From 365b5753419238bb96bc3f9b744d380ff20cbafc Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Mon, 7 Apr 2025 16:14:41 +0200
Subject: [feature] add TOTP two-factor authentication (2FA) (#3960)

* [feature] add TOTP two-factor authentication (2FA)

* use byteutil.S2B to avoid allocations when comparing + generating password hashes

* don't bother with string conversion  for consts

* use io.ReadFull

* use MustGenerateSecret for backup codes

* rename util functions
---
 web/source/settings/lib/query/user/twofactor.ts | 82 +++++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 web/source/settings/lib/query/user/twofactor.ts

(limited to 'web/source/settings/lib/query/user/twofactor.ts')

diff --git a/web/source/settings/lib/query/user/twofactor.ts b/web/source/settings/lib/query/user/twofactor.ts
new file mode 100644
index 000000000..ea9d9981b
--- /dev/null
+++ b/web/source/settings/lib/query/user/twofactor.ts
@@ -0,0 +1,82 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import { gtsApi } from "../gts-api";
+import { FetchBaseQueryError } from "@reduxjs/toolkit/query";
+
+const extended = gtsApi.injectEndpoints({
+	endpoints: (build) => ({
+		twoFactorQRCodeURI: build.mutation<string, void>({
+			query: () => ({
+				url: `/api/v1/user/2fa/qruri`,
+				acceptContentType: "text/plain",
+			})
+		}),
+
+		twoFactorQRCodePng: build.mutation<string, void>({
+			async queryFn(_arg, _api, _extraOpts, fetchWithBQ) {
+				const blobRes = await fetchWithBQ({
+					url: `/api/v1/user/2fa/qr.png`,
+					acceptContentType: "image/png",
+				});
+				if (blobRes.error) {
+					return { error: blobRes.error as FetchBaseQueryError };
+				}
+
+				if (blobRes.meta?.response?.status !== 200) {
+					return { error: blobRes.data };
+				}
+
+				const blob = blobRes.data as Blob;
+				const url = URL.createObjectURL(blob);
+
+				return { data: url };
+			},
+		}),
+
+		twoFactorEnable: build.mutation<string[], { password: string }>({
+			query: (formData) => ({
+				method: "POST",
+				url: `/api/v1/user/2fa/enable`,
+				asForm: true,
+				body: formData,
+				discardEmpty: true
+			})
+		}),
+
+		twoFactorDisable: build.mutation<void, { password: string }>({
+			query: (formData) => ({
+				method: "POST",
+				url: `/api/v1/user/2fa/disable`,
+				asForm: true,
+				body: formData,
+				discardEmpty: true,
+				acceptContentType: "*/*",
+			}),
+			invalidatesTags: ["User"]
+		}),
+	})
+});
+
+export const {
+	useTwoFactorQRCodeURIMutation,
+	useTwoFactorQRCodePngMutation,
+	useTwoFactorEnableMutation,
+	useTwoFactorDisableMutation,
+} = extended;
-- 
cgit v1.2.3