windows_lock_go/common/helper/google_auth.go

package helper

import (
	"fmt"
	"strings"
	"time"

	"github.com/pquerna/otp"
	"github.com/pquerna/otp/totp"
)

// GoogleAuth 用于管理 TOTP 的生成和验证
type GoogleAuth struct {
	Issuer string // 项目名称或公司名 WindowsLock
}

// NewGoogleAuth 创建一个 GoogleAuth 实例
func NewGoogleAuth() *GoogleAuth {
	return &GoogleAuth{
		Issuer: "WindowsLock",
	}
}

// GenerateSecret 生成一个用户绑定谷歌验证器所需的密钥和二维码 URL
func (g *GoogleAuth) GenerateSecret(account string) (secret string, otpAuthUrl string, err error) {
	key, err := totp.Generate(totp.GenerateOpts{
		Issuer:      g.Issuer,
		AccountName: account,
		Period:      30,
		SecretSize:  20,
		Digits:      otp.DigitsSix,
		Algorithm:   otp.AlgorithmSHA1,
	})
	if err != nil {
		return "", "", err
	}

	return key.Secret(), key.URL(), nil
}

// VerifyCode 验证用户输入的 TOTP 验证码是否正确
func (g *GoogleAuth) VerifyCode(secret, code string) bool {
	valid := totp.Validate(code, secret)
	return valid
}

// VerifyCodeWithTolerance 带时间偏移容错的验证码校验（容忍1个时间步长）
func (g *GoogleAuth) VerifyCodeWithTolerance(secret, inputCode string) (bool, error) {
	code := strings.TrimSpace(inputCode)

	return totp.ValidateCustom(code, secret, time.Now(), totp.ValidateOpts{
		Period:    30,
		Skew:      1, // 允许前后 1 个周期（±30 秒）内的验证码
		Digits:    otp.DigitsSix,
		Algorithm: otp.AlgorithmSHA1,
	})
}

// GenerateQRCodeURL 生成 otpauth:// URL，适合用在二维码中
func (g *GoogleAuth) GenerateQRCodeURL(account, secret string) string {
	return fmt.Sprintf("otpauth://totp/%s:%s?secret=%s&issuer=%s", g.Issuer, account, secret, g.Issuer)
}

func (g *GoogleAuth) GenerateCode(secret string) (string, error) {
	return totp.GenerateCode(secret, time.Now())
}