81 lines
2.2 KiB
TypeScript
81 lines
2.2 KiB
TypeScript
import express from 'express'
|
|
import { body, param } from 'express-validator'
|
|
import { HttpStatusCode, UserRight } from '@shared/models'
|
|
import { exists, isIdValid } from '../../helpers/custom-validators/misc'
|
|
import { areValidationErrors, checkUserIdExist } from './shared'
|
|
|
|
const requestOrConfirmTwoFactorValidator = [
|
|
param('id').custom(isIdValid),
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
if (!await checkCanEnableOrDisableTwoFactor(req.params.id, res)) return
|
|
|
|
if (res.locals.user.otpSecret) {
|
|
return res.fail({
|
|
status: HttpStatusCode.BAD_REQUEST_400,
|
|
message: `Two factor is already enabled.`
|
|
})
|
|
}
|
|
|
|
return next()
|
|
}
|
|
]
|
|
|
|
const confirmTwoFactorValidator = [
|
|
body('requestToken').custom(exists),
|
|
body('otpToken').custom(exists),
|
|
|
|
(req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
return next()
|
|
}
|
|
]
|
|
|
|
const disableTwoFactorValidator = [
|
|
param('id').custom(isIdValid),
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
if (!await checkCanEnableOrDisableTwoFactor(req.params.id, res)) return
|
|
|
|
if (!res.locals.user.otpSecret) {
|
|
return res.fail({
|
|
status: HttpStatusCode.BAD_REQUEST_400,
|
|
message: `Two factor is already disabled.`
|
|
})
|
|
}
|
|
|
|
return next()
|
|
}
|
|
]
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
export {
|
|
requestOrConfirmTwoFactorValidator,
|
|
confirmTwoFactorValidator,
|
|
disableTwoFactorValidator
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
async function checkCanEnableOrDisableTwoFactor (userId: number | string, res: express.Response) {
|
|
const authUser = res.locals.oauth.token.user
|
|
|
|
if (!await checkUserIdExist(userId, res)) return
|
|
|
|
if (res.locals.user.id !== authUser.id && authUser.hasRight(UserRight.MANAGE_USERS) !== true) {
|
|
res.fail({
|
|
status: HttpStatusCode.FORBIDDEN_403,
|
|
message: `User ${authUser.username} does not have right to change two factor setting of this user.`
|
|
})
|
|
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|