@arch-cadre/two-factor-email 0.0.1

package/dist/actions.cjs

@@ -0,0 +1,90 @@
+"use strict";
+"use server";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.generateAndSendCode = generateAndSendCode;
+exports.is2FAEnabled = is2FAEnabled;
+exports.toggle2FA = toggle2FA;
+exports.verifyAndLogin = verifyAndLogin;
+var _server = require("@arch-cadre/core/server");
+var _drizzleOrm = require("drizzle-orm");
+var _schema = require("./schema.cjs");
+async function is2FAEnabled(userId) {
+  const [settings] = await _server.db.select().from(_schema.twoFactorSettingsTable).where((0, _drizzleOrm.eq)(_schema.twoFactorSettingsTable.userId, userId));
+  return settings?.enabled ?? false;
+}
+async function toggle2FA(enabled) {
+  const {
+    user
+  } = await (0, _server.getCurrentSession)();
+  if (!user) throw new Error("Unauthorized");
+  await _server.db.insert(_schema.twoFactorSettingsTable).values({
+    userId: user.id,
+    enabled
+  }).onConflictDoUpdate({
+    target: _schema.twoFactorSettingsTable.userId,
+    set: {
+      enabled,
+      updatedAt: /* @__PURE__ */new Date()
+    }
+  });
+  await _server.eventBus.publish("activity.create", {
+    action: "2fa.toggled",
+    description: `User ${enabled ? "enabled" : "disabled"} 2FA`,
+    userId: user.id,
+    metadata: {
+      enabled
+    }
+  }, "auth:2fa");
+  return {
+    success: true
+  };
+}
+async function generateAndSendCode(userId) {
+  const user = await (0, _server.getUserById)(userId);
+  if (!user) throw new Error("User not found");
+  const code = Math.floor(1e5 + Math.random() * 9e5).toString();
+  const expiresAt = new Date(Date.now() + 10 * 60 * 1e3);
+  await _server.db.delete(_schema.twoFactorTokensTable).where((0, _drizzleOrm.eq)(_schema.twoFactorTokensTable.userId, userId));
+  await _server.db.insert(_schema.twoFactorTokensTable).values({
+    userId,
+    code,
+    expiresAt
+  });
+  await (0, _server.send2FACode)(user.email, code);
+  await _server.eventBus.publish("activity.create", {
+    action: "2fa.sended",
+    description: `User sent 2FA code`,
+    userId,
+    metadata: {
+      code
+    }
+  }, "auth:2fa");
+  return {
+    success: true
+  };
+}
+async function verifyAndLogin(userId, code) {
+  const [token] = await _server.db.select().from(_schema.twoFactorTokensTable).where((0, _drizzleOrm.and)((0, _drizzleOrm.eq)(_schema.twoFactorTokensTable.userId, userId), (0, _drizzleOrm.eq)(_schema.twoFactorTokensTable.code, code), (0, _drizzleOrm.gt)(_schema.twoFactorTokensTable.expiresAt, /* @__PURE__ */new Date())));
+  if (!token) {
+    return {
+      error: "Invalid or expired code"
+    };
+  }
+  await _server.db.delete(_schema.twoFactorTokensTable).where((0, _drizzleOrm.eq)(_schema.twoFactorTokensTable.userId, userId));
+  const result = await (0, _server.finalizeLogin)(userId, {});
+  await _server.eventBus.publish("activity.create", {
+    action: "2fa.verified",
+    description: `User verified 2FA`,
+    userId,
+    metadata: {
+      userId
+    }
+  }, "auth:2fa");
+  return {
+    success: true,
+    ...result
+  };
+}

package/dist/actions.d.ts

@@ -0,0 +1,8 @@
+export declare function is2FAEnabled(userId: string): Promise<any>;
+export declare function toggle2FA(enabled: boolean): Promise<{
+    success: boolean;
+}>;
+export declare function generateAndSendCode(userId: string): Promise<{
+    success: boolean;
+}>;
+export declare function verifyAndLogin(userId: string, code: string): Promise<any>;

