@sync-in/server/server/authentication/guards/auth-two-fa-guard.js

The secure, open-source platform for file storage, sharing, collaboration, and sync

/*
 * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>
 * This file is part of Sync-in | The open source file sync and share solution
 * See the LICENSE file for licensing details
 */ "use strict";
Object.defineProperty(exports, "__esModule", {
    value: true
});
function _export(target, all) {
    for(var name in all)Object.defineProperty(target, name, {
        enumerable: true,
        get: Object.getOwnPropertyDescriptor(all, name).get
    });
}
_export(exports, {
    get AuthTwoFaGuard () {
        return AuthTwoFaGuard;
    },
    get AuthTwoFaGuardWithoutPassword () {
        return AuthTwoFaGuardWithoutPassword;
    }
});
const _common = require("@nestjs/common");
const _configenvironment = require("../../configuration/config.environment");
const _auth = require("../constants/auth");
const _authmethodtwofaservice = require("../services/auth-methods/auth-method-two-fa.service");
function _ts_decorate(decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
}
function _ts_metadata(k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
}
const AuthTwoFaGuard = AuthTwoFaGuardFactory();
const AuthTwoFaGuardWithoutPassword = AuthTwoFaGuardFactory({
    withPassword: false
});
function AuthTwoFaGuardFactory(options = {
    withPassword: true
}) {
    let MixinAuthTwoFaGuard = class MixinAuthTwoFaGuard {
        async canActivate(ctx) {
            const req = ctx.switchToHttp().getRequest();
            const user = await this.authMethod2FA.loadUser(req.user.id, req.ip);
            if (options.withPassword) {
                if (!req.headers[_auth.TWO_FA_HEADER_PASSWORD]) {
                    throw new _common.HttpException('Missing TWO-FA password', _common.HttpStatus.FORBIDDEN);
                }
                await this.authMethod2FA.verifyUserPassword(user, req.headers[_auth.TWO_FA_HEADER_PASSWORD], req.ip);
            }
            if (!_configenvironment.configuration.auth.mfa.totp.enabled || !user.twoFaEnabled) {
                return true;
            }
            if (!req.headers[_auth.TWO_FA_HEADER_CODE]) {
                throw new _common.HttpException('Missing TWO-FA code', _common.HttpStatus.FORBIDDEN);
            }
            const auth = await this.authMethod2FA.verify({
                code: req.headers[_auth.TWO_FA_HEADER_CODE]
            }, req);
            if (!auth.success) {
                throw new _common.HttpException(auth.message, _common.HttpStatus.FORBIDDEN);
            }
            return true;
        }
        constructor(authMethod2FA){
            this.authMethod2FA = authMethod2FA;
        }
    };
    MixinAuthTwoFaGuard = _ts_decorate([
        (0, _common.Injectable)(),
        _ts_metadata("design:type", Function),
        _ts_metadata("design:paramtypes", [
            typeof _authmethodtwofaservice.AuthMethod2FA === "undefined" ? Object : _authmethodtwofaservice.AuthMethod2FA
        ])
    ], MixinAuthTwoFaGuard);
    return (0, _common.mixin)(MixinAuthTwoFaGuard);
}

//# sourceMappingURL=auth-two-fa-guard.js.map