From 365b5753419238bb96bc3f9b744d380ff20cbafc Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Mon, 7 Apr 2025 16:14:41 +0200
Subject: [feature] add TOTP two-factor authentication (2FA) (#3960)

* [feature] add TOTP two-factor authentication (2FA)

* use byteutil.S2B to avoid allocations when comparing + generating password hashes

* don't bother with string conversion  for consts

* use io.ReadFull

* use MustGenerateSecret for backup codes

* rename util functions
---
 internal/api/client/user/user.go | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'internal/api/client/user/user.go')

diff --git a/internal/api/client/user/user.go b/internal/api/client/user/user.go
index 6ad176a2e..7a95c5e33 100644
--- a/internal/api/client/user/user.go
+++ b/internal/api/client/user/user.go
@@ -25,12 +25,14 @@ import (
 )
 
 const (
-	// BasePath is the base URI path for this module, minus the 'api' prefix
-	BasePath = "/v1/user"
-	// PasswordChangePath is the path for POSTing a password change request.
-	PasswordChangePath = BasePath + "/password_change"
-	// EmailChangePath is the path for POSTing an email address change request.
-	EmailChangePath = BasePath + "/email_change"
+	BasePath               = "/v1/user"
+	PasswordChangePath     = BasePath + "/password_change"
+	EmailChangePath        = BasePath + "/email_change"
+	TwoFactorPath          = BasePath + "/2fa"
+	TwoFactorQRCodePngPath = TwoFactorPath + "/qr.png"
+	TwoFactorQRCodeURIPath = TwoFactorPath + "/qruri"
+	TwoFactorEnablePath    = TwoFactorPath + "/enable"
+	TwoFactorDisablePath   = TwoFactorPath + "/disable"
 )
 
 type Module struct {
@@ -47,4 +49,8 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H
 	attachHandler(http.MethodGet, BasePath, m.UserGETHandler)
 	attachHandler(http.MethodPost, PasswordChangePath, m.PasswordChangePOSTHandler)
 	attachHandler(http.MethodPost, EmailChangePath, m.EmailChangePOSTHandler)
+	attachHandler(http.MethodGet, TwoFactorQRCodePngPath, m.TwoFactorQRCodePngGETHandler)
+	attachHandler(http.MethodGet, TwoFactorQRCodeURIPath, m.TwoFactorQRCodeURIGETHandler)
+	attachHandler(http.MethodPost, TwoFactorEnablePath, m.TwoFactorEnablePOSTHandler)
+	attachHandler(http.MethodPost, TwoFactorDisablePath, m.TwoFactorDisablePOSTHandler)
 }
-- 
cgit v1.2.3