Merge pull request #47 from TaloDev/develop

2FA

Author: tudddorrr

.gitignore

@@ -7,3 +7,4 @@ dist/
 coverage/
 backup.sql
 .eslintcache
+tests/cache.json

__mocks__/ioredis.ts

@@ -0,0 +1,50 @@
+import fs from 'fs/promises'
+
+interface CacheItem {
+  key: string
+  value: string | number
+  extra: (string | number)[]
+}
+
+export class RedisMock {
+  filepath = 'tests/cache.json'
+
+  async _init(): Promise<void> {
+    await this._write([])
+  }
+
+  async _read(): Promise<CacheItem[]> {
+    const content = await fs.readFile(this.filepath, 'utf-8')
+    return JSON.parse(content)
+  }
+
+  async _write(data: CacheItem[]): Promise<void> {
+    await fs.writeFile(this.filepath, JSON.stringify(data))
+  }
+}
+
+export default class Redis extends RedisMock {
+  async get(key: string): Promise<string | number> {
+    const data = await this._read()
+    return data.find((item) => item.key === key)?.value
+  }
+
+  async set(key: string, value: string | number, ...extra: (string | number)[]): Promise<void> {
+    const data = await this.del(key)
+    data.push({
+      key,
+      value,
+      extra
+    })
+
+    await this._write(data)
+  }
+
+  async del(key: string): Promise<CacheItem[]> {
+    let data = await this._read()
+    data = data.filter((item) => item.key !== key)
+    await this._write(data)
+
+    return data
+  }
+}

envs/.env.dev

@@ -16,3 +16,5 @@ SENTRY_DSN=
 
 AUTO_CONFIRM_EMAIL=false
 FROM_EMAIL=hello@trytalo.com
+
+RECOVERY_CODES_SECRET=tc0d8e0h0lqv5isajfjw0iivj5pc3d95

jest.config.js

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-undef
 module.exports = {
   preset: 'ts-jest',
   testEnvironment: 'node',

package.json

@@ -1,6 +1,6 @@
 {
   "name": "game-services",
-  "version": "0.1.2",
+  "version": "0.2.0",
   "description": "",
   "main": "src/index.ts",
   "scripts": {
@@ -14,6 +14,7 @@
     "logs": "yarn dc logs --follow backend",
     "restart": "yarn down && yarn up",
     "migration:create": "DB_HOST=127.0.0.1 mikro-orm migration:create",
+    "migration:up": "DB_HOST=127.0.0.1 mikro-orm migration:up",
     "service:create": "hygen service new",
     "prepare": "husky install",
     "lint": "eslint src/**/*.ts tests/**/*.ts"
@@ -71,6 +72,8 @@
     "lodash.get": "^4.4.2",
     "lodash.groupby": "^4.6.0",
     "lodash.uniqwith": "^4.5.0",
+    "otplib": "^12.0.1",
+    "qrcode": "^1.5.0",
     "uuid": "^8.3.2"
   },
   "mikro-orm": {

src/entities/index.ts

@@ -12,8 +12,12 @@ import Prop from './prop'
 import User from './user'
 import UserAccessCode from './user-access-code'
 import UserSession from './user-session'
+import UserTwoFactorAuth from './user-two-factor-auth'
+import UserRecoveryCode from './user-recovery-code'
 
 export default [
+  UserRecoveryCode,
+  UserTwoFactorAuth,
   Leaderboard,
   LeaderboardEntry,
   DataExport,

