merge conflicts

README.md

@@ -1,55 +1,188 @@
 # clj-totp
 
-TOTP (Timebased One Time Password) in clojure. It can be used in the command line, web API o simple embeded web.
+TOTP (Time-based One Time Password) in clojure. It supports several digest algorithms and length.
+
 
 ## What is TOPT
 
-The TOPT is an standad used to generate a time-based password. Usually, this password is used as a second
+The TOPT is a standard used to generate a time-based password. Usually, this password is used as a second
 factor authentication.
 
-You can red more about the algorith here:
+You can read more about the algorithm here:
 
 - Wikipedia: https://en.wikipedia.org/wiki/Time-based_one-time_password
 - TOTP RFC: https://web.archive.org/web/20110711124823/http://tools.ietf.org/html/rfc6238
 - HOTP RFC: https://www.ietf.org/rfc/rfc4226.txt
 
-## The inside
 
-This project is done 100% in clojure. It uses `deps.edn` for configuring the project.
+## How to use
 
-## Features
+First, you must have installed a Java Runtime Environment. Check https://adoptium.net/es if you are
+unsure how to install.
+
+The project is distributed as a jar file with all dependencies included (a.k.a. "uberjar"), and uses
+a simple script to launch the program. Script and uberjar must be in the same directory.
+
+Execute without parameters to show main commands
+
+```bash
+clj-totp.sh
+```
+
+A quick description of each command:
+
+- `generate`: Show a TOTP with a given secret and parameters, not stored in config.
+- `config`: Manage configuration file
+- `add`: Store a new TOTP configuration
+- `delete`: Delete an stored configuration
+- `list`: Shows a list of TOPT stored configurations
+- `get`: Generate a TOTP previously added
+- `import`: Import a URL with the TOTP configuration
+
+
+### Quick and simple generation
+
+If you want to quickly generate a TOPT, you only need to suministrate the secret in B32 format:
+
+```bash
+clj-totp.sh generate <B32 secret>
+```
+
+The OTP changes every 30 seconds, you can print every change with `-c` option:
+
+```bash
+clj-totp.sh generate -c <B32 secret>
+```
+
+It will update the TOTP every 30 seconds, until you press `<Enter>` or `<ctrl+c>`.
+
+
+### Store your configurations
+
+Writing the B32 secret each time can be a bit tedious, but you can store secrets for your applications.
+Be carefull, this version **don't encrypt passwords**, secrets are saved in plain text in a file in
+your home dir.
+
+With the `config` command you can check your configuration file. Now, let's explorer the subcommands:
+
+Check if the config file exists, and show the full path:
+
+```bash
+clj-totp.sh info config
+```
+
+Create a new config file, if the file exists, it will prompt you if you want to overwrite it:
+
+``` bash
+clj-totp.sh info init
+```
+
+Show all data contained in the config file, as a table:
+
+``` bash
+clj-totp.sh info show
+```
+
+
+### Use stored configurations
+
+If you have a valid configuration file, it's time to configure some applications.
+
+To add a new configured application, you can use the `add` command. The simplest way to add a new
+configuration is to specify an alias and the secret in B32:
+
+``` bash
+clj-totp.sh add <alias> <b32 secret>
+```
+
+The `add` subcommand has a lot of configuration options, you can explore them wit the `-?` param.
+
+To list all added configurations, use the `list` command:
+
+``` bash
+clj-totp.sh list
+```
+
+If you made a mistake, you can delete a configured app with the `delete` command:
+
+``` bash
+clj-totp.sh delete <alias>
+```
+
+When you have some configured apps, it's time to use them, with the `get` command. To generate a
+single TOTP for some app you can simple pass a list of alias:
+
+``` bash
+clj-totp.sh get <alias1> <alias2> <aliasN>
+```
+
+It will show the TOTP value at the current time, but TOTPs changes every 30 seconds, to show
+the value when it changes, add the `-c` param. It will update the TOTP for each alias until you
+press enter key (or <Ctrl-C>):
+
+``` bash
+clj-totp.sh get <alias1> <alias2> <aliasN> -c
+```
+
+Finally, this program has an `import` command, that can import from a decoded QR or exported data
+from Google Autenticator:
+
+``` bash
+clj-totp.sh import <alias> "<url>"
+```
+
+
+## Project's plan
 
 ### v1.0
-- Functional TOTP generation
+- [x] Functional TOTP generation
-- Get TOTP from command line
+- [x] Get TOTP from command line
-- Continuous update every 30 seconds
+- [x] Continuous generation
 
-## Usage
+### v1.1
-You can use the `clojure` command to run the program:
+- [x] Store configuration in a properties file or simple DB
-```
+- [x] Import from `otpauth` and `otpauth-migration` protocols
-clojure -M:run <params>
+- [x] Show several OTPs at once
+
+### v1.2
+- [ ] REST API
+- [ ] User management
+- [ ] Robust BD backend (H2, datomic, or similar)
+
+### v1.3
+- [ ] Simple web connected to REST API
+
+
+## Ideas
+
+Some ideas for future versions:
+
+- Store passwords securely: https://github.com/weavejester/crypto-password
+
+
+## Building the project
+
+This project is done 100% in clojure. It uses `deps.edn` for configuring the project and `build.clj`
+for defining compilation tasks.
