diff options
Diffstat (limited to 'packages/server-commands/src/users/two-factor-command.ts')
-rw-r--r-- | packages/server-commands/src/users/two-factor-command.ts | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/packages/server-commands/src/users/two-factor-command.ts b/packages/server-commands/src/users/two-factor-command.ts new file mode 100644 index 000000000..cf3d6cb68 --- /dev/null +++ b/packages/server-commands/src/users/two-factor-command.ts | |||
@@ -0,0 +1,92 @@ | |||
1 | import { TOTP } from 'otpauth' | ||
2 | import { HttpStatusCode, TwoFactorEnableResult } from '@peertube/peertube-models' | ||
3 | import { unwrapBody } from '../requests/index.js' | ||
4 | import { AbstractCommand, OverrideCommandOptions } from '../shared/index.js' | ||
5 | |||
6 | export class TwoFactorCommand extends AbstractCommand { | ||
7 | |||
8 | static buildOTP (options: { | ||
9 | secret: string | ||
10 | }) { | ||
11 | const { secret } = options | ||
12 | |||
13 | return new TOTP({ | ||
14 | issuer: 'PeerTube', | ||
15 | algorithm: 'SHA1', | ||
16 | digits: 6, | ||
17 | period: 30, | ||
18 | secret | ||
19 | }) | ||
20 | } | ||
21 | |||
22 | request (options: OverrideCommandOptions & { | ||
23 | userId: number | ||
24 | currentPassword?: string | ||
25 | }) { | ||
26 | const { currentPassword, userId } = options | ||
27 | |||
28 | const path = '/api/v1/users/' + userId + '/two-factor/request' | ||
29 | |||
30 | return unwrapBody<TwoFactorEnableResult>(this.postBodyRequest({ | ||
31 | ...options, | ||
32 | |||
33 | path, | ||
34 | fields: { currentPassword }, | ||
35 | implicitToken: true, | ||
36 | defaultExpectedStatus: HttpStatusCode.OK_200 | ||
37 | })) | ||
38 | } | ||
39 | |||
40 | confirmRequest (options: OverrideCommandOptions & { | ||
41 | userId: number | ||
42 | requestToken: string | ||
43 | otpToken: string | ||
44 | }) { | ||
45 | const { userId, requestToken, otpToken } = options | ||
46 | |||
47 | const path = '/api/v1/users/' + userId + '/two-factor/confirm-request' | ||
48 | |||
49 | return this.postBodyRequest({ | ||
50 | ...options, | ||
51 | |||
52 | path, | ||
53 | fields: { requestToken, otpToken }, | ||
54 | implicitToken: true, | ||
55 | defaultExpectedStatus: HttpStatusCode.NO_CONTENT_204 | ||
56 | }) | ||
57 | } | ||
58 | |||
59 | disable (options: OverrideCommandOptions & { | ||
60 | userId: number | ||
61 | currentPassword?: string | ||
62 | }) { | ||
63 | const { userId, currentPassword } = options | ||
64 | const path = '/api/v1/users/' + userId + '/two-factor/disable' | ||
65 | |||
66 | return this.postBodyRequest({ | ||
67 | ...options, | ||
68 | |||
69 | path, | ||
70 | fields: { currentPassword }, | ||
71 | implicitToken: true, | ||
72 | defaultExpectedStatus: HttpStatusCode.NO_CONTENT_204 | ||
73 | }) | ||
74 | } | ||
75 | |||
76 | async requestAndConfirm (options: OverrideCommandOptions & { | ||
77 | userId: number | ||
78 | currentPassword?: string | ||
79 | }) { | ||
80 | const { userId, currentPassword } = options | ||
81 | |||
82 | const { otpRequest } = await this.request({ userId, currentPassword }) | ||
83 | |||
84 | await this.confirmRequest({ | ||
85 | userId, | ||
86 | requestToken: otpRequest.requestToken, | ||
87 | otpToken: TwoFactorCommand.buildOTP({ secret: otpRequest.secret }).generate() | ||
88 | }) | ||
89 | |||
90 | return otpRequest | ||
91 | } | ||
92 | } | ||