Merge branch 'feature/otp' into develop

author: Chocobozzz <me@florianbigard.com> 2022-10-10 11:19:58 +0200
committer: Chocobozzz <me@florianbigard.com> 2022-10-10 11:19:58 +0200
commit: 63fa260a81a8930c157b73c897fe8696a8cc90d4 (patch)
tree: 705ebfae42f9c59b2a1ac97779e4037102dfed1c /server/helpers/otp.ts
parent: 9b99d32804e99462c6f22df3ec3db9ec5bf8a18c (diff)
parent: 1ea868a9456439108fbd87255537093ed8bd456f (diff)
download: PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.tar.gz
PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.tar.zst
PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.zip
1 files changed, 58 insertions, 0 deletions
diff --git a/server/helpers/otp.ts b/server/helpers/otp.ts
new file mode 100644
index 000000000..a32cc9621
--- /dev/null
+++ b/server/helpers/otp.ts
@@ -0,0 +1,58 @@
+import { Secret, TOTP } from 'otpauth'
+import { CONFIG } from '@server/initializers/config'
+import { WEBSERVER } from '@server/initializers/constants'
+import { decrypt } from './peertube-crypto'
+async function isOTPValid (options: {
+  encryptedSecret: string
+  token: string
+}) {
+  const { token, encryptedSecret } = options
+  const secret = await decrypt(encryptedSecret, CONFIG.SECRETS.PEERTUBE)
+  const totp = new TOTP({
+    ...baseOTPOptions(),
+    secret
+  })
+  const delta = totp.validate({
+    token,
+    window: 1
+  })
+  if (delta === null) return false
+  return true
+}
+function generateOTPSecret (email: string) {
+  const totp = new TOTP({
+    ...baseOTPOptions(),
+    label: email,
+    secret: new Secret()
+  })
+  return {
+    secret: totp.secret.base32,
+    uri: totp.toString()
+  }
+}
+export {
+  isOTPValid,
+  generateOTPSecret
+}
+// ---------------------------------------------------------------------------
+function baseOTPOptions () {
+  return {
+    issuer: WEBSERVER.HOST,
+    algorithm: 'SHA1',
+    digits: 6,
+    period: 30
+  }
+}
author	Chocobozzz <me@florianbigard.com>	2022-10-10 11:19:58 +0200
committer	Chocobozzz <me@florianbigard.com>	2022-10-10 11:19:58 +0200
commit	63fa260a81a8930c157b73c897fe8696a8cc90d4 (patch)
tree	705ebfae42f9c59b2a1ac97779e4037102dfed1c /server/helpers/otp.ts
parent	9b99d32804e99462c6f22df3ec3db9ec5bf8a18c (diff)
parent	1ea868a9456439108fbd87255537093ed8bd456f (diff)
download	PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.tar.gz PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.tar.zst PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.zip

diff --git a/server/helpers/otp.ts b/server/helpers/otp.ts new file mode 100644 index 000000000..a32cc9621 --- /dev/null +++ b/server/helpers/otp.ts
@@ -0,0 +1,58 @@
	1	import { Secret, TOTP } from 'otpauth'
	2	import { CONFIG } from '@server/initializers/config'
	3	import { WEBSERVER } from '@server/initializers/constants'
	4	import { decrypt } from './peertube-crypto'
	5
	6	async function isOTPValid (options: {
	7	encryptedSecret: string
	8	token: string
	9	}) {
	10	const { token, encryptedSecret } = options
	11
	12	const secret = await decrypt(encryptedSecret, CONFIG.SECRETS.PEERTUBE)
	13
	14	const totp = new TOTP({
	15	...baseOTPOptions(),
	16
	17	secret
	18	})
	19
	20	const delta = totp.validate({
	21	token,
	22	window: 1
	23	})
	24
	25	if (delta === null) return false
	26
	27	return true
	28	}
	29
	30	function generateOTPSecret (email: string) {
	31	const totp = new TOTP({
	32	...baseOTPOptions(),
	33
	34	label: email,
	35	secret: new Secret()
	36	})
	37
	38	return {
	39	secret: totp.secret.base32,
	40	uri: totp.toString()
	41	}
	42	}
	43
	44	export {
	45	isOTPValid,
	46	generateOTPSecret
	47	}
	48
	49	// ---------------------------------------------------------------------------
	50
	51	function baseOTPOptions () {
	52	return {
	53	issuer: WEBSERVER.HOST,
	54	algorithm: 'SHA1',
	55	digits: 6,
	56	period: 30
	57	}
	58	}