Support two factor authentication in backend

2025-10-04 10:19:35 +02:00 · 2022-10-05 15:37:15 +02:00 · 2022-10-05 15:37:15 +02:00 · 56f4783075
commit 56f4783075
parent 7dd7ff4ceb
27 changed files with 1016 additions and 92 deletions
--- a/shared/server-commands/users/two-factor-command.ts
+++ b/shared/server-commands/users/two-factor-command.ts
@ -0,0 +1,75 @@
+import { TOTP } from 'otpauth'
+import { HttpStatusCode, TwoFactorEnableResult } from '@shared/models'
+import { unwrapBody } from '../requests'
+import { AbstractCommand, OverrideCommandOptions } from '../shared'
+
+export class TwoFactorCommand extends AbstractCommand {
+
+  static buildOTP (options: {
+    secret: string
+  }) {
+    const { secret } = options
+
+    return new TOTP({
+      issuer: 'PeerTube',
+      algorithm: 'SHA1',
+      digits: 6,
+      period: 30,
+      secret
+    })
+  }
+
+  request (options: OverrideCommandOptions & {
+    userId: number
+    currentPassword: string
+  }) {
+    const { currentPassword, userId } = options
+
+    const path = '/api/v1/users/' + userId + '/two-factor/request'
+
+    return unwrapBody<TwoFactorEnableResult>(this.postBodyRequest({
+      ...options,
+
+      path,
+      fields: { currentPassword },
+      implicitToken: true,
+      defaultExpectedStatus: HttpStatusCode.OK_200
+    }))
+  }
+
+  confirmRequest (options: OverrideCommandOptions & {
+    userId: number
+    requestToken: string
+    otpToken: string
+  }) {
+    const { userId, requestToken, otpToken } = options
+
+    const path = '/api/v1/users/' + userId + '/two-factor/confirm-request'
+
+    return this.postBodyRequest({
+      ...options,
+
+      path,
+      fields: { requestToken, otpToken },
+      implicitToken: true,
+      defaultExpectedStatus: HttpStatusCode.NO_CONTENT_204
+    })
+  }
+
+  disable (options: OverrideCommandOptions & {
+    userId: number
+    currentPassword: string
+  }) {
+    const { userId, currentPassword } = options
+    const path = '/api/v1/users/' + userId + '/two-factor/disable'
+
+    return this.postBodyRequest({
+      ...options,
+
+      path,
+      fields: { currentPassword },
+      implicitToken: true,
+      defaultExpectedStatus: HttpStatusCode.NO_CONTENT_204
+    })
+  }
+}