57 lines
1.5 KiB
TypeScript
57 lines
1.5 KiB
TypeScript
import { verify } from "@node-rs/argon2";
|
|
import db from "@server/db";
|
|
import { twoFactorBackupCodes } from "@server/db/schema";
|
|
import { eq } from "drizzle-orm";
|
|
import { decodeHex } from "oslo/encoding";
|
|
import { TOTPController } from "oslo/otp";
|
|
import { verifyPassword } from "./password";
|
|
|
|
export async function verifyTotpCode(
|
|
code: string,
|
|
secret: string,
|
|
userId: string
|
|
): Promise<boolean> {
|
|
// if code is digits only, it's totp
|
|
const isTotp = /^\d+$/.test(code);
|
|
if (!isTotp) {
|
|
const validBackupCode = await verifyBackUpCode(code, userId);
|
|
return validBackupCode;
|
|
} else {
|
|
const validOTP = await new TOTPController().verify(
|
|
code,
|
|
decodeHex(secret)
|
|
);
|
|
|
|
return validOTP;
|
|
}
|
|
}
|
|
|
|
export async function verifyBackUpCode(
|
|
code: string,
|
|
userId: string
|
|
): Promise<boolean> {
|
|
const allHashed = await db
|
|
.select()
|
|
.from(twoFactorBackupCodes)
|
|
.where(eq(twoFactorBackupCodes.userId, userId));
|
|
|
|
if (!allHashed || !allHashed.length) {
|
|
return false;
|
|
}
|
|
|
|
let validId;
|
|
for (const hashedCode of allHashed) {
|
|
const validCode = await verifyPassword(code, hashedCode.codeHash);
|
|
if (validCode) {
|
|
validId = hashedCode.codeId;
|
|
}
|
|
}
|
|
|
|
if (validId) {
|
|
await db
|
|
.delete(twoFactorBackupCodes)
|
|
.where(eq(twoFactorBackupCodes.codeId, validId));
|
|
}
|
|
|
|
return validId ? true : false;
|
|
}
|