+
+The first step is to install Java JDK, version 11 or newer (version 21 recommended).
+
+To execute manually the main function, simple use the `:run` alias:
+
+```clojure
+clojure -M:run <commands and parameters>
 ```
 
-If you prefer using the distributed jar:
+To build the uberjar:
-```
+
-java -jar clj-topt-1.0.35-standalone.jar <params>
+```clojure
+clojure -T:build uber
 ```
 
-You can use the binary (compiled with GraalVM) in linux environments:
+There is a utility script to build a native executable using Graal VM. Please, edit the script and
-```
+check the path to your Graal installation. Use it at your own risk.
-totp <params>
+
-```
+```bash
-
+native.sh
-All three methods are equivalent.
-
-### Generate a single TOTP
-You can simple run:
-```
-totp generate <secret in BASE32>
-```
-
-If want to update coninously the generated TOTP, you cand add the `-s` param:
-```
-totp generate <secret in BASE32> -s
 ```
 

build.clj

@@ -1,9 +1,10 @@
 (ns build
   (:require [clojure.tools.build.api :as b]))
 
-(def lib 'es.rcorral/clj-topt)
+(def lib 'es.rcorral/clj-totp)
-(def version (format "1.0.%s" (b/git-count-revs nil)))
+(def version (format "1.1.%s" (b/git-count-revs nil)))
-(def class-dir "target/classes")
+(def target-dir "target")
+(def class-dir (str target-dir "/classes"))
 (def uber-file (format "target/%s-%s-standalone.jar" (name lib) version))
 
 ;; delay to defer side effects (artifact downloads)
@@ -12,10 +13,21 @@
 (defn clean [_]
   (b/delete {:path "target"}))
 
+(defn compile-java [_]
+  (b/javac {:src-dirs ["java"]
+            :class-dir class-dir
+            :basis @basis
+            :javac-opts ["-source" "11" "--target" "11" "-proc:none"]}))
+
+
+#_{:clojure-lsp/ignore [:clojure-lsp/unused-public-var]}
 (defn uber [_]
   (clean nil)
-  (b/copy-dir {:src-dirs ["src" "resources"]
+  (b/copy-dir {:src-dirs ["src"]
                :target-dir class-dir})
+  (b/copy-file {:src "resources/clj-totp.sh"
+                :target "target/clj-totp.sh"})
+  (compile-java nil)
   (b/compile-clj {:basis @basis
                   :ns-compile '[totp.app]
                   :class-dir class-dir})

compile_proto.sh

@@ -0,0 +1,4 @@
+#!/bin/env sh
+
+protoc --java_out java/protoc/ resources/proto/otpauth-migration.proto
+#javac -cp resources/protobuf-java-3.25.8.jar -d target/classes/proto src/OtpauthMigration.java

deps.edn

@@ -1,19 +1,22 @@
-{:paths   ["src"]
+{:paths   ["src" "resources" "target/classes"]
  :deps    {org.clojure/clojure                 {:mvn/version "1.12.1"}
            io.github.clojure/tools.build       {:mvn/version "0.10.10"}
            mvxcvi/alphabase                    {:mvn/version "3.0.185"} ;; https://github.com/greglook/alphabase
            cli-matic/cli-matic                 {:mvn/version "0.5.4"}   ;; https://github.com/l3nz/cli-matic
            ;; Native image (GraalVM)
-           com.github.clj-easy/graal-build-time {:mvn/version "1.0.5"}};; Tutorial: https://shagunagrawal.me/posts/setup-clojure-with-graalvm-for-native-image/
+           com.github.clj-easy/graal-build-time {:mvn/version "1.0.5"};; Tutorial: https://shagunagrawal.me/posts/setup-clojure-with-graalvm-for-native-image/
+           ;; Protobuf for java
+           com.google.protobuf/protobuf-java   {:mvn/version "3.25.8"}}
 
  :aliases {;; Execute the app
            :run      {:main-opts   ["-m" "totp.app"]}
 
            ;; Kaocha runner. You can use the 'kaocha' wrapper located in ~/bin/kaocha
-           :test     {:extra-paths ["test"]                 ;; https://cljdoc.org/d/uberdeps/uberdeps/1.4.0/doc/readme
+           :test     {:extra-paths ["test"]
                       :extra-deps  {lambdaisland/kaocha {:mvn/version "1.91.1392"}}
                       :main-opts   ["-m" "kaocha.runner"]}
 
            ;; Run with clj -T:build function-in-build
            :build    {:deps {io.github.clojure/tools.build {:mvn/version "0.10.10"}}
                       :ns-default build}}}
+

doc/db.plantuml

@@ -1,34 +0,0 @@
-@startuml
-' configuration
-skinparam linetype ortho
-
-entity "user" as user {
-        id: number
-        --
-        login: varchar(64)
-        passw: varchar(512)
