Merge branch 'release/1.2'

Reviewed-on: #1

.gitignore

@@ -1,32 +1,7 @@
-# ---> Clojure
-pom.xml
-pom.xml.asc
-*.jar
-*.class
-/lib/
-/classes/
+/.clj-kondo/
+/.cpcache/
+/.lsp/
 /target/
-/checkouts/
-.lein-deps-sum
-.lein-repl-history
-.lein-plugins/
-.lein-failures
 .nrepl-port
-.cpcache/
-
-# ---> Leiningen
-pom.xml
-pom.xml.asc
-*.jar
-*.class
-/lib/
-/classes/
-/target/
-/checkouts/
-.lein-deps-sum
-.lein-repl-history
-.lein-plugins/
-.lein-failures
-.nrepl-port
-.cpcache/
+.calva
 

LICENSE

@@ -1,18 +0,0 @@
-MIT License
-
-Copyright (c) 2025 ruben
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and 
-associated documentation files (the "Software"), to deal in the Software without restriction, including 
-without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
-copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the 
-following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial 
-portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT 
-LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO 
-EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE 
-USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -1,34 +1,193 @@
 # clj-totp
 
-TOTP (Timebased One Time Password) in clojure. It can be used in the command line, web API o simple embeded web.
+TOTP (Time-based One Time Password) in clojure. It supports several digest algorithms and length.
+
 
 ## What is TOPT
 
-The TOPT is an standad used to generate a time-based password. Usually, this password is used as a second
+The TOPT is a standard used to generate a time-based password. Usually, this password is used as a second
 factor authentication.
 
-You can red more about the algorith here:
+You can read more about the algorithm here:
 
 - Wikipedia: https://en.wikipedia.org/wiki/Time-based_one-time_password
 - TOTP RFC: https://web.archive.org/web/20110711124823/http://tools.ietf.org/html/rfc6238
 - HOTP RFC: https://www.ietf.org/rfc/rfc4226.txt
 
 
-## The inside
+## How to use
 
-This project is done 100% in clojure. It uses `deps.edn` for configuring the project.
+First, you must have installed a Java Runtime Environment. Check https://adoptium.net/es if you are
+unsure how to install.
 
-## Implementation timeline
+The project is distributed as a jar file with all dependencies included (a.k.a. "uberjar"), and uses
+a simple script to launch the program. Script and uberjar must be in the same directory.
+
+Execute without parameters to show main commands
+
+```bash
+clj-totp.sh
+```
+
+A quick description of each command:
+
+- `generate`: Show a TOTP with a given secret and parameters, not stored in config.
+- `config`: Manage configuration file
+- `add`: Store a new TOTP configuration
+- `delete`: Delete an stored configuration
+- `list`: Shows a list of TOPT stored configurations
+- `get`: Generate a TOTP previously added
+- `import`: Import a URL with the TOTP configuration
+
+
+### Quick and simple generation
+
+If you want to quickly generate a TOPT, you only need to suministrate the secret in B32 format:
+
+```bash
+clj-totp.sh generate <B32 secret>
+```
+
+The OTP changes every 30 seconds, you can print every change with `-c` option:
+
+```bash
+clj-totp.sh generate -c <B32 secret>
+```
+
+It will update the TOTP every 30 seconds, until you press `<Enter>` or `<ctrl+c>`.
+
+
+### Store your configurations
+
+Writing the B32 secret each time can be a bit tedious, but you can store secrets for your applications.
+Be carefull, this version **don't encrypt passwords**, secrets are saved in plain text in a file in
+your home dir.
+
+With the `config` command you can check your configuration file. Now, let's explorer the subcommands:
+
+Check if the config file exists, and show the full path:
+
+```bash
+clj-totp.sh info config
+```
+
+Create a new config file, if the file exists, it will prompt you if you want to overwrite it:
+
+``` bash
+clj-totp.sh info init
+```
+
+Show all data contained in the config file, as a table:
+
+``` bash
+clj-totp.sh info show
+```
+
+
+### Use stored configurations
+
+If you have a valid configuration file, it's time to configure some applications.
+
+To add a new configured application, you can use the `add` command. The simplest way to add a new
+configuration is to specify an alias and the secret in B32:
+
+``` bash
+clj-totp.sh add <alias> <b32 secret>
+```
+
+The `add` subcommand has a lot of configuration options, you can explore them wit the `-?` param.
+
+To list all added configurations, use the `list` command:
+
+``` bash
+clj-totp.sh list
+```
+
+If you made a mistake, you can delete a configured app with the `delete` command:
+
+``` bash
+clj-totp.sh delete <alias>
+```
+
+When you have some configured apps, it's time to use them, with the `get` command. To generate a
+single TOTP for some app you can simple pass a list of alias:
+
+``` bash
+clj-totp.sh get <alias1> <alias2> <aliasN>
+```
+
+It will show the TOTP value at the current time, but TOTPs changes every 30 seconds, to show
+the value when it changes, add the `-c` param. It will update the TOTP for each alias until you
+press enter key (or <Ctrl-C>):
+
+``` bash
+clj-totp.sh get <alias1> <alias2> <aliasN> -c
+```
+
+Finally, this program has an `import` command, that can import from a decoded QR or exported data
+from Google Autenticator:
+
+``` bash
+clj-totp.sh import <alias> "<url>"
+```
+
+
+## Project's plan
 
 ### v1.0
-[ ] Functional TOTP generation
-[ ] Get TOTP from command line
-[ ] Store configuration in a simple BD (sqlite, for example)
+- [x] Functional TOTP generation
+- [x] Get TOTP from command line
+- [x] Continuous generation
 
 ### v1.1
-[ ] REST API
-[ ] User management
+- [x] Store configuration in a properties file or simple DB
+- [x] Import from `otpauth` and `otpauth-migration` protocols
+- [x] Show several OTPs at once
 
