mirror of
https://github.com/documenso/documenso.git
synced 2026-07-10 13:06:00 +10:00
138d663c25
Merge origin/main into feat/external-2fa-codes. Resolve formatting conflicts caused by biome rollout; preserve both feature streams: PR's external 2FA token + signing-session 2FA proof additions plus main's RateLimit/RecipientExpired/signingReminders/date-auto-insert. In complete-document-with-token.ts, drop the duplicate early field-fetching block introduced when main moved that logic later with date auto-insert support; keep the EXTERNAL_TWO_FACTOR_AUTH check using derivedRecipientActionAuth.
40 lines
985 B
TypeScript
40 lines
985 B
TypeScript
import type { User } from '@prisma/client';
|
|
import { z } from 'zod';
|
|
|
|
import { DOCUMENSO_ENCRYPTION_KEY } from '../../constants/crypto';
|
|
import { symmetricDecrypt } from '../../universal/crypto';
|
|
|
|
interface GetBackupCodesOptions {
|
|
user: Pick<User, 'id' | 'twoFactorEnabled' | 'twoFactorBackupCodes'>;
|
|
}
|
|
|
|
const ZBackupCodeSchema = z.array(z.string());
|
|
|
|
export const getBackupCodes = ({ user }: GetBackupCodesOptions) => {
|
|
const key = DOCUMENSO_ENCRYPTION_KEY;
|
|
|
|
if (!key) {
|
|
throw new Error('Missing DOCUMENSO_ENCRYPTION_KEY');
|
|
}
|
|
|
|
if (!user.twoFactorEnabled) {
|
|
throw new Error('User has not enabled 2FA');
|
|
}
|
|
|
|
if (!user.twoFactorBackupCodes) {
|
|
throw new Error('User has no backup codes');
|
|
}
|
|
|
|
const secret = Buffer.from(symmetricDecrypt({ key, data: user.twoFactorBackupCodes })).toString('utf-8');
|
|
|
|
const data = JSON.parse(secret);
|
|
|
|
const result = ZBackupCodeSchema.safeParse(data);
|
|
|
|
if (result.success) {
|
|
return result.data;
|
|
}
|
|
|
|
return null;
|
|
};
|