♻️ Rebuilt the otp system with cache
This commit is contained in:
parent
a4c6e9a905
commit
e1d7b4e20b
@ -26,7 +26,7 @@ var (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
FactorOtpPrefix = "otp."
|
FactorOtpPrefix = "auth-otp"
|
||||||
)
|
)
|
||||||
|
|
||||||
func InitializeToNexus() error {
|
func InitializeToNexus() error {
|
||||||
|
|||||||
@ -5,6 +5,7 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"git.solsynth.dev/hypernet/nexus/pkg/nex/cachekit"
|
||||||
"git.solsynth.dev/hypernet/nexus/pkg/nex/localize"
|
"git.solsynth.dev/hypernet/nexus/pkg/nex/localize"
|
||||||
|
|
||||||
"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
|
"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
|
||||||
@ -12,7 +13,6 @@ import (
|
|||||||
"git.solsynth.dev/hypernet/passport/pkg/internal/gap"
|
"git.solsynth.dev/hypernet/passport/pkg/internal/gap"
|
||||||
"git.solsynth.dev/hypernet/pusher/pkg/pushkit"
|
"git.solsynth.dev/hypernet/pusher/pkg/pushkit"
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
"github.com/nats-io/nats.go"
|
|
||||||
"github.com/pquerna/otp/totp"
|
"github.com/pquerna/otp/totp"
|
||||||
"github.com/rs/zerolog/log"
|
"github.com/rs/zerolog/log"
|
||||||
"github.com/samber/lo"
|
"github.com/samber/lo"
|
||||||
@ -68,12 +68,12 @@ func GetFactorCode(factor models.AuthFactor, ip string) (bool, error) {
|
|||||||
|
|
||||||
secret := uuid.NewString()[:6]
|
secret := uuid.NewString()[:6]
|
||||||
|
|
||||||
identifier := fmt.Sprintf("%s%d", gap.FactorOtpPrefix, factor.ID)
|
identifier := fmt.Sprintf("%s#%d", gap.FactorOtpPrefix, factor.ID)
|
||||||
_, err := gap.Jt.Publish(identifier, []byte(secret))
|
err := cachekit.Set(gap.Ca, identifier, secret, time.Minute*30, fmt.Sprintf("user#%d", factor.AccountID))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return true, fmt.Errorf("error during publish message: %v", err)
|
return true, fmt.Errorf("error during creating otp: %v", err)
|
||||||
} else {
|
} else {
|
||||||
log.Info().Uint("factor", factor.ID).Str("secret", secret).Msg("Published one-time-password to JetStream...")
|
log.Info().Uint("factor", factor.ID).Str("secret", secret).Msg("Created one-time-password in cache...")
|
||||||
}
|
}
|
||||||
|
|
||||||
err = NewNotification(models.Notification{
|
err = NewNotification(models.Notification{
|
||||||
@ -99,12 +99,12 @@ func GetFactorCode(factor models.AuthFactor, ip string) (bool, error) {
|
|||||||
|
|
||||||
secret := uuid.NewString()[:6]
|
secret := uuid.NewString()[:6]
|
||||||
|
|
||||||
identifier := fmt.Sprintf("%s%d", gap.FactorOtpPrefix, factor.ID)
|
identifier := fmt.Sprintf("%s#%d", gap.FactorOtpPrefix, factor.ID)
|
||||||
_, err := gap.Jt.Publish(identifier, []byte(secret))
|
err := cachekit.Set(gap.Ca, identifier, secret, time.Minute*30, fmt.Sprintf("user#%d", factor.AccountID))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return true, fmt.Errorf("error during publish message: %v", err)
|
return true, fmt.Errorf("error during creating otp: %v", err)
|
||||||
} else {
|
} else {
|
||||||
log.Info().Uint("factor", factor.ID).Str("secret", secret).Msg("Published one-time-password to JetStream...")
|
log.Info().Uint("factor", factor.ID).Str("secret", secret).Msg("Created one-time-password in cache...")
|
||||||
}
|
}
|
||||||
|
|
||||||
subject := fmt.Sprintf("[%s] %s", viper.GetString("name"), localize.L.GetLocalizedString("subjectLoginOneTimePassword", user.Language))
|
subject := fmt.Sprintf("[%s] %s", viper.GetString("name"), localize.L.GetLocalizedString("subjectLoginOneTimePassword", user.Language))
|
||||||
@ -149,33 +149,21 @@ func CheckFactor(factor models.AuthFactor, code string) error {
|
|||||||
)
|
)
|
||||||
case models.InAppNotifyFactor:
|
case models.InAppNotifyFactor:
|
||||||
case models.EmailPasswordFactor:
|
case models.EmailPasswordFactor:
|
||||||
identifier := fmt.Sprintf("%s%d", gap.FactorOtpPrefix, factor.ID)
|
identifier := fmt.Sprintf("%s#%d", gap.FactorOtpPrefix, factor.ID)
|
||||||
sub, err := gap.Jt.PullSubscribe(identifier, "otp_validator", nats.BindStream("OTPs"))
|
val, err := cachekit.Get[string](gap.Ca, identifier)
|
||||||
if err != nil {
|
|
||||||
log.Error().Err(err).Msg("Error subscribing to subject when validating factor code...")
|
|
||||||
return fmt.Errorf("error subscribing to subject: %v", err)
|
|
||||||
}
|
|
||||||
defer sub.Unsubscribe()
|
|
||||||
|
|
||||||
msgs, err := sub.Fetch(1, nats.MaxWait(3*time.Second))
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error().Err(err).Msg("Error fetching message when validating factor code...")
|
log.Error().Err(err).Msg("Error fetching message when validating factor code...")
|
||||||
return fmt.Errorf("error fetching message: %v", err)
|
return fmt.Errorf("one-time-password not found or expired")
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(msgs) > 0 {
|
if !strings.EqualFold(code, val) {
|
||||||
msg := msgs[0]
|
return fmt.Errorf("invalid verification code")
|
||||||
if !strings.EqualFold(code, string(msg.Data)) {
|
|
||||||
return fmt.Errorf("invalid verification code")
|
|
||||||
}
|
|
||||||
log.Info().Uint("factor", factor.ID).Str("secret", code).Msg("Verified one-time-password...")
|
|
||||||
if err := msg.AckSync(); err != nil {
|
|
||||||
log.Warn().Err(err).Uint("factor", factor.ID).Msg("Failed to acknowledge message when validating factor code...")
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
log.Info().Uint("factor", factor.ID).Str("secret", code).Msg("Verified one-time-password...")
|
||||||
return fmt.Errorf("one-time-password not found or expired")
|
if err := cachekit.Delete(gap.Ca, identifier); err != nil {
|
||||||
|
log.Error().Err(err).Msg("Error deleting the otp from cache...")
|
||||||
|
}
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user