 ### v1.2
-[ ] Simple web connected to REST API
+- [x] Show progress bar
+- [x] Styles for progress bar
+- [x] Native compilation script corrections
+
+### v2
+- [ ] REST API
+- [ ] User management
+- [ ] Robust BD backend (H2, datomic, or similar)
+
+### v3
+- [ ] Simple web connected to REST API
+
+
+## Ideas
+
+Some ideas for future versions:
+
+- Store passwords securely: https://github.com/weavejester/crypto-password
+
+
+## Building the project
+
+This project is done 100% in clojure. It uses `deps.edn` for configuring the project and `build.clj`
+for defining compilation tasks.
+
+The first step is to install Java JDK, version 11 or newer (version 21 recommended).
+
+To execute manually the main function, simple use the `:run` alias:
+
+```clojure
+clojure -M:run <commands and parameters>
+```
+
+To build the uberjar:
+
+```clojure
+clojure -T:build uber
+```
+
+There is a utility script to build a native executable using Graal VM. Please, edit the script and
+check the path to your Graal installation. Use it at your own risk.
+
+```bash
+native.sh
+```
 

build.clj

@@ -0,0 +1,37 @@
+(ns build
+  (:require [clojure.tools.build.api :as b]))
+
+(def lib 'es.rcorral/clj-totp)
+(def version (format "1.2.%s" (b/git-count-revs nil)))
+(def target-dir "target")
+(def class-dir (str target-dir "/classes"))
+(def uber-file (format "target/%s-%s-standalone.jar" (name lib) version))
+
+;; delay to defer side effects (artifact downloads)
+(def basis (delay (b/create-basis {:project "deps.edn"})))
+
+(defn clean [_]
+  (b/delete {:path "target"}))
+
+(defn compile-java [_]
+  (b/javac {:src-dirs ["java"]
+            :class-dir class-dir
+            :basis @basis
+            :javac-opts ["-source" "11" "--target" "11" "-proc:none"]}))
+
+
+#_{:clojure-lsp/ignore [:clojure-lsp/unused-public-var]}
+(defn uber [_]
+  (clean nil)
+  (b/copy-dir {:src-dirs ["src"]
+               :target-dir class-dir})
+  (b/copy-file {:src "resources/clj-totp.sh"
+                :target "target/clj-totp.sh"})
+  (compile-java nil)
+  (b/compile-clj {:basis @basis
+                  :ns-compile '[totp.app]
+                  :class-dir class-dir})
+  (b/uber {:class-dir class-dir
+           :uber-file uber-file
+           :basis @basis
+           :main 'totp.app}))

collect-deps.sh

@@ -0,0 +1 @@
+~/.sdkman/candidates/java/21.0.2-graalce/bin/java -agentlib:native-image-agent=config-output-dir=META-INF/native-image -jar target/clj-topt-1.0.32-standalone.jar g TUGOBTEHPSCMUCYAT6UPELNWGE -c

compile_proto.sh

@@ -0,0 +1,4 @@
+#!/bin/env sh
+
+protoc --java_out java/protoc/ resources/proto/otpauth-migration.proto
+#javac -cp resources/protobuf-java-3.25.8.jar -d target/classes/proto src/OtpauthMigration.java

deps.edn

@@ -0,0 +1,24 @@
+{:paths   ["src" "resources" "target/classes"]
+ :deps    {org.clojure/clojure                 {:mvn/version "1.12.1"}
+           io.github.clojure/tools.build       {:mvn/version "0.10.10"}
+           mvxcvi/alphabase                    {:mvn/version "3.0.185"} ;; https://github.com/greglook/alphabase
+           cli-matic/cli-matic                 {:mvn/version "0.5.4"}   ;; https://github.com/l3nz/cli-matic
+           com.github.clj-easy/graal-build-time {:mvn/version "1.0.5"}  ;; Tutorial: https://shagunagrawal.me/posts/setup-clojure-with-graalvm-for-native-image/
+           ;; Protobuf for java
+           com.google.protobuf/protobuf-java   {:mvn/version "3.25.8"}
+           ;; Progress bar
+           com.github.pmonks/spinner           {:mvn/version "2.0.284"}
+           }
+
+ :aliases {;; Execute the app
+           :run      {:main-opts   ["-m" "totp.app"]}
+
+           ;; Kaocha runner. You can use the 'kaocha' wrapper located in ~/bin/kaocha
+           :test     {:extra-paths ["test"]
+                      :extra-deps  {lambdaisland/kaocha {:mvn/version "1.91.1392"}}
+                      :main-opts   ["-m" "kaocha.runner"]}
+
+           ;; Run with clj -T:build function-in-build
+           :build    {:deps {io.github.clojure/tools.build {:mvn/version "0.10.10"}}
+                      :ns-default build}}}
+

native.cmd

@@ -0,0 +1,33 @@
+
+@echo off
+
+setlocal
+
+REM YOUR LOCAL GRAAL VM INSTALLATION
+set JAVA_HOME=D:\programas\graalvm-jdk-21.0.7+8.1
+REM generated file
+set BIN_FILE=totp
+
+set DEST_DIR=C:\Users\rubencj\util
+
+set PATH=%JAVA_HOME%\bin;%CLOJURE_HOME%;%PATH%
+set NATIVE=%JAVA_HOME%\bin\native-image.cmd
+
+
+echo Using GraalVM native compiler: %NATIVE%
+
+echo Creating uberjar
+clojure -T:build uber
+
+set UBERJAR=
+for /f "delims=" %%a in ('dir /b /s target\clj-totp-*-standalone.jar') do @set UBERJAR=%%a
+echo Created uberjar: %UBERJAR%
+
+echo "Creating native image"
+cmd /c %NATIVE% -jar %UBERJAR% -o target\%BIN_FILE% -H:+ReportExceptionStackTraces --features=clj_easy.graal_build_time.InitClojureClasses --report-unsupported-elements-at-runtime --verbose --no-fallback -H:ReflectionConfigurationFiles=reflect_config.json -H:-CheckToolchain
+
+
+echo Executable created: target\%BIN_FILE%.exe
+
+copy target\%BIN_FILE%.exe %DEST_DIR%
+echo Native image copied to %DEST_DIR%\%BIN_FILE%.exe