package/dist/actions.mjs

@@ -0,0 +1,83 @@
+"use server";
+import {
+  db,
+  eventBus,
+  finalizeLogin,
+  getCurrentSession,
+  getUserById,
+  send2FACode
+} from "@arch-cadre/core/server";
+import { and, eq, gt } from "drizzle-orm";
+import { twoFactorSettingsTable, twoFactorTokensTable } from "./schema.mjs";
+export async function is2FAEnabled(userId) {
+  const [settings] = await db.select().from(twoFactorSettingsTable).where(eq(twoFactorSettingsTable.userId, userId));
+  return settings?.enabled ?? false;
+}
+export async function toggle2FA(enabled) {
+  const { user } = await getCurrentSession();
+  if (!user) throw new Error("Unauthorized");
+  await db.insert(twoFactorSettingsTable).values({ userId: user.id, enabled }).onConflictDoUpdate({
+    target: twoFactorSettingsTable.userId,
+    set: { enabled, updatedAt: /* @__PURE__ */ new Date() }
+  });
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "2fa.toggled",
+      description: `User ${enabled ? "enabled" : "disabled"} 2FA`,
+      userId: user.id,
+      metadata: { enabled }
+    },
+    "auth:2fa"
+  );
+  return { success: true };
+}
+export async function generateAndSendCode(userId) {
+  const user = await getUserById(userId);
+  if (!user) throw new Error("User not found");
+  const code = Math.floor(1e5 + Math.random() * 9e5).toString();
+  const expiresAt = new Date(Date.now() + 10 * 60 * 1e3);
+  await db.delete(twoFactorTokensTable).where(eq(twoFactorTokensTable.userId, userId));
+  await db.insert(twoFactorTokensTable).values({
+    userId,
+    code,
+    expiresAt
+  });
+  await send2FACode(user.email, code);
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "2fa.sended",
+      description: `User sent 2FA code`,
+      userId,
+      metadata: { code }
+    },
+    "auth:2fa"
+  );
+  return { success: true };
+}
+export async function verifyAndLogin(userId, code) {
+  const [token] = await db.select().from(twoFactorTokensTable).where(
+    and(
+      eq(twoFactorTokensTable.userId, userId),
+      eq(twoFactorTokensTable.code, code),
+      gt(twoFactorTokensTable.expiresAt, /* @__PURE__ */ new Date())
+    )
+  );
+  if (!token) {
+    return { error: "Invalid or expired code" };
+  }
+  await db.delete(twoFactorTokensTable).where(eq(twoFactorTokensTable.userId, userId));
+  const result = await finalizeLogin(userId, {});
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "2fa.verified",
+      description: `User verified 2FA`,
+      userId,
+      metadata: { userId }
+    },
+    "auth:2fa"
+  );
+  return { success: true, ...result };
+}

package/dist/index.cjs

@@ -0,0 +1,62 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+
+var _server = require("@arch-cadre/core/server");
+var _drizzleOrm = require("drizzle-orm");
+var _manifest = _interopRequireDefault(require("../manifest.json"));
+var _actions = require("./actions.cjs");
+var _routes = require("./routes.cjs");
+var _settingsToggle = require("./ui/settings-toggle.cjs");
+function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+const twoFactorEmailModule = {
+  manifest: _manifest.default,
+  routes: {
+    public: _routes.publicRoutes
+  },
+  init: async () => {
+    console.log("[Module:2FA-Email] Initializing...");
+    (0, _server.registerAuthValidator)(async userId => {
+      console.log(`[Module:2FA-Email] Validating login for user: ${userId}`);
+      try {
+        const enabled = await (0, _actions.is2FAEnabled)(userId);
+        console.log(`[Module:2FA-Email] 2FA enabled for user ${userId}: ${enabled}`);
+        if (enabled) {
+          console.log(`[Module:2FA-Email] Generating code for user ${userId}`);
+          await (0, _actions.generateAndSendCode)(userId);
+          return {
+            status: "CHALLENGE_REQUIRED",
+            type: "email_2fa",
+            userId,
+            redirect: `/auth/2fa?userId=${userId}`
+          };
+        }
+      } catch (error) {
+        console.error("[Module:2FA-Email] Error during auth validation:", error);
+      }
+      return null;
+    });
+    console.log("[Module:2FA-Email] Validator registered.");
+  },
+  onDisable: async () => {
+    console.log("[Module:2FA-Email] onDisable: Dropping all tables physically...");
+    try {
+      const tables = ["two_factor_settings", "two_factor_tokens"];
+      for (const table of tables) {
+        await _server.db.execute(_drizzleOrm.sql.raw(`DROP TABLE IF EXISTS ${table} CASCADE`));
+      }
+    } catch (e) {
+      console.error("[Module:2FA-Email] onDisable Error:", e);
+    }
+  },
+  extensions: [{
+    id: "2fa-settings-section",
+    targetModule: "user-profile",
+    point: "settings:extra-sections",
+    component: _settingsToggle.TwoFactorSettings,
+    priority: 50
+  }]
+};
+module.exports = twoFactorEmailModule;

