fosrl.pangolin/server/auth/totp.ts

import { verify } from "@node-rs/argon2";
import db from "@server/db";
import { twoFactorBackupCodes } from "@server/db/schema";
import { eq } from "drizzle-orm";
import { decodeHex } from "oslo/encoding";
import { TOTPController } from "oslo/otp";
import { verifyPassword } from "./password";

export async function verifyTotpCode(
    code: string,
    secret: string,
    userId: string
): Promise<boolean> {
    // if code is digits only, it's totp
    const isTotp = /^\d+$/.test(code);
    if (!isTotp) {
        const validBackupCode = await verifyBackUpCode(code, userId);
        return validBackupCode;
    } else {
        const validOTP = await new TOTPController().verify(
            code,
            decodeHex(secret)
        );

        return validOTP;
    }
}

export async function verifyBackUpCode(
    code: string,
    userId: string
): Promise<boolean> {
    const allHashed = await db
        .select()
        .from(twoFactorBackupCodes)
        .where(eq(twoFactorBackupCodes.userId, userId));

    if (!allHashed || !allHashed.length) {
        return false;
    }

    let validId;
    for (const hashedCode of allHashed) {
        const validCode = await verifyPassword(code, hashedCode.codeHash);
        if (validCode) {
            validId = hashedCode.codeId;
        }
    }

    if (validId) {
        await db
            .delete(twoFactorBackupCodes)
            .where(eq(twoFactorBackupCodes.codeId, validId));
    }

    return validId ? true : false;
}
check and verify 2fa backup code 2024-10-05 15:45:01 -04:00			`import { verify } from "@node-rs/argon2";`
			`import db from "@server/db";`
			`import { twoFactorBackupCodes } from "@server/db/schema";`
			`import { eq } from "drizzle-orm";`
			`import { decodeHex } from "oslo/encoding";`
			`import { TOTPController } from "oslo/otp";`
reset password flow 2024-12-22 16:59:30 -05:00			`import { verifyPassword } from "./password";`
check and verify 2fa backup code 2024-10-05 15:45:01 -04:00
			`export async function verifyTotpCode(`
			`code: string,`
			`secret: string,`
reset password flow 2024-12-22 16:59:30 -05:00			`userId: string`
check and verify 2fa backup code 2024-10-05 15:45:01 -04:00			`): Promise<boolean> {`
allow backup code input for totp 2024-12-22 17:20:24 -05:00			`// if code is digits only, it's totp`
			`const isTotp = /^\d+$/.test(code);`
			`if (!isTotp) {`
check and verify 2fa backup code 2024-10-05 15:45:01 -04:00			`const validBackupCode = await verifyBackUpCode(code, userId);`
			`return validBackupCode;`
			`} else {`
			`const validOTP = await new TOTPController().verify(`
			`code,`
reset password flow 2024-12-22 16:59:30 -05:00			`decodeHex(secret)`
check and verify 2fa backup code 2024-10-05 15:45:01 -04:00			`);`

			`return validOTP;`
			`}`
			`}`

			`export async function verifyBackUpCode(`
			`code: string,`
reset password flow 2024-12-22 16:59:30 -05:00			`userId: string`
check and verify 2fa backup code 2024-10-05 15:45:01 -04:00			`): Promise<boolean> {`
			`const allHashed = await db`
			`.select()`
			`.from(twoFactorBackupCodes)`
			`.where(eq(twoFactorBackupCodes.userId, userId));`

			`if (!allHashed \|\| !allHashed.length) {`
			`return false;`
			`}`

			`let validId;`
			`for (const hashedCode of allHashed) {`
reset password flow 2024-12-22 16:59:30 -05:00			`const validCode = await verifyPassword(code, hashedCode.codeHash);`
check and verify 2fa backup code 2024-10-05 15:45:01 -04:00			`if (validCode) {`
remove lucia 2024-10-13 17:13:47 -04:00			`validId = hashedCode.codeId;`
check and verify 2fa backup code 2024-10-05 15:45:01 -04:00			`}`
			`}`

			`if (validId) {`
			`await db`
			`.delete(twoFactorBackupCodes)`
remove lucia 2024-10-13 17:13:47 -04:00			`.where(eq(twoFactorBackupCodes.codeId, validId));`
check and verify 2fa backup code 2024-10-05 15:45:01 -04:00			`}`

			`return validId ? true : false;`
			`}`