native.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env sh
+
+NATIVE=~/.sdkman/candidates/java/21.0.2-graalce/bin/native-image
+BIN_FILE=totp
+
+echo "Creating uberjar"
+clojure -T:build uber
+UBERJAR=$(realpath --relative-to=target target/clj-totp-*-standalone.jar)
+
+echo "Creating native image"
+$NATIVE -jar target/$UBERJAR -o target/$BIN_FILE\
+    -H:+ReportExceptionStackTraces\
+    -H:ReflectionConfigurationFiles=./reflect_config.json\
+    --verbose --no-fallback\
+    --features=clj_easy.graal_build_time.InitClojureClasses\
+    --report-unsupported-elements-at-runtime\
+    --initialize-at-build-time=org.fusesource.jansi.Ansi\
+    #--trace-class-initialization=org.fusesource.jansi.Ansi
+
+echo "Executable created on target/$BIN_FILE"
+cp target/$BIN_FILE ~/bin
+echo "Copied to ~/bin/$BIN_FILE"

reflect_config.json

@@ -0,0 +1,52 @@
+[
+  {
+    "name": "com.sun.crypto.provider.HmacSHA1",
+    "methods": [
+      {
+        "name": "<init>",
+        "parameterTypes": []
+      }
+    ]
+  },
+  {
+    "name": "java.lang.reflect.Method",
+    "methods": [
+      {
+        "name": "canAccess",
+        "parameterTypes": [
+          "java.lang.Object"
+        ]
+      }
+    ]
+  },
+  {
+    "name": "java.util.Arrays",
+    "allDeclaredClasses": true,
+    "allPublicClasses": true,
+    "queryAllPublicMethods": true,
+    "methods": [
+      {
+        "name": "copyOfRange",
+        "parameterTypes": [
+          "byte[]",
+          "int",
+          "int"
+        ]
+      }
+    ]
+  },
+  {
+    "name": "java.util.Timer",
+    "queryAllPublicMethods": true,
+    "methods": [
+      {
+        "name": "scheduleAtFixedRate",
+        "parameterTypes": [
+          "java.util.TimerTask",
+          "long",
+          "long"
+        ]
+      }
+    ]
+  }
+]

resources/clj-totp.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env sh
+
+JAVA_EXECUTABLE=java
+UBER_JAR=$(realpath clj-totp-*-standalone.jar)
+OPTS="-Xms256m -Xmx256m -client -Dclojure.spec.skip-macros=true"
+
+
+$JAVA_EXECUTABLE $OPTS -jar $UBER_JAR $@

resources/proto/otpauth-migration.proto

@@ -0,0 +1,39 @@
+syntax = "proto3";
+
+message MigrationPayload {
+  enum Algorithm {
+    ALGORITHM_UNSPECIFIED = 0;
+    ALGORITHM_SHA1 = 1;
+    ALGORITHM_SHA256 = 2;
+    ALGORITHM_SHA512 = 3;
+    ALGORITHM_MD5 = 4;
+  }
+
+  enum DigitCount {
+    DIGIT_COUNT_UNSPECIFIED = 0;
+    DIGIT_COUNT_SIX = 1;
+    DIGIT_COUNT_EIGHT = 2;
+  }
+
+  enum OtpType {
+    OTP_TYPE_UNSPECIFIED = 0;
+    OTP_TYPE_HOTP = 1;
+    OTP_TYPE_TOTP = 2;
+  }
+
+  message OtpParameters {
+    bytes secret = 1;
+    string name = 2;
+    string issuer = 3;
+    Algorithm algorithm = 4;
+    DigitCount digits = 5;
+    OtpType type = 6;
+    int64 counter = 7;
+  }
+
+  repeated OtpParameters otp_parameters = 1;
+  int32 version = 2;
+  int32 batch_size = 3;
+  int32 batch_index = 4;
+  int32 batch_id = 5;
+}

