refactor and reorganize

server/auth/totp.ts

@@ -0,0 +1,57 @@
+import { verify } from "@node-rs/argon2";
+import db from "@server/db";
+import { twoFactorBackupCodes } from "@server/db/schema";
+import { eq } from "drizzle-orm";
+import { decodeHex } from "oslo/encoding";
+import { TOTPController } from "oslo/otp";
+import { verifyPassword } from "./password";
+
+export async function verifyTotpCode(
+    code: string,
+    secret: string,
+    userId: string
+): Promise<boolean> {
+    // if code is digits only, it's totp
+    const isTotp = /^\d+$/.test(code);
+    if (!isTotp) {
+        const validBackupCode = await verifyBackUpCode(code, userId);
+        return validBackupCode;
+    } else {
+        const validOTP = await new TOTPController().verify(
+            code,
+            decodeHex(secret)
+        );
+
+        return validOTP;
+    }
+}
+
+export async function verifyBackUpCode(
+    code: string,
+    userId: string
+): Promise<boolean> {
+    const allHashed = await db
+        .select()
+        .from(twoFactorBackupCodes)
+        .where(eq(twoFactorBackupCodes.userId, userId));
+
+    if (!allHashed || !allHashed.length) {
+        return false;
+    }
+
+    let validId;
+    for (const hashedCode of allHashed) {
+        const validCode = await verifyPassword(code, hashedCode.codeHash);
+        if (validCode) {
+            validId = hashedCode.codeId;
+        }
+    }
+
+    if (validId) {
+        await db
+            .delete(twoFactorBackupCodes)
+            .where(eq(twoFactorBackupCodes.codeId, validId));
+    }
+
+    return validId ? true : false;
+}