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+import type { IModule } from "@arch-cadre/modules";
+declare const twoFactorEmailModule: IModule;
+export default twoFactorEmailModule;

package/dist/index.mjs

@@ -0,0 +1,64 @@
+import { db, registerAuthValidator } from "@arch-cadre/core/server";
+import { sql } from "drizzle-orm";
+import manifest from "../manifest.json";
+import { generateAndSendCode, is2FAEnabled } from "./actions.mjs";
+import { publicRoutes } from "./routes.mjs";
+import { TwoFactorSettings } from "./ui/settings-toggle.mjs";
+const twoFactorEmailModule = {
+  manifest,
+  routes: {
+    public: publicRoutes
+  },
+  init: async () => {
+    console.log("[Module:2FA-Email] Initializing...");
+    registerAuthValidator(async (userId) => {
+      console.log(`[Module:2FA-Email] Validating login for user: ${userId}`);
+      try {
+        const enabled = await is2FAEnabled(userId);
+        console.log(
+          `[Module:2FA-Email] 2FA enabled for user ${userId}: ${enabled}`
+        );
+        if (enabled) {
+          console.log(`[Module:2FA-Email] Generating code for user ${userId}`);
+          await generateAndSendCode(userId);
+          return {
+            status: "CHALLENGE_REQUIRED",
+            type: "email_2fa",
+            userId,
+            redirect: `/auth/2fa?userId=${userId}`
+          };
+        }
+      } catch (error) {
+        console.error(
+          "[Module:2FA-Email] Error during auth validation:",
+          error
+        );
+      }
+      return null;
+    });
+    console.log("[Module:2FA-Email] Validator registered.");
+  },
+  onDisable: async () => {
+    console.log(
+      "[Module:2FA-Email] onDisable: Dropping all tables physically..."
+    );
+    try {
+      const tables = ["two_factor_settings", "two_factor_tokens"];
+      for (const table of tables) {
+        await db.execute(sql.raw(`DROP TABLE IF EXISTS ${table} CASCADE`));
+      }
+    } catch (e) {
+      console.error("[Module:2FA-Email] onDisable Error:", e);
+    }
+  },
+  extensions: [
+    {
+      id: "2fa-settings-section",
+      targetModule: "user-profile",
+      point: "settings:extra-sections",
+      component: TwoFactorSettings,
+      priority: 50
+    }
+  ]
+};
+export default twoFactorEmailModule;

package/dist/intl.d.ts

@@ -0,0 +1,9 @@
+import type messages from "../locales/en/global.json";
+
+type JsonDataType = typeof messages;
+
+declare module "@arch-cadre/intl" {
+  export interface IntlMessages extends JsonDataType {}
+}
+
+export {};

package/dist/routes.cjs

@@ -0,0 +1,14 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.publicRoutes = void 0;
+var _dynamic = _interopRequireDefault(require("next/dynamic"));
+function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+const TwoFactorVerifyPage = (0, _dynamic.default)(() => Promise.resolve().then(() => require("./ui/verify-page.cjs")));
+const publicRoutes = exports.publicRoutes = [{
+  path: "/auth/2fa",
+  component: TwoFactorVerifyPage,
+  auth: false
+}];

package/dist/routes.d.ts

@@ -0,0 +1,2 @@
+import type { PublicRouteDefinition } from "@arch-cadre/modules";
+export declare const publicRoutes: PublicRouteDefinition[];

package/dist/routes.mjs

@@ -0,0 +1,9 @@
+import dynamic from "next/dynamic";
+const TwoFactorVerifyPage = dynamic(() => import("./ui/verify-page.mjs"));
+export const publicRoutes = [
+  {
+    path: "/auth/2fa",
+    component: TwoFactorVerifyPage,
+    auth: false
+  }
+];

package/dist/schema.cjs

@@ -0,0 +1,34 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.twoFactorTokensTable = exports.twoFactorSettingsTable = exports.twoFactorSchema = void 0;
+var _core = require("@arch-cadre/core");
+var _pgCore = require("drizzle-orm/pg-core");
+const twoFactorSettingsTable = exports.twoFactorSettingsTable = (0, _pgCore.pgTable)("two_factor_settings", {
+  userId: (0, _pgCore.text)("user_id").primaryKey().references(() => _core.userTable.id, {
+    onDelete: "cascade"
+  }),
+  enabled: (0, _pgCore.boolean)("enabled").notNull().default(false),
+  updatedAt: (0, _pgCore.timestamp)("updated_at", {
+    precision: 3
+  }).defaultNow()
+});
+const twoFactorTokensTable = exports.twoFactorTokensTable = (0, _pgCore.pgTable)("two_factor_tokens", {
+  id: (0, _pgCore.text)("id").$defaultFn(() => crypto.randomUUID()).notNull().primaryKey(),
+  userId: (0, _pgCore.text)("user_id").notNull().references(() => _core.userTable.id, {
+    onDelete: "cascade"
+  }),
+  code: (0, _pgCore.text)("code").notNull(),
+  expiresAt: (0, _pgCore.timestamp)("expires_at", {
+    precision: 3
+  }).notNull(),
+  createdAt: (0, _pgCore.timestamp)("created_at", {
+    precision: 3
+  }).notNull().defaultNow()
+});
+const twoFactorSchema = exports.twoFactorSchema = {
+  twoFactorSettingsTable,
+  twoFactorTokensTable
+};

