[github/Chocobozzz/PeerTube.git] / server / helpers / otp.ts

import { Secret, TOTP } from 'otpauth'
import { CONFIG } from '@server/initializers/config'
import { WEBSERVER } from '@server/initializers/constants'
import { decrypt } from './peertube-crypto'

async function isOTPValid (options: {
  encryptedSecret: string
  token: string
}) {
  const { token, encryptedSecret } = options

  const secret = await decrypt(encryptedSecret, CONFIG.SECRETS.PEERTUBE)

  const totp = new TOTP({
    ...baseOTPOptions(),

    secret
  })

  const delta = totp.validate({
    token,
    window: 1
  })

  if (delta === null) return false

  return true
}

function generateOTPSecret (email: string) {
  const totp = new TOTP({
    ...baseOTPOptions(),

    label: email,
    secret: new Secret()
  })

  return {
    secret: totp.secret.base32,
    uri: totp.toString()
  }
}

export {
  isOTPValid,
  generateOTPSecret
}

// ---------------------------------------------------------------------------

function baseOTPOptions () {
  return {
    issuer: WEBSERVER.HOST,
    algorithm: 'SHA1',
    digits: 6,
    period: 30
  }
}
Commit	Line	Data
56f47830	1	import { Secret, TOTP } from 'otpauth'
a3e5f804	2	import { CONFIG } from '@server/initializers/config'
56f47830	3	import { WEBSERVER } from '@server/initializers/constants'
a3e5f804	4	import { decrypt } from './peertube-crypto'
56f47830	5
a3e5f804 C	6	async function isOTPValid (options: {
a3e5f804 C	7	encryptedSecret: string
56f47830 C	8	token: string
56f47830 C	9	}) {
a3e5f804 C	10	const { token, encryptedSecret } = options
	11
	12	const secret = await decrypt(encryptedSecret, CONFIG.SECRETS.PEERTUBE)
56f47830 C	13
	14	const totp = new TOTP({
	15	...baseOTPOptions(),
	16
	17	secret
	18	})
	19
	20	const delta = totp.validate({
	21	token,
	22	window: 1
	23	})
	24
	25	if (delta === null) return false
	26
	27	return true
	28	}
	29
	30	function generateOTPSecret (email: string) {
	31	const totp = new TOTP({
	32	...baseOTPOptions(),
	33
	34	label: email,
	35	secret: new Secret()
	36	})
	37
	38	return {
	39	secret: totp.secret.base32,
	40	uri: totp.toString()
	41	}
	42	}
	43
	44	export {
	45	isOTPValid,
	46	generateOTPSecret
	47	}
	48
	49	// ---------------------------------------------------------------------------
	50
	51	function baseOTPOptions () {
	52	return {
	53	issuer: WEBSERVER.HOST,
	54	algorithm: 'SHA1',
	55	digits: 6,
	56	period: 30
	57	}
	58	}