@darco2903/auth-api 2.1.4 → 2.2.0

package/dist/contract/totp.js

@@ -0,0 +1,81 @@
+import { initContract, ZodErrorSchema } from "@ts-rest/core";
+import z from "zod";
+import { apiError, apiSuccess } from "../types.js";
+import { authHeaderSchema, totpCodeSchema } from "../types/index.js";
+const c = initContract();
+export default c.router({
+    setup: {
+        method: "POST",
+        path: "/totp/setup",
+        headers: authHeaderSchema,
+        body: c.noBody(),
+        responses: {
+            200: apiSuccess(z.object({
+                secret: z.string(),
+                otpauthUrl: z.string(),
+            })),
+            400: z.union([
+                ZodErrorSchema,
+                apiError(z.literal("TOTP_ALREADY_SETUP"), z.string()),
+            ]),
+            401: apiError(z.literal("UNAUTHORIZED"), z.literal("Unauthorized")),
+            500: apiError(z.literal("INTERNAL_SERVER_ERROR"), z.string()),
+        },
+    },
+    setupConfirm: {
+        method: "POST",
+        path: "/totp/setup/confirm",
+        headers: authHeaderSchema,
+        body: z.object({
+            totpCode: totpCodeSchema,
+        }),
+        responses: {
+            204: apiSuccess(c.noBody()),
+            400: z.union([
+                ZodErrorSchema,
+                apiError(z.literal("TOTP_NOT_SETUP"), z.string()),
+                apiError(z.literal("TOTP_ALREADY_SETUP"), z.string()),
+                apiError(z.literal("TOTP_INVALID"), z.string()),
+            ]),
+            401: apiError(z.literal("UNAUTHORIZED"), z.literal("Unauthorized")),
+            500: apiError(z.literal("INTERNAL_SERVER_ERROR"), z.string()),
+        },
+    },
+    verify: {
+        method: "POST",
+        path: "/totp/verify",
+        headers: authHeaderSchema,
+        body: z.object({
+            totpCode: totpCodeSchema,
+        }),
+        responses: {
+            204: apiSuccess(c.noBody()),
+            400: z.union([
+                ZodErrorSchema,
+                apiError(z.literal("TOTP_NOT_SETUP"), z.string()),
+                apiError(z.literal("TOTP_NOT_REQUIRED"), z.string()),
+                apiError(z.literal("TOTP_INVALID"), z.string()),
+            ]),
+            401: apiError(z.literal("UNAUTHORIZED"), z.literal("Unauthorized")),
+            500: apiError(z.literal("INTERNAL_SERVER_ERROR"), z.string()),
+        },
+    },
+    disable: {
+        method: "POST",
+        path: "/totp/disable",
+        headers: authHeaderSchema,
+        body: z.object({
+            totpCode: totpCodeSchema,
+        }),
+        responses: {
+            204: apiSuccess(c.noBody()),
+            400: z.union([
+                ZodErrorSchema,
+                apiError(z.literal("TOTP_NOT_SETUP"), z.string()),
+                apiError(z.literal("TOTP_INVALID"), z.string()),
+            ]),
+            401: apiError(z.literal("UNAUTHORIZED"), z.literal("Unauthorized")),
+            500: apiError(z.literal("INTERNAL_SERVER_ERROR"), z.string()),
+        },
+    },
+});

