Archive/screentinker

Fork 0

mirror of https://github.com/screentinker/screentinker.git synced 2026-06-17 11:42:40 -06:00

Commit graph

Author	SHA1	Message	Date
ScreenTinker	c02086e305	feat(server): TOTP primitives - encrypted secret, hashed recovery codes, verify lockout (#100 ) lib/totp.js: otplib wrapper; secret stored via secretbox (must be reversible to recompute codes); recovery codes SHA-256-hashed (api_tokens discipline); verifyCode returns the matched step and blocks intra-window replay via totp_last_step; decrypt failures return null (no throw). lib/totp-lockout.js: per-user lockout for /totp/verify (#87 model). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-13 20:48:55 -05:00

Author

SHA1

Message

Date

ScreenTinker

c02086e305

feat(server): TOTP primitives - encrypted secret, hashed recovery codes, verify lockout (#100 )

lib/totp.js: otplib wrapper; secret stored via secretbox (must be reversible to recompute
codes); recovery codes SHA-256-hashed (api_tokens discipline); verifyCode returns the
matched step and blocks intra-window replay via totp_last_step; decrypt failures return
null (no throw). lib/totp-lockout.js: per-user lockout for /totp/verify (#87 model).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-13 20:48:55 -05:00

1 commit