npm - @opengis/fastify-table - Versions diffs - 1.5.8 → 2.0.0 - Mend

@opengis/fastify-table 1.5.8 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/dist/server/plugins/auth/funcs/users.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ const users = [];
2	+ export default users;

package/dist/server/plugins/auth/funcs/verifyPassword.js ADDED Viewed

@@ -0,0 +1,30 @@
+import crypt from "apache-crypt";
+import crypto from "node:crypto";
+import config from "../../../../config.js";
+function md5(string) {
+    return crypto.createHash("md5").update(string).digest("hex");
+}
+export default async function verifyPassword({ pg, username, password, }) {
+    if (!config.pg)
+        return;
+    if (!username || username === "")
+        return { message: "not enough params: username" };
+    if (!password || password === "")
+        return { message: "not enough params: password" };
+    const query = "select * from admin.users where $1 in (login,email,phone) and enabled limit 1";
+    const json = await pg.query(query, [username]).then((res) => res.rows[0]);
+    if (!json)
+        return { message: "user not found" };
+    let hash = "";
+    for (let i = 0; i < 10; i += 1) {
+        hash = md5(password + hash + json.salt);
+    }
+    hash = crypt(hash, json.salt);
+    if (json.password === hash) {
+        if (username === "admin" && password === "admin") {
+            await pg.query("update admin.users set password='6Z4gu2mG8R' where uid=$1", [json.uid]);
+        }
+        return { user: json };
+    }
+    return { message: "Wrong password" };
+}

package/dist/server/plugins/auth/index.js ADDED Viewed

@@ -0,0 +1,110 @@
+// import fp from "fastify-plugin";
+import cookie from "@fastify/cookie";
+import session from "@fastify/session";
+// import fastifyPassport from "@fastify/passport";
+import { Authenticator } from "@fastify/passport";
+import RedisStore from "fastify-session-redis-store";
+import config from "../../../config.js";
+import getRedis from "../redis/funcs/getRedis.js";
+const fastifyPassport = new Authenticator();
+const { prefix = "/api" } = config;
+async function plugin(fastify, opt = config) {
+    if (!opt.redis) {
+        return;
+    }
+    fastify.addHook("onRequest", async (req, reply) => {
+        const { pg, hostname, headers, routeOptions } = req;
+        const { policy = [] } = routeOptions?.config || {};
+        // proxy from old apps to editor, bi etc.
+        const validToken = (req.ip === "193.239.152.181" ||
+            req.ip === "127.0.0.1" ||
+            req.ip?.startsWith?.("192.168.") ||
+            config.debug) &&
+            req.headers?.token &&
+            config.auth?.tokens?.includes?.(headers.token);
+        if (validToken && !req?.user?.uid) {
+            req.user = {
+                uid: req.headers?.uid?.toString?.(),
+                user_type: req.headers?.user_type?.toString?.() || "regular",
+            };
+        }
+        const isAdmin = process.env.NODE_ENV === "admin" ||
+            hostname?.split?.(":")?.shift?.() === config.adminDomain ||
+            config.admin ||
+            hostname?.startsWith?.("admin");
+        const isPublic = Array.isArray(policy)
+            ? policy.includes("public")
+            : policy === "L0";
+        // if 2factor is enabled and secondFactor not true => redirect to 2factor login page
+        const { secondFactor, passport = {} } = req.session || {}; // base login +
+        if (!passport.user?.uid &&
+            (config.auth?.disable || config.auth?.user) &&
+            !isPublic) {
+            req.session = req.session || {};
+            req.session.passport = req.session.passport || {}; // ensure passport session exists
+            req.session.passport.user = {
+                ...(config.auth?.user || {}),
+                uid: config.auth?.user?.uid?.toString?.() || "1",
+                user_rnokpp: config.auth?.user?.rnokpp,
+                user_type: config.auth?.user?.type || "regular",
+            };
+            req.user = req.session.passport.user;
+        }
+        req.user = req.user === null ? undefined : req.user; // fix for user.uid errors, by default user is null, while with express passport it was {}, unauthorized user does not trigger serializer
+        // already done by @fastify/passport serializer / deserializer
+        // req.user = passport.user;
+        if (config.trace) {
+            console.log("req.user?.uid", req.user?.uid, "req.session?.passport?.user?.uid", req.session?.passport?.user?.uid, "config.auth", config.auth);
+        }
+        // currently 2factor + auth with passwd file not supported
+        const ispasswd = !pg?.pk?.["admin.users"] || config.auth?.passwd;
+        if (!passport.user?.uid &&
+            !config.auth?.disable &&
+            isAdmin &&
+            !isPublic &&
+            !req.url.startsWith(prefix) &&
+            !req.url.startsWith("/api") &&
+            !req.url.startsWith("/login")) {
+            return reply.redirect(`${config?.auth?.redirect || "/login"}` + `?redirect=${req.url}`);
+        }
+        if (passport.user?.uid &&
+            !config.auth?.disable &&
+            config.auth?.["2factor"] &&
+            isAdmin &&
+            (routeOptions?.method || "GET") === "GET" &&
+            !secondFactor &&
+            !ispasswd) {
+            if (![
+                "/logout",
+                "/2factor",
+                "/2factor?recovery=1",
+                "/2factor/verify",
+                "/2factor/recovery",
+                "/user",
+                config.auth?.["2factorRedirect"],
+            ]
+                .filter((el) => el)
+                .includes(req.url)) {
+                return reply.redirect(config.auth?.["2factorRedirect"] || "/2factor");
+            }
+        }
+        return null;
+    });
+    await fastify.register(cookie, {
+        parseOptions: opt?.auth?.cookieOptions || { secure: false },
+    });
+    await fastify.register(session, {
+        secret: opt?.auth?.secret || "61b820e12858570a4b0633020d4394a17903d9a9",
+        cookieName: "session_auth",
+        cookie: opt?.auth?.cookieOptions || { secure: false },
+        store: new RedisStore({ client: getRedis({ db: 10 }) }),
+    });
+    // register passport AFTER session is ready
+    await fastify.register(fastifyPassport.initialize());
+    await fastify.register(fastifyPassport.secureSession());
+    // serialize user used to store user info in session store
+    fastifyPassport.registerUserSerializer(async (user) => ({ user }));
+    // deserialize user used to add user info from session store to req
+    fastifyPassport.registerUserDeserializer(async (passport) => passport?.user || passport);
+}
+export default plugin;

