dandri/server
1
0
Fork 0
mirror of https://github.com/spacebarchat/server.git synced 2026-05-24 14:35:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add config security_twoFactor_generateBackupCodes to control backup code generation

Browse Source
This commit is contained in:
Madeline
2022-07-20 22:04:19 +10:00
parent 4fa8b16b4a
commit eb7f2c7b72
3 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/src/routes/users/@me/mfa/codes.ts
+2 -2
View File
@@ -1,6 +1,6 @@
import { Router, Request, Response } from "express";
import { route } from "@fosscord/api";
import { BackupCode, FieldErrors, generateMfaBackupCodes, User } from "@fosscord/util";
import { BackupCode, Config, FieldErrors, generateMfaBackupCodes, User } from "@fosscord/util";
import bcrypt from "bcrypt";
const router = Router();
@@ -22,7 +22,7 @@ router.post("/", route({ body: "MfaCodesSchema" }), async (req: Request, res: Re
}
var codes: BackupCode[];
if (regenerate) {
if (regenerate && Config.get().security.twoFactor.generateBackupCodes) {
await BackupCode.update(
{ user: { id: req.user_id } },
{ expired: true }
api/src/routes/users/@me/mfa/totp/enable.ts
+7 -4
View File
@@ -1,10 +1,9 @@
import { Router, Request, Response } from "express";
import { User, generateToken, BackupCode, generateMfaBackupCodes } from "@fosscord/util";
import { User, generateToken, BackupCode, generateMfaBackupCodes, Config } from "@fosscord/util";
import { route } from "@fosscord/api";
import bcrypt from "bcrypt";
import { HTTPError } from "lambert-server";
import { verifyToken } from 'node-2fa';
import crypto from "crypto";
const router = Router();
@@ -35,8 +34,12 @@ router.post("/", route({ body: "TotpEnableSchema" }), async (req: Request, res:
if (verifyToken(body.secret, body.code)?.delta != 0)
throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
let backup_codes = generateMfaBackupCodes(req.user_id);
await Promise.all(backup_codes.map(x => x.save()));
let backup_codes: BackupCode[] = [];
if (Config.get().security.twoFactor.generateBackupCodes) {
backup_codes = generateMfaBackupCodes(req.user_id);
await Promise.all(backup_codes.map(x => x.save()));
}
await User.update(
{ id: req.user_id },
{ mfa_enabled: true, totp_secret: body.secret }
util/src/entities/Config.ts
+6
View File
@@ -121,6 +121,9 @@ export interface ConfigValue {
secret: string | null;
};
ipdataApiKey: string | null;
twoFactor: {
generateBackupCodes: boolean;
};
};
login: {
requireCaptcha: boolean;
@@ -312,6 +315,9 @@ export const DefaultConfigOptions: ConfigValue = {
secret: null,
},
ipdataApiKey: "eca677b284b3bac29eb72f5e496aa9047f26543605efe99ff2ce35c9",
twoFactor: {
generateBackupCodes: true,
},
},
login: {
requireCaptcha: false,