package/dist/contract/user.d.ts

@@ -376,6 +376,7 @@ declare const _default: {
                 email: z.ZodString;
                 role: z.ZodNumber;
                 verified: z.ZodBoolean;
+                totp_enabled: z.ZodBoolean;
                 last_login: z.ZodNullable<z.ZodDate>;
                 created_at: z.ZodDate;
                 updated_at: z.ZodDate;
@@ -391,6 +392,7 @@ declare const _default: {
                 };
                 round_border: boolean;
                 verified: boolean;
+                totp_enabled: boolean;
                 last_login: Date | null;
                 created_at: Date;
                 updated_at: Date;
@@ -406,6 +408,7 @@ declare const _default: {
                 };
                 round_border: boolean;
                 verified: boolean;
+                totp_enabled: boolean;
                 last_login: Date | null;
                 created_at: Date;
                 updated_at: Date;
@@ -472,7 +475,7 @@ declare const _default: {
             authorization?: string | undefined;
         }>;
         responses: {
-            200: typeof import("@ts-rest/core").ContractNoBody;
+            204: typeof import("@ts-rest/core").ContractNoBody;
             400: z.ZodObject<{
                 name: z.ZodLiteral<"ZodError">;
                 issues: z.ZodArray<z.ZodObject<{
@@ -638,7 +641,7 @@ declare const _default: {
             authorization?: string | undefined;
         }>;
         responses: {
-            200: typeof import("@ts-rest/core").ContractNoBody;
+            204: typeof import("@ts-rest/core").ContractNoBody;
             400: z.ZodObject<{
                 name: z.ZodLiteral<"ZodError">;
                 issues: z.ZodArray<z.ZodObject<{
@@ -801,7 +804,7 @@ declare const _default: {
             authorization?: string | undefined;
         }>;
         responses: {
-            200: typeof import("@ts-rest/core").ContractNoBody;
+            204: typeof import("@ts-rest/core").ContractNoBody;
             400: z.ZodObject<{
                 name: z.ZodLiteral<"ZodError">;
                 issues: z.ZodArray<z.ZodObject<{
@@ -964,7 +967,7 @@ declare const _default: {
             authorization?: string | undefined;
         }>;
         responses: {
-            200: typeof import("@ts-rest/core").ContractNoBody;
+            204: typeof import("@ts-rest/core").ContractNoBody;
             400: z.ZodObject<{
                 name: z.ZodLiteral<"ZodError">;
                 issues: z.ZodArray<z.ZodObject<{

package/dist/contract/user.js

@@ -52,7 +52,7 @@ export default c.router({
             email: emailSchema,
         }),
         responses: {
-            200: apiSuccess(c.noBody()),
+            204: apiSuccess(c.noBody()),
             400: ZodErrorSchema,
             401: apiError(z.literal("UNAUTHORIZED"), z.string()),
             500: apiError(z.literal("INTERNAL_SERVER_ERROR"), z.string()),
@@ -68,7 +68,7 @@ export default c.router({
             disconnectAll: z.boolean().default(true),
         }),
         responses: {
-            200: apiSuccess(c.noBody()),
+            204: apiSuccess(c.noBody()),
             400: ZodErrorSchema,
             401: apiError(z.literal("UNAUTHORIZED"), z.string()),
             500: apiError(z.literal("INTERNAL_SERVER_ERROR"), z.string()),
@@ -83,7 +83,7 @@ export default c.router({
             username: usernameSchema,
         }),
         responses: {
-            200: apiSuccess(c.noBody()),
+            204: apiSuccess(c.noBody()),
             400: ZodErrorSchema,
             401: apiError(z.literal("UNAUTHORIZED"), z.string()),
             500: apiError(z.literal("INTERNAL_SERVER_ERROR"), z.string()),
@@ -98,7 +98,7 @@ export default c.router({
             roundBorder: z.boolean(),
         }),
         responses: {
-            200: apiSuccess(c.noBody()),
+            204: apiSuccess(c.noBody()),
             400: ZodErrorSchema,
             401: apiError(z.literal("UNAUTHORIZED"), z.literal("Unauthorized")),
             500: apiError(z.literal("INTERNAL_SERVER_ERROR"), z.string()),

package/dist/index.d.ts

@@ -1,2 +1,3 @@
 export * from "./client.js";
 export * from "./server.js";
+export * from "./otp.js";

package/dist/index.js

@@ -1,2 +1,3 @@
 export * from "./client.js";
 export * from "./server.js";
+export * from "./otp.js";

package/dist/otp.d.ts

@@ -0,0 +1,2 @@
+export declare function generateOTP(secret: string): Promise<string>;
+export declare function verifyOTP(token: string, secret: string): Promise<boolean>;

package/dist/otp.js

@@ -0,0 +1,7 @@
+import { verify, generate } from "otplib";
+export async function generateOTP(secret) {
+    return generate({ secret });
+}
+export async function verifyOTP(token, secret) {
+    return verify({ token, secret }).then((res) => res.valid);
+}

package/dist/server.d.ts

@@ -1,8 +1,9 @@
-export * from "./common.js";
 import { ResultAsync } from "neverthrow";
 import type { Time } from "@darco2903/secondthought";
 import type { CdnAssetTokenData } from "@darco2903/cdn-api/server";
 import { type JWTVerifyError, type AccessTokenData, type AccessTokenDataDecoded, type JWTSignError } from "./types/index.js";
+export * from "./common.js";
+export { verifyOTP } from "./otp.js";
 export declare function JWTVerify(token: string, pubKey: string): ResultAsync<AccessTokenDataDecoded, JWTVerifyError>;
 /**
  * Sign a JWT token with the given payload and private key, with the specified expiration time.

