value = (value << 5) | idx; bits += 5;

  39.     if (bits >= 8) { out.push((value >>> (bits - 8)) & 0xff); bits -= 8; }

  40.   }

  41.   return Buffer.from(out);

  42. }

  43. function newMfaSecret() {

  44.   return base32Encode(crypto.randomBytes(20));

  45. }

  46. function totp(secret, timeStep = Math.floor(Date.now() / 30000)) {

  47.   const key = base32Decode(secret);

  48.   const buf = Buffer.alloc(8);

  49.   buf.writeBigUInt64BE(BigInt(timeStep));

  50.   const hmac = crypto.createHmac('sha1', key).update(buf).digest();

  51.   const offset = hmac[hmac.length - 1] & 0xf;

  52.   const code =

  53.     ((hmac[offset] & 0x7f) << 24) |

  54.     ((hmac[offset + 1] & 0xff) << 16) |

  55.     ((hmac[offset + 2] & 0xff) << 8) |

  56.     (hmac[offset + 3] & 0xff);

  57.   return String(code % 1_000_000).padStart(6, '0');

  58. }

  59. function verifyTotp(secret, code, window = 1) {

  60.   if (!/^\d{6}$/.test(String(code || ''))) return false;

  61.   const step = Math.floor(Date.now() / 30000);

  62.   for (let i = -window; i <= window; i++) {

  63.     if (totp(secret, step + i) === String(code)) return true;

  64.   }

  65.   return false;

  66. }

  67. function otpauthUrl(secret, email, issuer = 'RemoteAccess') {

  68.   return `otpauth://totp/${encodeURIComponent(issuer)}:${encodeURIComponent(email)}` +

  69.          `?secret=${secret}&issuer=${encodeURIComponent(issuer)}&algorithm=SHA1&digits=6&period=30`;

  70. }

  71. 

  72. module.exports = {

  73.   hashPassword, verifyPassword, token, id, numericCode,

  74.   newMfaSecret, totp, verifyTotp, otpauthUrl,

  75. };