sirtimbly/bewcloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
111321e9c6338e4ced4be1a127674e40e077e4ee
bewcloud/routes/api/auth/multi-factor/disable.ts
0xGingi 455a7201e9 Add Optional 2FA Support (#61) 
* Add TOTP MFA Support

* Add Passkey MFA Support

It's not impossible I missed some minor cleanup, but most things make sense and there isn't a lot of obvious duplication anymore.

---------

Co-authored-by: Bruno Bernardino <me@brunobernardino.com>
2025-05-29 17:30:28 +01:00

120 lines
3.2 KiB
TypeScript
Raw Blame History

import { Handlers } from 'fresh/server.ts';
import { FreshContextState } from '/lib/types.ts';
import { PASSWORD_SALT } from '/lib/auth.ts';
import { generateHash } from '/lib/utils/misc.ts';
import { UserModel } from '/lib/models/user.ts';
import {
getMultiFactorAuthMethodByIdFromUser,
getMultiFactorAuthMethodsFromUser,
} from '/lib/utils/multi-factor-auth.ts';
import { AppConfig } from '/lib/config.ts';
import { MultiFactorAuthModel } from '/lib/models/multi-factor-auth.ts';
export interface RequestBody {
methodId?: string;
password: string;
disableAll?: boolean;
}
export interface ResponseBody {
success: boolean;
error?: string;
}
export const handler: Handlers<unknown, FreshContextState> = {
async POST(request, context) {
if (!context.state.user) {
return new Response('Unauthorized', { status: 401 });
}
const isMultiFactorAuthEnabled = await AppConfig.isMultiFactorAuthEnabled();
if (!isMultiFactorAuthEnabled) {
const responseBody: ResponseBody = {
success: false,
error: 'Multi-factor authentication is not enabled on this server',
};
return new Response(JSON.stringify(responseBody), { status: 403 });
}
const { user } = context.state;
const body = await request.clone().json() as RequestBody;
const { methodId, password, disableAll } = body;
if (!password) {
const responseBody: ResponseBody = {
success: false,
error: 'Password is required',
};
return new Response(JSON.stringify(responseBody), { status: 400 });
}
const hashedPassword = await generateHash(`${password}:${PASSWORD_SALT}`, 'SHA-256');
if (user.hashed_password !== hashedPassword) {
const responseBody: ResponseBody = {
success: false,
error: 'Invalid password',
};
return new Response(JSON.stringify(responseBody), { status: 400 });
}
if (disableAll) {
user.extra.multi_factor_auth_methods = [];
await UserModel.update(user);
const responseBody: ResponseBody = {
success: true,
};
return new Response(JSON.stringify(responseBody));
}
if (!methodId) {
const responseBody: ResponseBody = {
success: false,
error: 'Method ID is required when not disabling all methods',
};
return new Response(JSON.stringify(responseBody), { status: 400 });
}
const methods = getMultiFactorAuthMethodsFromUser(user);
const method = getMultiFactorAuthMethodByIdFromUser(user, methodId);
if (!method) {
const responseBody: ResponseBody = {
success: false,
error: 'Multi-factor authentication method not found',
};
return new Response(JSON.stringify(responseBody), { status: 404 });
}
if (!method.enabled) {
const responseBody: ResponseBody = {
success: false,
error: 'Multi-factor authentication method is not enabled',
};
return new Response(JSON.stringify(responseBody), { status: 400 });
}
MultiFactorAuthModel.disableMethodFromUser(user, methodId);
await UserModel.update(user);
const responseBody: ResponseBody = {
success: true,
};
return new Response(JSON.stringify(responseBody));
},
};
Reference in New Issue View Git Blame Copy Permalink