src/totp/app.clj

@@ -0,0 +1,371 @@
+(ns totp.app
+  #_{:clj-kondo/ignore [:refer-all]}
+  (:require [totp.core :refer :all]
+            [totp.data :refer :all]
+            [cli-matic.core :refer [run-cmd]]
+            [clojure.pprint :as pp]
+            [clojure.string :as str]
+            [progress.determinate :as pd])
+  (:import [java.util TimerTask Timer])
+  (:gen-class))
+
+(def DEFAULT_BAR_STYLE :coloured-ascii-boxes)
+
+(defn print-timer
+  ([] (print-timer 1 30 DEFAULT_BAR_STYLE))
+  ([bar-style] (print-timer 1 30 bar-style))
+  ([start period bar-style]
+   (let [a (atom start)]
+     (pd/animate! a :opts {:total period
+                                ;:line 1
+                           :label "Next TOTP: "
+                                ;:redraw-rate 60 ;; updates per second
+                           :style (get pd/styles bar-style)}
+                       ;(println)
+                  (run! (fn [_] (Thread/sleep 1000) (swap! a inc)) (range start (inc period)))
+                       ;(println)
+                  ))))
+
+
+(defn- print-confinuous
+  ([secret] (print-confinuous secret "sha1" 6 30 true DEFAULT_BAR_STYLE))
+  ([secret algorithm digits period bar bar-style]
+   (let [step-millis (* 1000 period)
+         now         (System/currentTimeMillis)
+         delay       (int (- step-millis (rem now step-millis)))
+         delay-sec   (int (/ delay 1000))
+         fn-show     (fn [s] (println (format "%n[%d] %s%n"
+                                              (System/currentTimeMillis)
+                                              (get-otp s algorithm digits period))))
+         task        (proxy [TimerTask] []
+                       (run [] (println) (fn-show secret)))
+         task-bar    (proxy [TimerTask] []
+                       (run [] (print-timer bar-style)))
+         task-init   (proxy [TimerTask] []
+                       (run [] (print-timer (- period delay-sec) period bar-style)))]
+     (println "\n  <Generating continuosly, press enter to stop>\n")
+     ;; (println "Now:" now ", Delay:" delay ", Next execution: " (+ now delay))
+     (println "Refresing in" delay-sec "seconds")
+     (fn-show secret)
+     ;; Now, start the tasks
+     (when bar
+       (. (new Timer) (schedule task-init 0))
+       (. (new Timer) (scheduleAtFixedRate task-bar delay step-millis)))
+     (. (new Timer) (scheduleAtFixedRate task delay step-millis)))
+   ;; Waits for a key press
+   (read-line)))
+
+
+(defn cmd-generate
+  [& {:keys [secret continuous algorithm digits period bar bar-style]}]
+  ;;(pp/pprint opts)
+  (if continuous
+    (print-confinuous secret algorithm digits period bar bar-style)
+    (println (get-otp secret algorithm digits period))))
+
+
+
+(defn- print-app
+  [app]
+  (let [{:keys [name secret algorithm digits period]
+         :or {algorithm "sha1"
+              digits 6
+              period 30}} app]
+    (println (format "[%d] %12s -> %s" (System/currentTimeMillis) name (get-otp secret algorithm digits period)))))
+
+
+(defn- print-app-continuous
+  ([period apps]
+   (let [step-millis (* 1000 period)
+         now         (System/currentTimeMillis)
+         delay       (int (- step-millis (rem now step-millis)))
+         delay-sec   (int (/ delay 1000))
+         fn-show     (fn [s]
+                       (println "\n")
+                       (dorun (map print-app s))
+                       (println) ;; Separate each
+                       )
+         task        (proxy [TimerTask] []
+                       (run [] (fn-show apps)))]
+     (println "\n  <Generating continuosly, press enter to stop>\n")
+     ;; (println "Now:" now ", Delay:" delay ", Next execution: " (+ now delay))
+     (println "Refresing in" delay-sec "seconds")
+     (fn-show apps)
+     ;; Now, start the tasks
+     (. (new Timer) (scheduleAtFixedRate task delay step-millis)))
+   )) ;; Waits for a key press
+
+
+(defn cmd-get-multi
+  [& {:keys [continuous bar bar-style _arguments]}]
+  ;(pp/pprint opts)
+  (with-config
+    (let [apps (filter some? #_{:clj-kondo/ignore [:unresolved-symbol]}
+                             (map #(get-app cfg %) _arguments))]
+      ;(println "found apps: " apps)
+      (if continuous
+        (let [period      30
+              step-millis (* 1000 period)
+              now         (System/currentTimeMillis)
+              delay       (int (- step-millis (rem now step-millis)))
+              delay-sec   (int (/ delay 1000))
+              task-bar    (proxy [TimerTask] []
+                            (run [] (print-timer bar-style)))
+              task-init   (proxy [TimerTask] []
+                            (run [] (print-timer (- period delay-sec) period bar-style)))]
+          (print-app-continuous period apps)
+          (when bar
+            (. (new Timer) (schedule task-init 0))
+            (. (new Timer) (scheduleAtFixedRate task-bar delay step-millis)))
+          (read-line))
+        (dorun (map #(print-app %) apps))))))
+
+
+(defn cmd-config
+  [& {:keys [command]}]
+  ;;(pp/pprint opts)
+  (case command
+    "info" (println "Configuration file:"
+                    (if (exists-config)
+                      cfg-file
+                      (str "not found. Expected location: " cfg-file)))
+    "init" (if (exists-config)
+             (do
+               (println "Configuration already exists, this will delete it. Are you sure? [N/y]")
+               (case (read-line)
+                 "y" (create-cfg-file)
+                 "Y" (create-cfg-file)
+                 (println "Cancelling operation.")))
+             (create-cfg-file))
+    "show" (do
+             (println "Config file:\n")
+             ;(println (slurp cfg-file))
+             (pp/print-table (load-config)))))
+
+
+(defn cmd-list
+  [& {:keys [sorted mode]}]
+  (println "List mode:" mode)
+  (if (exists-config)
+    (case mode
+      "list" (let [apps-list (list-apps (load-config))
+                   s-list    (if sorted (sort apps-list) apps-list)]
+               (dorun (map #(println %) s-list)))
+      "table" (pp/print-table (load-config))
+    )
+    (println "Config file not found.")))
+
+
+(defn cmd-add
+  [& {:keys [name secret user issuer algorithm digits period update] }]
+  ;;(pp/pprint opts)
+  (when (not (exists-config))
+    (println "Config not found. Creating new config")
+    (create-cfg-file))
+  (let [cfg (load-config)]
+    (if (or update (nil? (get-app cfg name))) ;; get-app returns nil if app don't exists
+      (do
+        (store-config (add-app cfg name secret user issuer algorithm digits period))
+        (println "App" name "added or updated."))
+      (println "App" name "already exists.\nUse --update if you want to overwrite"))))
+
+
+#_{:clj-kondo/ignore [:unresolved-symbol]}
+(defn cmd-import
+  [& {:keys [name url update] }]
+  (with-config
+    (if (or update (nil? (get-app cfg name)))
+      (cond
+        (str/starts-with? url "otpauth-migration")
+          (do
+            (store-config (import-from-url-export cfg name url))
+            (println "Import successful"))
+        (str/starts-with? url "otpauth")
+          (do
+            (store-config (import-from-url-create cfg name url))
+            (println "Import successful"))
+        :else (println "URL type not supported"))
+      (println "App" name "already exists.\nUse --update if you want to overwrite"))))
+
+
+(defn cmd-delete
+  [& {:keys [name force]}]
+  ;;(pp/pprint opts)
+  (if (exists-config)
+    (let [cfg (load-config)]
+      (when (or force (some? (get-app cfg name)))
+        (store-config (delete-app cfg name))))
+    (println "Config file not found.")))
+
+
+(def cli-options
+  {:app {:command "totp"
+         :version "1.2"
+         :description ["Generate a TOTP"]}
+
+   :commands [;; Generate a TOTP with given params
+              {:command "generate"
+               :description "Generate one TOTP for a BASE32 secret, ignoring configured apps"
+               :examples    ["Generate one TOTP for a provided BASE32 secret:"
+                             "  totp generate ABCD1234"
+                             "Generate one TOTP and refresh it continuosly:"