package/dist/schema.d.ts

@@ -0,0 +1,270 @@
+export declare const twoFactorSettingsTable: import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "two_factor_settings";
+    schema: undefined;
+    columns: {
+        userId: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_settings", import("drizzle-orm/pg-core").SetIsPrimaryKey<import("drizzle-orm/pg-core").PgTextBuilder<[string, ...string[]]>>, {
+            name: string;
+            tableName: "two_factor_settings";
+            dataType: "string";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+        }>;
+        enabled: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_settings", import("drizzle-orm/pg-core").SetHasDefault<import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgBooleanBuilder>>, {
+            name: string;
+            tableName: "two_factor_settings";
+            dataType: "boolean";
+            data: boolean;
+            driverParam: boolean;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+        }>;
+        updatedAt: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_settings", import("drizzle-orm/pg-core").SetHasDefault<import("drizzle-orm/pg-core").PgTimestampBuilder>, {
+            name: string;
+            tableName: "two_factor_settings";
+            dataType: "object date";
+            data: Date;
+            driverParam: string;
+            notNull: false;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+        }>;
+    };
+    dialect: "pg";
+}>;
+export declare const twoFactorTokensTable: import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "two_factor_tokens";
+    schema: undefined;
+    columns: {
+        id: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_tokens", import("drizzle-orm/pg-core").SetIsPrimaryKey<import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").SetHasRuntimeDefault<import("drizzle-orm/pg-core").PgTextBuilder<[string, ...string[]]>>>>, {
+            name: string;
+            tableName: "two_factor_tokens";
+            dataType: "string";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+        }>;
+        userId: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_tokens", import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgTextBuilder<[string, ...string[]]>>, {
+            name: string;
+            tableName: "two_factor_tokens";
+            dataType: "string";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+        }>;
+        code: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_tokens", import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgTextBuilder<[string, ...string[]]>>, {
+            name: string;
+            tableName: "two_factor_tokens";
+            dataType: "string";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+        }>;
+        expiresAt: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_tokens", import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgTimestampBuilder>, {
+            name: string;
+            tableName: "two_factor_tokens";
+            dataType: "object date";
+            data: Date;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+        }>;
+        createdAt: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_tokens", import("drizzle-orm/pg-core").SetHasDefault<import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgTimestampBuilder>>, {
+            name: string;
+            tableName: "two_factor_tokens";
+            dataType: "object date";
+            data: Date;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+        }>;
+    };
+    dialect: "pg";
+}>;
+export declare const twoFactorSchema: {
+    twoFactorSettingsTable: import("drizzle-orm/pg-core").PgTableWithColumns<{
+        name: "two_factor_settings";
+        schema: undefined;
+        columns: {
+            userId: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_settings", import("drizzle-orm/pg-core").SetIsPrimaryKey<import("drizzle-orm/pg-core").PgTextBuilder<[string, ...string[]]>>, {
+                name: string;
+                tableName: "two_factor_settings";
+                dataType: "string";
+                data: string;
+                driverParam: string;
+                notNull: true;
+                hasDefault: false;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: undefined;
+                identity: undefined;
+                generated: undefined;
+            }>;
+            enabled: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_settings", import("drizzle-orm/pg-core").SetHasDefault<import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgBooleanBuilder>>, {
+                name: string;
+                tableName: "two_factor_settings";
+                dataType: "boolean";
+                data: boolean;
+                driverParam: boolean;
+                notNull: true;
+                hasDefault: true;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: undefined;
+                identity: undefined;
+                generated: undefined;
+            }>;
+            updatedAt: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_settings", import("drizzle-orm/pg-core").SetHasDefault<import("drizzle-orm/pg-core").PgTimestampBuilder>, {
+                name: string;
+                tableName: "two_factor_settings";
+                dataType: "object date";
+                data: Date;
+                driverParam: string;
+                notNull: false;
+                hasDefault: true;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: undefined;
+                identity: undefined;
+                generated: undefined;
+            }>;
+        };
+        dialect: "pg";
+    }>;
+    twoFactorTokensTable: import("drizzle-orm/pg-core").PgTableWithColumns<{
+        name: "two_factor_tokens";
+        schema: undefined;
+        columns: {
+            id: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_tokens", import("drizzle-orm/pg-core").SetIsPrimaryKey<import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").SetHasRuntimeDefault<import("drizzle-orm/pg-core").PgTextBuilder<[string, ...string[]]>>>>, {
+                name: string;
+                tableName: "two_factor_tokens";
+                dataType: "string";
+                data: string;
+                driverParam: string;
+                notNull: true;
+                hasDefault: true;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: undefined;
+                identity: undefined;
+                generated: undefined;
+            }>;
+            userId: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_tokens", import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgTextBuilder<[string, ...string[]]>>, {
+                name: string;
+                tableName: "two_factor_tokens";
+                dataType: "string";
+                data: string;
+                driverParam: string;
+                notNull: true;
+                hasDefault: false;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: undefined;
+                identity: undefined;
+                generated: undefined;
+            }>;
+            code: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_tokens", import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgTextBuilder<[string, ...string[]]>>, {
+                name: string;
+                tableName: "two_factor_tokens";
+                dataType: "string";
+                data: string;
+                driverParam: string;
+                notNull: true;
+                hasDefault: false;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: undefined;
+                identity: undefined;
+                generated: undefined;
+            }>;
+            expiresAt: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_tokens", import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgTimestampBuilder>, {
+                name: string;
+                tableName: "two_factor_tokens";
+                dataType: "object date";
+                data: Date;
+                driverParam: string;
+                notNull: true;
+                hasDefault: false;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: undefined;
+                identity: undefined;
+                generated: undefined;
+            }>;
+            createdAt: import("drizzle-orm/pg-core").PgBuildColumn<"two_factor_tokens", import("drizzle-orm/pg-core").SetHasDefault<import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgTimestampBuilder>>, {
+                name: string;
+                tableName: "two_factor_tokens";
+                dataType: "object date";
+                data: Date;
+                driverParam: string;
+                notNull: true;
+                hasDefault: true;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: undefined;
+                identity: undefined;
+                generated: undefined;
+            }>;
+        };
+        dialect: "pg";
+    }>;
+};

