github/TREK
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: fix MFA integration — migration, otplib compat, branding, and add MFA translations for all languages

Browse Source
This commit is contained in:
Maurice
2026-03-29 13:18:53 +02:00
parent 530f233b7d
commit 3abcc0ec76
8 changed files with 153 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/src/db/migrations.ts
View File

@@ -194,8 +194,6 @@ function runMigrations(db: Database.Database): void {
try { db.exec('ALTER TABLE reservations ADD COLUMN reservation_end_time TEXT'); } catch {}
},
() => {
try { db.exec('ALTER TABLE users ADD COLUMN mfa_enabled INTEGER DEFAULT 0'); } catch {}
try { db.exec('ALTER TABLE users ADD COLUMN mfa_secret TEXT'); } catch {}
try { db.exec('ALTER TABLE places ADD COLUMN osm_id TEXT'); } catch {}
},
() => {
@@ -218,6 +216,10 @@ function runMigrations(db: Database.Database): void {
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
)`);
},
() => {
try { db.exec('ALTER TABLE users ADD COLUMN mfa_enabled INTEGER DEFAULT 0'); } catch {}
try { db.exec('ALTER TABLE users ADD COLUMN mfa_secret TEXT'); } catch {}
},
];
if (currentVersion < migrations.length) {

15
server/src/routes/auth.ts
View File

@@ -633,14 +633,21 @@ router.post('/mfa/setup', authenticate, (req: Request, res: Response) => {
if (row?.mfa_enabled) {
return res.status(400).json({ error: 'MFA is already enabled' });
}
const secret = authenticator.generateSecret();
mfaSetupPending.set(authReq.user.id, { secret, exp: Date.now() + MFA_SETUP_TTL_MS });
const otpauth_url = authenticator.keyuri(authReq.user.email, 'NOMAD', secret);
let secret: string, otpauth_url: string;
try {
secret = authenticator.generateSecret();
mfaSetupPending.set(authReq.user.id, { secret, exp: Date.now() + MFA_SETUP_TTL_MS });
otpauth_url = authenticator.keyuri(authReq.user.email, 'TREK', secret);
} catch (err) {
console.error('[MFA] Setup error:', err);
return res.status(500).json({ error: 'MFA setup failed' });
}
QRCode.toDataURL(otpauth_url)
.then((qr_data_url: string) => {
res.json({ secret, otpauth_url, qr_data_url });
})
.catch(() => {
.catch((err: unknown) => {
console.error('[MFA] QR code generation error:', err);
res.status(500).json({ error: 'Could not generate QR code' });
});
});