+                             "  totp generate -c ABCD1234"]
+               :opts [{:option "secret" :short 0
+                       :as "Secret encoded in BASE32"
+                       :type :string
+                       :default :present}
+                      {:option "continuous" :short "c"
+                       :as "Contiuous mode"
+                       :type :with-flag
+                       :default false}
+                      {:option "algorithm" :short "a"
+                       :as "Algorithm used for the key generation"
+                       :type #{"sha1" "sha256" "sha512"}
+                       :default "sha1"}
+                      {:option "digits" :short "d"
+                       :as "Number of digits for OTP. Usually 6 or 8"
+                       :type :int
+                       :default 6}
+                      {:option "period" :short "p"
+                       :as "Validity time in seconds"
+                       :type :int
+                       :default 30}
+                      {:option "bar" :short "b"
+                       :as "Show progress bar"
+                       :type :with-flag
+                       :default true}
+                      {:option "bar-style" :short "s"
+                       :as "Progress bar style"
+                       :type #{:ascii-basic :ascii-boxes :coloured-ascii-boxes :emoji-circles :emoji-boxes}
+                       :default :coloured-ascii-boxes}]
+               :runs cmd-generate}
+              ;; Generate a TOTP for a configured app
+              {:command "get" :short "g"
+               :description "Generate one TOTP for a configured app"
+               :examples    ["Generate one TOTP for a provided app:"
+                             "  totp get app1"
+                             "Generate one TOTP and refresh it continuosly:"
+                             "  totp get -c app1"]
+               :opts [{:option "name" :short 0
+                       :as "Name of the previous configured app"
+                       :type :string
+                       :default :present}
+                      {:option "continuous" :short "c"
+                       :as "Contiuous mode"
+                       :type :with-flag
+                       :default false}
+                      {:option "bar" :short "b"
+                       :as "Show progress bar"
+                       :type :with-flag
+                       :default true}
+                      {:option "bar-style" :short "s"
+                       :as "Progress bar style"
+                       :type #{:ascii-basic :ascii-boxes :coloured-ascii-boxes :emoji-circles :emoji-boxes}
+                       :default :coloured-ascii-boxes}]
+               :runs cmd-get-multi}
+              ;; Check and init your config file
+              {:command "config" :short "c"
+               :description "Manage configuration"
+               :examples ["Show location for the configuration file:"
+                          "  totp config info"
+                          "Recreate config (warning: it will delete the existing config file):"
+                          "  totp config init"
+                          "Show configuration:"
+                          "  totp config show"]
+               :opts [{:option "command" :short 0
+                       :as "Command to execute. See examples"
+                       :type #{"info" "init" "show"}
+                       :default :present}]
+               :runs cmd-config}
+              ;; List available apps
+              {:command "list" :short "l"
+               :description "List existing apps"
+               :examples ["List apps:"
+                          "  totp list"
+                          "List apps sorted by name:"
+                          "  totp list --sorted"]
+               :opts [{:option "sorted" :short "s"
+                       :as "If provided, the list will be sorted by name"
+                       :type :with-flag
+                       :default false}
+                      {:option "mode" :short "m"
+                       :as "How to show the list of configured apps"
+                       :type #{"list" "table"}
+                       :default "list"}]
+               :runs cmd-list}
+              ;; Adds a new app to the configuration
+              {:command "add" :short "a"
+               :description "Add a new application with an unique name"
+               :examples ["Add a new application named 'app1' with a BASE32 secred, with defaults:"
+                          "  totp add app1 \"MJXW42LBORXQ====\""
+                          "Add an application, with all posible configuration params:"
+                          "  topt add app2 \"MJXW42LBORXQ====\" -u \"user1@server\" -i my_provider -a sha1 -d 6 -p 30 --update"]
+               :opts [{:option "name" :short 0
+                       :as "Unique name (alias) for the application"
+                       :type :string
+                       :default :present}
+                      {:option "secret" :short 1
+                       :as "Secret encoded in BASE32"
+                       :type :string
+                       :default :present}
+                      {:option "user" :short "u"
+                       :as "Username in the format <user>@<server>"
+                       :type :string}
+                      {:option "issuer" :short "i"
+                       :as "The issuer (provider) of the service"
+                       :type :string}
+                      {:option "algorithm" :short "a"
+                       :as "Algorithm used for the key generation"
+                       :type #{"sha1" "sha256" "sha512"}
+                       :default "sha1"}
+                      {:option "digits" :short "d"
+                       :as "Number of digits for OTP. Usually 6 or 8"
+                       :type :int
+                       :default 6}
+                      {:option "period" :short "p"
+                       :as "Validity time in seconds"
+                       :type :int
+                       :default 30}
+                      {:option "update"
+                       :as "Update an app with the same name if exists"
+                       :type :with-flag
+                       :default false}]
+               :runs cmd-add}
+              ;; Import from URL
+              {:command "import" :short "i"
+               :description "Import a TOTP config from a URL"
+               :examples ["Import from a QR for creation"
+                          "  totp import app1 \"otpauth://totp/<label>?issuer=<issuer>&secret=<base32 secret>\""
+                          "Import from a QR for exportation"
+                          "  totp import app2 \"otpauth-migration://offline?data=<exported data>\""]
+               :opts [{:option "name" :short 0
+                       :as "Unique name of the application"
+                       :type :string
+                       :default :present}
+                      {:option "url" :short 1
+                       :as "Imported URL"
+                       :type :string
+                       :default :present}
+                      {:option "update"
+                       :as "Update an app with the same name if exists"
+                       :type :with-flag
+                       :default false}]
+               :runs cmd-import}
+              ;; Deletes an existing app from configuration
+              {:command "delete" :short "d"
+               :description "Removes an existing application by it's unique name"
+               :examples ["Remove the application name app1"
+                          "  totp remove app1"]
+               :opts [{:option "name" :short 0
+                       :as "Unique name of the application"
+                       :type :string
+                       :default :present}
+                      {:option "force" :short "f"
+                       :as "Don't ask, just remove"
+                       :type :with-flag
+                       :default false}]
+               :runs cmd-delete}]})
+
+
+(defn -main [& args]
+  (run-cmd args cli-options))

