fase(25-26): keyboard shortcuts, mobile responsive, enterprise SSO/audit

- Phase 25.4: N shortcut for new exploration on dashboard (react-hotkeys-hook) - Phase 25.5: overflow-x-auto on tables, responsive padding (p-4 md:p-6) - Phase 26: SAML/OIDC/LDAP providers (build-fixed), TOTP/MFA service - Phase 26: KyselySSOConfigRepository + KyselyTOTPRepository - Phase 26: SSO HTTP controller (config CRUD + MFA setup/verify/disable) - Phase 26: Audit module index.ts + SSO module index.ts - Phase 26: Session management endpoints (findByUserId, deleteById, list/revoke) - Phase 26: SSO and audit routes feature-gated (auth:sso, audit:logs) - Phase 26: Frontend SSOSection (SAML/OIDC/LDAP config + TOTP setup) - Phase 26: Frontend SessionsSection (list/revoke active sessions) - Phase 26: Settings navigation updated with SSO & Sessions sections Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-08 13:38:25 -04:00
parent c3911bafe8
commit 08011d22d5
58 changed files with 2689 additions and 23 deletions
--- a/dist/modules/sso/infrastructure/providers/TOTPService.js
+++ b/dist/modules/sso/infrastructure/providers/TOTPService.js
@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TOTPService = void 0;
+/**
+ * TOTP (Time-based One-Time Password) service.
+ * Uses otpauth library for RFC 6238 compliant TOTP.
+ */
+const otpauth_1 = require("otpauth");
+class TOTPService {
+    constructor(issuer = 'ABE') {
+        this.issuer = issuer;
+    }
+    generateSecret(userId, label) {
+        const totp = new otpauth_1.TOTP({
+            issuer: this.issuer,
+            label,
+            algorithm: 'SHA1',
+            digits: 6,
+            period: 30,
+            secret: new otpauth_1.Secret({ size: 20 }),
+        });
+        return {
+            secret: totp.secret.base32,
+            otpauthUrl: totp.toString(),
+        };
+    }
+    verify(secret, token) {
+        const totp = new otpauth_1.TOTP({
+            issuer: this.issuer,
+            algorithm: 'SHA1',
+            digits: 6,
+            period: 30,
+            secret: otpauth_1.Secret.fromBase32(secret),
+        });
+        const delta = totp.validate({ token, window: 1 });
+        return delta !== null;
+    }
+}
+exports.TOTPService = TOTPService;