]>
Commit | Line | Data |
---|---|---|
1 | import { Secret, TOTP } from 'otpauth' | |
2 | import { CONFIG } from '@server/initializers/config' | |
3 | import { WEBSERVER } from '@server/initializers/constants' | |
4 | import { decrypt } from './peertube-crypto' | |
5 | ||
6 | async function isOTPValid (options: { | |
7 | encryptedSecret: string | |
8 | token: string | |
9 | }) { | |
10 | const { token, encryptedSecret } = options | |
11 | ||
12 | const secret = await decrypt(encryptedSecret, CONFIG.SECRETS.PEERTUBE) | |
13 | ||
14 | const totp = new TOTP({ | |
15 | ...baseOTPOptions(), | |
16 | ||
17 | secret | |
18 | }) | |
19 | ||
20 | const delta = totp.validate({ | |
21 | token, | |
22 | window: 1 | |
23 | }) | |
24 | ||
25 | if (delta === null) return false | |
26 | ||
27 | return true | |
28 | } | |
29 | ||
30 | function generateOTPSecret (email: string) { | |
31 | const totp = new TOTP({ | |
32 | ...baseOTPOptions(), | |
33 | ||
34 | label: email, | |
35 | secret: new Secret() | |
36 | }) | |
37 | ||
38 | return { | |
39 | secret: totp.secret.base32, | |
40 | uri: totp.toString() | |
41 | } | |
42 | } | |
43 | ||
44 | export { | |
45 | isOTPValid, | |
46 | generateOTPSecret | |
47 | } | |
48 | ||
49 | // --------------------------------------------------------------------------- | |
50 | ||
51 | function baseOTPOptions () { | |
52 | return { | |
53 | issuer: WEBSERVER.HOST, | |
54 | algorithm: 'SHA1', | |
55 | digits: 6, | |
56 | period: 30 | |
57 | } | |
58 | } |