Interface TotpApiOptions<U>

Options for API middleware flow

Type Parameters

  • U

Hierarchy

  • TotpApiOptions

Properties

tokenForm? tokenFormOptions?

Methods

errorResponse? getToken? getUser

Properties

Optional tokenForm

tokenForm?: boolean | ((req: Request<ParamsDictionary, any, any, ParsedQs, Record<string, any>>, res: Response<any, Record<string, any>>) => PromiseOrValue<void>)

Setting this to true will cause the middleware to respond with a form to accept user input for the token if it is missing from the authorized request.

Setting this to a function will use the function as the middleware to handle the request. You will be in charge of redirecting or otherwise handling the request in this case.

This only works for GET requests, as it will redirect to the same URL with the token as a query parameter.

Optional tokenFormOptions

tokenFormOptions?: Partial<TokenFormOptions>

Options for generating the token form.

Methods

Optional errorResponse

  • If this function is provided, it will be used to respond to the user with an error when OTP verification fails. The response ends after this function is called.

    Parameters

    • req: Request<ParamsDictionary, any, any, ParsedQs, Record<string, any>>

      The request object.

    • res: Response<any, Record<string, any>>

      The response object.

    • next: NextFunction

      The next function.

    • reason: OTPError

    Returns void

Optional getToken

  • This function should return the token from the request (e.g. from a header, or from a query parameter).

    Returns

    The token from the request, or undefined if it doesn't exist.

    Parameters

    • req: Request<ParamsDictionary, any, any, ParsedQs, Record<string, any>>

      The request object.

    Returns PromiseOrValue<undefined | string>

getUser

  • If the return value is not undefined, it uses this function to verify and then inject the correct user into further requests in a middleware (usually before request processing).

    This is where you would decide which users this request belongs to, via whatever method you want - going into DB, checking headers, etc.

    • The user property of the return value will be injected into further requests.
    • The secret property of the return value will be used to generate a comparison key.
    • The username property of the return value will be used to generate the token URL/QR.

    Returning undefined will cause the request to continue as normal, without any user injected.

    It is up to you to return an error in the actual request if necessary.

    Parameters

    • req: Request<ParamsDictionary, any, any, ParsedQs, Record<string, any>>

      The request object.

    Returns PromiseOrValue<undefined | UserData<U>>

Settings

Member Visibility

Theme

Generated using TypeDoc