updated

wpcodevo · May 26, 2023 · f7eb041 · f7eb041
1 parent 1b03de4
commit f7eb041
Show file tree

Hide file tree

Showing 5 changed files with 262 additions and 40 deletions.
diff --git a/Two-Factor Auth.postman_collection.json b/Two-Factor Auth.postman_collection.json
@@ -0,0 +1,194 @@
+{
+ "info": {
+ "_postman_id": "d4058f10-7e8c-418f-8f4f-e740771b6e24",
+ "name": "Two-Factor Auth",
+ "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
+ "_exporter_id": "14791724"
+ },
+ "item": [
+ {
+ "name": "Disable 2FA",
+ "request": {
+ "method": "POST",
+ "header": [],
+ "body": {
+ "mode": "raw",
+ "raw": "{\r\n \"user_id\": \"9d3a5a8a-5d53-4d13-8cde-e51b91a09f9a\"\r\n}",
+ "options": {
+ "raw": {
+ "language": "json"
+ }
+ }
+ },
+ "url": {
+ "raw": "http:https://localhost:8000/api/auth/otp/disable",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "8000",
+ "path": [
+ "api",
+ "auth",
+ "otp",
+ "disable"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Verify OTP",
+ "request": {
+ "method": "POST",
+ "header": [],
+ "body": {
+ "mode": "raw",
+ "raw": "{\r\n \"user_id\": \"9d3a5a8a-5d53-4d13-8cde-e51b91a09f9a\",\r\n \"token\": \"296294\"\r\n}",
+ "options": {
+ "raw": {
+ "language": "json"
+ }
+ }
+ },
+ "url": {
+ "raw": "http:https://localhost:8000/api/auth/otp/verify",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "8000",
+ "path": [
+ "api",
+ "auth",
+ "otp",
+ "verify"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Generate OTP",
+ "request": {
+ "method": "POST",
+ "header": [],
+ "body": {
+ "mode": "raw",
+ "raw": "{\r\n \"user_id\": \"9d3a5a8a-5d53-4d13-8cde-e51b91a09f9a\",\r\n \"email\":\"[email protected]\"\r\n}",
+ "options": {
+ "raw": {
+ "language": "json"
+ }
+ }
+ },
+ "url": {
+ "raw": "http:https://localhost:8000/api/auth/otp/generate",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "8000",
+ "path": [
+ "api",
+ "auth",
+ "otp",
+ "generate"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Validate OTP",
+ "request": {
+ "method": "POST",
+ "header": [],
+ "body": {
+ "mode": "raw",
+ "raw": "{\r\n \"user_id\": \"9d3a5a8a-5d53-4d13-8cde-e51b91a09f9a\",\r\n \"token\": \"235485\"\r\n}",
+ "options": {
+ "raw": {
+ "language": "json"
+ }
+ }
+ },
+ "url": {
+ "raw": "http:https://localhost:8000/api/auth/otp/validate",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "8000",
+ "path": [
+ "api",
+ "auth",
+ "otp",
+ "validate"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Register User",
+ "request": {
+ "method": "POST",
+ "header": [],
+ "body": {
+ "mode": "raw",
+ "raw": "{\r\n \"email\": \"[email protected]\",\r\n \"name\": \"Jane\",\r\n \"password\": \"password123\"\r\n}",
+ "options": {
+ "raw": {
+ "language": "json"
+ }
+ }
+ },
+ "url": {
+ "raw": "http:https://localhost:8000/api/auth/register",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "8000",
+ "path": [
+ "api",
+ "auth",
+ "register"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Login User",
+ "request": {
+ "method": "POST",
+ "header": [],
+ "body": {
+ "mode": "raw",
+ "raw": "{\r\n \"email\": \"[email protected]\",\r\n \"password\": \"password123\"\r\n}",
+ "options": {
+ "raw": {
+ "language": "json"
+ }
+ }
+ },
+ "url": {
+ "raw": "http:https://localhost:8000/api/auth/login",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "8000",
+ "path": [
+ "api",
+ "auth",
+ "login"
+ ]
+ }
+ },
+ "response": []
+ }
+ ]
+}
diff --git a/controllers/auth.controller.ts b/controllers/auth.controller.ts
@@ -2,7 +2,8 @@ import crypto from "crypto";
 import { Prisma } from "@prisma/client";
 import { Request, Response, NextFunction } from "express";
 import { prisma } from "../server";
-import speakeasy from "speakeasy";
+import * as OTPAuth from "otpauth";
+import { encode } from "hi-base32";
 
