mirrors/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2025-05-11 10:25:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

feat(otp): encrypt recovery codes with AES

Browse source
This commit is contained in:
Hintay 2025-02-10 23:21:52 +09:00
parent 69a7f38ba7
commit 5ade465ac6
No known key found for this signature in database
GPG key ID: 120FC7FF121F2F2D
5 changed files with 77 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

2
api/user/otp.go
View file

@ -87,7 +87,7 @@ func EnrollTOTP(c *gin.Context) {
return
}
t := time.Now()
t := time.Now().Unix()
recoveryCodes := model.RecoveryCodes{Codes: generateRecoveryCodes(16), LastViewed: &t}
codesJson, err := json.Marshal(&recoveryCodes)
if err != nil {

31
api/user/recovery.go
View file

@ -1,7 +1,6 @@
package user
import (
"encoding/json"
"fmt"
"math/rand"
"net/http"
@ -23,10 +22,12 @@ func generateRecoveryCode() string {
return fmt.Sprintf("%05x-%05x", rand.Intn(0x100000), rand.Intn(0x100000))
}
func generateRecoveryCodes(count int) []model.RecoveryCode {
recoveryCodes := make([]model.RecoveryCode, count)
func generateRecoveryCodes(count int) []*model.RecoveryCode {
recoveryCodes := make([]*model.RecoveryCode, count)
for i := 0; i < count; i++ {
recoveryCodes[i].Code = generateRecoveryCode()
recoveryCodes[i] = &model.RecoveryCode{
Code: generateRecoveryCode(),
}
}
return recoveryCodes
}
@ -34,17 +35,11 @@ func generateRecoveryCodes(count int) []model.RecoveryCode {
func ViewRecoveryCodes(c *gin.Context) {
user := api.CurrentUser(c)
u := query.User
user, err := u.Where(u.ID.Eq(user.ID)).First()
if err != nil {
api.ErrHandler(c, err)
return
}
// update last viewed time
t := time.Now()
u := query.User
t := time.Now().Unix()
user.RecoveryCodes.LastViewed = &t
_, err = u.Where(u.ID.Eq(user.ID)).Updates(user)
_, err := u.Where(u.ID.Eq(user.ID)).Updates(user)
if err != nil {
api.ErrHandler(c, err)
return
@ -59,16 +54,12 @@ func ViewRecoveryCodes(c *gin.Context) {
func GenerateRecoveryCodes(c *gin.Context) {
user := api.CurrentUser(c)
t := time.Now()
t := time.Now().Unix()
recoveryCodes := model.RecoveryCodes{Codes: generateRecoveryCodes(16), LastViewed: &t}
codesJson, err := json.Marshal(&recoveryCodes)
if err != nil {
api.ErrHandler(c, err)
return
}
user.RecoveryCodes = recoveryCodes
u := query.User
_, err = u.Where(u.ID.Eq(user.ID)).Update(u.RecoveryCodes, codesJson)
_, err := u.Where(u.ID.Eq(user.ID)).Updates(user)
if err != nil {
api.ErrHandler(c, err)
return