@arch-cadre/two-factor-email 1.0.7 → 1.0.9

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@arch-cadre/two-factor-email",
-  "version": "1.0.7",
+  "version": "1.0.9",
   "description": "Email-based two-factor authentication module for Kryo framework",
   "type": "module",
   "exports": {
@@ -13,6 +13,7 @@
   },
   "files": [
     "dist",
+    "src",
     "locales",
     "manifest.json"
   ],
@@ -26,8 +27,8 @@
   },
   "dependencies": {
     "@hookform/resolvers": "^3.10.0",
-    "@arch-cadre/ui": "^0.0.47",
-    "@arch-cadre/modules": "^0.0.73",
+    "@arch-cadre/ui": "^0.0.53",
+    "@arch-cadre/modules": "^0.0.79",
     "lucide-react": "^0.475.0",
     "react-hook-form": "^7.54.2",
     "sonner": "^2.0.7",
@@ -35,7 +36,7 @@
   },
   "devDependencies": {
     "@types/pg": "^8.16.0",
-    "@arch-cadre/core": "^0.0.47",
+    "@arch-cadre/core": "^0.0.53",
     "@types/react": "^19",
     "next": "16.1.1",
     "react": "^19.0.0",
@@ -43,9 +44,9 @@
     "unbuild": "^3.6.1"
   },
   "peerDependencies": {
-    "@arch-cadre/core": "^0.0.47",
-    "@arch-cadre/intl": "^0.0.47",
-    "@arch-cadre/ui": "^0.0.47",
+    "@arch-cadre/core": "^0.0.53",
+    "@arch-cadre/intl": "^0.0.53",
+    "@arch-cadre/ui": "^0.0.53",
     "pg": "^8.16.3",
     "drizzle-orm": "1.0.0-beta.6-4414a19",
     "next": ">=13.0.0",

package/src/actions.ts

@@ -0,0 +1,118 @@
+"use server";
+
+import {
+  db,
+  eventBus,
+  finalizeLogin,
+  getCurrentSession,
+  getUserById,
+  send2FACode,
+} from "@arch-cadre/core/server";
+import { and, eq, gt } from "drizzle-orm";
+import { twoFactorSettingsTable, twoFactorTokensTable } from "./schema";
+
+export async function is2FAEnabled(userId: string) {
+  const [settings] = await db
+    .select()
+    .from(twoFactorSettingsTable)
+    .where(eq(twoFactorSettingsTable.userId, userId));
+  return settings?.enabled ?? false;
+}
+
+export async function toggle2FA(enabled: boolean) {
+  const { user } = await getCurrentSession();
+  if (!user) throw new Error("Unauthorized");
+
+  await db
+    .insert(twoFactorSettingsTable)
+    .values({ userId: user.id, enabled })
+    .onConflictDoUpdate({
+      target: twoFactorSettingsTable.userId,
+      set: { enabled, updatedAt: new Date() },
+    });
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "2fa.toggled",
+      description: `User ${enabled ? "enabled" : "disabled"} 2FA`,
+      userId: user.id,
+      metadata: { enabled },
+    },
+    "auth:2fa",
+  );
+
+  return { success: true };
+}
+
+export async function generateAndSendCode(userId: string) {
+  const user = await getUserById(userId);
+  if (!user) throw new Error("User not found");
+
+  const code = Math.floor(100000 + Math.random() * 900000).toString();
+  const expiresAt = new Date(Date.now() + 10 * 60 * 1000); // 10 minutes
+
+  // Clear existing tokens
+  await db
+    .delete(twoFactorTokensTable)
+    .where(eq(twoFactorTokensTable.userId, userId));
+
+  await db.insert(twoFactorTokensTable).values({
+    userId,
+    code,
+    expiresAt,
+  });
+
+  await send2FACode(user.email, code);
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "2fa.sended",
+      description: `User sent 2FA code`,
+      userId: userId,
+      metadata: { code },
+    },
+    "auth:2fa",
+  );
+
+  return { success: true };
+}
+
+export async function verifyAndLogin(userId: string, code: string) {
+  const [token] = await db
+    .select()
+    .from(twoFactorTokensTable)
+    .where(
+      and(
+        eq(twoFactorTokensTable.userId, userId),
+        eq(twoFactorTokensTable.code, code),
+        gt(twoFactorTokensTable.expiresAt, new Date()),
+      ),
+    );
+
+  if (!token) {
+    return { error: "Invalid or expired code" };
+  }
+
+  // Cleanup
+  await db
+    .delete(twoFactorTokensTable)
+    .where(eq(twoFactorTokensTable.userId, userId));
+
+  // Finalize the login
+  const result = await finalizeLogin(userId, {});
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "2fa.verified",
+      description: `User verified 2FA`,
+      userId: userId,
+      metadata: { userId },
+    },
+    "auth:2fa",
+  );
+
+  return { success: true, ...result };
+}