 const RegisterUser = async (
  req: Request,
@@ -70,27 +71,48 @@ const LoginUser = async (req: Request, res: Response, next: NextFunction) => {
  }
 };
 
+const generateRandomBase32 = () => {
+ const buffer = crypto.randomBytes(15);
+ const base32 = encode(buffer).replace(/=/g, "").substring(0, 24);
+ return base32;
+};
+
 const GenerateOTP = async (req: Request, res: Response) => {
  try {
  const { user_id } = req.body;
- const { ascii, hex, base32, otpauth_url } = speakeasy.generateSecret({
+
+ const user = await prisma.user.findUnique({ where: { id: user_id } });
+
+ if (!user) {
+ return res.status(404).json({
+ status: "fail",
+ message: "No user with that email exists",
+ });
+ }
+
+ const base32_secret = generateRandomBase32();
+
+ let totp = new OTPAuth.TOTP({
  issuer: "codevoweb.com",
- name: "[email protected]",
- length: 15,
+ label: "CodevoWeb",
+ algorithm: "SHA1",
+ digits: 6,
+ period: 15,
+ secret: base32_secret,
  });
 
+ let otpauth_url = totp.toString();
+
  await prisma.user.update({
  where: { id: user_id },
  data: {
- otp_ascii: ascii,
  otp_auth_url: otpauth_url,
- otp_base32: base32,
- otp_hex: hex,
+ otp_base32: base32_secret,
  },
  });
 
  res.status(200).json({
- base32,
+ base32: base32_secret,
  otpauth_url,
  });
  } catch (error) {
@@ -114,13 +136,18 @@ const VerifyOTP = async (req: Request, res: Response) => {
  });
  }
 
- const verified = speakeasy.totp.verify({
+ let totp = new OTPAuth.TOTP({
+ issuer: "codevoweb.com",
+ label: "CodevoWeb",
+ algorithm: "SHA1",
+ digits: 6,
+ period: 15,
  secret: user.otp_base32!,
- encoding: "base32",
- token,
  });
 
- if (!verified) {
+ let delta = totp.validate({ token });
+
+ if (delta === null) {
  return res.status(401).json({
  status: "fail",
  message,
@@ -164,15 +191,18 @@ const ValidateOTP = async (req: Request, res: Response) => {
  message,
  });
  }
-
- const validToken = speakeasy.totp.verify({
- secret: user?.otp_base32!,
- encoding: "base32",
- token,
- window: 1,
+ let totp = new OTPAuth.TOTP({
+ issuer: "codevoweb.com",
+ label: "CodevoWeb",
+ algorithm: "SHA1",
+ digits: 6,
+ period: 15,
+ secret: user.otp_base32!,
  });
 
- if (!validToken) {
+ let delta = totp.validate({ token, window: 1 });
+
+ if (delta === null) {
  return res.status(401).json({
  status: "fail",
  message,

diff --git a/package.json b/package.json
@@ -13,7 +13,6 @@
  "@types/express": "^4.17.14",
  "@types/morgan": "^1.9.3",
  "@types/node": "^18.7.23",
- "@types/speakeasy": "^2.0.7",
  "morgan": "^1.10.0",
  "prisma": "^4.4.0",
  "ts-node-dev": "^2.0.0",
@@ -23,6 +22,7 @@
  "@prisma/client": "^4.4.0",
  "cors": "^2.8.5",
  "express": "^4.18.1",
- "speakeasy": "^2.0.0"
+ "hi-base32": "^0.5.1",
+ "otpauth": "^9.1.2"
  }
 }
diff --git a/prisma/dev.db b/prisma/dev.db