Add challenge type validation
This commit is contained in:
parent
bbd13453b2
commit
9c19cf509b
|
@ -4,16 +4,20 @@ import { randomUUID } from 'crypto';
|
|||
// 30 seconds
|
||||
const CHALLENGE_EXPIRY_MS = 3000000 * 1000;
|
||||
|
||||
export type ChallengeFlow = 'registration' | 'login';
|
||||
|
||||
export type ChallengeType = 'mnemonic';
|
||||
|
||||
@Entity({ tableName: 'challenge_codes' })
|
||||
export class ChallengeCode {
|
||||
@PrimaryKey({ name: 'code', type: 'uuid' })
|
||||
code: string = randomUUID();
|
||||
|
||||
@Property({ name: 'stage', type: 'text' })
|
||||
stage!: 'registration' | 'login';
|
||||
@Property({ name: 'flow', type: 'text' })
|
||||
flow!: ChallengeFlow;
|
||||
|
||||
@Property({ name: 'auth_type' })
|
||||
authType!: 'mnemonic';
|
||||
authType!: ChallengeType;
|
||||
|
||||
@Property({ type: 'date' })
|
||||
createdAt: Date = new Date();
|
||||
|
@ -24,7 +28,7 @@ export class ChallengeCode {
|
|||
|
||||
export interface ChallengeCodeDTO {
|
||||
code: string;
|
||||
stage: string;
|
||||
flow: string;
|
||||
authType: string;
|
||||
createdAt: string;
|
||||
expiresAt: string;
|
||||
|
@ -35,7 +39,7 @@ export function formatChallengeCode(
|
|||
): ChallengeCodeDTO {
|
||||
return {
|
||||
code: challenge.code,
|
||||
stage: challenge.stage,
|
||||
flow: challenge.flow,
|
||||
authType: challenge.authType,
|
||||
createdAt: challenge.createdAt.toISOString(),
|
||||
expiresAt: challenge.expiresAt.toISOString(),
|
||||
|
|
|
@ -37,7 +37,7 @@ export const manageAuthRouter = makeRouter((app) => {
|
|||
|
||||
const challenge = new ChallengeCode();
|
||||
challenge.authType = 'mnemonic';
|
||||
challenge.stage = 'registration';
|
||||
challenge.flow = 'registration';
|
||||
|
||||
await em.persistAndFlush(challenge);
|
||||
|
||||
|
@ -56,6 +56,8 @@ export const manageAuthRouter = makeRouter((app) => {
|
|||
body.challenge.code,
|
||||
body.publicKey,
|
||||
body.challenge.signature,
|
||||
'registration',
|
||||
'mnemonic',
|
||||
);
|
||||
|
||||
const user = new User();
|
||||
|
|
|
@ -8,6 +8,8 @@ export async function assertChallengeCode(
|
|||
code: string,
|
||||
publicKey: string,
|
||||
signature: string,
|
||||
validFlow: ChallengeFlow,
|
||||
validType: ChallengeType,
|
||||
) {
|
||||
const now = Date.now();
|
||||
|
||||
|
@ -15,7 +17,13 @@ export async function assertChallengeCode(
|
|||
code,
|
||||
});
|
||||
|
||||
if (!challenge) throw new StatusError('Challenge Code Invalid', 401);
|
||||
if (
|
||||
!challenge ||
|
||||
challenge.flow !== validFlow ||
|
||||
challenge.authType !== validType
|
||||
) {
|
||||
throw new StatusError('Challenge Code Invalid', 401);
|
||||
}
|
||||
|
||||
if (challenge.expiresAt.getTime() <= now)
|
||||
throw new StatusError('Challenge Code Expired', 401);
|
||||
|
|
Loading…
Reference in New Issue