package/dist/server.js

@@ -1,8 +1,9 @@
-export * from "./common.js";
 import jwt from "jsonwebtoken";
 import { ResultAsync } from "neverthrow";
 import { accessTokenDataDecodedSchema, } from "./types/index.js";
 import { JWT_ALGORITHM, JWT_ALGORITHMS } from "./consts.js";
+export * from "./common.js";
+export { verifyOTP } from "./otp.js";
 export function JWTVerify(token, pubKey) {
     return ResultAsync.fromPromise(new Promise((resolve, reject) => {
         jwt.verify(token, pubKey, { algorithms: JWT_ALGORITHMS }, (e, decoded) => {

package/dist/types/auth.d.ts

@@ -23,4 +23,21 @@ export declare const accessRefreshSchema: z.ZodObject<{
     expiresIn: number;
     refreshToken: string;
 }>;
+export declare const accessRefreshPendingSchema: z.ZodObject<{
+    accessToken: z.ZodString;
+    expiresIn: z.ZodNumber;
+} & {
+    refreshToken: z.ZodNullable<z.ZodString>;
+    needTotp: z.ZodBoolean;
+}, "strip", z.ZodTypeAny, {
+    accessToken: string;
+    expiresIn: number;
+    refreshToken: string | null;
+    needTotp: boolean;
+}, {
+    accessToken: string;
+    expiresIn: number;
+    refreshToken: string | null;
+    needTotp: boolean;
+}>;
 export declare const totpCodeSchema: z.ZodString;

package/dist/types/auth.js

@@ -6,4 +6,8 @@ export const accessSchema = z.object({
 export const accessRefreshSchema = accessSchema.extend({
     refreshToken: z.string(),
 });
+export const accessRefreshPendingSchema = accessSchema.extend({
+    refreshToken: z.string().nullable(),
+    needTotp: z.boolean(),
+});
 export const totpCodeSchema = z.string().min(6).max(6);

package/dist/types/user.d.ts

@@ -50,6 +50,7 @@ export declare const userSchema: z.ZodObject<{
     email: z.ZodString;
     role: z.ZodNumber;
     verified: z.ZodBoolean;
+    totp_enabled: z.ZodBoolean;
     last_login: z.ZodNullable<z.ZodDate>;
     created_at: z.ZodDate;
     updated_at: z.ZodDate;
@@ -65,6 +66,7 @@ export declare const userSchema: z.ZodObject<{
     };
     round_border: boolean;
     verified: boolean;
+    totp_enabled: boolean;
     last_login: Date | null;
     created_at: Date;
     updated_at: Date;
@@ -80,6 +82,7 @@ export declare const userSchema: z.ZodObject<{
     };
     round_border: boolean;
     verified: boolean;
+    totp_enabled: boolean;
     last_login: Date | null;
     created_at: Date;
     updated_at: Date;

package/dist/types/user.js

@@ -18,6 +18,7 @@ export const userSchema = userPublicSchema.extend({
     email: z.string().email(),
     role: z.number().int().min(-1, "Invalid level").max(255, "Invalid level"),
     verified: z.boolean(),
+    totp_enabled: z.boolean(),
     last_login: z.date().nullable(),
     created_at: z.date(),
     updated_at: z.date(),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@darco2903/auth-api",
-  "version": "2.1.4",
+  "version": "2.2.0",
   "description": "",
   "main": "./dist/index.js",
   "type": "module",
@@ -19,19 +19,20 @@
     "./server": "./dist/server.js"
   },
   "dependencies": {
-    "@darco2903/cdn-api": "^1.1.0",
+    "@darco2903/cdn-api": "^1.2.0",
     "@ts-rest/core": "^3.52.1",
     "@ts-rest/open-api": "^3.52.1",
     "jsonwebtoken": "^9.0.3",
     "neverthrow": "^8.2.0",
+    "otplib": "^13.4.0",
     "zod": "^3.25.76"
   },
   "peerDependencies": {
-    "@darco2903/secondthought": "^1.1.0"
+    "@darco2903/secondthought": "^1.3.0"
   },
   "devDependencies": {
     "@types/jsonwebtoken": "^9.0.10",
-    "@types/node": "^25.4.0",
+    "@types/node": "^24.12.2",
     "prettier": "^3.8.1",
     "rimraf": "^6.1.3",
     "tsx": "^4.21.0",