src/totp/core.clj

@@ -0,0 +1,101 @@
+(ns totp.core
+  (:require [alphabase.base32 :as b32]
+            [clojure.math :as m])
+  (:import (javax.crypto Mac)
+           (javax.crypto.spec SecretKeySpec)
+           (java.util Base64 Arrays)
+           (java.nio ByteBuffer)))
+
+(def ^:private byte-array-type (type (.getBytes "")))
+
+(defn timestamp->steps
+  "Converts from UNIX timestamp in milliseconds to a number os steps of 's' seconds of duration"
+  [time, step-size]
+  (if (or (nil? time) (nil? step-size) (zero? step-size))
+    0
+    (int (quot time (* 1000 step-size)))))
+
+
+(defn bytes-array?
+  "Return true if x is a byte[]"
+  [x]
+  (= byte-array-type (type x)))
+
+
+(defn get-alg
+  [alg]
+  (case alg
+    "sha1"  "HmacSHA1"
+    "sha256" "HmacSHA256"
+    "sha512" "HmacSHA512"
+    ""))
+
+
+(defmulti hmac
+  "Generates an HMAC. Algorithms supported: sha1, sha256, sha512.
+   The key and the message can be (both) string or array of bytes, nil otherwise"
+  (fn [algorithm key message]
+    (cond
+      (and (string? key) (string? message) (some? (get-alg algorithm))) :string
+      (and (bytes-array? key) (bytes-array? message) (some? (get-alg algorithm))) :byte
+      :else :nil)))
+
+;; By default
+(defmethod hmac :nil [_ _ _]
+  nil)
+
+;; When key and message are strings
+(defmethod hmac :string [algorithm key message]
+  (if (or (empty? key) (empty? message))
+    ""
+    (let [mac (doto (Mac/getInstance (get-alg algorithm)) (.init (SecretKeySpec. (.getBytes key) (get-alg algorithm))))
+          hmac-bytes (.doFinal mac (.getBytes message))]
+      ;; Return the Base64 encoded HMAC
+      (.encodeToString (Base64/getEncoder) hmac-bytes))))
+
+;; When key and message are arrays of bytes
+(defmethod hmac :byte [algorithm key message]
+  (if (nil? message)
+    (bytes (byte-array 0))
+    (let [mac (doto (Mac/getInstance (get-alg algorithm)) (.init (SecretKeySpec. key (get-alg algorithm))))
+          hmac-bytes (.doFinal mac message)]
+      ;; Return the Base64 encoded HMAC
+      (Base64/getEncoder) hmac-bytes)))
+
+
+(defn long->bytes
+  "Converts a long to an array of 8 bytes"
+  [l]
+  ;;Java equivalent: ByteBuffer.allocate(Long.SIZE / Byte.SIZE).putLong(someLong).array();
+  (when (integer? l)
+    (-> (ByteBuffer/allocate (/ Long/SIZE Byte/SIZE))
+        (.putLong l)
+        (.array))))
+
+
+(defn bytes->int
+  "Converts an array of 4 bytes to an integer"
+  [bytes]
+  ;;Java equivalent:  ByteBuffer.wrap(data).getInt()
+  (when (some? bytes)
+    (.getInt (ByteBuffer/wrap bytes))))
+
+
+(defn get-otp
+  "Generate an OTP with the given secret (in base32) for the specified timestep"
+  ([secret algorithm digits period] ;;algorithm digits period
+   (when (and secret period)
+     (let [step (timestamp->steps (System/currentTimeMillis) period)
+           k (b32/decode secret)
+           c (long->bytes step)
+           hs (hmac algorithm k c)
+           offset (bit-and (get hs (dec (count hs))) 0x0f) ;; int offset = hs[hs.length-1] & 0xf;
+           chunk (Arrays/copyOfRange hs offset (+ offset 4)) ;(take 4 (drop offset hs)) ;; byte[] chunk = Arrays.copyOfRange(hs, offset, offset+4) 
+           ]
+       (format (str "%0" digits "d")
+               (-> chunk
+                   (bytes->int)
+                   (bit-and 0x7fffffff)
+                   (rem (int (m/pow 10 digits))))))))
+  ([secret]
+   (get-otp secret "sha1" 6 30)))

