fosrl.pangolin/server/routers/auth/verifyTotpCode.ts

import { decodeHex } from "oslo/encoding";
import { TOTPController } from "oslo/otp";

export async function verifyTotpCode(
    code: string,
    secret: string,
): Promise<boolean> {
    const validOTP = await new TOTPController().verify(code, decodeHex(secret));

    if (!validOTP) {
        await new Promise((resolve) => setTimeout(resolve, 250)); // delay to prevent brute force attack
    }

    return validOTP;
}
added change password endpoint 2024-10-05 15:11:51 -04:00			`import { decodeHex } from "oslo/encoding";`
			`import { TOTPController } from "oslo/otp";`

			`export async function verifyTotpCode(`
			`code: string,`
			`secret: string,`
			`): Promise<boolean> {`
			`const validOTP = await new TOTPController().verify(code, decodeHex(secret));`

			`if (!validOTP) {`
			`await new Promise((resolve) => setTimeout(resolve, 250)); // delay to prevent brute force attack`
			`}`

			`return validOTP;`
			`}`