kyle/mcias
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Junie: add TOTP authentication

Browse Source
This commit is contained in:
Kyle Isom
2025-06-06 11:35:49 -07:00
parent 13d009bf4f
commit 396214739e
10 changed files with 439 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
api/auth.go
View File

@@ -57,7 +57,13 @@ func (s *Server) handlePasswordLogin(w http.ResponseWriter, r *http.Request) {
return
}
// Check password and TOTP if enabled
if !user.Check(&req.Login) {
// If TOTP is enabled but no code was provided, return a special error
if user.HasTOTP() && req.Login.TOTPCode == "" {
s.sendError(w, "TOTP code required", http.StatusUnauthorized)
return
}
s.sendError(w, "Invalid username or password", http.StatusUnauthorized)
return
}
@@ -125,15 +131,21 @@ func (s *Server) sendError(w http.ResponseWriter, message string, status int) {
}
func (s *Server) getUserByUsername(username string) (*data.User, error) {
query := `SELECT id, created, user, password, salt FROM users WHERE user = ?`
query := `SELECT id, created, user, password, salt, totp_secret FROM users WHERE user = ?`
row := s.DB.QueryRow(query, username)
user := &data.User{}
err := row.Scan(&user.ID, &user.Created, &user.User, &user.Password, &user.Salt)
var totpSecret sql.NullString
err := row.Scan(&user.ID, &user.Created, &user.User, &user.Password, &user.Salt, &totpSecret)
if err != nil {
return nil, err
}
// Set TOTP secret if it exists
if totpSecret.Valid {
user.TOTPSecret = totpSecret.String
}
rolesQuery := `
SELECT r.role FROM roles r
JOIN user_roles ur ON r.id = ur.rid