UNPKG

better-auth-backup-codes

Version:

Backup codes plugin for Better Auth - Recovery codes for two-factor authentication

kriasoft.com/better-auth/

kriasoft/better-auth

82 lines (68 loc) ā€¢ 2.65 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# better-auth-backup-codes Backup codes plugin for Better Auth - Recovery codes for two-factor authentication ## Status āš ļø **Work in Progress** - This package is under active development and not yet ready for production use. ## Features (Planned) - šŸ”‘ **Recovery Codes** - Generate secure backup codes for account recovery - šŸ” **Cryptographically Secure** - Use CSPRNG for code generation - šŸ“Š **Usage Tracking** - Track which codes have been used - šŸ”„ **Regeneration** - Allow users to regenerate codes when needed - šŸ“„ **Download Options** - Let users download codes as PDF or text - šŸ–Øļø **Print-friendly** - Formatted for easy printing and storage - āš ļø **Low Code Warnings** - Alert users when running low on codes - šŸ”’ **Secure Storage** - Hashed storage with proper salting - šŸ“± **2FA Integration** - Seamless integration with two-factor auth ## Installation ```bash npm install better-auth-backup-codes ``` ## Usage (Coming Soon) ```typescript import { betterAuth } from "better-auth"; import { backupCodes } from "better-auth-backup-codes"; const auth = betterAuth({ plugins: [ backupCodes({ // Code generation settings codes: { count: 10, // Number of codes to generate length: 8, // Length of each code format: "XXXX-XXXX", // Code format (X = alphanumeric) charset: "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", }, // Security settings security: { hashCodes: true, // Store hashed instead of plain text oneTimeUse: true, // Each code can only be used once requireCurrentPassword: true, // Require password to view codes notifyOnUse: true, // Notify user when backup code is used }, // Warnings and limits warnings: { lowCodeThreshold: 3, // Warn when only 3 codes remain forceRegenerate: 0, // Force regeneration when 0 codes remain }, // Events onCodeUsed: async (user, code) => { // Send notification email console.log(`Backup code used for user ${user.id}`); }, onCodesRegenerated: async (user) => { // Log regeneration event }, onLowCodes: async (user, remaining) => { // Alert user about low codes }, }), ], }); ``` ## Security Best Practices - Store backup codes securely (hashed with salt) - Require current authentication to view/regenerate codes - Notify users immediately when a backup code is used - Encourage users to store codes in a safe place - Consider requiring backup codes for high-privilege accounts - Implement rate limiting on backup code attempts ## License MIT