package/dist/server/plugins/policy/funcs/checkPolicy.js CHANGED Viewed

@@ -1,38 +1,53 @@
 import { config, logger } from "../../../../utils.js";
 import block from "../sqlInjection.js";
-const { skipCheckPolicyRoutes = [] } = config;
-const skipCheckPolicy = (path) => skipCheckPolicyRoutes.find((el) => path.includes(el));
 export default function checkPolicy(req, reply) {
-    const { originalUrl: path, hostname, query, params, headers, method, routeOptions, unittest, } = req;
-    if (config.local || unittest || config.env === "test") {
+    const { originalUrl: path, hostname, query, params, headers, method, routeOptions, unittest, // legacy
+     } = req;
+    // ! skip locally, skip tests
+    if (config.local || unittest || process.env.NODE_ENV === "test") {
         return null;
     }
-    const body = JSON.stringify(req?.body || {}).substring(30);
+    // ! skip non-API Requests
+    const isApi = ["/files/", "/api/", "/api-user/", "/logger", "/file/"].filter((el) => path.includes(el)).length;
+    if (!isApi) {
+        return null;
+    }
+    const body = req.body
+        ? JSON.stringify(req?.body || {}).substring(30)
+        : undefined;
     const isAdmin = process.env.NODE_ENV === "admin" ||
         hostname.split(":").shift() === config.adminDomain ||
         config.admin ||
         hostname.startsWith("admin");
     const user = req.user || req.session?.passport?.user;
-    const isUser = config?.debug || !!user;
-    const isServer = process.argv[2];
-    const { policy = [] } = (routeOptions?.config ||
-        {});
-    /*= == 0.Check superadmin access  === */
-    if (policy.includes("admin") &&
-        user?.user_type !== "admin" &&
-        !config.auth?.disable) {
-        logger.file("policy/access", {
+    // const isServer = process.argv[2];
+    const { role, referer, policy = [], } = (routeOptions?.config || {});
+    const isRole = (role && user?.user_type !== role) ||
+        (policy.includes("admin") && user?.user_type !== "admin");
+    const allowExtPublic = [".png", ".jpg", ".svg"];
+    const ext = path.toLowerCase().substr(-4);
+    const isPublic = Array.isArray(policy)
+        ? policy.includes("public")
+        : policy === "L0";
+    const requireUser = Array.isArray(policy)
+        ? policy.includes("user")
+        : ["L1", "L2", "L3"].includes(policy);
+    const requireReferer = Array.isArray(policy)
+        ? policy.includes("referer")
+        : referer;
+    // ! role
+    if (isRole) {
+        logger.file("policy/role", {
             path,
             method,
             params,
             query,
             body,
-            message: "access restricted: not admin",
             uid: user?.uid,
         });
         return reply.status(403).send("access restricted: 0");
     }
-    /*= == 1.File injection  === */
+    // ! file injection
     if (JSON.stringify(params || {})?.includes("../") ||
         JSON.stringify(query || {})?.includes("../") ||
         path?.includes("../")) {
@@ -42,121 +57,57 @@ export default function checkPolicy(req, reply) {
             params,
             query,
             body,
-            message: "access restricted: 1",
             uid: user?.uid,
         });
         return reply.status(403).send("access restricted: 1");
     }
-    /* === 1.1 File  === */
-    const allowExtPublic = [".png", ".jpg", ".svg"];
-    const ext = path.toLowerCase().substr(-4);
-    if (path.includes("files/") && allowExtPublic.includes(ext))
+    // ! invalid file extension
+    if (path.includes("files/") && allowExtPublic.includes(ext)) {
         return null;
-    /* === 2.SQL Injection policy: no-sql === */
-    if (!policy.includes("no-sql")) {
-        // skip polyline param - data filter (geometry bounds)
-        const stopWords = block.filter((el) => path.replace(query.polyline, "").includes(el));
-        if (stopWords?.length) {
-            logger.file("injection/sql", {
-                path,
-                method,
-                params,
-                query,