package/dist/schema.mjs

@@ -0,0 +1,18 @@
+import { userTable } from "@arch-cadre/core";
+import { boolean, pgTable, text, timestamp } from "drizzle-orm/pg-core";
+export const twoFactorSettingsTable = pgTable("two_factor_settings", {
+  userId: text("user_id").primaryKey().references(() => userTable.id, { onDelete: "cascade" }),
+  enabled: boolean("enabled").notNull().default(false),
+  updatedAt: timestamp("updated_at", { precision: 3 }).defaultNow()
+});
+export const twoFactorTokensTable = pgTable("two_factor_tokens", {
+  id: text("id").$defaultFn(() => crypto.randomUUID()).notNull().primaryKey(),
+  userId: text("user_id").notNull().references(() => userTable.id, { onDelete: "cascade" }),
+  code: text("code").notNull(),
+  expiresAt: timestamp("expires_at", { precision: 3 }).notNull(),
+  createdAt: timestamp("created_at", { precision: 3 }).notNull().defaultNow()
+});
+export const twoFactorSchema = {
+  twoFactorSettingsTable,
+  twoFactorTokensTable
+};

package/dist/ui/settings-toggle.cjs

@@ -0,0 +1,58 @@
+"use strict";
+"use client";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.TwoFactorSettings = TwoFactorSettings;
+var _intl = require("@arch-cadre/intl");
+var _card = require("@arch-cadre/ui/components/card");
+var _label = require("@arch-cadre/ui/components/label");
+var _switch = require("@arch-cadre/ui/components/switch");
+var _useUser = require("@arch-cadre/ui/hooks/use-user");
+var _react = _interopRequireWildcard(require("react"));
+var React = _react;
+var _sonner = require("sonner");
+var _actions = require("../actions.cjs");
+function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
+function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && {}.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
+function TwoFactorSettings() {
+  const {
+    user
+  } = (0, _useUser.useUser)();
+  const {
+    t
+  } = (0, _intl.useTranslation)();
+  const [enabled, setEnabled] = (0, _react.useState)(false);
+  const [loading, setLoading] = (0, _react.useState)(true);
+  (0, _react.useEffect)(() => {
+    if (user) {
+      (0, _actions.is2FAEnabled)(user.id).then(val => {
+        setEnabled(val);
+        setLoading(false);
+      });
+    }
+  }, [user]);
+  const handleToggle = async val => {
+    try {
+      await (0, _actions.toggle2FA)(val);
+      setEnabled(val);
+      _sonner.toast.success(val ? t("2FA enabled") : t("2FA disabled"));
+    } catch {
+      _sonner.toast.error(t("Action failed"));
+    }
+  };
+  if (loading) return null;
+  return /* @__PURE__ */React.createElement(_card.Card, null, /* @__PURE__ */React.createElement(_card.CardHeader, null, /* @__PURE__ */React.createElement(_card.CardTitle, null, t("Two Factor Authentication")), /* @__PURE__ */React.createElement(_card.CardDescription, null, t("Add an extra layer of security to your account by requiring a code sent to your email."))), /* @__PURE__ */React.createElement(_card.CardContent, {
+    className: "flex items-center justify-between"
+  }, /* @__PURE__ */React.createElement(_label.Label, {
+    htmlFor: "2fa-toggle",
+    className: "flex flex-col "
+  }, /* @__PURE__ */React.createElement("span", null, t("Email Authentication")), /* @__PURE__ */React.createElement("span", {
+    className: "font-normal text-xs text-muted-foreground"
+  }, enabled ? t("Currently enabled") : t("Currently disabled"))), /* @__PURE__ */React.createElement(_switch.Switch, {
+    id: "2fa-toggle",
+    checked: enabled,
+    onCheckedChange: handleToggle
+  })));
+}

