UNPKG

@enteocode/nestjs-mfa

Version:

Implementation agnostic RFC-compliant Multi-Factor Authentication (2FA/MFA) module for NestJS with recovery code support

github.com/enteocode/nestjs-mfa

enteocode/nestjs-mfa

76 lines (75 loc) 2.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
import { StreamableFile } from '@nestjs/common'; import { OtpService } from './otp.service'; import { StorageService } from './storage.service'; import { Identifier, Token, TokenOptions } from './types'; import { EventEmitter2 as EventEmitter } from '@nestjs/event-emitter'; import { TokenType } from './token.type'; import { Format } from './qr/qr-code.format'; import { QrCodeService } from './qr/qr-code.service'; import type { MfaModuleOptionsInterface } from './mfa.module.options.interface'; import type { SecretKey } from '@otplib/core'; export declare class MfaService { private readonly options; private readonly otp; private readonly storage; private readonly qr; private readonly emitter; private readonly logger; constructor(options: MfaModuleOptionsInterface, otp: OtpService, storage: StorageService, qr: QrCodeService, emitter: EventEmitter); /** * Checks if Multi-Factor Authentication is enabled * * @public * @param user */ isEnabled(user: Identifier): Promise<boolean>; /** * Enable Multi-Factor Authentication * * @public * @param user */ enable(user: Identifier): Promise<SecretKey>; /** * Disable Multi-Factor Authentication (if it was enabled) * * @public * @param user */ disable(user: Identifier): Promise<boolean>; /** * Check the 6-digit token * * @public * @param user * @param token */ verify(user: Identifier, token: Token): Promise<void>; /** * Generates a 6-digit token for timeout-based authentication (useful for email-based validation) * * @public * @param user * @param type * @param options */ generate(user: Identifier, type: TokenType.TIMEOUT, options?: TokenOptions): Promise<Token>; /** * Generates a KeyURI for Authenticator (if QR code is generated at client-side) * * @public * @param user * @param type * @see https://github.com/google/google-authenticator/wiki/Key-Uri-Format */ generate(user: Identifier, type: TokenType.AUTHENTICATOR): Promise<string>; /** * Generates a QR code (stream to minimize memory usage) * * @public * @param user * @param type * @param format */ generate(user: Identifier, type: TokenType.AUTHENTICATOR, format: Format): Promise<StreamableFile>; }