fosrl.pangolin/server/auth/2fa.ts

import { verify } from "@node-rs/argon2";
import db from "@server/db";
import { twoFactorBackupCodes } from "@server/db/schema";
import { eq } from "drizzle-orm";
import { decodeHex } from "oslo/encoding";
import { TOTPController } from "oslo/otp";

export async function verifyTotpCode(
    code: string,
    secret: string,
    userId: string,
): Promise<boolean> {
    if (code.length !== 6) {
        const validBackupCode = await verifyBackUpCode(code, userId);
        return validBackupCode;
    } else {
        const validOTP = await new TOTPController().verify(
            code,
            decodeHex(secret),
        );

        return validOTP;
    }
}

export async function verifyBackUpCode(
    code: string,
    userId: string,
): Promise<boolean> {
    const allHashed = await db
        .select()
        .from(twoFactorBackupCodes)
        .where(eq(twoFactorBackupCodes.userId, userId));

    if (!allHashed || !allHashed.length) {
        return false;
    }

    let validId;
    for (const hashedCode of allHashed) {
        const validCode = await verify(hashedCode.codeHash, code, {
            memoryCost: 19456,
            timeCost: 2,
            outputLen: 32,
            parallelism: 1,
        });
        if (validCode) {
            validId = hashedCode.codeId;
        }
    }

    if (validId) {
        await db
            .delete(twoFactorBackupCodes)
            .where(eq(twoFactorBackupCodes.codeId, validId));
    }

    return validId ? true : false;
}
check and verify 2fa backup code 2024-10-05 15:45:01 -04:00			`import { verify } from "@node-rs/argon2";`
			`import db from "@server/db";`
			`import { twoFactorBackupCodes } from "@server/db/schema";`
			`import { eq } from "drizzle-orm";`
			`import { decodeHex } from "oslo/encoding";`
			`import { TOTPController } from "oslo/otp";`

			`export async function verifyTotpCode(`
			`code: string,`
			`secret: string,`
			`userId: string,`
			`): Promise<boolean> {`
			`if (code.length !== 6) {`
			`const validBackupCode = await verifyBackUpCode(code, userId);`
			`return validBackupCode;`
			`} else {`
			`const validOTP = await new TOTPController().verify(`
			`code,`
			`decodeHex(secret),`
			`);`

			`return validOTP;`
			`}`
			`}`

			`export async function verifyBackUpCode(`
			`code: string,`
			`userId: string,`
			`): Promise<boolean> {`
			`const allHashed = await db`
			`.select()`
			`.from(twoFactorBackupCodes)`
			`.where(eq(twoFactorBackupCodes.userId, userId));`

			`if (!allHashed \|\| !allHashed.length) {`
			`return false;`
			`}`

			`let validId;`
			`for (const hashedCode of allHashed) {`
			`const validCode = await verify(hashedCode.codeHash, code, {`
			`memoryCost: 19456,`
			`timeCost: 2,`
			`outputLen: 32,`
			`parallelism: 1,`
			`});`
			`if (validCode) {`
remove lucia 2024-10-13 17:13:47 -04:00			`validId = hashedCode.codeId;`
check and verify 2fa backup code 2024-10-05 15:45:01 -04:00			`}`
			`}`

			`if (validId) {`
			`await db`
			`.delete(twoFactorBackupCodes)`
remove lucia 2024-10-13 17:13:47 -04:00			`.where(eq(twoFactorBackupCodes.codeId, validId));`
check and verify 2fa backup code 2024-10-05 15:45:01 -04:00			`}`

			`return validId ? true : false;`
			`}`