LicenseAPI/Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implemented all totp endpoints in the account.ts router

Browse Source
This commit is contained in:
Mathias Wagner 2023-01-21 13:28:23 +01:00
parent 9db62938b4
commit 655798b474
Signed by: Mathias
GPG Key ID: B8DC354B0A1F5B44
1 changed files with 36 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/routes/v1/account.ts
View File

@ -1,13 +1,15 @@
import { Request, Response, Router } from "express";
import { validateSchema } from "@utils/error";
import { registerValidation, verificationValidation } from "./validations/account";
import { createAccount, verifyAccount } from "@controller/account";
import { sendError, validateSchema } from "@utils/error";
import { registerValidation, totpSetup, verificationValidation } from "./validations/account";
import { createAccount, updateTOTP, verifyAccount } from "@controller/account";
import { authenticate } from "@middlewares/auth";
import speakeasy from "speakeasy";
const app: Router = Router();
app.post("/register", async (req: Request, res: Response) => {
if (validateSchema(res, registerValidation, req.body)) return;
const account = await createAccount(req.body);
if (account) return res.json(account);
@ -23,4 +25,34 @@ app.post("/verify", async (req: Request, res: Response) => {
res.json({ message: "Your account has been successfully verified." });
});
app.get("/totp/secret", authenticate, async (req: Request, res: Response) => {
res.json({
secret: req.user?.totpSecret,
url: `otpauth://totp/LicenseAPI%20%28${req.user?.username}%29?secret=${req.user?.totpSecret}`,
});
});
app.post("/totp/enable", authenticate, async (req: Request, res: Response) => {
if (validateSchema(res, totpSetup, req.body)) return;
const tokenCorrect = speakeasy.totp.verify({
secret: req.user?.totpSecret || "", encoding: "base32",
token: req.body.code,
});
if (!tokenCorrect) return sendError(res, 400, 1092, "Your provided code is invalid or has expired.");
const enabledError = await updateTOTP(req.user?._id, true);
if (enabledError) return res.json(enabledError);
res.json({ message: "TOTP has been successfully enabled on your account." });
});
app.post("/totp/disable", authenticate, async (req: Request, res: Response) => {
const enabledError = await updateTOTP(req.user?._id, false);
if (enabledError) return res.json(enabledError);
res.json({ message: "TOTP has been successfully disabled on your account." });
});
export default app;