/* * SPDX-FileCopyrightText: syuilo and other misskey contributors * SPDX-License-Identifier: AGPL-3.0-only */ //import bcrypt from 'bcryptjs'; import * as argon2 from 'argon2'; import * as OTPAuth from 'otpauth'; import * as QRCode from 'qrcode'; import { Inject, Injectable } from '@nestjs/common'; import type { UserProfilesRepository } from '@/models/_.js'; import { Endpoint } from '@/server/api/endpoint-base.js'; import { DI } from '@/di-symbols.js'; import type { Config } from '@/config.js'; import { ApiError } from '@/server/api/error.js'; export const meta = { requireCredential: true, secure: true, errors: { incorrectPassword: { message: 'Incorrect password.', code: 'INCORRECT_PASSWORD', id: '78d6c839-20c9-4c66-b90a-fc0542168b48', }, }, } as const; export const paramDef = { type: 'object', properties: { password: { type: 'string' }, }, required: ['password'], } as const; @Injectable() export default class extends Endpoint { // eslint-disable-line import/no-default-export constructor( @Inject(DI.config) private config: Config, @Inject(DI.userProfilesRepository) private userProfilesRepository: UserProfilesRepository, ) { super(meta, paramDef, async (ps, me) => { const profile = await this.userProfilesRepository.findOneByOrFail({ userId: me.id }); // Compare password const same = await argon2.verify(profile.password ?? '', ps.password); if (!same) { throw new ApiError(meta.errors.incorrectPassword); } // Generate user's secret key const secret = new OTPAuth.Secret(); await this.userProfilesRepository.update(me.id, { twoFactorTempSecret: secret.base32, }); // Get the data URL of the authenticator URL const totp = new OTPAuth.TOTP({ secret, digits: 6, label: me.username, issuer: this.config.host, }); const url = totp.toString(); const qr = await QRCode.toDataURL(url); return { qr, url, secret: secret.base32, label: me.username, issuer: this.config.host, }; }); } }