Ryan/documenso
1
0
Fork 1
mirror of https://github.com/documenso/documenso.git synced 2025-11-14 00:32:43 +10:00
Code Issues Packages Projects Releases Wiki Activity
Files
c680cfc24f54eece6a4a362bdc0d1c1ef60fa8ae
documenso/packages/lib/server-only/2fa/verify-2fa-token.ts
Ephraim Atta-Duncan 9e433af112 feat: require 2fa code before account is deleted
2024-01-21 15:38:32 +00:00

35 lines
916 B
TypeScript
Raw Blame History

import { base32 } from '@scure/base';
import { TOTPController } from 'oslo/otp';
import type { User } from '@documenso/prisma/client';
import { DOCUMENSO_ENCRYPTION_KEY } from '../../constants/crypto';
import { symmetricDecrypt } from '../../universal/crypto';
const totp = new TOTPController();
type VerifyTwoFactorAuthenticationTokenOptions = {
user: User;
totpCode: string;
};
export const verifyTwoFactorAuthenticationToken = async ({
user,
totpCode,
}: VerifyTwoFactorAuthenticationTokenOptions) => {
// TODO: This is undefined and I can't figure out why.
const key = DOCUMENSO_ENCRYPTION_KEY;
if (!user.twoFactorSecret) {
throw new Error('user missing 2fa secret');
}
const secret = Buffer.from(symmetricDecrypt({ key, data: user.twoFactorSecret })).toString(
'utf-8',
);
const isValidToken = await totp.verify(totpCode, base32.decode(secret));
return isValidToken;
};
Reference in New Issue View Git Blame Copy Permalink