added change password endpoint

server/routers/auth/verifyTotpCode.ts

@@ -0,0 +1,15 @@
+import { decodeHex } from "oslo/encoding";
+import { TOTPController } from "oslo/otp";
+
+export async function verifyTotpCode(
+    code: string,
+    secret: string,
+): Promise<boolean> {
+    const validOTP = await new TOTPController().verify(code, decodeHex(secret));
+
+    if (!validOTP) {
+        await new Promise((resolve) => setTimeout(resolve, 250)); // delay to prevent brute force attack
+    }
+
+    return validOTP;
+}