-                body,
-                stopWords,
-                message: "access restricted: 2",
-                uid: user?.uid,
-            });
-            return reply.status(403).send("access restricted: 2");
-        }
     }
-    /* policy: skip if not API */
-    const isApi = ["/files/", "/api/", "/api-user/", "/logger", "/file/"].filter((el) => path.includes(el)).length;
-    if (!isApi) {
-        return null;
-    }
-    const validToken = (req.ip === "193.239.152.181" ||
-        req.ip === "127.0.0.1" ||
-        req.ip?.startsWith?.("192.168.") ||
-        config.debug) &&
-        req.headers?.token &&
-        config.auth?.tokens?.includes?.(headers.token);
-    if (validToken && !req?.user?.uid) {
-        req.user = {
-            uid: req.headers?.uid?.toString?.(),
-            user_type: req.ip === "193.239.152.181" || config.debug ? "admin" : "regular",
-        };
-    }
-    /* === policy: public === */
-    if (policy.includes("public") ||
-        skipCheckPolicy(path) ||
-        !config.pg ||
-        config.auth?.disable ||
-        config.local ||
-        config.debug) {
-        return null;
-    }
-    /* === 0. policy: unauthorized access from admin URL === */
-    if (!validToken && !user?.uid && isAdmin && !policy.includes("public")) {
-        logger.file("policy/unauthorized", {
+    // ! sql injection
+    const stopWords = block.filter((el) => path.includes(el));
+    if (stopWords?.length) {
+        logger.file("injection/sql", {
             path,
             method,
             params,
             query,
             body,
-            token: headers?.token,
-            userId: headers?.uid,
-            ip: req.ip,
-            headers,
-            message: "unauthorized",
+            stopWords,
+            uid: user?.uid,
         });
-        return reply.status(401).send("unauthorized");
+        return reply.status(403).send("access restricted: 2");
     }
-    /* === 3. policy: user === */
-    if (!validToken &&
-        !user &&
-        policy.includes("user") &&
-        !skipCheckPolicy(path)) {
+    // ! user required, but not logged in
+    if (requireUser && !user) {
         logger.file("policy/user", {
             path,
             method,
             params,
             query,
             body,
-            message: "access restricted: 3",
         });
         return reply.status(403).send("access restricted: 3");
     }
-    /* === 4. policy: referer === */
-    if (!validToken &&
-        !headers?.referer?.includes?.(hostname) &&
-        policy.includes("referer")) {
+    // ! referer
+    if (requireReferer && !headers?.referer?.includes?.(hostname)) {
         logger.file("policy/referer", {
             path,
             method,
             params,
             query,
             body,
-            message: "access restricted: 4",
             uid: user?.uid,
         });
         return reply.status(403).send("access restricted: 4");
     }
-    /* === 5. policy: site auth === */
-    /*  if (!validToken && !policy.includes("site") && !isAdmin) {
-        logger.file("policy/site", {
-          path,
-          method,
-          params,
-          query,
-          body,
-          message: "access restricted: 5",
-          uid: user?.uid,
-        });
-        return reply.status(403).send("access restricted: 5");
-      }*/
-    /* === 6. base policy: block non-public api w/ out authorization  === */
-    if (!validToken && isAdmin && !config.debug && user?.uid && isServer) {
+    // ! public / token
+    if (isPublic || config.debug) {
+        return null;
+    }
+    // ! block any API for admin panel (without authorization)
+    if (isAdmin && !config.debug && !user?.uid) {
         logger.file("policy/api", {
             path,
             method,
@@ -168,6 +119,5 @@ export default function checkPolicy(req, reply) {
         });
         return reply.status(403).send("access restricted: 6");
     }
-    // console.log(headers);
     return null;
 }