-        active: shortint
-        desc: varchar(512)
-        config: varchar(512)
-}
-
-entity "app" as app {
-        id: number
-        --
-        name: varchar(32)
-        desc: varchar(512)
-        secret: varchar(512)
-        period: int
-        config: varchar(512)
-}
-
-entity "user_app" as user_app {
-        user_id: number
-        app_id: number
-        --
-}
-
-user ||--o{ user_app
-app ||--o{ user_app
-
-@enduml

native.sh

@@ -1,14 +1,15 @@
 #!/usr/bin/env sh
 
 NATIVE=~/.sdkman/candidates/java/21.0.2-graalce/bin/native-image
-UBERJAR=clj-topt-1.0.32-standalone.jar
 BIN_FILE=totp
 
 echo "Creating uberjar"
 clojure -T:build uber
+UBERJAR=$(realpath --relative-to=target target/clj-totp-*-standalone.jar)
 
 echo "Creating native image"
-
 $NATIVE -jar target/$UBERJAR -o target/$BIN_FILE -H:+ReportExceptionStackTraces --features=clj_easy.graal_build_time.InitClojureClasses --report-unsupported-elements-at-runtime --verbose --no-fallback -H:ReflectionConfigurationFiles=./reflect_config.json
 
 echo "Executable created on target/$BIN_FILE"
+cp target/$BIN_FILE ~/bin
+echo "Copied to ~/bin/$BIN_FILE"

resources/clj-totp.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env sh
+
+JAVA_EXECUTABLE=java
+UBER_JAR=$(realpath clj-totp-*-standalone.jar)
+OPTS="-Xms256m -Xmx256m -client -Dclojure.spec.skip-macros=true"
+
+
+$JAVA_EXECUTABLE $OPTS -jar $UBER_JAR $@

resources/proto/otpauth-migration.proto

@@ -0,0 +1,39 @@
+syntax = "proto3";
+
+message MigrationPayload {
+  enum Algorithm {
+    ALGORITHM_UNSPECIFIED = 0;
+    ALGORITHM_SHA1 = 1;
+    ALGORITHM_SHA256 = 2;
+    ALGORITHM_SHA512 = 3;
+    ALGORITHM_MD5 = 4;
+  }
+
+  enum DigitCount {
+    DIGIT_COUNT_UNSPECIFIED = 0;
+    DIGIT_COUNT_SIX = 1;
+    DIGIT_COUNT_EIGHT = 2;
+  }
+
+  enum OtpType {
+    OTP_TYPE_UNSPECIFIED = 0;
+    OTP_TYPE_HOTP = 1;
+    OTP_TYPE_TOTP = 2;
+  }
+
+  message OtpParameters {
+    bytes secret = 1;
+    string name = 2;
+    string issuer = 3;
+    Algorithm algorithm = 4;
+    DigitCount digits = 5;
+    OtpType type = 6;
+    int64 counter = 7;
+  }
+
+  repeated OtpParameters otp_parameters = 1;
+  int32 version = 2;
+  int32 batch_size = 3;
+  int32 batch_index = 4;
+  int32 batch_id = 5;
+}

src/totp/app.clj

@@ -1,63 +1,307 @@
 (ns totp.app
+  #_{:clj-kondo/ignore [:refer-all]}
   (:require [totp.core :refer :all]
+            [totp.data :refer :all]
             [cli-matic.core :refer [run-cmd]]
-            [cli-matic.utils :as U]
+            [clojure.pprint :as pp]
-            [clojure.pprint :as pp])
+            [clojure.string :as str])
   (:import [java.util TimerTask Timer])
   (:gen-class))
 
 
 (defn- print-confinuous
-  ([secret] (print-confinuous secret 30))
+  ([secret] (print-confinuous secret "sha1" 6 30))
-  ([secret step]
+  ([secret algorithm digits period]
-   (let [step-millis (* 1000 step)
+   (let [step-millis (* 1000 period)
          now         (System/currentTimeMillis)
          delay       (int (- step-millis (rem now step-millis)))
-         fn-show     (fn [s] (println (System/currentTimeMillis) "-> "(get-otp s)))
+         fn-show     (fn [s] (println (format "[%d] %s" (System/currentTimeMillis) (get-otp s algorithm digits period))))
          task        (proxy [TimerTask] []
                        (run [] (fn-show secret)))]
      (println "\n  <Generating continuosly, press enter to stop>\n")
      ;; (println "Now:" now ", Delay:" delay ", Next execution: " (+ now delay))
+     (println "Refresing in" (int (/ delay 1000)) "seconds")
      (fn-show secret)
      (. (new Timer) (scheduleAtFixedRate task delay step-millis)))
-  (read-line))) ;; Waits for a key press
+   (read-line))) ;; Waits for a key press
 
-(comment
-  (print get-otp "MJXW42LBORXQ====")
-  (print-confinuous "MJXW42LBORXQ====")
-  )
 
 (defn cmd-generate
-  [& {:keys [secret continuous] :as otps}]
+  [& {:keys [secret continuous algorithm digits period]}]
-  ;(pp/pprint otps)
+  ;;(pp/pprint opts)
   (if continuous
-    (print-confinuous secret)
+    (print-confinuous secret algorithm digits period)
-    (println (get-otp secret))
