aboutsummaryrefslogtreecommitdiff
path: root/src/app/api/user/2fa/route.ts
diff options
context:
space:
mode:
Diffstat (limited to 'src/app/api/user/2fa/route.ts')
-rw-r--r--src/app/api/user/2fa/route.ts97
1 files changed, 97 insertions, 0 deletions
diff --git a/src/app/api/user/2fa/route.ts b/src/app/api/user/2fa/route.ts
new file mode 100644
index 0000000..c5fcf83
--- /dev/null
+++ b/src/app/api/user/2fa/route.ts
@@ -0,0 +1,97 @@
+import { NextRequest, NextResponse } from "next/server"
+import { getServerSession } from "next-auth"
+import { authenticator } from "otplib"
+import QRCode from "qrcode"
+import dbConnect from "@/lib/mongodb"
+import User from "@/model/User"
+import { authOptions } from "@/lib/auth"
+
+export async function POST(req: NextRequest) {
+ try {
+ const session = await getServerSession(authOptions)
+ if (!session?.user?.id) {
+ return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
+ }
+
+ const { code, secret } = await req.json()
+
+ if (!code || !secret) {
+ return NextResponse.json(
+ { error: "Code and secret are required" },
+ { status: 400 }
+ )
+ }
+
+ const isValid = authenticator.check(code, secret)
+
+ if (!isValid) {
+ return NextResponse.json(
+ { error: "Invalid two-factor code" },
+ { status: 400 }
+ )
+ }
+
+ await dbConnect()
+ await User.findByIdAndUpdate(session.user.id, {
+ twoFactorEnabled: true,
+ twoFactorSecret: secret,
+ })
+
+ return NextResponse.json({ success: true })
+ } catch (error) {
+ console.error("2FA enable error:", error)
+ return NextResponse.json(
+ { error: "Failed to enable two-factor authentication" },
+ { status: 500 }
+ )
+ }
+}
+
+export async function DELETE() {
+ try {
+ const session = await getServerSession(authOptions)
+ if (!session?.user?.id) {
+ return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
+ }
+
+ await dbConnect()
+ await User.findByIdAndUpdate(session.user.id, {
+ twoFactorEnabled: false,
+ $unset: { twoFactorSecret: 1 },
+ })
+
+ return NextResponse.json({ success: true })
+ } catch (error) {
+ console.error("2FA disable error:", error)
+ return NextResponse.json(
+ { error: "Failed to disable two-factor authentication" },
+ { status: 500 }
+ )
+ }
+}
+
+// Generate new secret and QR code for setup
+export async function PUT() {
+ try {
+ const session = await getServerSession(authOptions)
+ if (!session?.user?.email) {
+ return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
+ }
+
+ const secret = authenticator.generateSecret()
+ const otpauth = authenticator.keyuri(
+ session.user.email,
+ "Next-Boilerplate",
+ secret
+ )
+ const qrCode = await QRCode.toDataURL(otpauth)
+
+ return NextResponse.json({ secret, qrCode })
+ } catch (error) {
+ console.error("2FA setup error:", error)
+ return NextResponse.json(
+ { error: "Failed to generate two-factor setup" },
+ { status: 500 }
+ )
+ }
+}
generated by cgit v1.3.1 (git 2.54.0) at 2026-05-30 15:50:58 +0000