Feat: Add complete auth system (Login, Register, OTP/2FA via Telegram, Session management)

2026-01-29 14:57:19 +01:00
parent 811c78ffa5
commit 020218275f
14 changed files with 645 additions and 178 deletions
--- a/app/api/auth/verify-otp/route.ts
+++ b/app/api/auth/verify-otp/route.ts
@@ -0,0 +1,34 @@
+import { NextResponse } from 'next/server';
+import { findUser, saveUser, createSession } from '@/lib/auth';
+import { verifyOTP } from '@/lib/otp';
+
+export async function POST(req: Request) {
+  try {
+    const { username, otp } = await req.json();
+    const ip = req.headers.get('x-forwarded-for')?.split(',')[0].trim() || 'unknown';
+
+    if (!verifyOTP(username, otp)) {
+      return NextResponse.json({ error: 'Código inválido o expirado' }, { status: 401 });
+    }
+
+    const user = findUser(username);
+    if (!user) {
+        return NextResponse.json({ error: 'Usuario no encontrado' }, { status: 404 });
+    }
+
+    // Add IP to known list if not exists
+    if (!user.knownIps.includes(ip) && ip !== 'unknown') {
+      user.knownIps.push(ip);
+      saveUser(user);
+    }
+
+    // Login success
+    await createSession(user);
+
+    return NextResponse.json({ success: true });
+
+  } catch (error) {
+    console.error('OTP Verify error:', error);
+    return NextResponse.json({ error: 'Error interno' }, { status: 500 });
+  }
+}