feat: added validation for TOTP link

This commit is contained in:
Pavel-Savely Savianok 2024-12-30 02:08:50 +03:00
parent 3c5dc5276d
commit 7d989fed8f
2 changed files with 12 additions and 3 deletions

View File

@ -72,8 +72,13 @@ function GetTOTPList(storage){
placeholder: "otpauth://", placeholder: "otpauth://",
label: "Change OTP link", label: "Change OTP link",
onChange: (changes) => { onChange: (changes) => {
try{
storage[elementId] = getTOTPByLink(changes) storage[elementId] = getTOTPByLink(changes)
updateStorage(storage) updateStorage(storage)
}
catch(err){
console.log(err)
}
}, },
labelStyle: { labelStyle: {
backgroundColor: "#14213D", backgroundColor: "#14213D",

View File

@ -3,6 +3,7 @@ import { TOTP } from "../../lib/totp-quickjs";
const otpScheme = "otpauth:/"; const otpScheme = "otpauth:/";
export function getTOTPByLink(link){ export function getTOTPByLink(link){
try{
let args = link.split("/", otpScheme.length) let args = link.split("/", otpScheme.length)
let type = args[2] //Returns 'hotp' or 'totp' let type = args[2] //Returns 'hotp' or 'totp'
let issuer = args[3].split(':')[0]?.split('?')[0] //Returns issuer let issuer = args[3].split(':')[0]?.split('?')[0] //Returns issuer
@ -11,12 +12,15 @@ export function getTOTPByLink(link){
let period = args[3].split('period=')[1]?.split('&')[0] //Returns period let period = args[3].split('period=')[1]?.split('&')[0] //Returns period
let digits = args[3].split('digits=')[1]?.split('&')[0] //Returns digits let digits = args[3].split('digits=')[1]?.split('&')[0] //Returns digits
let algorithm = args[3].split('algorithm=')[1]?.split('&')[0] //Returns algorithm let algorithm = args[3].split('algorithm=')[1]?.split('&')[0] //Returns algorithm
}
catch(err){
throw new Error("Link is not valid")
}
if(type.toLowerCase() != 'totp') if(type.toLowerCase() != 'totp')
return Error("Type is not valid, requires 'TOTP'") throw new Error("Type is not valid, requires 'TOTP'")
if(secret === undefined) if(secret === undefined)
return Error("Secret not defined") throw new Error("Secret not defined")
issuer = issuer.replace("%20", " ") issuer = issuer.replace("%20", " ")
client = client.replace("%20", " ") client = client.replace("%20", " ")