package/dist/ui/settings-toggle.d.ts

@@ -0,0 +1,2 @@
+import * as React from "react";
+export declare function TwoFactorSettings(): React.JSX.Element | null;

package/dist/ui/settings-toggle.mjs

@@ -0,0 +1,50 @@
+"use client";
+import { useTranslation } from "@arch-cadre/intl";
+import {
+  Card,
+  CardContent,
+  CardDescription,
+  CardHeader,
+  CardTitle
+} from "@arch-cadre/ui/components/card";
+import { Label } from "@arch-cadre/ui/components/label";
+import { Switch } from "@arch-cadre/ui/components/switch";
+import { useUser } from "@arch-cadre/ui/hooks/use-user";
+import * as React from "react";
+import { useEffect, useState } from "react";
+import { toast } from "sonner";
+import { is2FAEnabled, toggle2FA } from "../actions.mjs";
+export function TwoFactorSettings() {
+  const { user } = useUser();
+  const { t } = useTranslation();
+  const [enabled, setEnabled] = useState(false);
+  const [loading, setLoading] = useState(true);
+  useEffect(() => {
+    if (user) {
+      is2FAEnabled(user.id).then((val) => {
+        setEnabled(val);
+        setLoading(false);
+      });
+    }
+  }, [user]);
+  const handleToggle = async (val) => {
+    try {
+      await toggle2FA(val);
+      setEnabled(val);
+      toast.success(val ? t("2FA enabled") : t("2FA disabled"));
+    } catch {
+      toast.error(t("Action failed"));
+    }
+  };
+  if (loading) return null;
+  return /* @__PURE__ */ React.createElement(Card, null, /* @__PURE__ */ React.createElement(CardHeader, null, /* @__PURE__ */ React.createElement(CardTitle, null, t("Two Factor Authentication")), /* @__PURE__ */ React.createElement(CardDescription, null, t(
+    "Add an extra layer of security to your account by requiring a code sent to your email."
+  ))), /* @__PURE__ */ React.createElement(CardContent, { className: "flex items-center justify-between" }, /* @__PURE__ */ React.createElement(Label, { htmlFor: "2fa-toggle", className: "flex flex-col " }, /* @__PURE__ */ React.createElement("span", null, t("Email Authentication")), /* @__PURE__ */ React.createElement("span", { className: "font-normal text-xs text-muted-foreground" }, enabled ? t("Currently enabled") : t("Currently disabled"))), /* @__PURE__ */ React.createElement(
+    Switch,
+    {
+      id: "2fa-toggle",
+      checked: enabled,
+      onCheckedChange: handleToggle
+    }
+  )));
+}

