forked from rejetto/hfs
-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathplugin.js
53 lines (44 loc) · 1.63 KB
/
plugin.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
const path = require('path');
// Dynamically load the 'speakeasy' and 'qrcode' modules
const speakeasy = require(path.join(process.cwd(), 'node_modules', 'speakeasy'));
const qrcode = require(path.join(process.cwd(), 'node_modules', 'qrcode'));
exports.description = "TOTP MFA Plugin";
exports.version = 1.0;
exports.apiRequired = [10.3];
exports.init = async function(api) {
// Open the database for storing the secret
const db = await api.openDb('totp-mfa');
let secret = await db.get('secret');
// If secret does not exist, create one and store it
if (!secret) {
const generatedSecret = speakeasy.generateSecret({ length: 20 });
await db.put('secret', generatedSecret.base32);
secret = generatedSecret.base32;
}
// Middleware to handle MFA setup
exports.middleware = async ctx => {
if (ctx.path === '/mfa-setup') {
// Generate QR code for the secret
const url = speakeasy.otpauthURL({ secret, label: 'HFS', issuer: 'HFS' });
const qrCode = await qrcode.toDataURL(url);
ctx.body = `<img src="${qrCode}">`;
return;
}
// Proceed with normal request handling
return ctx.next();
};
// Listen to the login event to verify the TOTP token
api.events.on('attemptingLogin', async ({ ctx, username, password }) => {
const token = ctx.request.body.token; // Assuming token is sent in the request body
const verified = speakeasy.totp.verify({ secret, encoding: 'base32', token });
if (!verified) {
ctx.body = 'MFA Failed';
return api.events.preventDefault;
}
});
return {
unload: () => {
// Cleanup if needed when the plugin is unloaded
}
};
};