monkeeShark/packages/backend/src/core/UserAuthService.ts

/*
 * SPDX-FileCopyrightText: syuilo and other misskey contributors
 * SPDX-License-Identifier: AGPL-3.0-only
 */

import { Inject, Injectable } from '@nestjs/common';
import { QueryFailedError } from 'typeorm';
import * as OTPAuth from 'otpauth';
import { DI } from '@/di-symbols.js';
import type { MiUserProfile, UserProfilesRepository, UsersRepository } from '@/models/_.js';
import { bindThis } from '@/decorators.js';
import { isDuplicateKeyValueError } from '@/misc/is-duplicate-key-value-error.js';
import type { MiLocalUser } from '@/models/User.js';

@Injectable()
export class UserAuthService {
	constructor(
		@Inject(DI.usersRepository)
		private usersRepository: UsersRepository,

		@Inject(DI.userProfilesRepository)
		private userProfilesRepository: UserProfilesRepository,
	) {
	}

	@bindThis
	public async twoFactorAuthenticate(profile: MiUserProfile, token: string): Promise<void> {
		if (profile.twoFactorBackupSecret?.includes(token)) {
			await this.userProfilesRepository.update({ userId: profile.userId }, {
				twoFactorBackupSecret: profile.twoFactorBackupSecret.filter((secret) => secret !== token),
			});
		} else {
			const delta = OTPAuth.TOTP.validate({
				secret: OTPAuth.Secret.fromBase32(profile.twoFactorSecret!),
				digits: 6,
				token,
				window: 5,
			});

			if (delta === null) {
				throw new Error('authentication failed');
			}
		}
	}
}
enhance: 二要素認証設定時のセキュリティを強化 (#11863) * enhance: 二要素認証設定時のセキュリティを強化パスワード入力が必要な操作を行う際、二要素認証が有効であれば確認コードの入力も必要にする * Update CoreModule.ts * Update 2fa.ts * wip * wip * Update 2fa.ts * tweak 2023-09-22 05:12:33 +00:00			`/*`
			`* SPDX-FileCopyrightText: syuilo and other misskey contributors`
			`* SPDX-License-Identifier: AGPL-3.0-only`
			`*/`

			`import { Inject, Injectable } from '@nestjs/common';`
			`import { QueryFailedError } from 'typeorm';`
			`import * as OTPAuth from 'otpauth';`
			`import { DI } from '@/di-symbols.js';`
			`import type { MiUserProfile, UserProfilesRepository, UsersRepository } from '@/models/_.js';`
			`import { bindThis } from '@/decorators.js';`
			`import { isDuplicateKeyValueError } from '@/misc/is-duplicate-key-value-error.js';`
			`import type { MiLocalUser } from '@/models/User.js';`

			`@Injectable()`
			`export class UserAuthService {`
			`constructor(`
			`@Inject(DI.usersRepository)`
			`private usersRepository: UsersRepository,`

			`@Inject(DI.userProfilesRepository)`
			`private userProfilesRepository: UserProfilesRepository,`
			`) {`
			`}`

			`@bindThis`
			`public async twoFactorAuthenticate(profile: MiUserProfile, token: string): Promise<void> {`
			`if (profile.twoFactorBackupSecret?.includes(token)) {`
			`await this.userProfilesRepository.update({ userId: profile.userId }, {`
			`twoFactorBackupSecret: profile.twoFactorBackupSecret.filter((secret) => secret !== token),`
			`});`
			`} else {`
			`const delta = OTPAuth.TOTP.validate({`
			`secret: OTPAuth.Secret.fromBase32(profile.twoFactorSecret!),`
			`digits: 6,`
			`token,`
			`window: 5,`
			`});`

			`if (delta === null) {`
			`throw new Error('authentication failed');`
			`}`
			`}`
			`}`
			`}`