From 21c0a33c52e1b6dfea13fcb60ac4d635df26f7db Mon Sep 17 00:00:00 2001 From: Bradley Shellnut Date: Mon, 23 Sep 2024 09:50:01 -0700 Subject: [PATCH] Adding newer oslo dependencies and argon2 in regular dependencies. --- .vscode/settings.json | 8 +- package.json | 9 +- pnpm-lock.yaml | 310 ++++++++++++++++-- src/lib/server/api/services/totp.service.ts | 8 +- .../security/change/password/+page.server.ts | 5 - .../security/mfa/totp/+page.server.ts | 13 +- src/routes/(app)/privacy/+page.server.ts | 2 +- src/routes/(app)/terms/+page.server.ts | 2 +- src/routes/(auth)/totp/+page.server.ts | 1 - 9 files changed, 319 insertions(+), 39 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 82fd2e1..dfc4497 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,3 +1,9 @@ { - "cSpell.words": ["iconify", "kickstarter", "lucide", "msrp", "pcss"] + "cSpell.words": [ + "iconify", + "kickstarter", + "lucide", + "msrp", + "pcss" + ] } diff --git a/package.json b/package.json index 12495c8..43ea474 100644 --- a/package.json +++ b/package.json @@ -35,6 +35,7 @@ "@types/cookie": "^0.6.0", "@types/node": "^20.16.5", "@types/pg": "^8.11.10", + "@types/qrcode": "^1.5.5", "@typescript-eslint/eslint-plugin": "^7.18.0", "@typescript-eslint/parser": "^7.18.0", "arctic": "^1.9.2", @@ -61,7 +62,6 @@ "svelte-preprocess": "^6.0.2", "svelte-sequential-preprocessor": "^2.0.1", "sveltekit-flash-message": "^2.4.4", - "sveltekit-rate-limiter": "^0.5.2", "sveltekit-superforms": "^2.18.1", "tailwindcss": "^3.4.12", "ts-node": "^10.9.2", @@ -84,6 +84,13 @@ "@lucia-auth/adapter-drizzle": "^1.1.0", "@lukeed/uuid": "^2.0.1", "@neondatabase/serverless": "^0.9.5", + "@node-rs/argon2": "^1.8.3", + "@oslojs/crypto": "^1.0.1", + "@oslojs/encoding": "^1.0.0", + "@oslojs/jwt": "^0.2.0", + "@oslojs/oauth2": "^0.5.0", + "@oslojs/otp": "^1.0.0", + "@oslojs/webauthn": "^1.0.0", "@paralleldrive/cuid2": "^2.2.2", "@sveltejs/adapter-node": "^5.2.3", "@sveltejs/adapter-vercel": "^5.4.4", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 86433c9..3828c27 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -38,6 +38,27 @@ importers: '@neondatabase/serverless': specifier: ^0.9.5 version: 0.9.5 + '@node-rs/argon2': + specifier: ^1.8.3 + version: 1.8.3 + '@oslojs/crypto': + specifier: ^1.0.1 + version: 1.0.1 + '@oslojs/encoding': + specifier: ^1.0.0 + version: 1.0.0 + '@oslojs/jwt': + specifier: ^0.2.0 + version: 0.2.0 + '@oslojs/oauth2': + specifier: ^0.5.0 + version: 0.5.0 + '@oslojs/otp': + specifier: ^1.0.0 + version: 1.0.0 + '@oslojs/webauthn': + specifier: ^1.0.0 + version: 1.0.0 '@paralleldrive/cuid2': specifier: ^2.2.2 version: 2.2.2 @@ -195,6 +216,9 @@ importers: '@types/pg': specifier: ^8.11.10 version: 8.11.10 + '@types/qrcode': + specifier: ^1.5.5 + version: 1.5.5 '@typescript-eslint/eslint-plugin': specifier: ^7.18.0 version: 7.18.0(@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.6.2))(eslint@8.57.1)(typescript@5.6.2) @@ -273,9 +297,6 @@ importers: sveltekit-flash-message: specifier: ^2.4.4 version: 2.