BradNut/boredgame
1
0
Fork 0
mirror of https://github.com/BradNut/boredgame synced 2025-09-08 17:40:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Refactor check TOTP.

Browse source
This commit is contained in:
Bradley Shellnut 2024-07-14 19:43:20 -07:00
parent 7883ac9184
commit 16ba22c76d
1 changed files with 39 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
src/routes/(auth)/totp/+page.server.ts
View file

@ -49,9 +49,8 @@ export const load: PageServerLoad = async (event) => {
} }
// Check if two factor started less than TWO_FACTOR_TIMEOUT // Check if two factor started less than TWO_FACTOR_TIMEOUT
const timeElapsed = Date.now() - twoFactorInitiatedTime.getTime(); const totpElapsed = totpTimeElapsed(twoFactorInitiatedTime);
console.log('Time elapsed', timeElapsed); if (totpElapsed) {
if (timeElapsed > env.TWO_FACTOR_TIMEOUT) {
console.log('Time elapsed was more than TWO_FACTOR_TIMEOUT', timeElapsed, env.TWO_FACTOR_TIMEOUT); console.log('Time elapsed was more than TWO_FACTOR_TIMEOUT', timeElapsed, env.TWO_FACTOR_TIMEOUT);
await lucia.invalidateSession(session!.id!); await lucia.invalidateSession(session!.id!);
const sessionCookie = lucia.createBlankSessionCookie(); const sessionCookie = lucia.createBlankSessionCookie();
@ -115,12 +114,17 @@ export const actions: Actions = {
const isTwoFactorAuthenticated = session?.isTwoFactorAuthenticated; const isTwoFactorAuthenticated = session?.isTwoFactorAuthenticated;
const twoFactorDetails = await db.query.twoFactor.findFirst({ const twoFactorDetails = await db.query.twoFactor.findFirst({
where: eq(twoFactor.userId, dbUser!.id!), where: eq(twoFactor.userId, dbUser!.id!),
}) });
if (!twoFactorDetails) {
const message = { type: 'error', message: 'Unable to process request' } as const;
throw redirect(302, '/login', message, event);
}
if ( if (
isTwoFactorAuthenticated && isTwoFactorAuthenticated &&
twoFactorDetails?.enabled && twoFactorDetails.enabled &&
twoFactorDetails?.secret !== '' twoFactorDetails.secret !== ''
) { ) {
const message = { type: 'success', message: 'You are already signed in' } as const; const message = { type: 'success', message: 'You are already signed in' } as const;
throw redirect('/', message, event); throw redirect('/', message, event);
@ -140,19 +144,32 @@ export const actions: Actions = {
const totpToken = form?.data?.totpToken; const totpToken = form?.data?.totpToken;
const twoFactorSecretPopulated = const twoFactorSecretPopulated =
twoFactorDetails?.secret !== '' && twoFactorDetails?.secret !== null; twoFactorDetails.secret !== '' && twoFactorDetails.secret !== null;
if (twoFactorDetails?.enabled && !twoFactorSecretPopulated && !totpToken) { if (twoFactorDetails.enabled && !twoFactorSecretPopulated && !totpToken) {
return fail(400, { return fail(400, {
form, form,
}); });
} else if (twoFactorSecretPopulated && totpToken) { } else if (twoFactorSecretPopulated && totpToken) {
// Check if two factor started less than TWO_FACTOR_TIMEOUT // Check if two factor started less than TWO_FACTOR_TIMEOUT
await checkTOTPExpiry(twoFactorDetails, session, cookies, event); const totpElapsed = totpTimeElapsed(twoFactorDetails.initiatedTime);
if (totpElapsed) {
await lucia.invalidateSession(session!.id!);
const sessionCookie = lucia.createBlankSessionCookie();
cookies.set(sessionCookie.name, sessionCookie.value, {
path: '.',
...sessionCookie.attributes,
});
const message = {
type: 'error',
message: 'Two factor authentication has expired',
} as const;
redirect(302, '/login', message, event);
}
console.log('totpToken', totpToken); console.log('totpToken', totpToken);
const validOTP = await new TOTPController().verify( const validOTP = await new TOTPController().verify(
totpToken, totpToken,
decodeHex(twoFactorDetails?.secret ?? ''), decodeHex(twoFactorDetails.secret ?? ''),
); );
console.log('validOTP', validOTP); console.log('validOTP', validOTP);
@ -195,24 +212,22 @@ export const actions: Actions = {
}, },
}; };
async function checkTOTPExpiry(twoFactorDetails: { id: string; cuid: string | null; secret: string; enabled: boolean; initiatedTime: Date | null; createdAt: Date; updatedAt: Date; userId: string; } | undefined, session, cookies: Cookies, event: RequestEvent<Partial<Record<string, string>>, string | null>) { function totpTimeElapsed(initiatedTime: Date) {
const twoFactorInitiatedTime = twoFactorDetails?.initiatedTime; if (initiatedTime === null || initiatedTime === undefined) {
if (twoFactorInitiatedTime === null || twoFactorInitiatedTime === undefined) { return true;
redirect(302, '/login');
} }
const timeElapsed = Date.now() - twoFactorInitiatedTime.getTime();
const timeElapsed = Date.now() - initiatedTime.getTime();
console.log('Time elapsed', timeElapsed); console.log('Time elapsed', timeElapsed);
if (timeElapsed > env.TWO_FACTOR_TIMEOUT) { if (timeElapsed > env.TWO_FACTOR_TIMEOUT) {
console.log('Time elapsed was more than TWO_FACTOR_TIMEOUT', timeElapsed, env.TWO_FACTOR_TIMEOUT); console.log(
await lucia.invalidateSession(session!.id!); 'Time elapsed was more than TWO_FACTOR_TIMEOUT',
const sessionCookie = lucia.createBlankSessionCookie(); timeElapsed,
cookies.set(sessionCookie.name, sessionCookie.value, { env.TWO_FACTOR_TIMEOUT,
path: '.', );
...sessionCookie.attributes, return true;
});
const message = { type: 'error', message: 'Two factor authentication has expired' } as const;
redirect(302, '/login', message, event);
} }
return false;
} }
async function checkRecoveryCode(recoveryCode: string, userId: string) { async function checkRecoveryCode(recoveryCode: string, userId: string) {