diff options
Diffstat (limited to 'src/lib/auth-helpers.ts')
| -rw-r--r-- | src/lib/auth-helpers.ts | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/lib/auth-helpers.ts b/src/lib/auth-helpers.ts new file mode 100644 index 0000000..b2d7488 --- /dev/null +++ b/src/lib/auth-helpers.ts @@ -0,0 +1,27 @@ +import { authenticator } from "otplib" + +interface TwoFactorCheck { + twoFactorEnabled?: boolean + twoFactorSecret?: string +} + +export function verifyTwoFactor( + user: TwoFactorCheck, + code?: string +): void { + if (user.twoFactorEnabled) { + // If the user signed up but hasn't set up 2FA yet (secret is missing), + // we can either skip 2FA or treat it as disabled. + // Here we treat it as disabled if no secret is present. + if (user.twoFactorSecret) { + if (!code) { + throw new Error("2FA_REQUIRED") + } + + const isValid = authenticator.check(code, user.twoFactorSecret) + if (!isValid) { + throw new Error("Invalid 2FA Code") + } + } + } +} |