src/totp/data.clj

@@ -0,0 +1,246 @@
+(ns totp.data
+  (:require [clojure.edn :as e]
+            [clojure.string :as str]
+            [clojure.java.io :as io]
+            [clojure.pprint :as pp]
+            [alphabase.base64 :as b64]
+            [alphabase.base32 :as b32])
+  (:import [protoc OtpauthMigration$MigrationPayload]))
+
+(defn join-path
+  "Joins several subpaths using system's path separator (/ un *NIX and \\ in windows)"
+  [& col]
+  (str/join java.io.File/separator col))
+
+
+(def cfg-path (join-path (System/getProperty "user.home") ".config" "totp"))
+
+(def cfg-file (join-path cfg-path "apps.edn"))
+
+(def cfg-header ";; clj-totp configuration file
+;; This file contents a list of maps with :name and :secret entries
+;; Secrets must be encoded in BASE32
+
+")
+
+
+(defn exists-config
+  "Checks if the config file exists"
+  []
+  (.exists (io/file cfg-file)))
+
+
+(defn create-cfg-file
+  "Creates the config file"
+  []
+  (println "Creating " cfg-file)
+  (io/delete-file cfg-file true)
+  (io/make-parents cfg-file)
+  (spit cfg-file cfg-header)
+  true)
+
+
+(defn create-cfg?
+  "Create configuration file if not exists. Overridable with allways = true"
+  ([] (create-cfg? false))
+  ([allways]
+   (if (or allways (not (exists-config)))
+     (create-cfg-file)
+     false)))
+
+(comment
+  (exists-config)
+  (create-cfg?))
+
+
+(defn load-config
+  "Loads configuration from file"
+  []
+  (e/read-string (slurp cfg-file)))
+
+
+(defn store-config
+  "Store configuration to file"
+  [cfg]
+  (when cfg
+    (spit cfg-file (str cfg-header (with-out-str
+                                     (binding [pp/*print-right-margin* 50]
+                                       (pp/pprint cfg)))))))
+
+
+(defn delete-app
+  [cfg name]
+  (filter #(not= name (:name %)) cfg))
+
+
+(defn create-app
+  ([name secret] (create-app name secret nil nil "sha1" 6 30))
+  ([name secret user issuer] (create-app name secret user issuer "sha1" 6 30))
+  ([name secret user issuer algorithm digits period] 
+   {:name name :secret secret :user user :issuer issuer :algorithm algorithm :digits digits :period period}))
+
+
+(defn add-app
+  ([cfg app-map] (apply add-app (cons cfg (vals app-map))))
+  ([cfg name secret] (add-app cfg name secret nil nil "sha1" 6 30))
+  ([cfg name secret user issuer algorithm digits period]
+   (conj (delete-app cfg name) (create-app name secret user issuer algorithm digits period))))
+
+
+(defn list-apps
+  [cfg]
+  (map :name
+       (filter #(contains? % :name) cfg)))
+
+(comment
+  (list-apps (load-config)))
+
+(defn get-app
+  [cfg name]
+  (let [app (first (filter #(= name (:name %)) cfg))]
+    (if app
+      app
+      (println "App" name "not found"))))
+
+
+(comment
+  (exists-config)
+  (create-cfg?)
+  (load-config)
+
+  (get-app [{:name "abc" :secret "def"} {:name "my-app" :secret "abc123"} {:name "another app" :secret "ABCDEF1234"}] "my-app2")
+
+  (with-out-str
+    (binding [pp/*print-right-margin* 50]
+      (pp/pprint [{:name "abc" :secret "def"} {:name "my-app" :secret "abc123"}])))
+
+  (store-config [{:name "abc" :secret "def"} {:name "my-app" :secret "abc123"} {:name "another app" :secret "ABCDEF1234"}])
+
+  (-> nil
+      (add-app "app1" "abc123abc123")
+      (add-app "app2" "abc123abc123")
+      (add-app "app1" "123456789012")
+      (store-config))
+)
+
+
+(defmacro with-config
+  "Loads config file and stores it in a cfg binding.
+  You can use the cfg var the inner code.
+
+  Next example will print config data:
+  (with-config (println cfg))
+
+  Be cafefull: dont use a binding called cfg in any module.
+  "
+  [form]
+    (let [cfg (symbol "cfg")]   ;; This symbol will prevent error with qualified in the inner let
+        `(if (exists-config)
+             (let [~cfg (load-config)] ;; This is the problematic let binding. See: https://stackoverflow.com/a/15122414
+               (if (some? ~cfg)
+                 (do ~form)))
+        (println "Config file not found"))))
+
+
+(comment
+  #_{:clj-kondo/ignore [:unresolved-symbol]}
+  (with-config (first cfg))
+
+  (macroexpand-1 '(with-config (first cfg)))
+  )
+
+
+
+(defn url-create->app
+  "Import data from url using the protocol otpauth://
+   
+   Example: otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example
+
+  https://github.com/google/google-authenticator/wiki/Key-Uri-Format"
+  [name url]
+  (when (str/starts-with? url "otpauth://")
+    (let [parts (str/split url #"\?")
+          meta-parts (str/split (first parts) #"/" -1)
+          data-parts (str/split (second parts) #"&" -1)
+          otp-type (nth meta-parts 2)]
+      (if (not= "totp" otp-type) ;; Only totp is supported
+        (println "Invalid protocol OTP type:" otp-type)
+        (let [user-data (str/split (nth meta-parts 3) #":" -1)
+              issuer (first user-data)
+              user (second user-data)
+              ;data-map (apply hash-map (flatten (map #(str/split % #"=") data-parts)))
+              data-map (reduce (fn [acc v]  ;; From array to map
+                                 (let [[k v] (str/split v #"=")]
+                                   (assoc acc (keyword k) v)))
+                               {} data-parts)
+              secret (:secret data-map)
+              ;;issuer2 (:issuer data-map)
+              ]
+          (create-app name secret user issuer))))))
+
+(comment
+  (url-create->app "app1" "otpauth://totp/Reddit:errepunto?issuer=Reddit&secret=3RR2")
+
+  (url-create->app "app2" "otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example")
+
+  (add-app [{:a 1 :b 2}] (url-create->app "app2" "otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example"))
+  )
+
+(defn import-from-url-create
+  [cfg name url]
+  (add-app cfg (url-create->app name url)))
+
+(comment
+  #_{:clj-kondo/ignore [:unresolved-symbol]}
+  (with-config (import-from-url-create cfg "app1" "otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example"))
+  )
+
+
+
+(defn url-export->app
+  [name url]
+  (when (some? url)
+    (let [b64-data   (second (str/split url #"=" -1))
+          data-b     (b64/decode b64-data)
+          parsed     (OtpauthMigration$MigrationPayload/parseFrom data-b)
+          payload    (bean (.getOtpParameters parsed 0))
+          ;{:keys [name secret name issuer digitsValue algorithmValue typeValue]} payload
+          secret-b   (:secret payload)
+          secret     (b32/encode (.toByteArray secret-b))
+          user       (:name payload)
+          issuer     (:issuer payload)
+          algorithm  (case (:algorithmValuei payload) 2 "sha256" 3 "sha512" "sha1")
+          digits     (case (:digitsValue payload) 2 8 6)
+          valid-type (= 2 (:typeValue payload))
+          ]
+      (println "name:" name "user:" user "issuer:" issuer "digitsValue:" digits "algorithm:" algorithm "valid type?" valid-type)
+      (if valid-type
+        (create-app name secret user issuer algorithm digits 30)
+        (println "Invalid OTP type" (:typeValue payload)))
+      )))
+
+(comment
+  (url-export->app "test"
+                    "otpauth-migration://offline?data=CkkKEJ0M4MyHfITKCwCfqPIttjESFHJ1YmVuY2pAMThCMTY5RDVGRjAwGgRTTldMIAEoATACQhMzYjkxMDQxNzI3NzgzNDIzNDYyEAIYASAA"
+                    )
+  )
+
+
+
+(defn import-from-url-export
+  "Import data from url using the protocol otpauth-migration://
+
+  https://alexbakker.me/post/parsing-google-auth-export-qr-code.html"
+  [cfg name url]
+  (add-app cfg (url-export->app name url)))
+
+(comment
+  #_{:clj-kondo/ignore [:unresolved-symbol]}
+  (with-config (import-from-url-export
+                cfg
+                "app2"
+                "otpauth-migration://offline?data=CkkKEJ0M4MyHfITKCwCfqPIttjESFHJ1YmVuY2pAMThCMTY5RDVGRjAwGgRTTldMIAEoATACQhMzYjkxMDQxNzI3NzgzNDIzNDYyEAIYASAA")
+    )
+  )
+
+

