Add 2fauth. (#1071)

README.md

@@ -4,6 +4,7 @@ This is the official repository for the Tipi App Store. It contains all the apps
 
 ## Apps available
 
+- [2FAuth](https://github.com/Bubka/2FAuth) - A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes
 - [Actual Budget](https://github.com/actualbudget/actual-server) - Local-first OpenSource Budget tool
 - [Adguard Home](https://github.com/AdguardTeam/AdGuardHome) - Adguard Home DNS adblocker
 - [Audiobookshelf](https://github.com/advplyr/audiobookshelf) - Audiobookshelf is a self-hosted audiobook and podcast server.

apps/2fauth/config.json

@@ -0,0 +1,19 @@
+{
+  "$schema": "../schema.json",
+  "name": "2FAuth",
+  "port": 8235,
+  "available": true,
+  "exposable": true,
+  "id": "2fauth",
+  "tipi_version": 2,
+  "version": "4.1.0",
+  "categories": [
+    "security"
+  ],
+  "description": "A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes.",
+  "short_desc": "Manage your Two-Factor Authentication codes.",
+  "author": "Bubka",
+  "source": "https://github.com/Bubka/2FAuth",
+  "website": "https://docs.2fauth.app/",
+  "form_fields": []
+}

apps/2fauth/docker-compose.yml

@@ -0,0 +1,36 @@
+version: "3.7"
+services:
+  2fauth:
+    image: 2fauth/2fauth:4.1.0
+    container_name: 2fauth
+    volumes:
+      - ${APP_DATA_DIR}/data:/2fauth
+    ports:
+      - ${APP_PORT}:8000
+    networks:
+      - tipi_main_network
+    labels:
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.2fauth-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.2fauth.loadbalancer.server.port: 8000
+      # Web
+      traefik.http.routers.2fauth-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.2fauth-insecure.entrypoints: web
+      traefik.http.routers.2fauth-insecure.service: 2fauth
+      traefik.http.routers.2fauth-insecure.middlewares: 2fauth-web-redirect
+      # Websecure
+      traefik.http.routers.2fauth.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.2fauth.entrypoints: websecure
+      traefik.http.routers.2fauth.service: 2fauth
+      traefik.http.routers.2fauth.tls.certresolver: myresolver
+      # Local domain
+      traefik.http.routers.2fauth-local-insecure.rule: Host(`2fauth.${LOCAL_DOMAIN}`)
+      traefik.http.routers.2fauth-local-insecure.entrypoints: web
+      traefik.http.routers.2fauth-local-insecure.service: 2fauth
+      traefik.http.routers.2fauth-local-insecure.middlewares: 2fauth-web-redirect
+      # Local domain secure
+      traefik.http.routers.2fauth-local.rule: Host(`2fauth.${LOCAL_DOMAIN}`)
+      traefik.http.routers.2fauth-local.entrypoints: websecure
+      traefik.http.routers.2fauth-local.service: 2fauth
+      traefik.http.routers.2fauth-local.tls: true

apps/2fauth/metadata/description.md

@@ -0,0 +1,53 @@
+# 2FAuth
+
+A web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes
+
+[**2FAuth Demo**](https://demo.2fauth.app/)  
+Credentials (login - password) : *demo@2fauth.app* - *demo*
+
+## Purpose
+
+2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop.
+
+It aims to ease you perform your 2FA authentication steps whatever the device you handle, with a clean and suitable interface.
+
+I created it because :
+
+* Most of the UIs for this kind of apps show tokens for all accounts in the same time with stressful countdowns (in my opinion)
+* I wanted my 2FA accounts to be stored in a standalone database I can easily backup and restore (did you already encountered a smartphone loss with all your 2FA accounts in Google Auth? I did...)
+* I hate taking out my smartphone to get an OTP when I use a desktop computer
+* I love coding and I love self-hosted solutions
+
+## Main features
+
+* Manage your 2FA accounts and organize them using Groups
+* Scan and decode any QR code to add account in no time
+* Add custom account without QR code thanks to an advanced form
+* Edit accounts, even the imported ones
+* Generate TOTP and HOTP security codes and Steam Guard codes
+
+2FAuth is currently fully localized in English and French. See [Contributing](#contributing) if you want to help on adding more languages.
+
+## Security
+
+2FAuth provides several security mechanisms to protect your 2FA data as best as possible.
+
+### Single user app
+
+You have to create a user account and authenticate yourself to use the app. It is not possible to create more than one user account, the app is thought for personal use.
+
+### Modern authentication
+
+You can sign in 2FAuth using a security key like a Yubikey or a Titan key and disable the traditional login form.
+
+### Data encryption
+
+Sensitive data stored in the database can be encrypted to protect them against db compromise. Encryption is provided as an option which is disabled by default. It is strongly recommanded to backup the APP_KEY value of your .env file (or the whole file) when encryption is On.
+
+### Auto logout
+
+2FAuth automatically log you out after an inactivity period to prevent long life session. The auto logout can be deactivated or triggered when a security code is copied.
+
+### RFC compliance
+
+2FAuth generates OTP according to RFC 4226 (HOTP Algorithm) and RFC 6238 (TOTP Algorithm) thanks to [Spomky-Labs/OTPHP](https://github.com/Spomky-Labs/otphp) php library.