CD
Cloudflare Developers11mo ago
dhakkad

‘otplib’ library throws TypeError: crypto2.createHmac is not a function error

I’m trying to use otplib library in cloudflare workers but seems like it is not supported because of a crypto/crypto2 dependency, at least that’s what I understood from this error: 
Error generating OTP: crypto2.createHmac is not a function
TypeError: crypto2.createHmac is not a function
    at Object.createDigest (core:user:portunus-worker-dev:2616:30)
    at hotpDigest (core:user:portunus-worker-dev:2991:24)
    at hotpToken (core:user:portunus-worker-dev:2994:45)
    at totpToken (core:user:portunus-worker-dev:3107:16)
    at authenticatorToken (core:user:portunus-worker-dev:3254:16)
    at Authenticator.generate (core:user:portunus-worker-dev:3267:18)
    at module.exports.getOTP (core:user:portunus-worker-dev:5109:38)
    at async Object.handle (core:user:portunus-worker-dev:2186:37)
    at async jsonError (core:user:portunus-worker-dev:2149:18) {
  stack: TypeError: crypto2.createHmac is not a function
  …jsonError (core:user:portunus-worker-dev:2149:18),
  message: crypto2.createHmac is not a function
}
Error generating OTP: crypto2.createHmac is not a function
TypeError: crypto2.createHmac is not a function
    at Object.createDigest (core:user:portunus-worker-dev:2616:30)
    at hotpDigest (core:user:portunus-worker-dev:2991:24)
    at hotpToken (core:user:portunus-worker-dev:2994:45)
    at totpToken (core:user:portunus-worker-dev:3107:16)
    at authenticatorToken (core:user:portunus-worker-dev:3254:16)
    at Authenticator.generate (core:user:portunus-worker-dev:3267:18)
    at module.exports.getOTP (core:user:portunus-worker-dev:5109:38)
    at async Object.handle (core:user:portunus-worker-dev:2186:37)
    at async jsonError (core:user:portunus-worker-dev:2149:18) {
  stack: TypeError: crypto2.createHmac is not a function
  …jsonError (core:user:portunus-worker-dev:2149:18),
  message: crypto2.createHmac is not a function
}
2 Replies
dhakkad
dhakkad11mo ago
The code: 
const otplib = require('otplib')
const { v4: uuidv4 } = require('uuid')
// Auth handlers
module.exports.getOTP = async ({ query, url, headers, cf = {} }) => {
  const { user, origin } = query // user is email
  if (!user || !EMAIL_REGEXP.test(user)) {
    return respondError(new HTTPError('User email not supplied', 400))
  }
  let u = await fetchUser(user)
  console.log(u.otp_secret)
  console.log(u)
  if (!u) {
    u = await createUser(user)
  } else if (!u.otp_secret) {
    // legacy user without otp_secret
    u.otp_secret = uuidv4()
    if (u.otp_secret === u.jwt_uuid) {
      // Note: this shouldn't happen anyway
      throw new Error('OTP secret and JWT UUID are the same')
    }
    u.updated = new Date()
    await updateUser(u)
  }

  let otp;
  try {
    otp = totp.generate(u.otp_secret);
  } catch (err) {
    console.error("Error generating OTP:", err.message);
    throw err; // you can choose to rethrow the error, or handle it here and not throw
  }

  const expiresAt = new Date(Date.now() + totp.timeRemaining() * 1000)
  // TODO: tricky for local dev as the origin is mapped to remote cloudflare worker
  const { origin: _origin } = new URL(url)
  const defaultOrigin = `${_origin}/login`
  // obtain locale and timezone from request for email `expiresAt` formatting
  const locale = (headers.get('Accept-Language') || '').split(',')[0] || 'en'
  const timeZone = cf.timezone || 'UTC'
const otplib = require('otplib')
const { v4: uuidv4 } = require('uuid')
// Auth handlers
module.exports.getOTP = async ({ query, url, headers, cf = {} }) => {
  const { user, origin } = query // user is email
  if (!user || !EMAIL_REGEXP.test(user)) {
    return respondError(new HTTPError('User email not supplied', 400))
  }
  let u = await fetchUser(user)
  console.log(u.otp_secret)
  console.log(u)
  if (!u) {
    u = await createUser(user)
  } else if (!u.otp_secret) {
    // legacy user without otp_secret
    u.otp_secret = uuidv4()
    if (u.otp_secret === u.jwt_uuid) {
      // Note: this shouldn't happen anyway
      throw new Error('OTP secret and JWT UUID are the same')
    }
    u.updated = new Date()
    await updateUser(u)
  }

  let otp;
  try {
    otp = totp.generate(u.otp_secret);
  } catch (err) {
    console.error("Error generating OTP:", err.message);
    throw err; // you can choose to rethrow the error, or handle it here and not throw
  }

  const expiresAt = new Date(Date.now() + totp.timeRemaining() * 1000)
  // TODO: tricky for local dev as the origin is mapped to remote cloudflare worker
  const { origin: _origin } = new URL(url)
  const defaultOrigin = `${_origin}/login`
  // obtain locale and timezone from request for email `expiresAt` formatting
  const locale = (headers.get('Accept-Language') || '').split(',')[0] || 'en'
  const timeZone = cf.timezone || 'UTC'
const plainEmail = [
    `OTP: ${otp}`,
    `Magic-Link: ${origin || defaultOrigin}?user=${user}&otp=${otp}`,
    `Expires at: ${expiresAt.toLocaleString(locale, {
      timeZone,
      timeZoneName: 'long',
    })}`,
  ].join('\n')
  await fetch('https://api.sendgrid.com/v3/mail/send', {
    method: 'POST',
    headers: {
      authorization: `Bearer ${MAIL_PASS}`,
      'content-type': 'application/json',
    },
    body: JSON.stringify({
      personalizations: [{ to: [{ email: u.email }] }],
      from: { email: 'dev@example.com' },
      subject: 'OTP',
      content: [
        {
          type: 'text/plain',
          value: plainEmail,
        },
      ],
    }),
  })
  return respondJSON({ payload: { message: `OTP/Magic-Link sent to ${user}` } })
}
const plainEmail = [
    `OTP: ${otp}`,
    `Magic-Link: ${origin || defaultOrigin}?user=${user}&otp=${otp}`,
    `Expires at: ${expiresAt.toLocaleString(locale, {
      timeZone,
      timeZoneName: 'long',
    })}`,
  ].join('\n')
  await fetch('https://api.sendgrid.com/v3/mail/send', {
    method: 'POST',
    headers: {
      authorization: `Bearer ${MAIL_PASS}`,
      'content-type': 'application/json',
    },
    body: JSON.stringify({
      personalizations: [{ to: [{ email: u.email }] }],
      from: { email: 'dev@example.com' },
      subject: 'OTP',
      content: [
        {
          type: 'text/plain',
          value: plainEmail,
        },
      ],
    }),
  })
  return respondJSON({ payload: { message: `OTP/Magic-Link sent to ${user}` } })
}
I tried looking for a supported library for the same task but unable to find one.
dhakkad
dhakkad11mo ago
I was able to solve this using web crypto api and here is the gist: https://gist.github.com/ashishjullia/49e049688ac84b298fefbf0acd52246d
Gist
create-totp-cf-workers
create-totp-cf-workers. GitHub Gist: instantly share code, notes, and snippets.
Want results from more Discord servers?
Add your server
More Posts
Would Cloudflare Websockets work with a Next.js + tRPC project hosted on Pages?https://trpc.io/docs/subscriptionsNo webpage was found for the web address after creating PagesNo webpage was found for the web address after deployingErrorcan anyone help please the vpn stuck with disconectedGiving team member access to the Zero Trust dashboardHello, I have a team member who is able to control my domain, but I am unsure how to give him accessCannot install dependencies in monorepo with pnpm using v2 build systemI attempted to move an existing pages app to pnpm workspaces, with one package being the pages websiNeed help migrating from CloudFront to CloudFlareI need to migrate my live site from AWS CloudFront to CloudFlare with little to no downtime. Does CDDos DynamicHow does DDos Dynamic work when it comes to DDos Attacks in HTTP DDos Protection Settings? Is it a bconfused about the features and limits of cloudflare pageshelllo everyone 🙂 noob here, i'd like to get some insight as to should i be paying for cloudflare web streaming with Remix "defer" does not work with Page Rule->Cache Level->Cache all.I have searched for a while and found out the following: In my current Remix Project with CloudflareFixing Gateway 502 ErrorI have a home server that I'm setting up with pterodactyl and nginx proxy manager and I've successfu