+    (println (get-otp secret algorithm digits period))))
-    ))
+
+
+
+(defn- print-app
+  [app]
+  (let [{:keys [name secret algorithm digits period]
+         :or {algorithm "sha1"
+              digits 6
+              period 30}} app]
+    (println (format "[%d] %12s -> %s" (System/currentTimeMillis) name (get-otp secret algorithm digits period)))))
+
+
+(defn- print-app-continuous
+  ([period apps]
+   (let [step-millis (* 1000 period)
+         now         (System/currentTimeMillis)
+         delay       (int (- step-millis (rem now step-millis)))
+         fn-show     (fn [s]
+                       (dorun (map print-app s))
+                       (println "")) ;; Separate each
+         task        (proxy [TimerTask] []
+                       (run [] (fn-show apps)))]
+     (println "\n  <Generating continuosly, press enter to stop>\n")
+     ;; (println "Now:" now ", Delay:" delay ", Next execution: " (+ now delay))
+     (println "Refresing in" (int (/ delay 1000)) "seconds")
+     (fn-show apps)
+     (. (new Timer) (scheduleAtFixedRate task delay step-millis)))
+   (read-line))) ;; Waits for a key press
+
+
+(defn cmd-get-multi
+  [& {:keys [continuous _arguments]}]
+  ;(pp/pprint opts)
+  (with-config
+    (let [apps (filter some? #_{:clj-kondo/ignore [:unresolved-symbol]}
+                             (map #(get-app cfg %) _arguments))]
+      ;(println "found apps: " apps)
+      (if continuous
+        (print-app-continuous 30 apps)
+        (dorun (map #(print-app %) apps))))))
+
+
+(defn cmd-config
+  [& {:keys [command]}]
+  ;;(pp/pprint opts)
+  (case command
+    "info" (println "Configuration file:"
+                    (if (exists-config)
+                      cfg-file
+                      (str "not found. Expected location: " cfg-file)))
+    "init" (if (exists-config)
+             (do
+               (println "Configuration already exists, this will delete it. Are you sure? [N/y]")
+               (case (read-line)
+                 "y" (create-cfg-file)
+                 "Y" (create-cfg-file)
+                 (println "Cancelling operation.")))
+             (create-cfg-file))
+    "show" (do
+             (println "Config file:\n")
+             ;(println (slurp cfg-file))
+             (pp/print-table (load-config)))))
+
+
+(defn cmd-list
+  [& {:keys [sorted mode]}]
+  (println "List mode:" mode)
+  (if (exists-config)
+    (case mode
+      "list" (let [apps-list (list-apps (load-config))
+                   s-list    (if sorted (sort apps-list) apps-list)]
+               (dorun (map #(println %) s-list)))
+      "table" (pp/print-table (load-config))
+    )
+    (println "Config file not found.")))
+
+
+(defn cmd-add
+  [& {:keys [name secret user issuer algorithm digits period update] }]
+  ;;(pp/pprint opts)
+  (when (not (exists-config))
+    (println "Config not found. Creating new config")
+    (create-cfg-file))
+  (let [cfg (load-config)]
+    (if (or update (nil? (get-app cfg name))) ;; get-app returns nil if app don't exists
+      (do
+        (store-config (add-app cfg name secret user issuer algorithm digits period))
+        (println "App" name "added or updated."))
+      (println "App" name "already exists.\nUse --update if you want to overwrite"))))
+
+
+#_{:clj-kondo/ignore [:unresolved-symbol]}
+(defn cmd-import
+  [& {:keys [name url update] }]
+  (with-config
+    (if (or update (nil? (get-app cfg name)))
+      (cond
+        (str/starts-with? url "otpauth-migration")
+          (do
+            (store-config (import-from-url-export cfg name url))
+            (println "Import successful"))
+        (str/starts-with? url "otpauth")
+          (do
+            (store-config (import-from-url-create cfg name url))
+            (println "Import successful"))
+        :else (println "URL type not supported"))
+      (println "App" name "already exists.\nUse --update if you want to overwrite"))))
+
+
+(defn cmd-delete
+  [& {:keys [name force]}]
+  ;;(pp/pprint opts)
+  (if (exists-config)
+    (let [cfg (load-config)]
+      (when (or force (some? (get-app cfg name)))
+        (store-config (delete-app cfg name))))
+    (println "Config file not found.")))
