LicenseAPI/Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Created the verifySession method in the auth.ts controller

Browse Source
This commit is contained in:
Mathias Wagner 2023-01-21 14:01:06 +01:00
parent 3ca2b5fb25
commit fb1e2af67b
Signed by: Mathias
GPG Key ID: B8DC354B0A1F5B44
1 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/controller/auth.ts
View File

@ -1,7 +1,8 @@
import { Account } from "../models/Account"; import { Account } from "@models/Account";
import { decryptField, encryptClearField } from "@utils/decryption"; import { decryptField, encryptClearField } from "@utils/decryption";
import { compare } from "bcrypt"; import { compare } from "bcrypt";
import { Session } from "../models/Session"; import { Session } from "@models/Session";
import speakeasy from "speakeasy";
export const login = async (configuration: { username: string, password: string }, user: { ip: string, userAgent: string }) => { export const login = async (configuration: { username: string, password: string }, user: { ip: string, userAgent: string }) => {
const account = await Account.findOne({ username: encryptClearField(configuration.username) }); const account = await Account.findOne({ username: encryptClearField(configuration.username) });
@ -15,15 +16,32 @@ export const login = async (configuration: { username: string, password: string
message: "Username or password incorrect", message: "Username or password incorrect",
}; };
// TODO: Integrate TOTP Verification
// Create Session // Create Session
const session = await Session.create({ const session = await Session.create({
userId: account._id, ip: user.ip, userAgent: user.userAgent, userId: account._id, ip: user.ip, userAgent: user.userAgent,
verified: true, verified: !account.totpEnabled,
}); });
return { token: decryptField(session.token) }; return { token: decryptField(session.token), totpRequired: account.totpEnabled };
};
export const verifySession = async (configuration: { token: string, code: string }) => {
const session = await Session.findOne({ token: encryptClearField(configuration.token) });
if (session === null) return { code: 2002, message: "Your session token is invalid" };
if (session.verified) return { code: 2012, message: "Your session already got verified" };
const account = await Account.findById(session.userId);
if (account === null) return { code: 2001, message: "Username or password incorrect" };
const tokenCorrect = speakeasy.totp.verify({
secret: account.totpSecret || "", encoding: "base32",
token: configuration.code,
});
if (!tokenCorrect) return { code: 2011, message: "Your provided code is invalid or has expired." };
await Session.findByIdAndUpdate(session._id, { verified: true });
}; };
export const logout = async (token: string) => { export const logout = async (token: string) => {