https://github.com/navbytes/totp-turbo

High-performance TypeScript library for generating TOTP tokens using Rust backend
https://github.com/navbytes/totp-turbo

2fa authentication otp rust security totp typescript wasm

Last synced: about 2 months ago
JSON representation

High-performance TypeScript library for generating TOTP tokens using Rust backend

• Host: GitHub
• URL: https://github.com/navbytes/totp-turbo
• Owner: navbytes
• License: mit
• Created: 2025-09-11T15:06:36.000Z (10 months ago)
• Default Branch: main
• Last Pushed: 2025-09-11T15:50:11.000Z (10 months ago)
• Last Synced: 2025-10-07T21:54:14.657Z (9 months ago)
• Topics: 2fa, authentication, otp, rust, security, totp, typescript, wasm
• Language: Rust
• Homepage: https://navbytes.github.io/totp-turbo
• Size: 202 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# totp-turbo

A high-performance TypeScript library for generating Time-based One-Time Passwords (TOTP) using a Rust backend for cryptographic operations.

## Features

- 🚀 **High Performance**: Rust-powered cryptographic operations via WebAssembly

- 🔒 **Secure**: RFC 6238 compliant TOTP implementation

- 📱 **Cross-platform**: Works in browsers and Node.js

- 🎯 **Type-safe**: Full TypeScript support with comprehensive type definitions

- ⚡ **Fast**: Sub-millisecond token generation

- 🔧 **Flexible**: Multiple algorithms (SHA1, SHA256, SHA512) and configurations

## Installation

```bash

npm install totp-turbo

```

## Quick Start

### Object-based API (Recommended for repeated use)

```typescript

import { TotpGenerator } from 'totp-turbo';

// Create a generator with your secret and configuration

const totp = new TotpGenerator({

  secret: 'JBSWY3DPEHPK3PXP',

  digits: 6,

  period: 30,

  algorithm: 'SHA1'

});

// Generate tokens anytime

const token = totp.generate();

console.log(`Current TOTP: ${token}`);

// Verify tokens

const isValid = totp.verify('123456');

console.log(`Token valid: ${isValid}`);

```

### Direct static methods (For one-off generation)

```typescript

import { Totp } from 'totp-turbo';

// Generate directly from secret

const token = Totp.generate('JBSWY3DPEHPK3PXP');

console.log(`Current TOTP: ${token}`);

// With custom options

const customToken = Totp.generate('JBSWY3DPEHPK3PXP', {

  digits: 8,

  algorithm: 'SHA512',

  period: 60

});

```

## Configuration Options

```typescript

interface TotpConfig {

  secret: string;                    // Base32 encoded secret

  digits?: number;                   // Token length 4-8 digits (default: 6)

  period?: number;                   // Time step in seconds (default: 30)

  algorithm?: 'SHA1' | 'SHA256' | 'SHA512'; // Hash algorithm (default: SHA1)

  skew?: number;                     // Clock skew tolerance (default: 1)

  explicitZeroPad?: boolean;         // Explicitly pad with zeros (default: true)

  timestamp?: number;                // Custom timestamp in milliseconds (default: current time)

}

```

## API Reference

### TotpGenerator Class

```typescript

class TotpGenerator {

  constructor(config: TotpConfig);

  

  // Instance methods

  generate(): string;

  generateAt(timestamp: number): string;

  verify(token: string): boolean;

  verifyWithSkew(token: string, skew: number): boolean;

  generateUri(issuer: string, accountName: string): string;

  

  // Static utilities

  static generateSecret(): string;

  static parseUri(uri: string): TotpConfig;

}

```

### Totp Static Class

```typescript

class Totp {

  // Direct generation methods

  static generate(secret: string, options?: Partial): string;

  static generateAt(secret: string, timestamp: number, options?: Partial): string;

  static verify(secret: string, token: string, options?: Partial): boolean;

  static verifyWithSkew(secret: string, token: string, skew: number, options?: Partial): boolean;

  

  // Utility methods

  static generateSecret(): string;

  static parseUri(uri: string): TotpConfig;

  static createUri(secret: string, issuer: string, accountName: string, options?: Partial): string;

}

```

## Examples

### Google Authenticator Compatibility

```typescript

// Generate a secret

const secret = TotpGenerator.generateSecret();

// Create QR code URI

const uri = totp.generateUri('MyApp', 'user@example.com');

console.log(uri); // otpauth://totp/MyApp:user@example.com?secret=...

```

### Different Algorithms and Periods

```typescript

// SHA-512 with 8 digits

const token = Totp.generate('JBSWY3DPEHPK3PXP', {

  algorithm: 'SHA512',

  digits: 8

});

// 60-second period

const token60s = Totp.generate('JBSWY3DPEHPK3PXP', {

  period: 60

});

// Token for specific timestamp

const historicalToken = Totp.generate('JBSWY3DPEHPK3PXP', {

  timestamp: 1465324707000

});

```

## Performance

- Token generation: < 1ms

- WASM module size: < 50KB gzipped

- Memory usage: < 1MB runtime footprint

## Browser Compatibility

- Chrome 67+

- Firefox 61+

- Safari 11+

- Node.js 12+

## License

MIT License

## Contributing

We welcome contributions! Please see our contributing guidelines for details.