mirror of
https://github.com/fosrl/pangolin.git
synced 2026-03-03 09:16:40 +00:00
Add basic transactions
This commit is contained in:
Owen Schwartz
@@ -12,10 +12,12 @@ import { verifyPassword } from "@server/auth/password";
|
||||
import { verifyTotpCode } from "@server/auth/2fa";
|
||||
import logger from "@server/logger";
|
||||
|
||||
export const disable2faBody = z.object({
|
||||
password: z.string(),
|
||||
code: z.string().optional(),
|
||||
}).strict();
|
||||
export const disable2faBody = z
|
||||
.object({
|
||||
password: z.string(),
|
||||
code: z.string().optional()
|
||||
})
|
||||
.strict();
|
||||
|
||||
export type Disable2faBody = z.infer<typeof disable2faBody>;
|
||||
|
||||
@@ -26,7 +28,7 @@ export type Disable2faResponse = {
|
||||
export async function disable2fa(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction,
|
||||
next: NextFunction
|
||||
): Promise<any> {
|
||||
const parsedBody = disable2faBody.safeParse(req.body);
|
||||
|
||||
@@ -34,8 +36,8 @@ export async function disable2fa(
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
fromError(parsedBody.error).toString(),
|
||||
),
|
||||
fromError(parsedBody.error).toString()
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
@@ -52,8 +54,8 @@ export async function disable2fa(
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
"Two-factor authentication is already disabled",
|
||||
),
|
||||
"Two-factor authentication is already disabled"
|
||||
)
|
||||
);
|
||||
} else {
|
||||
if (!code) {
|
||||
@@ -62,7 +64,7 @@ export async function disable2fa(
|
||||
success: true,
|
||||
error: false,
|
||||
message: "Two-factor authentication required",
|
||||
status: HttpCode.ACCEPTED,
|
||||
status: HttpCode.ACCEPTED
|
||||
});
|
||||
}
|
||||
}
|
||||
@@ -70,27 +72,28 @@ export async function disable2fa(
|
||||
const validOTP = await verifyTotpCode(
|
||||
code,
|
||||
user.twoFactorSecret!,
|
||||
user.userId,
|
||||
user.userId
|
||||
);
|
||||
|
||||
if (!validOTP) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
"The two-factor code you entered is incorrect",
|
||||
),
|
||||
"The two-factor code you entered is incorrect"
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
await db
|
||||
.update(users)
|
||||
.set({ twoFactorEnabled: false })
|
||||
.where(eq(users.userId, user.userId));
|
||||
|
||||
await db
|
||||
.delete(twoFactorBackupCodes)
|
||||
.where(eq(twoFactorBackupCodes.userId, user.userId));
|
||||
await db.transaction(async (trx) => {
|
||||
await trx
|
||||
.update(users)
|
||||
.set({ twoFactorEnabled: false })
|
||||
.where(eq(users.userId, user.userId));
|
||||
|
||||
await trx
|
||||
.delete(twoFactorBackupCodes)
|
||||
.where(eq(twoFactorBackupCodes.userId, user.userId));
|
||||
});
|
||||
// TODO: send email to user confirming two-factor authentication is disabled
|
||||
|
||||
return response<null>(res, {
|
||||
@@ -98,15 +101,15 @@ export async function disable2fa(
|
||||
success: true,
|
||||
error: false,
|
||||
message: "Two-factor authentication disabled",
|
||||
status: HttpCode.OK,
|
||||
status: HttpCode.OK
|
||||
});
|
||||
} catch (error) {
|
||||
logger.error(error);
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.INTERNAL_SERVER_ERROR,
|
||||
"Failed to disable two-factor authentication",
|
||||
),
|
||||
"Failed to disable two-factor authentication"
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -63,18 +63,23 @@ export async function requestPasswordReset(
|
||||
);
|
||||
}
|
||||
|
||||
await db
|
||||
.delete(passwordResetTokens)
|
||||
.where(eq(passwordResetTokens.userId, existingUser[0].userId));
|
||||
const token = generateRandomString(
|
||||
8,
|
||||
alphabet("0-9", "A-Z", "a-z")
|
||||
);
|
||||
await db.transaction(async (trx) => {
|
||||
await trx
|
||||
.delete(passwordResetTokens)
|
||||
.where(eq(passwordResetTokens.userId, existingUser[0].userId));
|
||||
|
||||
const token = generateRandomString(8, alphabet("0-9", "A-Z", "a-z"));
|
||||
const tokenHash = await hashPassword(token);
|
||||
const tokenHash = await hashPassword(token);
|
||||
|
||||
await db.insert(passwordResetTokens).values({
|
||||
userId: existingUser[0].userId,
|
||||
email: existingUser[0].email,
|
||||
tokenHash,
|
||||
expiresAt: createDate(new TimeSpan(2, "h")).getTime()
|
||||
await trx.insert(passwordResetTokens).values({
|
||||
userId: existingUser[0].userId,
|
||||
email: existingUser[0].email,
|
||||
tokenHash,
|
||||
expiresAt: createDate(new TimeSpan(2, "h")).getTime()
|
||||
});
|
||||
});
|
||||
|
||||
const url = `${config.app.base_url}/auth/reset-password?email=${email}&token=${token}`;
|
||||
|
||||
@@ -135,20 +135,22 @@ export async function resetPassword(
|
||||
|
||||
await invalidateAllSessions(resetRequest[0].userId);
|
||||
|
||||
await db
|
||||
.update(users)
|
||||
.set({ passwordHash })
|
||||
.where(eq(users.userId, resetRequest[0].userId));
|
||||
await db.transaction(async (trx) => {
|
||||
await trx
|
||||
.update(users)
|
||||
.set({ passwordHash })
|
||||
.where(eq(users.userId, resetRequest[0].userId));
|
||||
|
||||
await db
|
||||
.delete(passwordResetTokens)
|
||||
.where(eq(passwordResetTokens.email, email));
|
||||
await trx
|
||||
.delete(passwordResetTokens)
|
||||
.where(eq(passwordResetTokens.email, email));
|
||||
});
|
||||
|
||||
await sendEmail(ConfirmPasswordReset({ email }), {
|
||||
from: config.email?.no_reply,
|
||||
to: email,
|
||||
subject: "Password Reset Confirmation"
|
||||
})
|
||||
});
|
||||
|
||||
return response<ResetPasswordResponse>(res, {
|
||||
data: null,
|
||||
|
||||
@@ -62,16 +62,18 @@ export async function verifyEmail(
|
||||
const valid = await isValidCode(user, code);
|
||||
|
||||
if (valid) {
|
||||
await db
|
||||
.delete(emailVerificationCodes)
|
||||
.where(eq(emailVerificationCodes.userId, user.userId));
|
||||
await db.transaction(async (trx) => {
|
||||
await trx
|
||||
.delete(emailVerificationCodes)
|
||||
.where(eq(emailVerificationCodes.userId, user.userId));
|
||||
|
||||
await db
|
||||
.update(users)
|
||||
.set({
|
||||
emailVerified: true
|
||||
})
|
||||
.where(eq(users.userId, user.userId));
|
||||
await trx
|
||||
.update(users)
|
||||
.set({
|
||||
emailVerified: true
|
||||
})
|
||||
.where(eq(users.userId, user.userId));
|
||||
});
|
||||
} else {
|
||||
return next(
|
||||
createHttpError(
|
||||
|
||||
@@ -73,21 +73,23 @@ export async function verifyTotp(
|
||||
let codes;
|
||||
if (valid) {
|
||||
// if valid, enable two-factor authentication; the totp secret is no longer temporary
|
||||
await db
|
||||
.update(users)
|
||||
.set({ twoFactorEnabled: true })
|
||||
.where(eq(users.userId, user.userId));
|
||||
await db.transaction(async (trx) => {
|
||||
await trx
|
||||
.update(users)
|
||||
.set({ twoFactorEnabled: true })
|
||||
.where(eq(users.userId, user.userId));
|
||||
|
||||
const backupCodes = await generateBackupCodes();
|
||||
codes = backupCodes;
|
||||
for (const code of backupCodes) {
|
||||
const hash = await hashPassword(code);
|
||||
const backupCodes = await generateBackupCodes();
|
||||
codes = backupCodes;
|
||||
for (const code of backupCodes) {
|
||||
const hash = await hashPassword(code);
|
||||
|
||||
await db.insert(twoFactorBackupCodes).values({
|
||||
userId: user.userId,
|
||||
codeHash: hash
|
||||
});
|
||||
}
|
||||
await trx.insert(twoFactorBackupCodes).values({
|
||||
userId: user.userId,
|
||||
codeHash: hash
|
||||
});
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
// TODO: send email to user confirming two-factor authentication is enabled
|
||||
|
||||
Reference in New Issue
Block a user