 
 
 (def cli-options
   {:app {:command "totp"
-         :version "1.0"
+         :version "1.1"
          :description ["Generate a TOTP"]}
 
-   :commands [{:command "generate" :short "g"
+   :commands [;; Generate a TOTP with given params
-               :description "Generate one TOTP with a given secret in BASE32"
+              {:command "generate"
-               :examples    ["Generate one TOTP and exit:"
+               :description "Generate one TOTP for a BASE32 secret, ignoring configured apps"
-                             "  totp generate \"MJXW42LBORXQ====\""
+               :examples    ["Generate one TOTP for a provided BASE32 secret:"
-                             "Generate one TOTP, update each 30 seconds:"
+                             "  totp generate ABCD1234"
-                             "  totp g -c \"MJXW42LBORXQ====\""]
+                             "Generate one TOTP and refresh it continuosly:"
-               :opts [{:option "secret"
+                             "  totp generate -c ABCD1234"]
-                       :short 0
+               :opts [{:option "secret" :short 0
-                       :as "Secret codified in BASE32"
+                       :as "Secret encoded in BASE32"
                        :type :string
                        :default :present}
-                      {:option "continuous"
+                      {:option "continuous" :short "c"
-                       :short "c"
-                       :type :with-flag
                        :as "Contiuous mode"
+                       :type :with-flag
+                       :default false}
+                      {:option "algorithm" :short "a"
+                       :as "Algorithm used for the key generation"
+                       :type #{"sha1" "sha256" "sha512"}
+                       :default "sha1"}
+                      {:option "digits" :short "d"
+                       :as "Number of digits for OTP. Usually 6 or 8"
+                       :type :int
+                       :default 6}
+                      {:option "period" :short "p"
+                       :as "Validity time in seconds"
+                       :type :int
+                       :default 30}]
+               :runs cmd-generate}
+              ;; Generate a TOTP for a configured app
+              {:command "get" :short "g"
+               :description "Generate one TOTP for a configured app"
+               :examples    ["Generate one TOTP for a provided app:"
+                             "  totp get app1"
+                             "Generate one TOTP and refresh it continuosly:"
+                             "  totp get -c app1"]
+               :opts [{:option "name" :short 0
+                       :as "Name of the previous configured app"
+                       :type :string
+                       :default :present}
+                      {:option "continuous" :short "c"
+                       :as "Contiuous mode"
+                       :type :with-flag
                        :default false}]
-               :runs cmd-generate}]})
+               :runs cmd-get-multi}
+              ;; Check and init your config file
+              {:command "config" :short "c"
+               :description "Manage configuration"
+               :examples ["Show location for the configuration file:"
+                          "  totp config info"
+                          "Recreate config (warning: it will delete the existing config file):"
+                          "  totp config init"
+                          "Show configuration:"
+                          "  totp config show"]
+               :opts [{:option "command" :short 0
+                       :as "Command to execute. See examples"
+                       :type #{"info" "init" "show"}
+                       :default :present}]
+               :runs cmd-config}
+              ;; List available apps
+              {:command "list" :short "l"
+               :description "List existing apps"
+               :examples ["List apps:"
+                          "  totp list"
+                          "List apps sorted by name:"
+                          "  totp list --sorted"]
+               :opts [{:option "sorted" :short "s"
+                       :as "If provided, the list will be sorted by name"
+                       :type :with-flag
+                       :default false}
+                      {:option "mode" :short "m"
+                       :as "How to show the list of configured apps"
+                       :type #{"list" "table"}
+                       :default "list"}]
+               :runs cmd-list}
+              ;; Adds a new app to the configuration
+              {:command "add" :short "a"
+               :description "Add a new application with an unique name"
+               :examples ["Add a new application named 'app1' with a BASE32 secred, with defaults:"
+                          "  totp add app1 \"MJXW42LBORXQ====\""
+                          "Add an application, with all posible configuration params:"
+                          "  topt add app2 \"MJXW42LBORXQ====\" -u \"user1@server\" -i my_provider -a sha1 -d 6 -p 30 --update"]
+               :opts [{:option "name" :short 0
+                       :as "Unique name (alias) for the application"
+                       :type :string
+                       :default :present}
+                      {:option "secret" :short 1
+                       :as "Secret encoded in BASE32"
+                       :type :string
+                       :default :present}
+                      {:option "user" :short "u"
+                       :as "Username in the format <user>@<server>"
+                       :type :string}
+                      {:option "issuer" :short "i"
+                       :as "The issuer (provider) of the service"
+                       :type :string}
+                      {:option "algorithm" :short "a"
+                       :as "Algorithm used for the key generation"
+                       :type #{"sha1" "sha256" "sha512"}
+                       :default "sha1"}
+                      {:option "digits" :short "d"
+                       :as "Number of digits for OTP. Usually 6 or 8"
+                       :type :int
+                       :default 6}
+                      {:option "period" :short "p"
+                       :as "Validity time in seconds"
+                       :type :int
+                       :default 30}
+                      {:option "update"
+                       :as "Update an app with the same name if exists"
+                       :type :with-flag
+                       :default false}]
+               :runs cmd-add}
+              ;; Import from URL
+              {:command "import" :short "i"
+               :description "Import a TOTP config from a URL"
+               :examples ["Import from a QR for creation"
+                          "  totp import app1 \"otpauth://totp/<label>?issuer=<issuer>&secret=<base32 secret>\""
+                          "Import from a QR for exportation"
+                          "  totp import app2 \"otpauth-migration://offline?data=<exported data>\""]
+               :opts [{:option "name" :short 0
+                       :as "Unique name of the application"
+                       :type :string
+                       :default :present}
+                      {:option "url" :short 1
+                       :as "Imported URL"
+                       :type :string
+                       :default :present}
+                      {:option "update"
+                       :as "Update an app with the same name if exists"
+                       :type :with-flag
+                       :default false}]
+               :runs cmd-import}
+              ;; Deletes an existing app from configuration
+              {:command "delete" :short "d"
+               :description "Removes an existing application by it's unique name"
+               :examples ["Remove the application name app1"
+                          "  totp remove app1"]
+               :opts [{:option "name" :short 0
+                       :as "Unique name of the application"
+                       :type :string
+                       :default :present}
+                      {:option "force" :short "f"
+                       :as "Don't ask, just remove"
+                       :type :with-flag
+                       :default false}]
+               :runs cmd-delete}]})
 
 
 (defn -main [& args]

src/totp/core.clj

@@ -1,5 +1,6 @@
 (ns totp.core
-  (:require [alphabase.base32 :as b32])
+  (:require [alphabase.base32 :as b32]
+            [clojure.math :as m])
   (:import (javax.crypto Mac)
            (javax.crypto.spec SecretKeySpec)
            (java.util Base64 Arrays)
@@ -21,32 +22,42 @@
   (= byte-array-type (type x)))
 
 
-(defmulti hmac-sha1
+(defn get-alg
-  "Generates an HMAC-SHA1. The key and the message can be (both) string or array of bytes, nil otherwise"
+  [alg]
-  (fn [key message]
+  (case alg
+    "sha1"  "HmacSHA1"
+    "sha256" "HmacSHA256"
+    "sha512" "HmacSHA512"
+    ""))
+
+
+(defmulti hmac
+  "Generates an HMAC. Algorithms supported: sha1, sha256, sha512.
+   The key and the message can be (both) string or array of bytes, nil otherwise"
+  (fn [algorithm key message]
     (cond
-      (and (string? key) (string? message)) :string
+      (and (string? key) (string? message) (some? (get-alg algorithm))) :string
-      (and (bytes-array? key) (bytes-array? message)) :byte
+      (and (bytes-array? key) (bytes-array? message) (some? (get-alg algorithm))) :byte
       :else :nil)))
 
 ;; By default
-(defmethod hmac-sha1 :nil [_ _]
+(defmethod hmac :nil [_ _ _]
   nil)
 
 ;; When key and message are strings
-(defmethod hmac-sha1 :string [key message]
+(defmethod hmac :string [algorithm key message]
   (if (or (empty? key) (empty? message))
     ""
-    (let [mac (doto (Mac/getInstance "HmacSHA1") (.init (SecretKeySpec. (.getBytes key) "HmacSHA1")))
+    (let [mac (doto (Mac/getInstance (get-alg algorithm)) (.init (SecretKeySpec. (.getBytes key) (get-alg algorithm))))
           hmac-bytes (.doFinal mac (.getBytes message))]
       ;; Return the Base64 encoded HMAC
       (.encodeToString (Base64/getEncoder) hmac-bytes))))
 
 ;; When key and message are arrays of bytes
-(defmethod hmac-sha1 :byte [key message]
+(defmethod hmac :byte [algorithm key message]
   (if (nil? message)
     (bytes (byte-array 0))
-    (let [mac (doto (Mac/getInstance "HmacSHA1") (.init (SecretKeySpec. key "HmacSHA1")))
+    (let [mac (doto (Mac/getInstance (get-alg algorithm)) (.init (SecretKeySpec. key (get-alg algorithm))))
           hmac-bytes (.doFinal mac message)]
       ;; Return the Base64 encoded HMAC
       (Base64/getEncoder) hmac-bytes)))
@@ -72,17 +83,19 @@
 
 (defn get-otp
   "Generate an OTP with the given secret (in base32) for the specified timestep"
-  ([secret step]
+  ([secret algorithm digits period] ;;algorithm digits period
-   (when (and secret step)
+   (when (and secret period)
-     (let [k (b32/decode secret)
+     (let [step (timestamp->steps (System/currentTimeMillis) period)
+           k (b32/decode secret)
            c (long->bytes step)
-           hs (hmac-sha1 k c)
+           hs (hmac algorithm k c)
            offset (bit-and (get hs (dec (count hs))) 0x0f) ;; int offset = hs[hs.length-1] & 0xf;
            chunk (Arrays/copyOfRange hs offset (+ offset 4)) ;(take 4 (drop offset hs)) ;; byte[] chunk = Arrays.copyOfRange(hs, offset, offset+4) 
            ]
-       (format "%06d" (-> chunk
+       (format (str "%0" digits "d")
-                         (bytes->int)
+               (-> chunk
-                         (bit-and 0x7fffffff)
+                   (bytes->int)
-                         (rem 1000000))))))
+                   (bit-and 0x7fffffff)
+                   (rem (int (m/pow 10 digits))))))))
   ([secret]
-   (get-otp secret (timestamp->steps (System/currentTimeMillis) 30))))
+   (get-otp secret "sha1" 6 30)))

src/totp/data.clj

@@ -2,7 +2,10 @@
   (:require [clojure.edn :as e]
             [clojure.string :as str]
             [clojure.java.io :as io]
-            [clojure.pprint :as pp]))
+            [clojure.pprint :as pp]
+            [alphabase.base64 :as b64]
+            [alphabase.base32 :as b32])
+  (:import [protoc OtpauthMigration$MigrationPayload]))
 
 (defn join-path
   "Joins several subpaths using system's path separator (/ un *NIX and \\ in windows)"
@@ -47,8 +50,7 @@
 
 (comment
   (exists-config)
-  (create-cfg?)
+  (create-cfg?))
-  )
 
 
 (defn load-config
@@ -62,8 +64,8 @@
   [cfg]
   (when cfg
     (spit cfg-file (str cfg-header (with-out-str
-                          (binding [pp/*print-right-margin* 50]
+                                     (binding [pp/*print-right-margin* 50]
-                          (pp/pprint cfg)))))))
+                                       (pp/pprint cfg)))))))
 
 
 (defn delete-app
@@ -71,19 +73,34 @@
   (filter #(not= name (:name %)) cfg))
 
 
+(defn create-app
+  ([name secret] (create-app name secret nil nil "sha1" 6 30))
+  ([name secret user issuer] (create-app name secret user issuer "sha1" 6 30))
+  ([name secret user issuer algorithm digits period] 
+   {:name name :secret secret :user user :issuer issuer :algorithm algorithm :digits digits :period period}))
+
+
 (defn add-app
-  [cfg name secret]
+  ([cfg app-map] (apply add-app (cons cfg (vals app-map))))
-  (conj (delete-app cfg name) {:name name :secret secret}))
+  ([cfg name secret] (add-app cfg name secret nil nil "sha1" 6 30))
+  ([cfg name secret user issuer algorithm digits period]
+   (conj (delete-app cfg name) (create-app name secret user issuer algorithm digits period))))
 
 
 (defn list-apps
   [cfg]
-  (map :name cfg))
+  (map :name
+       (filter #(contains? % :name) cfg)))
 
+(comment
+  (list-apps (load-config)))
 
 (defn get-app
   [cfg name]
-  (first (filter #(= name (:name %)) cfg)))
+  (let [app (first (filter #(= name (:name %)) cfg))]
+    (if app
+      app
+      (println "App" name "not found"))))
 
 
 (comment
@@ -91,16 +108,139 @@
   (create-cfg?)
   (load-config)
 
+  (get-app [{:name "abc" :secret "def"} {:name "my-app" :secret "abc123"} {:name "another app" :secret "ABCDEF1234"}] "my-app2")
+
   (with-out-str
     (binding [pp/*print-right-margin* 50]
       (pp/pprint [{:name "abc" :secret "def"} {:name "my-app" :secret "abc123"}])))
 
-  (store-config [{:name "abc" :secret "def"} {:name "my-app" :secret "abc123"}])
+  (store-config [{:name "abc" :secret "def"} {:name "my-app" :secret "abc123"} {:name "another app" :secret "ABCDEF1234"}])
 
   (-> nil
       (add-app "app1" "abc123abc123")
       (add-app "app2" "abc123abc123")
       (add-app "app1" "123456789012")
       (store-config))
+)
 
+
+(defmacro with-config
+  "Loads config file and stores it in a cfg binding.
+  You can use the cfg var the inner code.
+
+  Next example will print config data:
+  (with-config (println cfg))
+
+  Be cafefull: dont use a binding called cfg in any module.
+  "
+  [form]
+    (let [cfg (symbol "cfg")]   ;; This symbol will prevent error with qualified in the inner let
+        `(if (exists-config)
+             (let [~cfg (load-config)] ;; This is the problematic let binding. See: https://stackoverflow.com/a/15122414
+               (if (some? ~cfg)
+                 (do ~form)))
+        (println "Config file not found"))))
+
+
+(comment
+  #_{:clj-kondo/ignore [:unresolved-symbol]}
+  (with-config (first cfg))
+
+  (macroexpand-1 '(with-config (first cfg)))
   )
+
+
+
+(defn url-create->app
+  "Import data from url using the protocol otpauth://
+   
+   Example: otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example
+
+  https://github.com/google/google-authenticator/wiki/Key-Uri-Format"
+  [name url]
+  (when (str/starts-with? url "otpauth://")
+    (let [parts (str/split url #"\?")
+          meta-parts (str/split (first parts) #"/" -1)
+          data-parts (str/split (second parts) #"&" -1)
+          otp-type (nth meta-parts 2)]
+      (if (not= "totp" otp-type) ;; Only totp is supported
+        (println "Invalid protocol OTP type:" otp-type)
+        (let [user-data (str/split (nth meta-parts 3) #":" -1)
+              issuer (first user-data)
+              user (second user-data)
+              ;data-map (apply hash-map (flatten (map #(str/split % #"=") data-parts)))
+              data-map (reduce (fn [acc v]  ;; From array to map
+                                 (let [[k v] (str/split v #"=")]
+                                   (assoc acc (keyword k) v)))
+                               {} data-parts)
+              secret (:secret data-map)
+              ;;issuer2 (:issuer data-map)
+              ]
+          (create-app name secret user issuer))))))
+
+(comment
+  (url-create->app "app1" "otpauth://totp/Reddit:errepunto?issuer=Reddit&secret=3RR2")
+
+  (url-create->app "app2" "otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example")
+
+  (add-app [{:a 1 :b 2}] (url-create->app "app2" "otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example"))
+  )
+
+(defn import-from-url-create
+  [cfg name url]
+  (add-app cfg (url-create->app name url)))
+
+(comment
+  #_{:clj-kondo/ignore [:unresolved-symbol]}
+  (with-config (import-from-url-create cfg "app1" "otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example"))
+  )
+
+
+
+(defn url-export->app
+  [name url]
+  (when (some? url)
+    (let [b64-data   (second (str/split url #"=" -1))
+          data-b     (b64/decode b64-data)
+          parsed     (OtpauthMigration$MigrationPayload/parseFrom data-b)
+          payload    (bean (.getOtpParameters parsed 0))
+          ;{:keys [name secret name issuer digitsValue algorithmValue typeValue]} payload
+          secret-b   (:secret payload)
+          secret     (b32/encode (.toByteArray secret-b))
+          user       (:name payload)
+          issuer     (:issuer payload)
+          algorithm  (case (:algorithmValuei payload) 2 "sha256" 3 "sha512" "sha1")
+          digits     (case (:digitsValue payload) 2 8 6)
+          valid-type (= 2 (:typeValue payload))
+          ]
+      (println "name:" name "user:" user "issuer:" issuer "digitsValue:" digits "algorithm:" algorithm "valid type?" valid-type)
+      (if valid-type
+        (create-app name secret user issuer algorithm digits 30)
+        (println "Invalid OTP type" (:typeValue payload)))
+      )))
+
+(comment
+  (url-export->app "test"
+                    "otpauth-migration://offline?data=CkkKEJ0M4MyHfITKCwCfqPIttjESFHJ1YmVuY2pAMThCMTY5RDVGRjAwGgRTTldMIAEoATACQhMzYjkxMDQxNzI3NzgzNDIzNDYyEAIYASAA"
+                    )
+  )
+
+
+
+(defn import-from-url-export
+  "Import data from url using the protocol otpauth-migration://
+
+  https://alexbakker.me/post/parsing-google-auth-export-qr-code.html"
+  [cfg name url]
+  (add-app cfg (url-export->app name url)))
+
+(comment
+  #_{:clj-kondo/ignore [:unresolved-symbol]}
+  (with-config (import-from-url-export
+                cfg
+                "app2"
+                "otpauth-migration://offline?data=CkkKEJ0M4MyHfITKCwCfqPIttjESFHJ1YmVuY2pAMThCMTY5RDVGRjAwGgRTTldMIAEoATACQhMzYjkxMDQxNzI3NzgzNDIzNDYyEAIYASAA")
+    )
+  )
+
+

test/totp/core_test.clj

@@ -1,4 +1,5 @@
 (ns totp.core-test
+  #_{:clj-kondo/ignore [:refer-all]}
   (:require [clojure.test :refer :all]
             [totp.core :refer :all]
             [alphabase.base64 :as b64])
@@ -25,21 +26,21 @@
     (is (= true (bytes-array? (.getBytes ""))))
     (is (= true (bytes-array? (bytes (byte-array [0 0 0 0 0 0 0 0])))))))
 
-(deftest hmac-sha1-test
+(deftest hmac-test
   (testing "border cases"
-    (is (= nil (hmac-sha1 nil nil)))
+    (is (= nil (hmac nil nil nil)))
-    (is (= nil (hmac-sha1 "" nil)))
+    (is (= nil (hmac nil "" nil)))
-    (is (= nil (hmac-sha1 nil "")))
+    (is (= nil (hmac nil nil "")))
-    (is (= nil (hmac-sha1 (.getBytes "") nil)))
+    (is (= nil (hmac nil (.getBytes "") nil)))
-    (is (= nil (hmac-sha1 nil (.getBytes ""))))
+    (is (= nil (hmac nil nil (.getBytes ""))))
-    (is (= "" (hmac-sha1 "" ""))))
+    (is (= "" (hmac "" "" ""))))
   (testing "String params"
-    (is (= "63h3K4sN+c3NDEl3EGeA23jq/EY=" (hmac-sha1 "12345" "this is a message")))
+    (is (= "63h3K4sN+c3NDEl3EGeA23jq/EY=" (hmac "sha1" "12345" "this is a message")))
-    (is (= "MA+ieo7t7MeQfyZR/X52dB1aXDI=" (hmac-sha1 "12345" "this is a longer message
+    (is (= "MA+ieo7t7MeQfyZR/X52dB1aXDI=" (hmac "sha1" "12345" "this is a longer message
     with some lines"))))
   (testing "byte[] params"
-    (is (Arrays/equals (b64/decode "63h3K4sN+c3NDEl3EGeA23jq/EY=") (hmac-sha1 (.getBytes "12345") (.getBytes "this is a message"))))
+    (is (Arrays/equals (b64/decode "63h3K4sN+c3NDEl3EGeA23jq/EY=") (hmac "sha1" (.getBytes "12345") (.getBytes "this is a message"))))
-    (is (Arrays/equals (b64/decode "MA+ieo7t7MeQfyZR/X52dB1aXDI=") (hmac-sha1 (.getBytes "12345") (.getBytes "this is a longer message
+    (is (Arrays/equals (b64/decode "MA+ieo7t7MeQfyZR/X52dB1aXDI=") (hmac "sha1" (.getBytes "12345") (.getBytes "this is a longer message
     with some lines"))))))
 
 
@@ -62,10 +63,10 @@
 
 (deftest get-otp-test
   (testing "Border cases"
-    (is (nil? (get-otp nil nil)))
+    (is (nil? (get-otp nil nil nil nil)))
-    (is (nil? (get-otp "" nil)))
+    (is (nil? (get-otp "" nil nil nil)))
-    (is (nil? (get-otp nil "")))
+    (is (nil? (get-otp nil "" nil nil)))
-    (is (nil? (get-otp nil 1000))))
+    (is (nil? (get-otp nil 1000 nil nil))))
   (testing "Common usage"
-    (is (= "837552" (get-otp "MJXW42LBORXQ====" 10000)))
+    (is (= 6 (count (get-otp "MJXW42LBORXQ====" "sha1" 6 10000))))
     (is (= 6 (count (get-otp "MJXW42LBORXQ===="))))))