mfa

package

v0.0.5 Latest Latest Go to latest Published: Jan 28, 2026 License: MIT Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/nannyagent/nannyapi

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GenerateBackupCodes() ([]string, error)
func GenerateBatchID() (string, error)
func GenerateQRCode(uri string) (string, error)
func GenerateSecret() (string, error)
func GenerateTOTP(secret string, timestamp time.Time) (string, error)
func GenerateTOTPURI(config TOTPConfig) string
func HashBackupCode(code string) (string, error)
func HashToken(token string) string
func VerifyBackupCode(code, hash string) bool
func VerifyTOTP(secret, code string) (bool, error)
type Handler
- func NewHandler(app core.App) *Handler
type TOTPConfig

Constants ¶

View Source

const (
	// TOTPSecretLength is the length of the TOTP secret in bytes
	TOTPSecretLength = 20

	// TOTPDigits is the number of digits in a TOTP code
	TOTPDigits = 6

	// TOTPPeriod is the time step in seconds
	TOTPPeriod = 30

	// TOTPSkew allows for clock drift (1 period before/after)
	TOTPSkew = 1

	// BackupCodeCount is the number of backup codes generated
	BackupCodeCount = 10

	// BackupCodeLength is the length of each backup code
	BackupCodeLength = 8

	// ChallengeExpiryMinutes is how long a challenge remains valid
	ChallengeExpiryMinutes = 5

	// SensitiveOpExpiryMinutes is how long a sensitive operation verification is valid
	SensitiveOpExpiryMinutes = 10

	// QRCodeSize is the size of the QR code image in pixels
	QRCodeSize = 256
)

View Source

const (
	// IssuerName is the name shown in authenticator apps
	IssuerName = "NannyAPI"
)

Variables ¶

This section is empty.

Functions ¶

func GenerateBackupCodes ¶

func GenerateBackupCodes() ([]string, error)

GenerateBackupCodes generates a set of single-use backup codes

func GenerateBatchID ¶

func GenerateBatchID() (string, error)

GenerateBatchID generates a unique ID for a batch of backup codes

func GenerateQRCode ¶

func GenerateQRCode(uri string) (string, error)

GenerateQRCode generates a QR code PNG image as base64 string

func GenerateSecret ¶

func GenerateSecret() (string, error)

GenerateSecret generates a cryptographically secure random secret for TOTP

func GenerateTOTP ¶

func GenerateTOTP(secret string, timestamp time.Time) (string, error)

GenerateTOTP generates a TOTP code for the given secret and time

func GenerateTOTPURI ¶

func GenerateTOTPURI(config TOTPConfig) string

GenerateTOTPURI creates the otpauth:// URI for authenticator apps

func HashBackupCode ¶

func HashBackupCode(code string) (string, error)

HashBackupCode creates a secure hash of a backup code

func HashToken ¶

func HashToken(token string) string

HashToken creates a hash of a TOTP token for replay prevention

func VerifyBackupCode ¶

func VerifyBackupCode(code, hash string) bool

VerifyBackupCode checks if a provided code matches a stored hash

func VerifyTOTP ¶

func VerifyTOTP(secret, code string) (bool, error)

VerifyTOTP verifies a TOTP code against the secret Returns true if the code is valid for current time ± skew

Types ¶

type Handler ¶

type Handler struct {
	// contains filtered or unexported fields
}

Handler manages MFA operations

func NewHandler ¶

func NewHandler(app core.App) *Handler

NewHandler creates a new MFA handler

func (*Handler) CheckSensitiveVerification ¶

func (h *Handler) CheckSensitiveVerification(e *core.RequestEvent) error

CheckSensitiveVerification checks if a sensitive operation verification is valid

func (*Handler) CreateChallenge ¶

func (h *Handler) CreateChallenge(e *core.RequestEvent) error

CreateChallenge creates an MFA challenge for verification

func (*Handler) Enroll ¶

func (h *Handler) Enroll(e *core.RequestEvent) error

Enroll starts MFA enrollment for the authenticated user

func (*Handler) GenerateBackupCodes ¶

func (h *Handler) GenerateBackupCodes(e *core.RequestEvent) error

GenerateBackupCodes generates new backup codes (requires verified MFA)

func (*Handler) GetAssuranceLevel ¶

func (h *Handler) GetAssuranceLevel(e *core.RequestEvent) error

GetAssuranceLevel returns the current authenticator assurance level

func (*Handler) ListFactors ¶

func (h *Handler) ListFactors(e *core.RequestEvent) error

ListFactors returns all MFA factors for the authenticated user

func (*Handler) RegenerateBackupCodes ¶

func (h *Handler) RegenerateBackupCodes(e *core.RequestEvent) error

RegenerateBackupCodes regenerates backup codes with verification

func (*Handler) RegisterRoutes ¶

func (h *Handler) RegisterRoutes(e *core.ServeEvent)

RegisterRoutes registers MFA API routes

func (*Handler) Unenroll ¶

func (h *Handler) Unenroll(e *core.RequestEvent) error

Unenroll disables MFA for the user

func (*Handler) Verify ¶

func (h *Handler) Verify(e *core.RequestEvent) error

Verify verifies an MFA challenge

func (*Handler) VerifyEnrollment ¶

func (h *Handler) VerifyEnrollment(e *core.RequestEvent) error

VerifyEnrollment completes MFA enrollment by verifying the TOTP code

func (*Handler) VerifySensitiveOperation ¶

func (h *Handler) VerifySensitiveOperation(e *core.RequestEvent) error

VerifySensitiveOperation verifies MFA for a sensitive operation

type TOTPConfig ¶

type TOTPConfig struct {
	Issuer      string
	AccountName string
	Secret      string
}

TOTPConfig holds configuration for TOTP generation

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL