"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TOTPService = void 0;
/**
 * TOTP (Time-based One-Time Password) service.
 * Uses otpauth library for RFC 6238 compliant TOTP.
 */
const otpauth_1 = require("otpauth");
class TOTPService {
    constructor(issuer = 'ABE') {
        this.issuer = issuer;
    }
    generateSecret(userId, label) {
        const totp = new otpauth_1.TOTP({
            issuer: this.issuer,
            label,
            algorithm: 'SHA1',
            digits: 6,
            period: 30,
            secret: new otpauth_1.Secret({ size: 20 }),
        });
        return {
            secret: totp.secret.base32,
            otpauthUrl: totp.toString(),
        };
    }
    verify(secret, token) {
        const totp = new otpauth_1.TOTP({
            issuer: this.issuer,
            algorithm: 'SHA1',
            digits: 6,
            period: 30,
            secret: otpauth_1.Secret.fromBase32(secret),
        });
        const delta = totp.validate({ token, window: 1 });
        return delta !== null;
    }
}
exports.TOTPService = TOTPService;