package/src/index.ts

@@ -0,0 +1,80 @@
+import { db, registerAuthValidator } from "@arch-cadre/core/server";
+import type { IModule } from "@arch-cadre/modules";
+import { sql } from "drizzle-orm";
+import manifest from "../manifest.json";
+import { generateAndSendCode, is2FAEnabled } from "./actions";
+
+import { publicRoutes } from "./routes";
+import { TwoFactorSettings } from "./ui/settings-toggle";
+
+const twoFactorEmailModule: IModule = {
+  manifest,
+
+  routes: {
+    public: publicRoutes,
+  },
+
+  init: async () => {
+    console.log("[Module:2FA-Email] Initializing...");
+
+    // Register Auth Interceptor
+    registerAuthValidator(async (userId) => {
+      console.log(`[Module:2FA-Email] Validating login for user: ${userId}`);
+      try {
+        const enabled = await is2FAEnabled(userId);
+        console.log(
+          `[Module:2FA-Email] 2FA enabled for user ${userId}: ${enabled}`,
+        );
+
+        if (enabled) {
+          // Generate and send code before redirecting
+          console.log(`[Module:2FA-Email] Generating code for user ${userId}`);
+          await generateAndSendCode(userId);
+
+          return {
+            status: "CHALLENGE_REQUIRED",
+            type: "email_2fa",
+            userId,
+            redirect: `/auth/2fa?userId=${userId}`,
+          };
+        }
+      } catch (error) {
+        console.error(
+          "[Module:2FA-Email] Error during auth validation:",
+          error,
+        );
+      }
+
+      return null; // Continue standard login
+    });
+
+    console.log("[Module:2FA-Email] Validator registered.");
+  },
+
+  onDisable: async () => {
+    console.log(
+      "[Module:2FA-Email] onDisable: Dropping all tables physically...",
+    );
+
+    try {
+      const tables = ["two_factor_settings", "two_factor_tokens"];
+      for (const table of tables) {
+        await db.execute(sql.raw(`DROP TABLE IF EXISTS ${table} CASCADE`));
+      }
+    } catch (e) {
+      console.error("[Module:2FA-Email] onDisable Error:", e);
+    }
+  },
+
+  extensions: [
+    {
+      id: "2fa-settings-section",
+      targetModule: "user-profile",
+      point: "settings:extra-sections",
+      component: TwoFactorSettings,
+      priority: 50,
+    },
+  ],
+};
+
+export default twoFactorEmailModule;

package/src/intl.d.ts

@@ -0,0 +1,9 @@
+import type messages from "../locales/en/global.json";
+
+type JsonDataType = typeof messages;
+
+declare module "@arch-cadre/intl" {
+  export interface IntlMessages extends JsonDataType {}
+}
+
+export {};