package/dist/ui/verify-page.cjs

@@ -0,0 +1,91 @@
+"use strict";
+"use client";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+module.exports = TwoFactorVerifyPage;
+var _intl = require("@arch-cadre/intl");
+var _button = require("@arch-cadre/ui/components/button");
+var _card = require("@arch-cadre/ui/components/card");
+var _input = require("@arch-cadre/ui/components/input");
+var _loader = require("@arch-cadre/ui/shared/loader");
+var _navigation = require("next/navigation");
+var _react = _interopRequireWildcard(require("react"));
+var React = _react;
+var _sonner = require("sonner");
+var _actions = require("../actions.cjs");
+function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
+function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && {}.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
+function TwoFactorVerifyPage() {
+  const {
+    t
+  } = (0, _intl.useTranslation)();
+  const router = (0, _navigation.useRouter)();
+  const searchParams = (0, _navigation.useSearchParams)();
+  const userId = searchParams.get("userId");
+  const [code, setCode] = (0, _react.useState)("");
+  const [isSubmitting, setIsSubmitting] = (0, _react.useState)(false);
+  if (!userId) {
+    router.push("/signin");
+    return null;
+  }
+  const handleSubmit = async e => {
+    e.preventDefault();
+    setIsSubmitting(true);
+    try {
+      const result = await (0, _actions.verifyAndLogin)(userId, code);
+      if (result.error === null) {
+        _sonner.toast.success(t("Logged in successfully"));
+        window.location.href = "/";
+      } else {
+        _sonner.toast.error(result.error || t("Verification failed"));
+      }
+    } catch {
+      _sonner.toast.error(t("An error occurred"));
+    } finally {
+      setIsSubmitting(false);
+    }
+  };
+  const handleResend = async () => {
+    try {
+      await (0, _actions.generateAndSendCode)(userId);
+      _sonner.toast.success(t("New code sent to your email"));
+    } catch {
+      _sonner.toast.error(t("Failed to send code"));
+    }
+  };
+  return /* @__PURE__ */React.createElement("div", {
+    className: "flex min-h-screen items-center justify-center bg-muted/50 p-4"
+  }, /* @__PURE__ */React.createElement(_card.Card, {
+    className: "w-full max-w-md"
+  }, /* @__PURE__ */React.createElement(_card.CardHeader, {
+    className: "text-center"
+  }, /* @__PURE__ */React.createElement(_card.CardTitle, {
+    className: "text-2xl"
+  }, t("Two Factor Verification")), /* @__PURE__ */React.createElement(_card.CardDescription, null, t("Enter the 6-digit code sent to your email address to continue."))), /* @__PURE__ */React.createElement(_card.CardContent, null, /* @__PURE__ */React.createElement("form", {
+    onSubmit: handleSubmit,
+    className: "space-y-4"
+  }, /* @__PURE__ */React.createElement("div", {
+    className: "space-y-2"
+  }, /* @__PURE__ */React.createElement(_input.Input, {
+    type: "text",
+    maxLength: 6,
+    value: code,
+    onChange: e => setCode(e.target.value.replace(/\D/g, "")),
+    placeholder: "000000",
+    className: "text-center text-2xl tracking-[0.5em] font-mono h-14",
+    autoFocus: true
+  })), /* @__PURE__ */React.createElement(_button.Button, {
+    type: "submit",
+    className: "w-full h-11",
+    disabled: isSubmitting || code.length !== 6
+  }, isSubmitting ? /* @__PURE__ */React.createElement(_loader.Loader, {
+    variant: "dark"
+  }) : t("Verify & Signin")), /* @__PURE__ */React.createElement(_button.Button, {
+    type: "button",
+    variant: "ghost",
+    className: "w-full",
+    onClick: handleResend
+  }, t("Didn't receive a code? Resend"))))));
+}

package/dist/ui/verify-page.d.ts

@@ -0,0 +1,2 @@
+import * as React from "react";
+export default function TwoFactorVerifyPage(): React.JSX.Element | null;

package/dist/ui/verify-page.mjs

@@ -0,0 +1,85 @@
+"use client";
+import { useTranslation } from "@arch-cadre/intl";
+import { Button } from "@arch-cadre/ui/components/button";
+import {
+  Card,
+  CardContent,
+  CardDescription,
+  CardHeader,
+  CardTitle
+} from "@arch-cadre/ui/components/card";
+import { Input } from "@arch-cadre/ui/components/input";
+import { Loader } from "@arch-cadre/ui/shared/loader";
+import { useRouter, useSearchParams } from "next/navigation";
+import * as React from "react";
+import { useState } from "react";
+import { toast } from "sonner";
+import { generateAndSendCode, verifyAndLogin } from "../actions.mjs";
+export default function TwoFactorVerifyPage() {
+  const { t } = useTranslation();
+  const router = useRouter();
+  const searchParams = useSearchParams();
+  const userId = searchParams.get("userId");
+  const [code, setCode] = useState("");
+  const [isSubmitting, setIsSubmitting] = useState(false);
+  if (!userId) {
+    router.push("/signin");
+    return null;
+  }
+  const handleSubmit = async (e) => {
+    e.preventDefault();
+    setIsSubmitting(true);
+    try {
+      const result = await verifyAndLogin(userId, code);
+      if (result.error === null) {
+        toast.success(t("Logged in successfully"));
+        window.location.href = "/";
+      } else {
+        toast.error(result.error || t("Verification failed"));
+      }
+    } catch {
+      toast.error(t("An error occurred"));
+    } finally {
+      setIsSubmitting(false);
+    }
+  };
+  const handleResend = async () => {
+    try {
+      await generateAndSendCode(userId);
+      toast.success(t("New code sent to your email"));
+    } catch {
+      toast.error(t("Failed to send code"));
+    }
+  };
+  return /* @__PURE__ */ React.createElement("div", { className: "flex min-h-screen items-center justify-center bg-muted/50 p-4" }, /* @__PURE__ */ React.createElement(Card, { className: "w-full max-w-md" }, /* @__PURE__ */ React.createElement(CardHeader, { className: "text-center" }, /* @__PURE__ */ React.createElement(CardTitle, { className: "text-2xl" }, t("Two Factor Verification")), /* @__PURE__ */ React.createElement(CardDescription, null, t(
+    "Enter the 6-digit code sent to your email address to continue."
+  ))), /* @__PURE__ */ React.createElement(CardContent, null, /* @__PURE__ */ React.createElement("form", { onSubmit: handleSubmit, className: "space-y-4" }, /* @__PURE__ */ React.createElement("div", { className: "space-y-2" }, /* @__PURE__ */ React.createElement(
+    Input,
+    {
+      type: "text",
+      maxLength: 6,
+      value: code,
+      onChange: (e) => setCode(e.target.value.replace(/\D/g, "")),
+      placeholder: "000000",
+      className: "text-center text-2xl tracking-[0.5em] font-mono h-14",
+      autoFocus: true
+    }
+  )), /* @__PURE__ */ React.createElement(
+    Button,
+    {
+      type: "submit",
+      className: "w-full h-11",
+      disabled: isSubmitting || code.length !== 6
+    },
+    isSubmitting ? /* @__PURE__ */ React.createElement(Loader, { variant: "dark" }) : t("Verify & Signin")
+  ), /* @__PURE__ */ React.createElement(
+    Button,
+    {
+      type: "button",
+      variant: "ghost",
+      className: "w-full",
+      onClick: handleResend
+    },
+    t("Didn't receive a code? Resend")
+  )))));
+}