test/totp/core_test.clj

@@ -0,0 +1,72 @@
+(ns totp.core-test
+  #_{:clj-kondo/ignore [:refer-all]}
+  (:require [clojure.test :refer :all]
+            [totp.core :refer :all]
+            [alphabase.base64 :as b64])
+  (:import (java.util Arrays)))
+
+(deftest timestamp->steps-test
+  (testing "Border cases"
+    (is (zero? (timestamp->steps nil nil)))
+    (is (zero? (timestamp->steps 0 nil)))
+    (is (zero? (timestamp->steps nil 0)))
+    (is (zero? (timestamp->steps 0 0))))
+  (testing "Common usage"
+    (is (= 10 (timestamp->steps 100000 10)))
+    (is (= 10 (timestamp->steps 100001 10)))
+    (is (= 10 (timestamp->steps 100999 10)))
+    (is (= 11 (timestamp->steps 110000 10)))
+    (is (= 2 (timestamp->steps 63000 30)))))
+
+(deftest bytes-array?-test
+  (testing "All cases"
+    (is (= false (bytes-array? nil)))
+    (is (= false (bytes-array? "")))
+    (is (= false (bytes-array? [0x0])))
+    (is (= true (bytes-array? (.getBytes ""))))
+    (is (= true (bytes-array? (bytes (byte-array [0 0 0 0 0 0 0 0])))))))
+
+(deftest hmac-test
+  (testing "border cases"
+    (is (= nil (hmac nil nil nil)))
+    (is (= nil (hmac nil "" nil)))
+    (is (= nil (hmac nil nil "")))
+    (is (= nil (hmac nil (.getBytes "") nil)))
+    (is (= nil (hmac nil nil (.getBytes ""))))
+    (is (= "" (hmac "" "" ""))))
+  (testing "String params"
+    (is (= "63h3K4sN+c3NDEl3EGeA23jq/EY=" (hmac "sha1" "12345" "this is a message")))
+    (is (= "MA+ieo7t7MeQfyZR/X52dB1aXDI=" (hmac "sha1" "12345" "this is a longer message
+    with some lines"))))
+  (testing "byte[] params"
+    (is (Arrays/equals (b64/decode "63h3K4sN+c3NDEl3EGeA23jq/EY=") (hmac "sha1" (.getBytes "12345") (.getBytes "this is a message"))))
+    (is (Arrays/equals (b64/decode "MA+ieo7t7MeQfyZR/X52dB1aXDI=") (hmac "sha1" (.getBytes "12345") (.getBytes "this is a longer message
+    with some lines"))))))
+
+
+(deftest long->bytes-test
+  (testing "Border cases"
+    (is (nil? (long->bytes nil))))
+  (testing "Common usage"
+    (is (Arrays/equals (bytes (byte-array [0 0 0 0 0 0 0 0])) (long->bytes 0)))
+    (is (Arrays/equals (bytes (byte-array [0 0 0 0 0 0 0x01 0x01])) (long->bytes 257)))))
+
+
+(deftest bytes->int-test
+  (testing "Border cases"
+    (is (nil? (bytes->int nil))))
+  (testing "Common usage"
+    (is (= 0 (bytes->int (bytes (byte-array [0 0 0 0])))))
+    (is (= 1 (bytes->int (bytes (byte-array [0 0 0 0x01])))))
+    (is (= 257 (bytes->int (bytes (byte-array [0 0 0x01 0x01])))))))
+
+
+(deftest get-otp-test
+  (testing "Border cases"
+    (is (nil? (get-otp nil nil nil nil)))
+    (is (nil? (get-otp "" nil nil nil)))
+    (is (nil? (get-otp nil "" nil nil)))
+    (is (nil? (get-otp nil 1000 nil nil))))
+  (testing "Common usage"
+    (is (= 6 (count (get-otp "MJXW42LBORXQ====" "sha1" 6 10000))))
+    (is (= 6 (count (get-otp "MJXW42LBORXQ===="))))))

tests.edn

@@ -0,0 +1 @@
+#kaocha/v1 {}