PeerTube/packages/server-commands/src/users/two-factor-command.ts

import { TOTP } from 'otpauth'
import { HttpStatusCode, TwoFactorEnableResult } from '@peertube/peertube-models'
import { unwrapBody } from '../requests/index.js'
import { AbstractCommand, OverrideCommandOptions } from '../shared/index.js'

export class TwoFactorCommand extends AbstractCommand {

  static buildOTP (options: {
    secret: string
  }) {
    const { secret } = options

    return new TOTP({
      issuer: 'PeerTube',
      algorithm: 'SHA1',
      digits: 6,
      period: 30,
      secret
    })
  }

  request (options: OverrideCommandOptions & {
    userId: number
    currentPassword?: string
  }) {
    const { currentPassword, userId } = options

    const path = '/api/v1/users/' + userId + '/two-factor/request'

    return unwrapBody<TwoFactorEnableResult>(this.postBodyRequest({
      ...options,

      path,
      fields: { currentPassword },
      implicitToken: true,
      defaultExpectedStatus: HttpStatusCode.OK_200
    }))
  }

  confirmRequest (options: OverrideCommandOptions & {
    userId: number
    requestToken: string
    otpToken: string
  }) {
    const { userId, requestToken, otpToken } = options

    const path = '/api/v1/users/' + userId + '/two-factor/confirm-request'

    return this.postBodyRequest({
      ...options,

      path,
      fields: { requestToken, otpToken },
      implicitToken: true,
      defaultExpectedStatus: HttpStatusCode.NO_CONTENT_204
    })
  }

  disable (options: OverrideCommandOptions & {
    userId: number
    currentPassword?: string
  }) {
    const { userId, currentPassword } = options
    const path = '/api/v1/users/' + userId + '/two-factor/disable'

    return this.postBodyRequest({
      ...options,

      path,
      fields: { currentPassword },
      implicitToken: true,
      defaultExpectedStatus: HttpStatusCode.NO_CONTENT_204
    })
  }

  async requestAndConfirm (options: OverrideCommandOptions & {
    userId: number
    currentPassword?: string
  }) {
    const { userId, currentPassword } = options

    const { otpRequest } = await this.request({ userId, currentPassword })

    await this.confirmRequest({
      userId,
      requestToken: otpRequest.requestToken,
      otpToken: TwoFactorCommand.buildOTP({ secret: otpRequest.secret }).generate()
    })

    return otpRequest
  }
}
Support two factor authentication in backend 2022-10-05 08:37:15 -05:00			`import { TOTP } from 'otpauth'`
Migrate server to ESM Sorry for the very big commit that may lead to git log issues and merge conflicts, but it's a major step forward: * Server can be faster at startup because imports() are async and we can easily lazy import big modules * Angular doesn't seem to support ES import (with .js extension), so we had to correctly organize peertube into a monorepo: * Use yarn workspace feature * Use typescript reference projects for dependencies * Shared projects have been moved into "packages", each one is now a node module (with a dedicated package.json/tsconfig.json) * server/tools have been moved into apps/ and is now a dedicated app bundled and published on NPM so users don't have to build peertube cli tools manually * server/tests have been moved into packages/ so we don't compile them every time we want to run the server * Use isolatedModule option: * Had to move from const enum to const (https://www.typescriptlang.org/docs/handbook/enums.html#objects-vs-enums) * Had to explictely specify "type" imports when used in decorators * Prefer tsx (that uses esbuild under the hood) instead of ts-node to load typescript files (tests with mocha or scripts): * To reduce test complexity as esbuild doesn't support decorator metadata, we only test server files that do not import server models * We still build tests files into js files for a faster CI * Remove unmaintained peertube CLI import script * Removed some barrels to speed up execution (less imports) 2023-07-31 07:34:36 -05:00			`import { HttpStatusCode, TwoFactorEnableResult } from '@peertube/peertube-models'`
			`import { unwrapBody } from '../requests/index.js'`
			`import { AbstractCommand, OverrideCommandOptions } from '../shared/index.js'`
Support two factor authentication in backend 2022-10-05 08:37:15 -05:00
			`export class TwoFactorCommand extends AbstractCommand {`

			`static buildOTP (options: {`
			`secret: string`
			`}) {`
			`const { secret } = options`

			`return new TOTP({`
			`issuer: 'PeerTube',`
			`algorithm: 'SHA1',`
			`digits: 6,`
			`period: 30,`
			`secret`
			`})`
			`}`

			`request (options: OverrideCommandOptions & {`
			`userId: number`
Allow admins to disable two factor auth 2022-10-07 07:23:42 -05:00			`currentPassword?: string`
Support two factor authentication in backend 2022-10-05 08:37:15 -05:00			`}) {`
			`const { currentPassword, userId } = options`

			`const path = '/api/v1/users/' + userId + '/two-factor/request'`

			`return unwrapBody<TwoFactorEnableResult>(this.postBodyRequest({`
			`...options,`

			`path,`
			`fields: { currentPassword },`
			`implicitToken: true,`
			`defaultExpectedStatus: HttpStatusCode.OK_200`
			`}))`
			`}`

			`confirmRequest (options: OverrideCommandOptions & {`
			`userId: number`
			`requestToken: string`
			`otpToken: string`
			`}) {`
			`const { userId, requestToken, otpToken } = options`

			`const path = '/api/v1/users/' + userId + '/two-factor/confirm-request'`

			`return this.postBodyRequest({`
			`...options,`

			`path,`
			`fields: { requestToken, otpToken },`
			`implicitToken: true,`
			`defaultExpectedStatus: HttpStatusCode.NO_CONTENT_204`
			`})`
			`}`

			`disable (options: OverrideCommandOptions & {`
			`userId: number`
Allow admins to disable two factor auth 2022-10-07 07:23:42 -05:00			`currentPassword?: string`
Support two factor authentication in backend 2022-10-05 08:37:15 -05:00			`}) {`
			`const { userId, currentPassword } = options`
			`const path = '/api/v1/users/' + userId + '/two-factor/disable'`

			`return this.postBodyRequest({`
			`...options,`

			`path,`
			`fields: { currentPassword },`
			`implicitToken: true,`
			`defaultExpectedStatus: HttpStatusCode.NO_CONTENT_204`
			`})`
			`}`
Allow admins to disable two factor auth 2022-10-07 07:23:42 -05:00
			`async requestAndConfirm (options: OverrideCommandOptions & {`
			`userId: number`
			`currentPassword?: string`
			`}) {`
			`const { userId, currentPassword } = options`

			`const { otpRequest } = await this.request({ userId, currentPassword })`

			`await this.confirmRequest({`
			`userId,`
			`requestToken: otpRequest.requestToken,`
			`otpToken: TwoFactorCommand.buildOTP({ secret: otpRequest.secret }).generate()`
			`})`

			`return otpRequest`
			`}`
Support two factor authentication in backend 2022-10-05 08:37:15 -05:00			`}`