package/dist/server/plugins/policy/index.js CHANGED Viewed

@@ -1,6 +1,6 @@
-import checkPolicy from './funcs/checkPolicy.js';
+import checkPolicy from "./funcs/checkPolicy.js";
 async function plugin(fastify) {
-    fastify.addHook('preParsing', async (request, reply) => {
+    fastify.addHook("preParsing", async (request, reply) => {
         const resp = checkPolicy(request, reply);
         if (resp) {
             return resp;

package/dist/server/routes/access/controllers/access.group.post.js CHANGED Viewed

@@ -19,13 +19,13 @@ export default async function accessGroupPost({ pg = pgClients.client, params, u
         }
     }
     if (routes?.length) {
-        const { routesDB = [] } = await pg
+        const routesDB = await pg
             .query('select array_agg(route_id) as "routesDB" from admin.routes where enabled')
-            .then((res1) => res1.rows?.[0] || {});
+            .then((res1) => res1.rows?.[0]?.routesDB || []);
         await pg.query("delete from admin.role_access where role_id=$1;", [id]);
         const q = "insert into admin.role_access(role_id,route_id,actions)   values ($1,$2,$3)";
         await Promise.all(routes
-            .filter((el) => routesDB.includes(el.path) && el.actions)
+            .filter((el) => routesDB?.includes?.(el.path) && el.actions)
             .map((el) => pg.query(q, [id, el.path, el.actions])));
         const { rows } = await pg.query(`select a.route_id as path, b.actions as actions from admin.routes a
             left join admin.role_access b on a.route_id=b.route_id

package/dist/server/routes/auth/controllers/2factor/generate.js ADDED Viewed

@@ -0,0 +1,38 @@
+import config from "../../../../../config.js";
+import pgClients from "../../../../plugins/pg/pgClients.js";
+import { generate } from "./providers/totp.js";
+/**
+ * Генерація secret для двохфакторної авторизації користувача
+ *
+ * @method GET
+ * @summary Генерація user secret для двохфакторної авторизації
+ * @priority 3
+ * @alias generate
+ * @type api
+ * @tag auth
+ * @requires 2fa
+ * @errors 500
+ * @returns {Number} status Номер помилки
+ * @returns {String|Object} error Опис помилки
+ * @returns {String|Object} message Повідомлення про успішне виконання або об'єкт з параметрами
+ */
+export default async function generateFunction({ pg = pgClients.client, user = {} }, reply) {
+    if (!user?.uid) {
+        return reply.status(401).send("unauthorized");
+    }
+    const { uid } = user;
+    if (!config?.auth?.["2factor"]) {
+        return reply.status(400).send("2fa not enabled");
+    }
+    if (!config.pg) {
+        return reply.status(400).send("empty pg");
+    }
+    if (!uid) {
+        return reply.status(401).send("access restricted: unauthorized");
+    }
+    const res = await generate({ pg, uid });
+    if (res?.enabled) {
+        return reply.status(400).send("already created 2fa");
+    }
+    return reply.status(200).send(res);
+}

package/dist/server/routes/auth/controllers/2factor/providers/totp.js ADDED Viewed

