mirror of
https://github.com/documenso/documenso.git
synced 2025-11-10 04:22:32 +10:00
995bc9c362
Adds support for 2FA when completing a document, also adds support for using email for 2FA when no authenticator has been associated with the account.
39 lines
1.0 KiB
TypeScript
39 lines
1.0 KiB
TypeScript
import { hmac } from '@noble/hashes/hmac';
|
|
import { sha256 } from '@noble/hashes/sha256';
|
|
import { createTOTPKeyURI } from 'oslo/otp';
|
|
|
|
import { DOCUMENSO_ENCRYPTION_KEY } from '../../../constants/crypto';
|
|
|
|
const ISSUER = 'Documenso Email 2FA';
|
|
|
|
export type GenerateTwoFactorCredentialsFromEmailOptions = {
|
|
documentId: number;
|
|
email: string;
|
|
};
|
|
|
|
/**
|
|
* Generate an encrypted token containing a 6-digit 2FA code for email verification.
|
|
*
|
|
* @param options - The options for generating the token
|
|
* @returns Object containing the token and the 6-digit code
|
|
*/
|
|
export const generateTwoFactorCredentialsFromEmail = ({
|
|
documentId,
|
|
email,
|
|
}: GenerateTwoFactorCredentialsFromEmailOptions) => {
|
|
if (!DOCUMENSO_ENCRYPTION_KEY) {
|
|
throw new Error('Missing DOCUMENSO_ENCRYPTION_KEY');
|
|
}
|
|
|
|
const identity = `email-2fa|v1|email:${email}|id:${documentId}`;
|
|
|
|
const secret = hmac(sha256, DOCUMENSO_ENCRYPTION_KEY, identity);
|
|
|
|
const uri = createTOTPKeyURI(ISSUER, email, secret);
|
|
|
|
return {
|
|
uri,
|
|
secret,
|
|
};
|
|
};
|