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175) - sveltekit-rate-limiter: - specifier: ^0.5.2 - version: 0.5.2(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))) sveltekit-superforms: specifier: ^2.18.1 version: 2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175) @@ -632,12 +653,18 @@ packages: '@emnapi/core@0.45.0': resolution: {integrity: sha512-DPWjcUDQkCeEM4VnljEOEcXdAD7pp8zSZsgOujk/LGIwCXWbXJngin+MO4zbH429lzeC3WbYLGjE2MaUOwzpyw==} + '@emnapi/core@1.2.0': + resolution: {integrity: sha512-E7Vgw78I93we4ZWdYCb4DGAwRROGkMIXk7/y87UmANR+J6qsWusmC3gLt0H+O0KOt5e6O38U8oJamgbudrES/w==} + '@emnapi/runtime@0.45.0': resolution: {integrity: sha512-Txumi3td7J4A/xTTwlssKieHKTGl3j4A1tglBx72auZ49YK7ePY6XZricgIg9mnZT4xPfA+UPCUdnhRuEFDL+w==} '@emnapi/runtime@1.2.0': resolution: {integrity: sha512-bV21/9LQmcQeCPEg3BDFtvwL6cwiTMksYNWQQ4KOxCZikEGalWtenoZ0wCiukJINlGCIi2KXx01g4FoH/LxpzQ==} + '@emnapi/wasi-threads@1.0.1': + resolution: {integrity: sha512-iIBu7mwkq4UQGeMEM8bLwNK962nXdhodeScX4slfQnRhEMMzvYivHhutCIk8uojvmASXXPC2WNEjwxFWk72Oqw==} + '@esbuild-kit/core-utils@3.3.2': resolution: {integrity: sha512-sPRAnw9CdSsRmEtnsl2WXWdyquogVpB3yZ3dgwJfe8zrOzTsV7cJvmwrKVa+0ma5BoiGJ+BoqkMvawbayKUsqQ==} @@ -1398,10 +1425,6 @@ packages: resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} engines: {node: '>=12'} - '@isaacs/ttlcache@1.4.1': - resolution: {integrity: sha512-RQgQ4uQ+pLbqXfOmieB91ejmLwvSgv9nLx6sT6sD83s7umBypgg+OIBOBbEUiJXrfpnp9j0mRhYYdzp9uqq3lA==} - engines: {node: '>=12'} - '@jest/schemas@29.6.3': resolution: {integrity: sha512-mo5j5X+jIZmJQveBKeS/clAueipV7KgiX1vMgCxam1RNYiqE1w62n0/tJJnHtjW8ZHcQco5gY85jA3mi0L+nSA==} engines: {node: ^14.15.0 || ^16.10.0 || >=18.0.0} @@ -1491,6 +1514,9 @@ packages: cpu: [x64] os: [win32] + '@napi-rs/wasm-runtime@0.2.4': + resolution: {integrity: sha512-9zESzOO5aDByvhIAsOy9TbpZ0Ur2AJbUI7UT73kcUTS2mxAMHOBaa1st/jAymNoCtvrit99kkzT1FZuXVcgfIQ==} + '@neondatabase/serverless@0.9.5': resolution: {integrity: sha512-siFas6gItqv6wD/pZnvdu34wEqgG3nSE6zWZdq5j2DEsa+VvX8i/5HXJOo06qrw5axPXn+lGCxeR+NLaSPIXug==} @@ -1504,87 +1530,174 @@ packages: cpu: [arm] os: [android] + '@node-rs/argon2-android-arm-eabi@1.8.3': + resolution: {integrity: sha512-JFZPlNM0A8Og+Tncb8UZsQrhEMlbHBXPsT3hRoKImzVmTmq28Os0ucFWow0AACp2coLHBSydXH3Dh0lZup3rWw==} + engines: {node: '>= 10'} + cpu: [arm] + os: [android] + '@node-rs/argon2-android-arm64@1.7.0': resolution: {integrity: sha512-s9j/G30xKUx8WU50WIhF0fIl1EdhBGq0RQ06lEhZ0Gi0ap8lhqbE2Bn5h3/G2D1k0Dx+yjeVVNmt/xOQIRG38A==} engines: {node: '>= 10'} cpu: [arm64] os: [android] + '@node-rs/argon2-android-arm64@1.8.3': + resolution: {integrity: sha512-zaf8P3T92caeW2xnMA7P1QvRA4pIt/04oilYP44XlTCtMye//vwXDMeK53sl7dvYiJKnzAWDRx41k8vZvpZazg==} + engines: {node: '>= 10'} + cpu: [arm64] + os: [android] + '@node-rs/argon2-darwin-arm64@1.7.0': resolution: {integrity: sha512-ZIz4L6HGOB9U1kW23g+m7anGNuTZ0RuTw0vNp3o+2DWpb8u8rODq6A8tH4JRL79S+Co/Nq608m9uackN2pe0Rw==} engines: {node: '>= 10'} cpu: [arm64] os: [darwin] + '@node-rs/argon2-darwin-arm64@1.8.3': + resolution: {integrity: sha512-DV/IbmLGdNXBtXb5o2UI5ba6kvqXqPAJgmMOTUCuHeBSp992GlLHdfU4rzGu0dNrxudBnunNZv+crd0YdEQSUA==} + engines: {node: '>= 10'} + cpu: [arm64] + os: [darwin] + '@node-rs/argon2-darwin-x64@1.7.0': resolution: {integrity: sha512-5oi/pxqVhODW/pj1+3zElMTn/YukQeywPHHYDbcAW3KsojFjKySfhcJMd1DjKTc+CHQI+4lOxZzSUzK7mI14Hw==} engines: {node: '>= 10'} cpu: [x64] os: [darwin] + '@node-rs/argon2-darwin-x64@1.8.3': + resolution: {integrity: sha512-YMjmBGFZhLfYjfQ2gll9A+BZu/zAMV7lWZIbKxb7ZgEofILQwuGmExjDtY3Jplido/6leCEdpmlk2oIsME00LA==} + engines: {node: '>= 10'} + cpu: [x64] + os: [darwin] + '@node-rs/argon2-freebsd-x64@1.7.0': resolution: {integrity: sha512-Ify08683hA4QVXYoIm5SUWOY5DPIT/CMB0CQT+IdxQAg/F+qp342+lUkeAtD5bvStQuCx/dFO3bnnzoe2clMhA==} engines: {node: '>= 10'} cpu: [x64] os: [freebsd] + '@node-rs/argon2-freebsd-x64@1.8.3': + resolution: {integrity: sha512-Hq3Rj5Yb2RolTG/luRPnv+XiGCbi5nAK25Pc8ou/tVapwX+iktEm/NXbxc5zsMxraYVkCvfdwBjweC5O+KqCGw==} + engines: {node: '>= 10'} + cpu: [x64] + os: [freebsd] + '@node-rs/argon2-linux-arm-gnueabihf@1.7.0': resolution: {integrity: sha512-7DjDZ1h5AUHAtRNjD19RnQatbhL+uuxBASuuXIBu4/w6Dx8n7YPxwTP4MXfsvuRgKuMWiOb/Ub/HJ3kXVCXRkg==} engines: {node: '>= 10'} cpu: [arm] os: [linux] + '@node-rs/argon2-linux-arm-gnueabihf@1.8.3': + resolution: {integrity: sha512-x49l8RgzKoG0/V0IXa5rrEl1TcJEc936ctlYFvqcunSOyowZ6kiWtrp1qrbOR8gbaNILl11KTF52vF6+h8UlEQ==} + engines: {node: '>= 10'} + cpu: [arm] + os: [linux] + '@node-rs/argon2-linux-arm64-gnu@1.7.0': resolution: {integrity: sha512-nJDoMP4Y3YcqGswE4DvP080w6O24RmnFEDnL0emdI8Nou17kNYBzP2546Nasx9GCyLzRcYQwZOUjrtUuQ+od2g==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] + '@node-rs/argon2-linux-arm64-gnu@1.8.3': + resolution: {integrity: sha512-gJesam/qA63reGkb9qJ2TjFSLBtY41zQh2oei7nfnYsmVQPuHHWItJxEa1Bm21SPW53gZex4jFJbDIgj0+PxIw==} + engines: {node: '>= 10'} + cpu: [arm64] + os: [linux] + '@node-rs/argon2-linux-arm64-musl@1.7.0': resolution: {integrity: sha512-BKWS8iVconhE3jrb9mj6t1J9vwUqQPpzCbUKxfTGJfc+kNL58F1SXHBoe2cDYGnHrFEHTY0YochzXoAfm4Dm/A==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] + '@node-rs/argon2-linux-arm64-musl@1.8.3': + resolution: {integrity: sha512-7O6kQdSKzB4Tjx/EBa8zKIxnmLkQE8VdJgPm6Ksrpn+ueo0mx2xf76fIDnbbTCtm3UbB+y+FkTo2wLA7tOqIKg==} + engines: {node: '>= 10'} + cpu: [arm64] + os: [linux] + '@node-rs/argon2-linux-x64-gnu@1.7.0': resolution: {integrity: sha512-EmgqZOlf4Jurk/szW1iTsVISx25bKksVC5uttJDUloTgsAgIGReCpUUO1R24pBhu9ESJa47iv8NSf3yAfGv6jQ==} engines: {node: '>= 10'} cpu: [x64] os: [linux] + '@node-rs/argon2-linux-x64-gnu@1.8.3': + resolution: {integrity: sha512-OBH+EFG7BGjFyldaao2H2gSCLmjtrrwf420B1L+lFn7JLW9UAjsIPFKAcWsYwPa/PwYzIge9Y7SGcpqlsSEX0w==} + engines: {node: '>= 10'} + cpu: [x64] + os: [linux] + '@node-rs/argon2-linux-x64-musl@1.7.0': resolution: {integrity: sha512-/o1efYCYIxjfuoRYyBTi2Iy+1iFfhqHCvvVsnjNSgO1xWiWrX0Rrt/xXW5Zsl7vS2Y+yu8PL8KFWRzZhaVxfKA==} engines: {node: '>= 10'} cpu: [x64] os: [linux] + '@node-rs/argon2-linux-x64-musl@1.8.3': + resolution: {integrity: sha512-bDbMuyekIxZaN7NaX+gHVkOyABB8bcMEJYeRPW1vCXKHj3brJns1wiUFSxqeUXreupifNVJlQfPt1Y5B/vFXgQ==} + engines: {node: '>= 10'} + cpu: [x64] + os: [linux] + '@node-rs/argon2-wasm32-wasi@1.7.0': resolution: {integrity: sha512-Evmk9VcxqnuwQftfAfYEr6YZYSPLzmKUsbFIMep5nTt9PT4XYRFAERj7wNYp+rOcBenF3X4xoB+LhwcOMTNE5w==} engines: {node: '>=14.0.0'} cpu: [wasm32] + '@node-rs/argon2-wasm32-wasi@1.8.3': + resolution: {integrity: sha512-NBf2cMCDbNKMzp13Pog8ZPmI0M9U4Ak5b95EUjkp17kdKZFds12dwW67EMnj7Zy+pRqby2QLECaWebDYfNENTg==} + engines: {node: '>=14.0.0'} + cpu: [wasm32] + '@node-rs/argon2-win32-arm64-msvc@1.7.0': resolution: {integrity: sha512-qgsU7T004COWWpSA0tppDqDxbPLgg8FaU09krIJ7FBl71Sz8SFO40h7fDIjfbTT5w7u6mcaINMQ5bSHu75PCaA==} engines: {node: '>= 10'} cpu: [arm64] os: [win32] + '@node-rs/argon2-win32-arm64-msvc@1.8.3': + resolution: {integrity: sha512-AHpPo7UbdW5WWjwreVpgFSY0o1RY4A7cUFaqDXZB2OqEuyrhMxBdZct9PX7PQKI18D85pLsODnR+gvVuTwJ6rQ==} + engines: {node: '>= 10'} + cpu: [arm64] + os: [win32] + '@node-rs/argon2-win32-ia32-msvc@1.7.0': resolution: {integrity: sha512-JGafwWYQ/HpZ3XSwP4adQ6W41pRvhcdXvpzIWtKvX+17+xEXAe2nmGWM6s27pVkg1iV2ZtoYLRDkOUoGqZkCcg==} engines: {node: '>= 10'} cpu: [ia32] os: [win32] + '@node-rs/argon2-win32-ia32-msvc@1.8.3': + resolution: {integrity: sha512-bqzn2rcQkEwCINefhm69ttBVVkgHJb/V03DdBKsPFtiX6H47axXKz62d1imi26zFXhOEYxhKbu3js03GobJOLw==} + engines: {node: '>= 10'} + cpu: [ia32] + os: [win32] + '@node-rs/argon2-win32-x64-msvc@1.7.0': resolution: {integrity: sha512-9oq4ShyFakw8AG3mRls0AoCpxBFcimYx7+jvXeAf2OqKNO+mSA6eZ9z7KQeVCi0+SOEUYxMGf5UiGiDb9R6+9Q==} engines: {node: '>= 10'} cpu: [x64] os: [win32] + '@node-rs/argon2-win32-x64-msvc@1.8.3': + resolution: {integrity: sha512-ILlrRThdbp5xNR5gwYM2ic1n/vG5rJ8dQZ+YMRqksl+lnTJ/6FDe5BOyIhiPtiDwlCiCtUA+1NxpDB9KlUCAIA==} + engines: {node: '>= 10'} + cpu: [x64] + os: [win32] + '@node-rs/argon2@1.7.0': resolution: {integrity: sha512-zfULc+/tmcWcxn+nHkbyY8vP3+MpEqKORbszt4UkpqZgBgDAAIYvuDN/zukfTgdmo6tmJKKVfzigZOPk4LlIog==} engines: {node: '>= 10'} + '@node-rs/argon2@1.8.3': + resolution: {integrity: sha512-sf/QAEI59hsMEEE2J8vO4hKrXrv4Oplte3KI2N4MhMDYpytH0drkVfErmHBfWFZxxIEK03fX1WsBNswS2nIZKg==} + engines: {node: '>= 10'} + '@node-rs/bcrypt-android-arm-eabi@1.9.0': resolution: {integrity: sha512-nOCFISGtnodGHNiLrG0WYLWr81qQzZKYfmwHc7muUeq+KY0sQXyHOwZk9OuNQAWv/lnntmtbwkwT0QNEmOyLvA==} engines: {node: '>= 10'} @@ -1684,6 +1797,39 @@ packages: resolution: {integrity: sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==} engines: {node: '>= 8'} + '@oslojs/asn1@1.0.0': + resolution: {integrity: sha512-zw/wn0sj0j0QKbIXfIlnEcTviaCzYOY3V5rAyjR6YtOByFtJiT574+8p9Wlach0lZH9fddD4yb9laEAIl4vXQA==} + + '@oslojs/binary@1.0.0': + resolution: {integrity: sha512-9RCU6OwXU6p67H4NODbuxv2S3eenuQ4/WFLrsq+K/k682xrznH5EVWA7N4VFk9VYVcbFtKqur5YQQZc0ySGhsQ==} + + '@oslojs/cbor@1.0.0': + resolution: {integrity: sha512-AY6Lknexs7n2xp8Cgey95c+975VG7XOk4UEdRdNFxHmDDbuf47OC/LAVRsl14DeTLwo8W6xr3HLFwUFmKcndTQ==} + + '@oslojs/crypto@1.0.0': + resolution: {integrity: sha512-dVz8TkkgYdr3tlwxHd7SCYGxoN7ynwHLA0nei/Aq9C+ERU0BK+U8+/3soEzBUxUNKYBf42351DyJUZ2REla50w==} + + '@oslojs/crypto@1.0.1': + resolution: {integrity: sha512-7n08G8nWjAr/Yu3vu9zzrd0L9XnrJfpMioQcvCMxBIiF5orECHe5/3J0jmXRVvgfqMm/+4oxlQ+Sq39COYLcNQ==} + + '@oslojs/encoding@0.4.1': + resolution: {integrity: sha512-hkjo6MuIK/kQR5CrGNdAPZhS01ZCXuWDRJ187zh6qqF2+yMHZpD9fAYpX8q2bOO6Ryhl3XpCT6kUX76N8hhm4Q==} + + '@oslojs/encoding@1.0.0': + resolution: {integrity: sha512-dyIB0SdZgMm5BhGwdSp8rMxEFIopLKxDG1vxIBaiogyom6ZqH2aXPb6DEC2WzOOWKdPSq1cxdNeRx2wAn1Z+ZQ==} + + '@oslojs/jwt@0.2.0': + resolution: {integrity: sha512-bLE7BtHrURedCn4Mco3ma9L4Y1GR2SMBuIvjWr7rmQ4/W/4Jy70TIAgZ+0nIlk0xHz1vNP8x8DCns45Sb2XRbg==} + + '@oslojs/oauth2@0.5.0': + resolution: {integrity: sha512-t70+e4EgnzTbU4MrUWXzqWN2A6RJrlSSvwwuBv6E0Ap6/nsIXrjsdRWeTcSvvXTcC6fi0YdWaqEWLipcEm2Cgw==} + + '@oslojs/otp@1.0.0': + resolution: {integrity: sha512-w/vZfoVsFCCcmsmsXVsIMoWbvr1IZmQ9BsDZwdePSpe8rFKMD1Knd+05iJr415adXkFVyu0tYxgrLPYMynNtXQ==} + + '@oslojs/webauthn@1.0.0': + resolution: {integrity: sha512-2ZRpbt3msNURwvjmavzq9vrNlxUnWFBGMYqbC1kO3fYBLskL7r4DiLJT1wbtLoI+hclFwjhl48YhRFBl6RWg1A==} + '@paralleldrive/cuid2@2.2.2': resolution: {integrity: sha512-ZOBkgDwEdoYVlSeRbYYXs0S9MejQofiVYoTbKzy/6GQa39/q5tQU2IX46+shYnUkpEl3wc+J6wRlar7r2EK2xA==} @@ -1904,6 +2050,9 @@ packages: '@tybys/wasm-util@0.8.3': resolution: {integrity: sha512-Z96T/L6dUFFxgFJ+pQtkPpne9q7i6kIPYCFnQBHSgSPV9idTsKfIhCss0h5iM9irweZCatkrdeP8yi5uM1eX6Q==} + '@tybys/wasm-util@0.9.0': + resolution: {integrity: sha512-6+7nlbMVX/PVDCwaIQ8nTOPveOcFLSt8GcXdx8hD0bt39uWxYT88uXzqTd4fTvqta7oeUJqudepapKNt2DYJFw==} + '@types/cookie@0.6.0': resolution: {integrity: sha512-4Kh9a6B2bQciAhf7FSuMRRkUWecJgJu9nPnx3yzpsfXX/c50REIqpHY4C82bXP90qrLtXtkDxTZosYO3UpOwlA==} @@ -1928,6 +2077,9 @@ packages: '@types/pug@2.0.10': resolution: {integrity: sha512-Sk/uYFOBAB7mb74XcpizmH0KOR2Pv3D2Hmrh1Dmy5BmK3MpdSa5kqZcg6EKBdklU0bFXX9gCfzvpnyUehrPIuA==} + '@types/qrcode@1.5.5': + resolution: {integrity: sha512-CdfBi/e3Qk+3Z/fXYShipBT13OJ2fDO2Q2w5CIP5anLTLIndQG9z6P1cnm+8zCWSpm5dnxMFd/uREtb0EXuQzg==} + '@types/resolve@1.20.2': resolution: {integrity: sha512-60BCwRFOZCQhDncwQdxxeOEEkbc5dIMccYLwbxsS4TUNeVECQ/pBJ0j09mrHOl/JJvpRPGwO9SvE4nR2Nb/a4Q==} @@ -4324,11 +4476,6 @@ packages: '@sveltejs/kit': 1.x || 2.x svelte: 3.x || 4.x || >=5.0.0-next.51 - sveltekit-rate-limiter@0.5.2: - resolution: {integrity: sha512-7CELKmTffNjj0i/RUxT9SKYFA9IO/tQabjgT39clOlkKvlcGozNy8nqoIx+24amWfqEqC/WXYMEIek04PiFdyA==} - peerDependencies: - '@sveltejs/kit': 1.x || 2.x - sveltekit-superforms@2.19.0: resolution: {integrity: sha512-WJmdYf8WpuDkl6zxdRP72R+wDefx1OhIQYKdsIQqNkFntNq0/BUrkMdUr1i7d/FbX0gS1A9GRflCx3WiYQlAXg==} peerDependencies: @@ -5018,6 +5165,12 @@ snapshots: tslib: 2.7.0 optional: true + '@emnapi/core@1.2.0': + dependencies: + '@emnapi/wasi-threads': 1.0.1 + tslib: 2.7.0 + optional: true + '@emnapi/runtime@0.45.0': dependencies: tslib: 2.7.0 @@ -5028,6 +5181,11 @@ snapshots: tslib: 2.7.0 optional: true + '@emnapi/wasi-threads@1.0.1': + dependencies: + tslib: 2.7.0 + optional: true + '@esbuild-kit/core-utils@3.3.2': dependencies: esbuild: 0.18.20 @@ -5500,8 +5658,6 @@ snapshots: wrap-ansi: 8.1.0 wrap-ansi-cjs: wrap-ansi@7.0.0 - '@isaacs/ttlcache@1.4.1': {} - '@jest/schemas@29.6.3': dependencies: '@sinclair/typebox': 0.27.8 @@ -5599,6 +5755,13 @@ snapshots: '@msgpackr-extract/msgpackr-extract-win32-x64@3.0.3': optional: true + '@napi-rs/wasm-runtime@0.2.4': + dependencies: + '@emnapi/core': 1.2.0 + '@emnapi/runtime': 1.2.0 + '@tybys/wasm-util': 0.9.0 + optional: true + '@neondatabase/serverless@0.9.5': dependencies: '@types/pg': 8.11.6 @@ -5608,33 +5771,63 @@ snapshots: '@node-rs/argon2-android-arm-eabi@1.7.0': optional: true + '@node-rs/argon2-android-arm-eabi@1.8.3': + optional: true + '@node-rs/argon2-android-arm64@1.7.0': optional: true + '@node-rs/argon2-android-arm64@1.8.3': + optional: true + '@node-rs/argon2-darwin-arm64@1.7.0': optional: true + '@node-rs/argon2-darwin-arm64@1.8.3': + optional: true + '@node-rs/argon2-darwin-x64@1.7.0': optional: true + '@node-rs/argon2-darwin-x64@1.8.3': + optional: true + '@node-rs/argon2-freebsd-x64@1.7.0': optional: true + '@node-rs/argon2-freebsd-x64@1.8.3': + optional: true + '@node-rs/argon2-linux-arm-gnueabihf@1.7.0': optional: true + '@node-rs/argon2-linux-arm-gnueabihf@1.8.3': + optional: true + '@node-rs/argon2-linux-arm64-gnu@1.7.0': optional: true + '@node-rs/argon2-linux-arm64-gnu@1.8.3': + optional: true + '@node-rs/argon2-linux-arm64-musl@1.7.0': optional: true + '@node-rs/argon2-linux-arm64-musl@1.8.3': + optional: true + '@node-rs/argon2-linux-x64-gnu@1.7.0': optional: true + '@node-rs/argon2-linux-x64-gnu@1.8.3': + optional: true + '@node-rs/argon2-linux-x64-musl@1.7.0': optional: true + '@node-rs/argon2-linux-x64-musl@1.8.3': + optional: true + '@node-rs/argon2-wasm32-wasi@1.7.0': dependencies: '@emnapi/core': 0.45.0 @@ -5643,15 +5836,29 @@ snapshots: memfs-browser: 3.5.10302 optional: true + '@node-rs/argon2-wasm32-wasi@1.8.3': + dependencies: + '@napi-rs/wasm-runtime': 0.2.4 + optional: true + '@node-rs/argon2-win32-arm64-msvc@1.7.0': optional: true + '@node-rs/argon2-win32-arm64-msvc@1.8.3': + optional: true + '@node-rs/argon2-win32-ia32-msvc@1.7.0': optional: true + '@node-rs/argon2-win32-ia32-msvc@1.8.3': + optional: true + '@node-rs/argon2-win32-x64-msvc@1.7.0': optional: true + '@node-rs/argon2-win32-x64-msvc@1.8.3': + optional: true + '@node-rs/argon2@1.7.0': optionalDependencies: '@node-rs/argon2-android-arm-eabi': 1.7.0 @@ -5669,6 +5876,23 @@ snapshots: '@node-rs/argon2-win32-ia32-msvc': 1.7.0 '@node-rs/argon2-win32-x64-msvc': 1.7.0 + '@node-rs/argon2@1.8.3': + optionalDependencies: + '@node-rs/argon2-android-arm-eabi': 1.8.3 + '@node-rs/argon2-android-arm64': 1.8.3 + '@node-rs/argon2-darwin-arm64': 1.8.3 + '@node-rs/argon2-darwin-x64': 1.8.3 + '@node-rs/argon2-freebsd-x64': 1.8.3 + '@node-rs/argon2-linux-arm-gnueabihf': 1.8.3 + '@node-rs/argon2-linux-arm64-gnu': 1.8.3 + '@node-rs/argon2-linux-arm64-musl': 1.8.3 + '@node-rs/argon2-linux-x64-gnu': 1.8.3 + '@node-rs/argon2-linux-x64-musl': 1.8.3 + '@node-rs/argon2-wasm32-wasi': 1.8.3 + '@node-rs/argon2-win32-arm64-msvc': 1.8.3 + '@node-rs/argon2-win32-ia32-msvc': 1.8.3 + '@node-rs/argon2-win32-x64-msvc': 1.8.3 + '@node-rs/bcrypt-android-arm-eabi@1.9.0': optional: true @@ -5745,6 +5969,50 @@ snapshots: '@nodelib/fs.scandir': 2.1.5 fastq: 1.17.1 + '@oslojs/asn1@1.0.0': + dependencies: + '@oslojs/binary': 1.0.0 + + '@oslojs/binary@1.0.0': {} + + '@oslojs/cbor@1.0.0': + dependencies: + '@oslojs/binary': 1.0.0 + + '@oslojs/crypto@1.0.0': + dependencies: + '@oslojs/asn1': 1.0.0 + '@oslojs/binary': 1.0.0 + + '@oslojs/crypto@1.0.1': + dependencies: + '@oslojs/asn1': 1.0.0 + '@oslojs/binary': 1.0.0 + + '@oslojs/encoding@0.4.1': {} + + '@oslojs/encoding@1.0.0': {} + + '@oslojs/jwt@0.2.0': + dependencies: + '@oslojs/encoding': 0.4.1 + + '@oslojs/oauth2@0.5.0': {} + + '@oslojs/otp@1.0.0': + dependencies: + '@oslojs/binary': 1.0.0 + '@oslojs/crypto': 1.0.0 + '@oslojs/encoding': 1.0.0 + + '@oslojs/webauthn@1.0.0': + dependencies: + '@oslojs/asn1': 1.0.0 + '@oslojs/binary': 1.0.0 + '@oslojs/cbor': 1.0.0 + '@oslojs/crypto': 1.0.0 + '@oslojs/encoding': 1.0.0 + '@paralleldrive/cuid2@2.2.2': dependencies: '@noble/hashes': 1.5.0 @@ -5959,6 +6227,11 @@ snapshots: tslib: 2.7.0 optional: true + '@tybys/wasm-util@0.9.0': + dependencies: + tslib: 2.7.0 + optional: true + '@types/cookie@0.6.0': {} '@types/estree@1.0.5': {} @@ -5986,6 +6259,10 @@ snapshots: '@types/pug@2.0.10': {} + '@types/qrcode@1.5.5': + dependencies: + '@types/node': 20.16.5 + '@types/resolve@1.20.2': {} '@types/validator@13.12.1': @@ -8490,11 +8767,6 @@ snapshots: '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) svelte: 5.0.0-next.175 - sveltekit-rate-limiter@0.5.2(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))): - dependencies: - '@isaacs/ttlcache': 1.4.1 - '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) - sveltekit-superforms@2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175): dependencies: '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) diff --git a/src/lib/server/api/services/totp.service.ts b/src/lib/server/api/services/totp.service.ts index b8c5fbf..ac0253c 100644 --- a/src/lib/server/api/services/totp.service.ts +++ b/src/lib/server/api/services/totp.service.ts @@ -1,7 +1,7 @@ import { CredentialsRepository } from '$lib/server/api/repositories/credentials.repository' import { HMAC } from 'oslo/crypto' -import { decodeHex, encodeHex } from 'oslo/encoding' -import { TOTPController } from 'oslo/otp' +import { decodeHex, encodeHexLowerCase } from '@oslojs/encoding' +import { verifyTOTP } from '@oslojs/otp' import { inject, injectable } from 'tsyringe' import type { CredentialsType } from '../databases/tables' @@ -27,7 +27,7 @@ export class TotpService { try { return await this.credentialsRepository.create({ user_id: userId, - secret_data: encodeHex(twoFactorSecret), + secret_data: encodeHexLowerCase(twoFactorSecret), type: 'totp', }) } catch (e) { @@ -49,6 +49,6 @@ export class TotpService { if (!credential) { throw new Error('TOTP credential not found') } - return await new TOTPController().verify(code, decodeHex(credential.secret_data)) + return await verifyTOTP(decodeHex(credential.secret_data), 30, 6, code) } } diff --git a/src/routes/(app)/(protected)/settings/security/change/password/+page.server.ts b/src/routes/(app)/(protected)/settings/security/change/password/+page.server.ts index 300b45d..30bd840 100644 --- a/src/routes/(app)/(protected)/settings/security/change/password/+page.server.ts +++ b/src/routes/(app)/(protected)/settings/security/change/password/+page.server.ts @@ -1,10 +1,5 @@ import { notSignedInMessage } from '$lib/flashMessages' -import { usersTable } from '$lib/server/api/databases/tables' -import { db } from '$lib/server/api/packages/drizzle' import { type Actions, fail } from '@sveltejs/kit' -import { eq } from 'drizzle-orm' -import type { Cookie } from 'lucia' -import { Argon2id } from 'oslo/password' import { redirect } from 'sveltekit-flash-message/server' import { zod } from 'sveltekit-superforms/adapters' import { setError, superValidate } from 'sveltekit-superforms/server' diff --git a/src/routes/(app)/(protected)/settings/security/mfa/totp/+page.server.ts b/src/routes/(app)/(protected)/settings/security/mfa/totp/+page.server.ts index 1a45df9..91f2ec4 100644 --- a/src/routes/(app)/(protected)/settings/security/mfa/totp/+page.server.ts +++ b/src/routes/(app)/(protected)/settings/security/mfa/totp/+page.server.ts @@ -2,8 +2,8 @@ import { notSignedInMessage } from '$lib/flashMessages' import env from '$lib/server/api/common/env' import { type Actions, fail } from '@sveltejs/kit' import kebabCase from 'just-kebab-case' -import { base32, decodeHex } from 'oslo/encoding' -import { createTOTPKeyURI } from 'oslo/otp' +import { encodeBase32, decodeHex } from '@oslojs/encoding' +import { createTOTPKeyURI } from '@oslojs/otp' import QRCode from 'qrcode' import { redirect } from 'sveltekit-flash-message/server' import { zod } from 'sveltekit-superforms/adapters' @@ -63,10 +63,11 @@ export const load: PageServerLoad = async (event) => { }) } const decodedHexSecret = decodeHex(createdTotpCredentials.secret_data) - const secret = base32.encode(new Uint8Array(decodedHexSecret), { - includePadding: false, - }) - const totpUri = createTOTPKeyURI(issuer, accountName, decodedHexSecret) + const secret = encodeBase32(new TextEncoder().encode(decodedHexSecret)) + const intervalInSeconds = 30 + const digits = 6 + + const totpUri = createTOTPKeyURI(issuer, accountName, decodedHexSecret, intervalInSeconds, digits) addTwoFactorForm.data = { current_password: '', diff --git a/src/routes/(app)/privacy/+page.server.ts b/src/routes/(app)/privacy/+page.server.ts index 10cfeb3..189f71e 100644 --- a/src/routes/(app)/privacy/+page.server.ts +++ b/src/routes/(app)/privacy/+page.server.ts @@ -1 +1 @@ -// export const prerender = true; \ No newline at end of file +export const prerender = true; diff --git a/src/routes/(app)/terms/+page.server.ts b/src/routes/(app)/terms/+page.server.ts index 4973a60..189f71e 100644 --- a/src/routes/(app)/terms/+page.server.ts +++ b/src/routes/(app)/terms/+page.server.ts @@ -1 +1 @@ -// export const prerender = true; +export const prerender = true; diff --git a/src/routes/(auth)/totp/+page.server.ts b/src/routes/(auth)/totp/+page.server.ts index 9b05025..a4f79dd 100644 --- a/src/routes/(auth)/totp/+page.server.ts +++ b/src/routes/(auth)/totp/+page.server.ts @@ -7,7 +7,6 @@ import { type Actions, fail } from '@sveltejs/kit' import { and, eq } from 'drizzle-orm' import { Argon2id } from 'oslo/password' import { redirect } from 'sveltekit-flash-message/server' -import { RateLimiter } from 'sveltekit-rate-limiter/server' import { zod } from 'sveltekit-superforms/adapters' import { superValidate } from 'sveltekit-superforms/server' import type { PageServerLoad, RequestEvent } from './$types'