@@ -0,0 +1,115 @@
+import crypto from "node:crypto";
+import qrcode from "qrcode";
+import { authenticator } from "otplib";
+const TYPE = "TOTP";
+const enableSecret = async ({ uid, TYPE, pg }) => {
+    await pg.query("update admin.users_social_auth set enabled=true where uid = $1 and social_auth_type = $2", [uid, TYPE]);
+};
+const deleteSecret = async ({ uid, TYPE, pg }) => {
+    await pg.query("delete from admin.users_social_auth where uid=$1 and social_auth_type = $2", [uid, TYPE]);
+};
+const getSecret = async ({ uid, TYPE, pg }) => {
+    const { social_auth_code: secret, enabled, recoveryCodes, } = await pg
+        .query(`select social_auth_code, enabled, social_auth_obj->'codesArray' as "recoveryCodes"
+    from admin.users_social_auth
+    where uid = $1 and social_auth_type = $2`, [uid, TYPE])
+        .then((el) => el.rows?.[0] || {});
+    return { secret, enabled, recoveryCodes };
+};
+const addSecret = async ({ uid, secret, TYPE, pg, recoveryCodes, otp, }) => {
+    await pg.query(`insert into admin.users_social_auth(uid, social_auth_code, social_auth_type, social_auth_obj, social_auth_url, enabled)
+    values($1, $2, $3, $4::json, $5, false)`, [uid, secret, TYPE, { codesArray: recoveryCodes }, otp]);
+};
+const updateSecret = async ({ uid, TYPE, pg, secret, recoveryCodes, otp, }) => {
+    const result = await pg
+        .query(`update admin.users_social_auth
+    set social_auth_code=$3, social_auth_obj=$4::json, social_auth_url=$5
+    where uid = $1 and social_auth_type = $2`, [uid, TYPE, secret, { codesArray: recoveryCodes }, otp])
+        .then((el) => el.rows?.[0] || {});
+    return result;
+};
+// return a new secret until it's enabled
+const generate = async ({ uid, pg }) => {
+    const { enabled } = await getSecret({ uid, TYPE, pg });
+    if (enabled)
+        return { enabled };
+    const secret = authenticator.generateSecret();
+    // console.log('secret', secret, 'length', secret.length, 'token', authenticator.generate(secret), 'verified', authenticator.verify({ secret, token: authenticator.generate(secret) }) );
+    const recoveryCodes = [
+        crypto.randomUUID(),
+        crypto.randomUUID(),
+        crypto.randomUUID(),
+        crypto.randomUUID(),
+    ];
+    const otp = authenticator.keyuri(uid, "SOFTPRO", secret);
+    const qrCodeAsImageSource = await qrcode.toDataURL(otp);
+    // no entry in db
+    if (enabled === undefined) {
+        await addSecret({
+            uid,
+            secret,
+            TYPE,
+            pg,
+            recoveryCodes,
+            otp,
+        });
+    }
+    else {
+        await updateSecret({
+            uid,
+            secret,
+            TYPE,
+            pg,
+            recoveryCodes,
+            otp,
+        });
+    }
+    return {
+        qr: qrCodeAsImageSource,
+        key: secret,
+        otp,
+        recoveryCodes,
+    };
+};
+const verify = async ({ uid, code: token, pg }) => {
+    const { secret, enabled, recoveryCodes } = await getSecret({ uid, TYPE, pg });
+    // console.debug('secret', secret, 'enabled', enabled, 'verification', 'token', authenticator.generate(secret), authenticator.verify({ token: authenticator.generate(secret), secret }));
+    if (!secret) {
+        throw new Error("Включіть двофакторну аутентифікацію");
+    }
+    const isValid = authenticator.verify({ token, secret }) ||
+        recoveryCodes.reduce((result, recoveryCode) => result || recoveryCode === token, false);
+    if (!isValid) {
+        throw new Error("Невірний код");
+    }
+    return { enabled, recoveryCodes };
+};
+// checks if code is correct
+// delete an entry from db to disable 2fa
+// set the enable flag in db to activate 2fa
+const toggle = async ({ uid, code, pg, enable }) => {
+    const { enabled, recoveryCodes } = await verify({
+        uid,
+        code,
+        pg,
+    });
+    if (enabled === enable) {
+        throw new Error("Вже знаходиться у даному стані");
+    }
+    if (enable) {
+        await enableSecret({
+            uid,
+            TYPE,
+            pg,
+        });
+        return recoveryCodes;
+    }
+    await deleteSecret({
+        uid,
+        TYPE,
+        pg,
+    });
+    return "Відключено";
+};
+export { generate, verify, toggle, getSecret, enableSecret, deleteSecret };
+export default null;