package/locales/en/global.json

@@ -0,0 +1,19 @@
+{
+  "Logged in successfully": "Logged in successfully",
+  "Verification failed": "Verification failed",
+  "An error occurred": "An error occurred",
+  "New code sent to your email": "New code sent to your email",
+  "Failed to send code": "Failed to send code",
+  "Two Factor Verification": "Two Factor Verification",
+  "Enter the 6-digit code sent to your email address to continue.": "Enter the 6-digit code sent to your email address to continue.",
+  "Verify & Signin": "Verify & Signin",
+  "Didn't receive a code? Resend": "Didn't receive a code? Resend",
+  "2FA enabled": "2FA enabled",
+  "2FA disabled": "2FA disabled",
+  "Action failed": "Action failed",
+  "Two Factor Authentication": "Two Factor Authentication",
+  "Add an extra layer of security to your account by requiring a code sent to your email.": "Add an extra layer of security to your account by requiring a code sent to your email.",
+  "Email Authentication": "Email Authentication",
+  "Currently enabled": "Currently enabled",
+  "Currently disabled": "Currently disabled"
+}

package/manifest.json

@@ -0,0 +1,11 @@
+{
+  "id": "two-factor-email",
+  "name": "Two-Factor Email",
+  "version": "0.0.1",
+  "description": "Email-based two-factor authentication.",
+  "enabled": true,
+  "system": false,
+  "dependencies": [],
+  "extends": [],
+  "isNpm": true
+}

package/package.json

@@ -0,0 +1,55 @@
+{
+  "name": "@arch-cadre/two-factor-email",
+  "version": "0.0.1",
+  "description": "Email-based two-factor authentication module for Kryo framework",
+  "type": "module",
+  "exports": {
+    "./package.json": "./package.json",
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist",
+    "locales",
+    "manifest.json"
+  ],
+  "scripts": {
+    "release": "npm publish --access public --no-git-checks",
+    "clean": "rm -rf ./dist",
+    "switch:dev": "node scripts/switchToSrc.js",
+    "switch:prod": "node scripts/switchToDist.js",
+    "dev": "unbuild --stub",
+    "build": "unbuild"
+  },
+  "dependencies": {
+    "@hookform/resolvers": "^3.10.0",
+    "@arch-cadre/ui": "^0.0.15",
+    "@arch-cadre/modules": "^0.0.15",
+    "lucide-react": "^0.475.0",
+    "react-hook-form": "^7.54.2",
+    "sonner": "^2.0.7",
+    "zod": "^3.24.1"
+  },
+  "devDependencies": {
+    "@types/pg": "^8.16.0",
+    "@arch-cadre/core": "^0.0.15",
+    "@types/react": "^19",
+    "next": "16.1.1",
+    "react": "^19.0.0",
+    "typescript": "^5.3.3",
+    "unbuild": "^3.6.1"
+  },
+  "peerDependencies": {
+    "@arch-cadre/core": "^0.0.15",
+    "@arch-cadre/intl": "^0.0.15",
+    "@arch-cadre/ui": "^0.0.15",
+    "pg": "^8.16.3",
+    "drizzle-orm": "1.0.0-beta.15-859cf75",
+    "next": ">=13.0.0",
+    "react": "^19.0.0"
+  },
+  "main": "./dist/index.mjs"
+}