update totp

src/routes/2fa/totp/setup/+page.server.ts

@@ -18,6 +18,9 @@ export async function load(event: RequestEvent) {
 	if (event.locals.user.registered2FA && !event.locals.session.twoFactorVerified) {
 		return redirect(302, get2FARedirect(event.locals.user));
 	}
+	if (event.locals.user.registeredTOTP) {
+		return redirect(302, "/");
+	}
 
 	const totpKey = new Uint8Array(20);
 	crypto.getRandomValues(totpKey);
@@ -50,6 +53,11 @@ async function action(event: RequestEvent) {
 			message: "Forbidden"
 		});
 	}
+	if (event.locals.user.registeredTOTP) {
+		return fail(403, {
+			message: "Forbidden"
+		});
+	}
 	if (!totpUpdateBucket.check(event.locals.user.id, 1)) {
 		return fail(429, {
 			message: "Too many requests"