@waline/vercel 1.11.0 → 1.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/package.json +2 -1
  2. package/src/controller/token/2fa.js +62 -0
  3. package/src/controller/token.js +15 -3
  4. package/src/controller/user.js +5 -0
  5. package/src/logic/base.js +1 -0
  6. package/src/logic/token/2fa.js +27 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@waline/vercel",
3
- "version": "1.11.0",
3
+ "version": "1.12.0",
4
4
  "description": "vercel server for waline comment system",
5
5
  "repository": "https://github.com/walinejs/waline",
6
6
  "license": "MIT",
@@ -27,6 +27,7 @@
27
27
  "prismjs": "^1.27.0",
28
28
  "request": "^2.88.2",
29
29
  "request-promise-native": "^1.0.9",
30
+ "speakeasy": "^2.0.0",
30
31
  "think-logger3": "^1.3.1",
31
32
  "think-model": "^1.5.4",
32
33
  "think-model-mysql": "^1.1.7",
package/src/controller/token/2fa.js ADDED
@@ -0,0 +1,62 @@
1
+ const speakeasy = require('speakeasy');
2
+ const BaseRest = require('../rest');
3
+
4
+ module.exports = class extends BaseRest {
5
+ async getAction() {
6
+ const { userInfo } = this.ctx.state;
7
+ const { email } = this.get();
8
+
9
+ if (think.isEmpty(userInfo) && email) {
10
+ const userModel = this.service(
11
+ `storage/${this.config('storage')}`,
12
+ 'Users'
13
+ );
14
+
15
+ const user = await userModel.select(
16
+ { email },
17
+ {
18
+ field: ['2fa'],
19
+ }
20
+ );
21
+ const is2FAEnabled = !think.isEmpty(user) && Boolean(user[0]['2fa']);
22
+ return this.success({ enable: is2FAEnabled });
23
+ }
24
+
25
+ const name = `waline_${userInfo.objectId}`;
26
+ if (userInfo['2fa'] && userInfo['2fa'].length == 32) {
27
+ return this.success({
28
+ otpauth_url: `otpauth://totp/${name}?secret=${userInfo['2fa']}`,
29
+ secret: userInfo['2fa'],
30
+ });
31
+ }
32
+
33
+ const { otpauth_url, base32: secret } = speakeasy.generateSecret({
34
+ length: 20,
35
+ name,
36
+ });
37
+ return this.success({ otpauth_url, secret });
38
+ }
39
+
40
+ async postAction() {
41
+ const data = this.post();
42
+ const verified = speakeasy.totp.verify({
43
+ secret: data.secret,
44
+ encoding: 'base32',
45
+ token: data.code,
46
+ window: 2,
47
+ });
48
+
49
+ if (!verified) {
50
+ return this.fail('TWO_FACTOR_AUTH_ERROR_DETAIL');
51
+ }
52
+
53
+ const userModel = this.service(
54
+ `storage/${this.config('storage')}`,
55
+ 'Users'
56
+ );
57
+ const { objectId } = this.ctx.state.userInfo;
58
+ await userModel.update({ ['2fa']: data.secret }, { objectId });
59
+
60
+ return this.success();
61
+ }
62
+ };
package/src/controller/token.js CHANGED
@@ -1,3 +1,4 @@
1
+ const speakeasy = require('speakeasy');
1
2
  const jwt = require('jsonwebtoken');
2
3
  const helper = require('think-helper');
3
4
  const { PasswordHash } = require('phpass');
@@ -17,7 +18,7 @@ module.exports = class extends BaseRest {
17
18
  }
18
19
 
19
20
  async postAction() {
20
- const { email, password } = this.post();
21
+ const { email, password, code } = this.post();
21
22
  const user = await this.modelInstance.select({ email });
22
23
 
23
24
  if (think.isEmpty(user) || /^verify:/i.test(user[0].type)) {
@@ -33,13 +34,24 @@ module.exports = class extends BaseRest {
33
34
  return this.fail();
34
35
  }
35
36
 
36
- let avatar = user[0].avatar;
37
+ const twoFactorAuthSecret = user[0]['2fa'];
38
+ if (twoFactorAuthSecret) {
39
+ const verified = speakeasy.totp.verify({
40
+ secret: twoFactorAuthSecret,
41
+ encoding: 'base32',
42
+ token: code,
43
+ window: 2,
44
+ });
45
+ if (!verified) {
46
+ return this.fail();
47
+ }
48
+ }
37
49
 
50
+ let avatar = user[0].avatar;
38
51
  if (/(github)/i.test(avatar)) {
39
52
  avatar =
40
53
  this.config('avatarProxy') + '?url=' + encodeURIComponent(avatar);
41
54
  }
42
-
43
55
  user[0].avatar = avatar;
44
56
 
45
57
  return this.success({
package/src/controller/user.js CHANGED
@@ -80,6 +80,7 @@ module.exports = class extends BaseRest {
80
80
  async putAction() {
81
81
  const { display_name, url, avatar, password } = this.post();
82
82
  const { objectId } = this.ctx.state.userInfo;
83
+ const twoFactorAuth = this.post('2fa');
83
84
 
84
85
  const updateData = {};
85
86
 
@@ -99,6 +100,10 @@ module.exports = class extends BaseRest {
99
100
  updateData.password = new PasswordHash().hashPassword(password);
100
101
  }
101
102
 
103
+ if (think.isString(twoFactorAuth)) {
104
+ updateData['2fa'] = twoFactorAuth;
105
+ }
106
+
102
107
  const socials = ['github', 'twitter', 'facebook', 'google', 'weibo', 'qq'];
103
108
  socials.forEach((social) => {
104
109
  const nextSocial = this.post(social);
package/src/logic/base.js CHANGED
@@ -63,6 +63,7 @@ module.exports = class extends think.Logic {
63
63
  'weibo',
64
64
  'qq',
65
65
  'avatar',
66
+ '2fa',
66
67
  ],
67
68
  }
68
69
  );
package/src/logic/token/2fa.js ADDED
@@ -0,0 +1,27 @@
1
+ const Base = require('../base');
2
+
3
+ module.exports = class extends Base {
4
+ async getAction() {
5
+ const { email } = this.get();
6
+ const { userInfo } = this.ctx.state;
7
+
8
+ if (think.isEmpty(userInfo) && !email) {
9
+ return this.fail(401);
10
+ }
11
+ }
12
+
13
+ async postAction() {
14
+ const { userInfo } = this.ctx.state;
15
+ if (think.isEmpty(userInfo)) {
16
+ return this.fail(401);
17
+ }
18
+
19
+ this.rules = {
20
+ code: {
21
+ required: true,
22
+ string: true,
23
+ length: 6,
24
+ },
25
+ };
26
+ }
27
+ };