08011d22d5
- Phase 25.4: N shortcut for new exploration on dashboard (react-hotkeys-hook) - Phase 25.5: overflow-x-auto on tables, responsive padding (p-4 md:p-6) - Phase 26: SAML/OIDC/LDAP providers (build-fixed), TOTP/MFA service - Phase 26: KyselySSOConfigRepository + KyselyTOTPRepository - Phase 26: SSO HTTP controller (config CRUD + MFA setup/verify/disable) - Phase 26: Audit module index.ts + SSO module index.ts - Phase 26: Session management endpoints (findByUserId, deleteById, list/revoke) - Phase 26: SSO and audit routes feature-gated (auth:sso, audit:logs) - Phase 26: Frontend SSOSection (SAML/OIDC/LDAP config + TOTP setup) - Phase 26: Frontend SessionsSection (list/revoke active sessions) - Phase 26: Settings navigation updated with SSO & Sessions sections Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
40 lines
1.1 KiB
JavaScript
40 lines
1.1 KiB
JavaScript
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.TOTPService = void 0;
|
|
/**
|
|
* TOTP (Time-based One-Time Password) service.
|
|
* Uses otpauth library for RFC 6238 compliant TOTP.
|
|
*/
|
|
const otpauth_1 = require("otpauth");
|
|
class TOTPService {
|
|
constructor(issuer = 'ABE') {
|
|
this.issuer = issuer;
|
|
}
|
|
generateSecret(userId, label) {
|
|
const totp = new otpauth_1.TOTP({
|
|
issuer: this.issuer,
|
|
label,
|
|
algorithm: 'SHA1',
|
|
digits: 6,
|
|
period: 30,
|
|
secret: new otpauth_1.Secret({ size: 20 }),
|
|
});
|
|
return {
|
|
secret: totp.secret.base32,
|
|
otpauthUrl: totp.toString(),
|
|
};
|
|
}
|
|
verify(secret, token) {
|
|
const totp = new otpauth_1.TOTP({
|
|
issuer: this.issuer,
|
|
algorithm: 'SHA1',
|
|
digits: 6,
|
|
period: 30,
|
|
secret: otpauth_1.Secret.fromBase32(secret),
|
|
});
|
|
const delta = totp.validate({ token, window: 1 });
|
|
return delta !== null;
|
|
}
|
|
}
|
|
exports.TOTPService = TOTPService;
|