@waline/vercel 1.10.0 → 1.12.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@waline/vercel",
-  "version": "1.10.0",
+  "version": "1.12.0",
   "description": "vercel server for waline comment system",
   "repository": "https://github.com/walinejs/waline",
   "license": "MIT",
@@ -27,6 +27,7 @@
     "prismjs": "^1.27.0",
     "request": "^2.88.2",
     "request-promise-native": "^1.0.9",
+    "speakeasy": "^2.0.0",
     "think-logger3": "^1.3.1",
     "think-model": "^1.5.4",
     "think-model-mysql": "^1.1.7",

package/src/controller/token/2fa.js

@@ -0,0 +1,62 @@
+const speakeasy = require('speakeasy');
+const BaseRest = require('../rest');
+
+module.exports = class extends BaseRest {
+  async getAction() {
+    const { userInfo } = this.ctx.state;
+    const { email } = this.get();
+
+    if (think.isEmpty(userInfo) && email) {
+      const userModel = this.service(
+        `storage/${this.config('storage')}`,
+        'Users'
+      );
+
+      const user = await userModel.select(
+        { email },
+        {
+          field: ['2fa'],
+        }
+      );
+      const is2FAEnabled = !think.isEmpty(user) && Boolean(user[0]['2fa']);
+      return this.success({ enable: is2FAEnabled });
+    }
+
+    const name = `waline_${userInfo.objectId}`;
+    if (userInfo['2fa'] && userInfo['2fa'].length == 32) {
+      return this.success({
+        otpauth_url: `otpauth://totp/${name}?secret=${userInfo['2fa']}`,
+        secret: userInfo['2fa'],
+      });
+    }
+
+    const { otpauth_url, base32: secret } = speakeasy.generateSecret({
+      length: 20,
+      name,
+    });
+    return this.success({ otpauth_url, secret });
+  }
+
+  async postAction() {
+    const data = this.post();
+    const verified = speakeasy.totp.verify({
+      secret: data.secret,
+      encoding: 'base32',
+      token: data.code,
+      window: 2,
+    });
+
+    if (!verified) {
+      return this.fail('TWO_FACTOR_AUTH_ERROR_DETAIL');
+    }
+
+    const userModel = this.service(
+      `storage/${this.config('storage')}`,
+      'Users'
+    );
+    const { objectId } = this.ctx.state.userInfo;
+    await userModel.update({ ['2fa']: data.secret }, { objectId });
+
+    return this.success();
+  }
+};

package/src/controller/token.js

@@ -1,3 +1,4 @@
+const speakeasy = require('speakeasy');
 const jwt = require('jsonwebtoken');
 const helper = require('think-helper');
 const { PasswordHash } = require('phpass');
@@ -17,7 +18,7 @@ module.exports = class extends BaseRest {
   }
 
   async postAction() {
-    const { email, password } = this.post();
+    const { email, password, code } = this.post();
     const user = await this.modelInstance.select({ email });
 
     if (think.isEmpty(user) || /^verify:/i.test(user[0].type)) {
@@ -33,13 +34,24 @@ module.exports = class extends BaseRest {
       return this.fail();
     }
 
-    let avatar = user[0].avatar;
+    const twoFactorAuthSecret = user[0]['2fa'];
+    if (twoFactorAuthSecret) {
+      const verified = speakeasy.totp.verify({
+        secret: twoFactorAuthSecret,
+        encoding: 'base32',
+        token: code,
+        window: 2,
+      });
+      if (!verified) {
+        return this.fail();
+      }
+    }
 
+    let avatar = user[0].avatar;
     if (/(github)/i.test(avatar)) {
       avatar =
         this.config('avatarProxy') + '?url=' + encodeURIComponent(avatar);
     }
-
     user[0].avatar = avatar;
 
     return this.success({

package/src/controller/user.js

@@ -78,8 +78,9 @@ module.exports = class extends BaseRest {
   }
 
   async putAction() {
-    const { display_name, url, password } = this.post();
+    const { display_name, url, avatar, password } = this.post();
     const { objectId } = this.ctx.state.userInfo;
+    const twoFactorAuth = this.post('2fa');
 
     const updateData = {};
 
@@ -91,10 +92,18 @@ module.exports = class extends BaseRest {
       updateData.url = url;
     }
 
+    if (avatar) {
+      updateData.avatar = avatar;
+    }
+
     if (password) {
       updateData.password = new PasswordHash().hashPassword(password);
     }
 
+    if (think.isString(twoFactorAuth)) {
+      updateData['2fa'] = twoFactorAuth;
+    }
+
     const socials = ['github', 'twitter', 'facebook', 'google', 'weibo', 'qq'];
     socials.forEach((social) => {
       const nextSocial = this.post(social);

package/src/logic/base.js

@@ -63,6 +63,7 @@ module.exports = class extends think.Logic {
           'weibo',
           'qq',
           'avatar',
+          '2fa',
         ],
       }
     );

package/src/logic/token/2fa.js

@@ -0,0 +1,27 @@
+const Base = require('../base');
+
+module.exports = class extends Base {
+  async getAction() {
+    const { email } = this.get();
+    const { userInfo } = this.ctx.state;
+
+    if (think.isEmpty(userInfo) && !email) {
+      return this.fail(401);
+    }
+  }
+
+  async postAction() {
+    const { userInfo } = this.ctx.state;
+    if (think.isEmpty(userInfo)) {
+      return this.fail(401);
+    }
+
+    this.rules = {
+      code: {
+        required: true,
+        string: true,
+        length: 6,
+      },
+    };
+  }
+};

package/src/middleware/dashboard.js

@@ -13,7 +13,10 @@ module.exports = function () {
     window.SITE_URL = ${JSON.stringify(process.env.SITE_URL)};
     window.SITE_NAME = ${JSON.stringify(process.env.SITE_NAME)};
     </script>
-    <script src="https://cdn.jsdelivr.net/npm/@waline/admin"></script>
+    <script src="${
+      process.env.WALINE_ADMIN_MODULE_ASSET_URL ||
+      'https://cdn.jsdelivr.net/npm/@waline/admin'
+    }"></script>
   </body>
 </html>`;
   };