UNPKG

@flowfuse/flowfuse

Version:

An open source low-code development platform

flowfuse.com

FlowFuse/flowfuse

77 lines (75 loc) 2.69 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
const speakeasy = require('@levminer/speakeasy') const QRCode = require('qrcode') const { DataTypes } = require('sequelize') module.exports = { name: 'MFAToken', schema: { token: { type: DataTypes.STRING, allowNull: false }, verified: { type: DataTypes.BOOLEAN, defaultValue: false } }, associations: function (M) { this.belongsTo(M.User, { onDelete: 'CASCADE' }) }, hooks: function (M, app) { return { afterDestroy: async (token, opts) => { const user = await token.getUser() user.mfa_enabled = false return user.save() } } }, finders: function (M) { return { instance: { generateAuthURL: async function () { const user = await this.getUser() const authURL = speakeasy.otpauthURL({ secret: this.token, label: `${user.username}@FlowFuse` }) return { url: authURL, qrcode: await QRCode.toDataURL(authURL) } }, verifyToken: function (token) { return speakeasy.totp.verify({ secret: this.token, window: 1, token }) }, generateToken: function () { return speakeasy.totp({ secret: this.token }) } }, static: { createTokenForUser: async (user) => { // There can be only one. await M.MFAToken.destroy({ where: { UserId: user.id }, individualHooks: true }) // Generate a new token const tokens = speakeasy.generateSecret() return M.MFAToken.create({ token: tokens.ascii, verified: false, UserId: user.id }) }, forUser: async (user) => { return this.findOne({ where: { UserId: user.id } }) }, verifyTokenForUser: async (user, token) => { const mfaToken = await M.MFAToken.forUser(user) return !!(mfaToken && mfaToken.verifyToken(token)) }, deleteTokenForUser: async (user) => { return M.MFAToken.destroy({ where: { UserId: user.id }, individualHooks: true }) } } } } }