67 lines
1.9 KiB
Go
67 lines
1.9 KiB
Go
package helper
|
||
|
||
import (
|
||
"fmt"
|
||
"strings"
|
||
"time"
|
||
|
||
"github.com/pquerna/otp"
|
||
"github.com/pquerna/otp/totp"
|
||
)
|
||
|
||
// GoogleAuth 用于管理 TOTP 的生成和验证
|
||
type GoogleAuth struct {
|
||
Issuer string // 项目名称或公司名 WindowsLock
|
||
}
|
||
|
||
// NewGoogleAuth 创建一个 GoogleAuth 实例
|
||
func NewGoogleAuth() *GoogleAuth {
|
||
return &GoogleAuth{
|
||
Issuer: "WindowsLock",
|
||
}
|
||
}
|
||
|
||
// GenerateSecret 生成一个用户绑定谷歌验证器所需的密钥和二维码 URL
|
||
func (g *GoogleAuth) GenerateSecret(account string) (secret string, otpAuthUrl string, err error) {
|
||
key, err := totp.Generate(totp.GenerateOpts{
|
||
Issuer: g.Issuer,
|
||
AccountName: account,
|
||
Period: 30,
|
||
SecretSize: 20,
|
||
Digits: otp.DigitsSix,
|
||
Algorithm: otp.AlgorithmSHA1,
|
||
})
|
||
if err != nil {
|
||
return "", "", err
|
||
}
|
||
|
||
return key.Secret(), key.URL(), nil
|
||
}
|
||
|
||
// VerifyCode 验证用户输入的 TOTP 验证码是否正确
|
||
func (g *GoogleAuth) VerifyCode(secret, code string) bool {
|
||
valid := totp.Validate(code, secret)
|
||
return valid
|
||
}
|
||
|
||
// VerifyCodeWithTolerance 带时间偏移容错的验证码校验(容忍1个时间步长)
|
||
func (g *GoogleAuth) VerifyCodeWithTolerance(secret, inputCode string) (bool, error) {
|
||
code := strings.TrimSpace(inputCode)
|
||
|
||
return totp.ValidateCustom(code, secret, time.Now(), totp.ValidateOpts{
|
||
Period: 30,
|
||
Skew: 1, // 允许前后 1 个周期(±30 秒)内的验证码
|
||
Digits: otp.DigitsSix,
|
||
Algorithm: otp.AlgorithmSHA1,
|
||
})
|
||
}
|
||
|
||
// GenerateQRCodeURL 生成 otpauth:// URL,适合用在二维码中
|
||
func (g *GoogleAuth) GenerateQRCodeURL(account, secret string) string {
|
||
return fmt.Sprintf("otpauth://totp/%s:%s?secret=%s&issuer=%s", g.Issuer, account, secret, g.Issuer)
|
||
}
|
||
|
||
func (g *GoogleAuth) GenerateCode(secret string) (string, error) {
|
||
return totp.GenerateCode(secret, time.Now())
|
||
}
|