UNPKG

@opengis/fastify-table

Version:

core-plugins

79 lines (78 loc) 3.38 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
import qr from "qrcode"; import { fileURLToPath } from "url"; import path from "node:path"; import { readFile } from "node:fs/promises"; import config from "../../../../../config.js"; import { handlebars } from "../../../../helpers/index.js"; import pgClients from "../../../../plugins/pg/pgClients.js"; import getTemplate from "../../../../plugins/table/funcs/getTemplate.js"; import { getSecret, generate } from "../2factor/providers/totp.js"; // relative default template filepath const filename = fileURLToPath(import.meta.url); const dirname = path.dirname(filename); const twoFactorPagePath = path.join(dirname, "../../../../../server/templates/page/2factor.html"); const defaultPagePath = path.join(dirname, "../../../../../server/templates/page/2factor-recovery.html"); const headers = { "Content-Type": "text/html; charset=UTF-8", "Cache-Control": "no-cache", "Accept-CH": "Viewport-Width, Width", }; export default async function loginTemplate(req, reply) { const { pg = pgClients.client } = req; const { uid } = req.user || {}; if (!uid) { return reply.status(401).send({ error: "unauthorized", code: 401 }); } const userExists = pg?.pk?.["admin.users"] ? await pg .query(`select uid from admin.users where uid=$1`, [uid]) .then((el) => el.rows?.[0]?.uid) : false; if (!userExists && config.pg) { return reply.status(404).send({ error: "user not found in db", code: 400 }); } const customBody = await getTemplate("page", "2factor"); const body = customBody || (await readFile(twoFactorPagePath, "utf8")); const { enabled, secret } = config.pg ? await getSecret({ pg, uid }) : {}; const { otp, recoveryCodes, key } = secret && pg?.pk?.["admin.users_social_auth"] ? await pg .query(`select social_auth_obj->'codesArray' as "recoveryCodes", enabled, social_auth_url as otp from admin.users_social_auth where uid=$1 and social_auth_type='TOTP'`, [uid]) ?.then((el) => el.rows?.[0] || {}) : await generate({ uid, pg }); /* -- access recovery start */ // user already authorized via euSign / social / login if (uid && !req.session?.secondFactorPassed && req.query?.recovery) { const customBodyRecovery = await getTemplate("page", "2factor-recovery"); const bodyRecovery = customBodyRecovery || (await readFile(defaultPagePath, "utf8")); const html = await handlebars.compile(bodyRecovery)({ recovery: true, query: req.query, // settings, req, protocol: req.protocol, hostname: req.hostname, port: process.env.PORT, config, }); return reply.headers(headers).send(html); } /* -- access recovery end -- */ if (req.session?.secondFactorPassed) { return reply.redirect("/"); } const base64 = !enabled && otp ? await qr.toDataURL(otp) : ""; const qrCode = base64 ? `<img src="${base64}" alt="qrcode">` : ""; const html = await handlebars.compile(body)({ secretKey: qrCode ? secret || key : undefined, enabled, qrCode, // settings, req, protocol: req.protocol, hostname: req.hostname, port: process.env.PORT, config, }); return reply.headers(headers).send(html); }