[If converting require to import is as easy as "import {generateSecret} from '2fa-util'" I can make that change, but I am unfamiliar at the moment with how that is accomplished. EDIT: Resolved.]
Requires 1 dependency: "2fa-util". It has two deps of its own, otplib and qrcode, and is a single MIT licensed file, so we can use it directly instead of requiring as a node package. But it carries much of the work - it securely generates TOTP secrets, handles verifying TOTP tokens, and generates QR codes for the end-user to scan in their 2FA app.
Lastly, I was unable to get my client/server to work nicely with cookies. In developing this, I had to cheat by forcing the user to be logged in as fart. The code as applied takes the login procedure from other methods, so it SHOULD work, but due to the aforementioned complications, it is untested.
[
If converting require to import is as easy as "import {generateSecret} from '2fa-util'" I can make that change, but I am unfamiliar at the moment with how that is accomplished.EDIT: Resolved.][I am not sure if I should do the PR for the client patch since the dev loginserver is staff only at the moment. But here is that repo/branch: https://github.com/tmagicturtle/Pokemon-Showdown-Client/tree/patch-7]
Requires 1 dependency: "2fa-util". It has two deps of its own, otplib and qrcode, and is a single MIT licensed file, so we can use it directly instead of requiring as a node package. But it carries much of the work - it securely generates TOTP secrets, handles verifying TOTP tokens, and generates QR codes for the end-user to scan in their 2FA app.
Functioning demonstration video: https://www.youtube.com/watch?v=znuIBtmO-R8
Lastly, I was unable to get my client/server to work nicely with cookies. In developing this, I had to cheat by forcing the user to be logged in as fart. The code as applied takes the login procedure from other methods, so it SHOULD work, but due to the aforementioned complications, it is untested.