TOTP REST Node Flow

A simple flow to receive a TOTP token via a get request by a user which then emits either 'authenticated' or 'unauthorized' as an http response and via a link out for other flows to use. Using this for e-paper QR code checkpoints in an escape room where I want the url to be a rolling code.

NOTE: There is no protection built for the stored secret so this is for applications that only use TOTP. Should also caution anyone from using this for any application that is designed to secure anything sensitive. Consider the risks/benefits of using this in your application before committing to it.

[{"id":"76afae2b8c779a72","type":"tab","label":"TOTP REST Auth","disabled":false,"info":"","env":[]},{"id":"9d9ba10b0e31a462","type":"otpauth","z":"76afae2b8c779a72","name":"","otptype":"totp","x":140,"y":4360,"wires":[["8dcffe2d2b783130"]]},{"id":"f6692f120f45573d","type":"inject","z":"76afae2b8c779a72","name":"","props":[{"p":"payload"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"CHANGEMECHANGEME","payloadType":"str","x":180,"y":4300,"wires":[["9d9ba10b0e31a462"]]},{"id":"8dcffe2d2b783130","type":"debug","z":"76afae2b8c779a72","name":"debug 1","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"false","statusVal":"","statusType":"auto","x":140,"y":4420,"wires":[]},{"id":"943030cdbec1d988","type":"otpauth","z":"76afae2b8c779a72","name":"","otptype":"totp","x":200,"y":160,"wires":[["27d1d09485ef73f3"]]},{"id":"3c89419832c3b7b2","type":"http in","z":"76afae2b8c779a72","name":"","url":"/auth","method":"get","upload":false,"swaggerDoc":"","x":170,"y":40,"wires":[["604836a2976e04d1"]]},{"id":"544e74aea8f8b698","type":"change","z":"76afae2b8c779a72","name":"authorized","rules":[{"t":"set","p":"statusCode","pt":"msg","to":"200","tot":"num"},{"t":"set","p":"payload","pt":"msg","to":"authorized","tot":"str"}],"action":"","property":"","from":"","to":"","reg":false,"x":370,"y":180,"wires":[["e28eb6d807ba4040","dff928e10872d71f"]]},{"id":"44d0da98891b7a82","type":"change","z":"76afae2b8c779a72","name":"Secret Key","rules":[{"t":"set","p":"payload","pt":"msg","to":"JBSWY3DPEHPK3PXP","tot":"str"}],"action":"","property":"","from":"","to":"","reg":false,"x":190,"y":120,"wires":[["943030cdbec1d988"]]},{"id":"27d1d09485ef73f3","type":"switch","z":"76afae2b8c779a72","name":"Comparison","property":"payload","propertyType":"msg","rules":[{"t":"eq","v":"userCode.code","vt":"msg"},{"t":"neq","v":"userCode.code","vt":"msg"}],"checkall":"true","repair":false,"outputs":2,"x":190,"y":200,"wires":[["544e74aea8f8b698"],["5bc5a4b08a0f9f11"]]},{"id":"604836a2976e04d1","type":"change","z":"76afae2b8c779a72","name":"Save User Provided OTP","rules":[{"t":"set","p":"userCode","pt":"msg","to":"payload","tot":"msg","dc":true}],"action":"","property":"","from":"","to":"","reg":false,"x":150,"y":80,"wires":[["44d0da98891b7a82"]]},{"id":"5bc5a4b08a0f9f11","type":"change","z":"76afae2b8c779a72","name":"unauthorized","rules":[{"t":"set","p":"statusCode","pt":"msg","to":"400","tot":"num"},{"t":"set","p":"payload","pt":"msg","to":"unauthorized","tot":"str"}],"action":"","property":"","from":"","to":"","reg":false,"x":370,"y":220,"wires":[["e28eb6d807ba4040"]]},{"id":"e28eb6d807ba4040","type":"http response","z":"76afae2b8c779a72","name":"","statusCode":"","headers":{},"x":550,"y":220,"wires":[]},{"id":"dff928e10872d71f","type":"link out","z":"76afae2b8c779a72","name":"OTP Out Link","mode":"link","links":[],"x":515,"y":180,"wires":[]}]

Flow Info

Created 2 years, 7 months ago
Rating: not yet rated
view on github

Owner

nuvious

Actions

Rate:

Node Types

Core
  • change (x4)
  • debug (x1)
  • http in (x1)
  • http response (x1)
  • inject (x1)
  • link out (x1)
  • switch (x1)
Other

Tags

  • totp
  • otp
  • rest
  • authentication
  • HTTP
  • endpoint
Copy this flow JSON to your clipboard and then import into Node-RED using the Import From > Clipboard (Ctrl-I) menu option