From a3e5f804ad821f6979e8735b0569b1209986fedc Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Mon, 10 Oct 2022 11:12:23 +0200
Subject: Encrypt OTP secret

---
 server/helpers/otp.ts | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'server/helpers/otp.ts')

diff --git a/server/helpers/otp.ts b/server/helpers/otp.ts
index a13edc5e2..a32cc9621 100644
--- a/server/helpers/otp.ts
+++ b/server/helpers/otp.ts
@@ -1,11 +1,15 @@
 import { Secret, TOTP } from 'otpauth'
+import { CONFIG } from '@server/initializers/config'
 import { WEBSERVER } from '@server/initializers/constants'
+import { decrypt } from './peertube-crypto'
 
-function isOTPValid (options: {
-  secret: string
+async function isOTPValid (options: {
+  encryptedSecret: string
   token: string
 }) {
-  const { token, secret } = options
+  const { token, encryptedSecret } = options
+
+  const secret = await decrypt(encryptedSecret, CONFIG.SECRETS.PEERTUBE)
 
   const totp = new TOTP({
     ...baseOTPOptions(),
-- 
cgit v1.2.3