src/entities/user-recovery-code.ts

@@ -0,0 +1,56 @@
+import { Entity, ManyToOne, PrimaryKey, Property } from '@mikro-orm/core'
+import User from './user'
+import crypto from 'crypto'
+
+const IV_LENGTH = 16
+
+@Entity()
+export default class UserRecoveryCode {
+  @PrimaryKey()
+  id: number
+
+  @ManyToOne(() => User)
+  user: User
+
+  @Property()
+  code: string = this.generateCode()
+
+  @Property()
+  createdAt: Date = new Date()
+
+  constructor(user: User) {
+    this.user = user
+  }
+
+  generateCode(): string {
+    const characters = 'ABCDEFGHIJKMNOPQRSTUVWXYZ0123456789'
+    let code = ''
+
+    for (let i = 0; i < 10; i++ ) {
+      code += characters.charAt(Math.floor(Math.random() * characters.length))
+    }
+
+    const iv = Buffer.from(crypto.randomBytes(IV_LENGTH)).toString('hex').slice(0, IV_LENGTH)
+    const cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(process.env.RECOVERY_CODES_SECRET), iv)
+    let encrypted = cipher.update(code)
+
+    encrypted = Buffer.concat([encrypted, cipher.final()])
+    return iv + ':' + encrypted.toString('hex')
+  }
+
+  getPlainCode(): string {
+    const textParts: string[] = this.code.split(':')
+
+    const iv = Buffer.from(textParts.shift(), 'binary')
+    const encryptedText = Buffer.from(textParts.join(':'), 'hex')
+    const decipher = crypto.createDecipheriv('aes-256-cbc', Buffer.from(process.env.RECOVERY_CODES_SECRET), iv)
+    let decrypted = decipher.update(encryptedText)
+
+    decrypted = Buffer.concat([decrypted, decipher.final()])
+    return decrypted.toString()
+  }
+
+  toJSON() {
+    return this.getPlainCode()
+  }
+}

src/entities/user-two-factor-auth.ts

@@ -0,0 +1,28 @@
+import { Entity, OneToOne, PrimaryKey, Property } from '@mikro-orm/core'
+import User from './user'
+
+@Entity()
+export default class UserTwoFactorAuth {
+  @PrimaryKey()
+  id: number
+
+  @OneToOne(() => User, (user) => user.twoFactorAuth)
+  user: User
+
+  @Property({ hidden: true })
+  secret: string
+
+  @Property()
+  enabled: boolean
+
+  constructor(secret: string) {
+    this.secret = secret
+  }
+
+  toJSON() {
+    return {
+      id: this.id,
+      enabled: this.enabled
+    }
+  }
+}

src/entities/user.ts

@@ -1,5 +1,7 @@
-import { Entity, Enum, ManyToOne, PrimaryKey, Property } from '@mikro-orm/core'
+import { Collection, Entity, Enum, ManyToOne, OneToMany, OneToOne, PrimaryKey, Property } from '@mikro-orm/core'
 import Organisation from './organisation'
+import UserRecoveryCode from './user-recovery-code'
+import UserTwoFactorAuth from './user-two-factor-auth'
 
 export enum UserType {
   DEV,
@@ -30,6 +32,12 @@ export default class User {
   @Property({ default: false })
   emailConfirmed: boolean
 
+  @OneToOne({ nullable: true, orphanRemoval: true, eager: true })
+  twoFactorAuth: UserTwoFactorAuth
+
+  @OneToMany(() => UserRecoveryCode, (recoveryCode) => recoveryCode.user, { orphanRemoval: true })
+  recoveryCodes: Collection<UserRecoveryCode> = new Collection<UserRecoveryCode>(this)
+
   @Property()
   createdAt: Date = new Date()
 
@@ -43,7 +51,8 @@ export default class User {
       lastSeenAt: this.lastSeenAt,
       emailConfirmed: this.emailConfirmed,
       organisation: this.organisation,
-      type: this.type
+      type: this.type,
+      has2fa: this.twoFactorAuth?.enabled ?? false
     }
   }
 }

src/lib/auth/generateRecoveryCodes.ts

@@ -0,0 +1,6 @@
+import User from '../../entities/user'
+import UserRecoveryCode from '../../entities/user-recovery-code'
+
+export default function generateRecoveryCodes(user: User): UserRecoveryCode[] {
+  return [...new Array(8)].map(() => new UserRecoveryCode(user))
+}