ligbox-ops-platform/projects/ops-desk/api/app/totp_util.py

"""TOTP helpers for Desk 2FA."""

from __future__ import annotations

import hashlib
import secrets

import pyotp


def generate_secret() -> str:
    return pyotp.random_base32()


def otpauth_uri(email: str, secret: str, issuer: str = "Ligbox Ops") -> str:
    return pyotp.totp.TOTP(secret).provisioning_uri(name=email, issuer_name=issuer)


def verify_code(secret: str, code: str) -> bool:
    if not secret or not code:
        return False
    clean = code.strip().replace(" ", "")
    if len(clean) != 6 or not clean.isdigit():
        return False
    return pyotp.TOTP(secret).verify(clean, valid_window=1)


def ntfy_topic(email: str, request_id: int) -> str:
    digest = hashlib.sha256(f"{email}:{request_id}".encode()).hexdigest()[:14]
    return f"ligbox-{digest}"