package/src/routes.ts

@@ -0,0 +1,12 @@
+import type { PublicRouteDefinition } from "@arch-cadre/modules";
+import dynamic from "next/dynamic";
+
+const TwoFactorVerifyPage = dynamic(() => import("./ui/verify-page"));
+
+export const publicRoutes: PublicRouteDefinition[] = [
+  {
+    path: "/auth/2fa",
+    component: TwoFactorVerifyPage,
+    auth: false,
+  },
+];

package/src/schema.ts

@@ -0,0 +1,49 @@
+import { userTable } from "@arch-cadre/core";
+import { boolean, pgTable, text, timestamp } from "drizzle-orm/pg-core";
+// import { defineRelations } from "drizzle-orm";
+
+export const twoFactorSettingsTable = pgTable("two_factor_settings", {
+  userId: text("user_id")
+    .primaryKey()
+    .references(() => userTable.id, { onDelete: "cascade" }),
+  enabled: boolean("enabled").notNull().default(false),
+  updatedAt: timestamp("updated_at", { precision: 3 }).defaultNow(),
+});
+
+export const twoFactorTokensTable = pgTable("two_factor_tokens", {
+  id: text("id")
+    .$defaultFn(() => crypto.randomUUID())
+    .notNull()
+    .primaryKey(),
+  userId: text("user_id")
+    .notNull()
+    .references(() => userTable.id, { onDelete: "cascade" }),
+  code: text("code").notNull(),
+  expiresAt: timestamp("expires_at", { precision: 3 }).notNull(),
+  createdAt: timestamp("created_at", { precision: 3 }).notNull().defaultNow(),
+});
+
+export const twoFactorSchema = {
+  twoFactorSettingsTable,
+  twoFactorTokensTable,
+};
+
+// export const relations = defineRelations(
+//   {
+//     user: userTable,
+//     twoFactorSettings: twoFactorSettingsTable,
+//     twoFactorTokens: twoFactorTokensTable,
+//   },
+//   (r) => ({
+//     user: {
+//       twoFactorTokens: r.many.twoFactorTokens({
+//         from: r.user.id,
+//         to: r.twoFactorTokens.userId,
+//       }),
+//       twoFactorSettings: r.one.twoFactorSettings({
+//         from: r.user.id,
+//         to: r.twoFactorSettings.userId,
+//       }),
+//     },
+//   }),
+// );

package/src/ui/settings-toggle.tsx

@@ -0,0 +1,72 @@
+"use client";
+
+import { useTranslation } from "@arch-cadre/intl";
+import {
+  Card,
+  CardContent,
+  CardDescription,
+  CardHeader,
+  CardTitle,
+} from "@arch-cadre/ui/components/card";
+import { Label } from "@arch-cadre/ui/components/label";
+import { Switch } from "@arch-cadre/ui/components/switch";
+import { useUser } from "@arch-cadre/ui/hooks/use-user";
+import * as React from "react";
+import { useEffect, useState } from "react";
+import { toast } from "sonner";
+import { is2FAEnabled, toggle2FA } from "../actions";
+
+export function TwoFactorSettings() {
+  const { user } = useUser();
+  const { t } = useTranslation();
+  const [enabled, setEnabled] = useState(false);
+  const [loading, setLoading] = useState(true);
+
+  useEffect(() => {
+    if (user) {
+      is2FAEnabled(user.id).then((val) => {
+        setEnabled(val);
+        setLoading(false);
+      });
+    }
+  }, [user]);
+
+  const handleToggle = async (val: boolean) => {
+    try {
+      await toggle2FA(val);
+      setEnabled(val);
+      toast.success(val ? t("2FA enabled") : t("2FA disabled"));
+    } catch {
+      toast.error(t("Action failed"));
+    }
+  };
+
+  if (loading) return null;
+
+  return (
+    <Card>
+      <CardHeader>
+        <CardTitle>{t("Two Factor Authentication")}</CardTitle>
+        <CardDescription>
+          {t(
+            "Add an extra layer of security to your account by requiring a code sent to your email.",
+          )}
+        </CardDescription>
+      </CardHeader>
+      <CardContent className="flex items-center justify-between">
+        <Label htmlFor="2fa-toggle" className="flex flex-col ">
+          <span>{t("Email Authentication")}</span>
+          <span className="font-normal text-xs text-muted-foreground">
+            {enabled ? t("Currently enabled") : t("Currently disabled")}
+          </span>
+        </Label>
+
+        <Switch
+          id="2fa-toggle"
+          checked={enabled}
+          onCheckedChange={handleToggle}
+        />
+      </CardContent>
+    </Card>
+  );
+}

