- Provo, UT
- https://coolaj86.com
-
6'5 • Technophobic Technologist + Videographer • Go, Rust, Node / VanillaJS (@JSJabber), UX, Security, IoT. Canon 24mm 50mm.
- Joined on
2017-10-24
You've got a compound problem there.
Either the router should be properly configured with hairpinning, or it should be properly configured without hairpinning. It should not be half configured.
-
Without hairpinning the request should work just the same as any other request - it goes out to external DNS servers, gets the external IP, makes a request out to the external IP that comes back in through the NAT of the router.
-
With proper hairpinning the request should be rewritten by the router and turned back on itself.
That said, you can update /etc/hosts to get the localhost behavior that you desire... it just defeats the purpose of the test, which is to check that an outside source can properly get inside.
For custom behavior check out notp:
return notp.totp.verify(token, bin, { window: 1, time: 30 });
Also, I'm not opposed to a PR to expose this functionality.