PeerTube/server/middlewares/validators/two-factor.ts

import express from 'express'
import { body, param } from 'express-validator'
import { HttpStatusCode, UserRight } from '@shared/models'
import { exists, isIdValid } from '../../helpers/custom-validators/misc'
import { areValidationErrors, checkUserIdExist } from './shared'

const requestOrConfirmTwoFactorValidator = [
  param('id').custom(isIdValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    if (!await checkCanEnableOrDisableTwoFactor(req.params.id, res)) return

    if (res.locals.user.otpSecret) {
      return res.fail({
        status: HttpStatusCode.BAD_REQUEST_400,
        message: `Two factor is already enabled.`
      })
    }

    return next()
  }
]

const confirmTwoFactorValidator = [
  body('requestToken').custom(exists),
  body('otpToken').custom(exists),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    return next()
  }
]

const disableTwoFactorValidator = [
  param('id').custom(isIdValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    if (!await checkCanEnableOrDisableTwoFactor(req.params.id, res)) return

    if (!res.locals.user.otpSecret) {
      return res.fail({
        status: HttpStatusCode.BAD_REQUEST_400,
        message: `Two factor is already disabled.`
      })
    }

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  requestOrConfirmTwoFactorValidator,
  confirmTwoFactorValidator,
  disableTwoFactorValidator
}

// ---------------------------------------------------------------------------

async function checkCanEnableOrDisableTwoFactor (userId: number | string, res: express.Response) {
  const authUser = res.locals.oauth.token.user

  if (!await checkUserIdExist(userId, res)) return

  if (res.locals.user.id !== authUser.id && authUser.hasRight(UserRight.MANAGE_USERS) !== true) {
    res.fail({
      status: HttpStatusCode.FORBIDDEN_403,
      message: `User ${authUser.username} does not have right to change two factor setting of this user.`
    })

    return false
  }

  return true
}
Support two factor authentication in backend 2022-10-05 15:37:15 +02:00			`import express from 'express'`
			`import { body, param } from 'express-validator'`
			`import { HttpStatusCode, UserRight } from '@shared/models'`
			`import { exists, isIdValid } from '../../helpers/custom-validators/misc'`
			`import { areValidationErrors, checkUserIdExist } from './shared'`

			`const requestOrConfirmTwoFactorValidator = [`
			`param('id').custom(isIdValid),`

			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`if (areValidationErrors(req, res)) return`

			`if (!await checkCanEnableOrDisableTwoFactor(req.params.id, res)) return`

			`if (res.locals.user.otpSecret) {`
			`return res.fail({`
			`status: HttpStatusCode.BAD_REQUEST_400,`
			message: `Two factor is already enabled.`
			`})`
			`}`

			`return next()`
			`}`
			`]`

			`const confirmTwoFactorValidator = [`
			`body('requestToken').custom(exists),`
			`body('otpToken').custom(exists),`

			`(req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`if (areValidationErrors(req, res)) return`

			`return next()`
			`}`
			`]`

			`const disableTwoFactorValidator = [`
			`param('id').custom(isIdValid),`

			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`if (areValidationErrors(req, res)) return`

			`if (!await checkCanEnableOrDisableTwoFactor(req.params.id, res)) return`

			`if (!res.locals.user.otpSecret) {`
			`return res.fail({`
			`status: HttpStatusCode.BAD_REQUEST_400,`
			message: `Two factor is already disabled.`
			`})`
			`}`

			`return next()`
			`}`
			`]`

			`// ---------------------------------------------------------------------------`

			`export {`
			`requestOrConfirmTwoFactorValidator,`
			`confirmTwoFactorValidator,`
			`disableTwoFactorValidator`
			`}`

			`// ---------------------------------------------------------------------------`

			`async function checkCanEnableOrDisableTwoFactor (userId: number \| string, res: express.Response) {`
			`const authUser = res.locals.oauth.token.user`

			`if (!await checkUserIdExist(userId, res)) return`

			`if (res.locals.user.id !== authUser.id && authUser.hasRight(UserRight.MANAGE_USERS) !== true) {`
			`res.fail({`
			`status: HttpStatusCode.FORBIDDEN_403,`
			message: `User ${authUser.username} does not have right to change two factor setting of this user.`
			`})`

			`return false`
			`}`

			`return true`
			`}`