package/dist/server/routes/auth/controllers/2factor/recovery.js ADDED Viewed

@@ -0,0 +1,83 @@
+import path from "node:path";
+import { fileURLToPath } from "url";
+import { readFile } from "node:fs/promises";
+import config from "../../../../../config.js";
+import getTemplate from "../../../../plugins/table/funcs/getTemplate.js";
+import pgClients from "../../../../plugins/pg/pgClients.js";
+import { handlebars } from "../../../../helpers/index.js";
+import { verify, deleteSecret } from "./providers/totp.js";
+import sendNotification from "../../../../plugins/auth/funcs/sendNotification.js";
+const template = "recovery-codes-email-template";
+const dirname = path.dirname(fileURLToPath(import.meta.url));
+/**
+ * Відновлення при втраті доступу до застосунку двохфакторної авторизації
+ *
+ * @method GET|POST
+ * @summary Відновлення при втраті доступу до застосунку двохфакторної авторизації
+ * @priority 3
+ * @alias recovery
+ * @type api
+ * @tag auth
+ * @requires 2fa
+ * @param {Object} body.code Код, який використовується для перевірки у заданому провайдері двофакторної авторизації
+ * @errors 500
+ * @returns {Number} status Номер помилки
+ * @returns {String|Object} error Опис помилки
+ * @returns {String|Object} message Повідомлення про успішне виконання або об'єкт з параметрами
+ * @returns {String} redirect Шлях до переадресації
+ */
+export default async function recoveryFunction(req, reply) {
+    const { pg = pgClients.client, session = {}, body = {} } = req;
+    if (!config?.auth?.["2factor"]) {
+        return reply.status(400).send("2fa not enabled");
+    }
+    if (!config.pg) {
+        return reply.status(400).send("empty pg");
+    }
+    const { code } = body;
+    const { uid, email } = session.passport?.user || {};
+    if (!code) {
+        if (!email) {
+            return reply.status(404).send("user recovery email not set");
+        }
+        // return reply.status(400).send('not enough params');
+        const customPt = await getTemplate("pt", template);
+        const pt = customPt ||
+            (await readFile(path.join(dirname, `../templates/pt/${template}.html`), "utf8"));
+        const recoveryCodes = await pg
+            .query(`select social_auth_obj->'codesArray' as "recoveryCodes" from admin.users_social_auth
+      where uid = $1 and social_auth_type = $2`, [uid, "TOTP"])
+            .then((el) => el.rows?.[0]?.recoveryCodes || []);
+        if (!recoveryCodes?.length) {
+            return reply.status(404).send("user recovery code not found");
+            // return { message: 'user recovery code not found', status: 404 };
+        }
+        const html = await handlebars.compile(pt)({
+            recoveryCodes: [recoveryCodes[0]],
+            domain: `${req.protocol || "https"}://${req.hostname}`,
+        });
+        await sendNotification({
+            pg,
+            to: email,
+            template: html,
+            title: `Recovery code for ${req.hostname} 2-factor authentication`,
+            nocache: config.local || config.debug,
+        });
+        return reply.redirect("/2factor?recovery=1");
+        // return reply.status(200).send('recovery code sent to user email');
+    }
+    try {
+        // validate recovery code
+        await verify({ uid, code, pg });
+        // delete old secret
+        await deleteSecret({
+            pg,
+            TYPE: "TOTP",
+            uid,
+        });
+        return reply.redirect("/2factor");
+    }
+    catch (err) {
+        return reply.status(500).send(err.toString());
+    }
+}

package/dist/server/routes/auth/controllers/2factor/toggle.js ADDED Viewed

@@ -0,0 +1,39 @@
+import config from '../../../../../config.js';
+import pgClients from '../../../../plugins/pg/pgClients.js';
+import { toggle } from './providers/totp.js';
+/**
+ * Включення/виключення двохфакторної авторизації для користувача
+ *
+ * @method GET
+ * @summary Включення/виключення двохфакторної авторизації
+ * @priority 2
+ * @alias toggle
+ * @type api
+ * @tag auth
+ * @requires 2fa
+ * @errors 500
+ * @returns {Number} status Номер помилки
+ * @returns {String|Object} error Опис помилки
+ * @returns {String|Object} message Повідомлення про успішне виконання або об'єкт з параметрами
+ */
+export default async function toggleFunction(req, reply) {
+    const { pg = pgClients.client, session = {}, query = {}, } = req;
+    const { uid } = session?.passport?.user || {};
+    const { code, enable } = query;
+    if (!config.pg) {
+        return reply.status(400).send('empty pg');
+    }
+    if (!uid) {
+        return reply.status(401).send('access restricted: unauthorized');
+    }
+    if (!code) {
+        return reply.status(400).send('param "code" is required');
+    }
+    if (!Object.hasOwn(query, 'enable')) {
+        return reply.status(400).send('param "enable" is required');
+    }
+    const data = await toggle({
+        pg, code, enable: enable === 'true', uid,
+    });
+    return reply.status(200).send(data);
+}