diff options
| author | schererleander <leander@schererleander.de> | 2025-12-26 18:08:48 +0100 |
|---|---|---|
| committer | schererleander <leander@schererleander.de> | 2025-12-26 18:08:48 +0100 |
| commit | ad7b4f1ab0b3ef2f71e9a70078716aed50cdbf64 (patch) | |
| tree | 944f78aeb0364e962b84c98ea6bb236072413656 /src/lib/auth-helpers.ts | |
| parent | a23753f65272dca3f0b54bed16d96512a3cbe20d (diff) | |
feat(auth): add two-factor authentication support
Diffstat (limited to 'src/lib/auth-helpers.ts')
| -rw-r--r-- | src/lib/auth-helpers.ts | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/lib/auth-helpers.ts b/src/lib/auth-helpers.ts new file mode 100644 index 0000000..b2d7488 --- /dev/null +++ b/src/lib/auth-helpers.ts @@ -0,0 +1,27 @@ +import { authenticator } from "otplib" + +interface TwoFactorCheck { + twoFactorEnabled?: boolean + twoFactorSecret?: string +} + +export function verifyTwoFactor( + user: TwoFactorCheck, + code?: string +): void { + if (user.twoFactorEnabled) { + // If the user signed up but hasn't set up 2FA yet (secret is missing), + // we can either skip 2FA or treat it as disabled. + // Here we treat it as disabled if no secret is present. + if (user.twoFactorSecret) { + if (!code) { + throw new Error("2FA_REQUIRED") + } + + const isValid = authenticator.check(code, user.twoFactorSecret) + if (!isValid) { + throw new Error("Invalid 2FA Code") + } + } + } +} |