move auth utils

server/routers/auth/2fa.ts

@@ -1,59 +0,0 @@
-import { verify } from "@node-rs/argon2";
-import db from "@server/db";
-import { twoFactorBackupCodes } from "@server/db/schema";
-import { eq } from "drizzle-orm";
-import { decodeHex } from "oslo/encoding";
-import { TOTPController } from "oslo/otp";
-
-export async function verifyTotpCode(
-    code: string,
-    secret: string,
-    userId: string,
-): Promise<boolean> {
-    if (code.length !== 6) {
-        const validBackupCode = await verifyBackUpCode(code, userId);
-        return validBackupCode;
-    } else {
-        const validOTP = await new TOTPController().verify(
-            code,
-            decodeHex(secret),
-        );
-
-        return validOTP;
-    }
-}
-
-export async function verifyBackUpCode(
-    code: string,
-    userId: string,
-): Promise<boolean> {
-    const allHashed = await db
-        .select()
-        .from(twoFactorBackupCodes)
-        .where(eq(twoFactorBackupCodes.userId, userId));
-
-    if (!allHashed || !allHashed.length) {
-        return false;
-    }
-
-    let validId;
-    for (const hashedCode of allHashed) {
-        const validCode = await verify(hashedCode.codeHash, code, {
-            memoryCost: 19456,
-            timeCost: 2,
-            outputLen: 32,
-            parallelism: 1,
-        });
-        if (validCode) {
-            validId = hashedCode.id;
-        }
-    }
-
-    if (validId) {
-        await db
-            .delete(twoFactorBackupCodes)
-            .where(eq(twoFactorBackupCodes.id, validId));
-    }
-
-    return validId ? true : false;
-}

server/routers/auth/changePassword.ts

@@ -8,9 +8,9 @@ import { db } from "@server/db";
 import { User, users } from "@server/db/schema";
 import { eq } from "drizzle-orm";
 import { response } from "@server/utils";
-import { hashPassword, verifyPassword } from "./password";
-import { verifyTotpCode } from "./2fa";
-import { passwordSchema } from "./passwordSchema";
+import { hashPassword, verifyPassword } from "@server/auth/password";
+import { verifyTotpCode } from "@server/auth/2fa";
+import { passwordSchema } from "@server/auth/passwordSchema";
 
 export const changePasswordBody = z.object({
     oldPassword: z.string(),

server/routers/auth/disable2fa.ts

@@ -8,8 +8,8 @@ import { db } from "@server/db";
 import { twoFactorBackupCodes, User, users } from "@server/db/schema";
 import { eq } from "drizzle-orm";
 import { response } from "@server/utils";
-import { verifyPassword } from "./password";
-import { verifyTotpCode } from "./2fa";
+import { verifyPassword } from "@server/auth/password";
+import { verifyTotpCode } from "@server/auth/2fa";
 
 export const disable2faBody = z.object({
     password: z.string(),

server/routers/auth/login.ts

@@ -9,7 +9,7 @@ import { NextFunction, Request, Response } from "express";
 import createHttpError from "http-errors";
 import { z } from "zod";
 import { fromError } from "zod-validation-error";
-import { verifyTotpCode } from "./2fa";
+import { verifyTotpCode } from "@server/auth/2fa";
 
 export const loginBodySchema = z.object({
     email: z.string().email(),

server/routers/auth/password.ts

@@ -1,25 +0,0 @@
-import { hash, verify } from "@node-rs/argon2";
-
-export async function verifyPassword(
-    password: string,
-    hash: string,
-): Promise<boolean> {
-    const validPassword = await verify(hash, password, {
-        memoryCost: 19456,
-        timeCost: 2,
-        outputLen: 32,
-        parallelism: 1,
-    });
-    return validPassword;
-}
-
-export async function hashPassword(password: string): Promise<string> {
-    const passwordHash = await hash(password, {
-        memoryCost: 19456,
-        timeCost: 2,
-        outputLen: 32,
-        parallelism: 1,
-    });
-
-    return passwordHash;
-}

server/routers/auth/passwordSchema.ts

@@ -1,13 +0,0 @@
-import z from "zod";
-
-export const passwordSchema = z
-    .string()
-    .min(8, { message: "Password must be at least 8 characters long" })
-    .max(64, { message: "Password must be at most 64 characters long" })
-    .regex(/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).*$/, {
-        message: `Your password must meet the following conditions:
-- At least one uppercase English letter.
-- At least one lowercase English letter.
-- At least one digit.
-- At least one special character.`,
-    });

server/routers/auth/resetPassword.ts

@@ -8,9 +8,9 @@ import { db } from "@server/db";
 import { passwordResetTokens, users } from "@server/db/schema";
 import { eq } from "drizzle-orm";
 import { sha256 } from "oslo/crypto";
-import { hashPassword } from "./password";
-import { verifyTotpCode } from "./2fa";
-import { passwordSchema } from "./passwordSchema";
+import { hashPassword } from "@server/auth/password";
+import { verifyTotpCode } from "@server/auth/2fa";
+import { passwordSchema } from "@server/auth/passwordSchema";
 import { encodeHex } from "oslo/encoding";
 import { isWithinExpirationDate } from "oslo";
 import lucia from "@server/auth";

server/routers/auth/signup.ts

@@ -11,7 +11,7 @@ import createHttpError from "http-errors";
 import response from "@server/utils/response";
 import { SqliteError } from "better-sqlite3";
 import { sendEmailVerificationCode } from "./sendEmailVerificationCode";
-import { passwordSchema } from "./passwordSchema";
+import { passwordSchema } from "@server/auth/passwordSchema";
 
 export const signupBodySchema = z.object({
     email: z.string().email(),

server/routers/auth/verifyTotp.ts

@@ -8,8 +8,8 @@ import { db } from "@server/db";
 import { twoFactorBackupCodes, User, users } from "@server/db/schema";
 import { eq } from "drizzle-orm";
 import { alphabet, generateRandomString } from "oslo/crypto";
-import { hashPassword } from "./password";
-import { verifyTotpCode } from "./2fa";
+import { hashPassword } from "@server/auth/password";
+import { verifyTotpCode } from "@server/auth/2fa";
 
 export const verifyTotpBody = z.object({
     code: z.string(),