package/src/ui/verify-page.tsx

@@ -0,0 +1,107 @@
+"use client";
+
+import { useTranslation } from "@arch-cadre/intl";
+import { Button } from "@arch-cadre/ui/components/button";
+import {
+  Card,
+  CardContent,
+  CardDescription,
+  CardHeader,
+  CardTitle,
+} from "@arch-cadre/ui/components/card";
+import { Input } from "@arch-cadre/ui/components/input";
+import { Loader } from "@arch-cadre/ui/shared/loader";
+import { useRouter, useSearchParams } from "next/navigation";
+import * as React from "react";
+import { useState } from "react";
+import { toast } from "sonner";
+import { generateAndSendCode, verifyAndLogin } from "../actions";
+
+export default function TwoFactorVerifyPage() {
+  const { t } = useTranslation();
+  const router = useRouter();
+  const searchParams = useSearchParams();
+  const userId = searchParams.get("userId");
+  const [code, setCode] = useState("");
+  const [isSubmitting, setIsSubmitting] = useState(false);
+
+  if (!userId) {
+    router.push("/signin");
+    return null;
+  }
+
+  const handleSubmit = async (e: React.FormEvent) => {
+    e.preventDefault();
+    setIsSubmitting(true);
+
+    try {
+      const result = await verifyAndLogin(userId, code);
+      if (result.error === null) {
+        toast.success(t("Logged in successfully"));
+        window.location.href = "/"; // Force full reload to update session state
+      } else {
+        toast.error(result.error || t("Verification failed"));
+      }
+    } catch {
+      toast.error(t("An error occurred"));
+    } finally {
+      setIsSubmitting(false);
+    }
+  };
+
+  const handleResend = async () => {
+    try {
+      await generateAndSendCode(userId);
+      toast.success(t("New code sent to your email"));
+    } catch {
+      toast.error(t("Failed to send code"));
+    }
+  };
+
+  return (
+    <div className="flex min-h-screen items-center justify-center bg-muted/50 p-4">
+      <Card className="w-full max-w-md">
+        <CardHeader className="text-center">
+          <CardTitle className="text-2xl">
+            {t("Two Factor Verification")}
+          </CardTitle>
+          <CardDescription>
+            {t(
+              "Enter the 6-digit code sent to your email address to continue.",
+            )}
+          </CardDescription>
+        </CardHeader>
+        <CardContent>
+          <form onSubmit={handleSubmit} className="space-y-4">
+            <div className="space-y-2">
+              <Input
+                type="text"
+                maxLength={6}
+                value={code}
+                onChange={(e) => setCode(e.target.value.replace(/\D/g, ""))}
+                placeholder="000000"
+                className="text-center text-2xl tracking-[0.5em] font-mono h-14"
+                autoFocus
+              />
+            </div>
+            <Button
+              type="submit"
+              className="w-full h-11"
+              disabled={isSubmitting || code.length !== 6}
+            >
+              {isSubmitting ? <Loader variant="dark" /> : t("Verify & Signin")}
+            </Button>
+            <Button
+              type="button"
+              variant="ghost"
+              className="w-full"
+              onClick={handleResend}
+            >
+              {t("Didn't receive a code? Resend")}
+            </Button>
+          </form>
+        </CardContent>
+      </Card>
+    </div>
+  );
+}