mirror of https://github.com/wg-easy/wg-easy
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
53 lines
1.3 KiB
53 lines
1.3 KiB
import { Verify2faSchema } from '#db/repositories/user/types';
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const { totpCode } = await readValidatedBody(
|
|
event,
|
|
validateZod(Verify2faSchema, event)
|
|
);
|
|
const session = await useWGSession(event);
|
|
|
|
const pendingLogin = session.data.pendingLogin;
|
|
if (!pendingLogin) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: 'No pending authentication',
|
|
});
|
|
}
|
|
if (new Date() > new Date(pendingLogin.expires_at)) {
|
|
await session.update({
|
|
pendingLogin: undefined,
|
|
});
|
|
|
|
return { status: 'PENDING_LOGIN_EXPIRED' as const };
|
|
}
|
|
|
|
const totpStatus = await Database.users.validateTotpCode(
|
|
pendingLogin.userId,
|
|
totpCode
|
|
);
|
|
|
|
switch (totpStatus) {
|
|
case 'INVALID_TOTP_CODE':
|
|
return { status: 'INVALID_TOTP_CODE' as const };
|
|
case 'USER_DISABLED':
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: 'User disabled',
|
|
});
|
|
case 'success':
|
|
break;
|
|
default:
|
|
assertUnreachable(totpStatus);
|
|
}
|
|
|
|
await session.update({
|
|
userId: pendingLogin.userId,
|
|
pendingLogin: undefined,
|
|
oauth_nonce: undefined,
|
|
oauth_state: undefined,
|
|
oauth_verifier: undefined,
|
|
});
|
|
|
|
return { status: 'success' as const };
|
|
});
|
|
|