Feat: Add complete auth system (Login, Register, OTP/2FA via Telegram, Session management)
This commit is contained in:
ren
84
lib/auth.ts
Normal file
84
lib/auth.ts
Normal file
@@ -0,0 +1,84 @@
|
||||
import fs from 'fs';
|
||||
import path from 'path';
|
||||
import { User } from './types';
|
||||
import bcrypt from 'bcryptjs';
|
||||
import { SignJWT, jwtVerify } from 'jose';
|
||||
import { cookies } from 'next/headers';
|
||||
|
||||
const USERS_FILE = path.join(process.cwd(), 'data', 'users.json');
|
||||
const SECRET_KEY = new TextEncoder().encode(process.env.JWT_SECRET || 'fallback-secret-key-change-me');
|
||||
|
||||
// --- User Management ---
|
||||
|
||||
export function getUsers(): User[] {
|
||||
if (!fs.existsSync(USERS_FILE)) {
|
||||
fs.writeFileSync(USERS_FILE, JSON.stringify([]));
|
||||
return [];
|
||||
}
|
||||
try {
|
||||
const data = fs.readFileSync(USERS_FILE, 'utf8');
|
||||
return JSON.parse(data);
|
||||
} catch (e) {
|
||||
return [];
|
||||
}
|
||||
}
|
||||
|
||||
export function saveUser(user: User) {
|
||||
const users = getUsers();
|
||||
const existingIndex = users.findIndex(u => u.username === user.username);
|
||||
|
||||
if (existingIndex >= 0) {
|
||||
users[existingIndex] = user;
|
||||
} else {
|
||||
users.push(user);
|
||||
}
|
||||
|
||||
fs.writeFileSync(USERS_FILE, JSON.stringify(users, null, 2));
|
||||
}
|
||||
|
||||
export function findUser(username: string): User | undefined {
|
||||
return getUsers().find(u => u.username === username);
|
||||
}
|
||||
|
||||
// --- Security Utils ---
|
||||
|
||||
export async function hashPassword(password: string): Promise<string> {
|
||||
return await bcrypt.hash(password, 10);
|
||||
}
|
||||
|
||||
export async function verifyPassword(password: string, hash: string): Promise<boolean> {
|
||||
return await bcrypt.compare(password, hash);
|
||||
}
|
||||
|
||||
// --- Session Management (JWT) ---
|
||||
|
||||
export async function createSession(user: User) {
|
||||
const token = await new SignJWT({ username: user.username, chatId: user.chatId })
|
||||
.setProtectedHeader({ alg: 'HS256' })
|
||||
.setExpirationTime('7d')
|
||||
.sign(SECRET_KEY);
|
||||
|
||||
cookies().set('session', token, {
|
||||
httpOnly: true,
|
||||
secure: process.env.NODE_ENV === 'production',
|
||||
sameSite: 'lax',
|
||||
maxAge: 60 * 60 * 24 * 7, // 7 days
|
||||
path: '/',
|
||||
});
|
||||
}
|
||||
|
||||
export async function verifySession() {
|
||||
const session = cookies().get('session')?.value;
|
||||
if (!session) return null;
|
||||
|
||||
try {
|
||||
const { payload } = await jwtVerify(session, SECRET_KEY);
|
||||
return payload as { username: string; chatId: string };
|
||||
} catch (error) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
export function destroySession() {
|
||||
cookies().delete('session');
|
||||
}
|
||||
65
lib/otp.ts
65
lib/otp.ts
@@ -8,32 +8,57 @@ interface OTPData {
|
||||
expiresAt: number;
|
||||
}
|
||||
|
||||
export function generateOTP(): string {
|
||||
return Math.floor(100000 + Math.random() * 900000).toString();
|
||||
}
|
||||
// Map username -> OTP Data
|
||||
type OTPStore = Record<string, OTPData>;
|
||||
|
||||
export function saveOTP(code: string) {
|
||||
const data: OTPData = {
|
||||
code,
|
||||
expiresAt: Date.now() + 5 * 60 * 1000 // 5 minutes
|
||||
};
|
||||
function getStore(): OTPStore {
|
||||
if (!fs.existsSync(OTP_FILE)) return {};
|
||||
try {
|
||||
fs.writeFileSync(OTP_FILE, JSON.stringify(data));
|
||||
} catch (err) {
|
||||
console.error("Error saving OTP:", err);
|
||||
return JSON.parse(fs.readFileSync(OTP_FILE, 'utf8'));
|
||||
} catch {
|
||||
return {};
|
||||
}
|
||||
}
|
||||
|
||||
export function verifyOTP(code: string): boolean {
|
||||
if (!fs.existsSync(OTP_FILE)) return false;
|
||||
|
||||
function saveStore(store: OTPStore) {
|
||||
try {
|
||||
const data: OTPData = JSON.parse(fs.readFileSync(OTP_FILE, 'utf8'));
|
||||
if (Date.now() > data.expiresAt) return false;
|
||||
// Simple check
|
||||
return String(data.code).trim() === String(code).trim();
|
||||
} catch (e) {
|
||||
console.error("Error verifying OTP:", e);
|
||||
fs.writeFileSync(OTP_FILE, JSON.stringify(store));
|
||||
} catch (err) {
|
||||
console.error("Error saving OTP store:", err);
|
||||
}
|
||||
}
|
||||
|
||||
export function generateOTP(username: string): string {
|
||||
const code = Math.floor(100000 + Math.random() * 900000).toString(); // 6 digits
|
||||
const store = getStore();
|
||||
|
||||
store[username] = {
|
||||
code,
|
||||
expiresAt: Date.now() + 5 * 60 * 1000, // 5 minutes
|
||||
};
|
||||
|
||||
saveStore(store);
|
||||
return code;
|
||||
}
|
||||
|
||||
export function verifyOTP(username: string, code: string): boolean {
|
||||
const store = getStore();
|
||||
const entry = store[username];
|
||||
|
||||
if (!entry) return false;
|
||||
|
||||
if (Date.now() > entry.expiresAt) {
|
||||
delete store[username];
|
||||
saveStore(store);
|
||||
return false;
|
||||
}
|
||||
|
||||
// Compare strings safely
|
||||
if (String(entry.code).trim() === String(code).trim()) {
|
||||
delete store[username]; // Consume OTP so it can't be reused
|
||||
saveStore(store);
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -110,3 +110,12 @@ export interface AppSettings {
|
||||
}
|
||||
aiProviders: AIServiceConfig[]
|
||||
}
|
||||
|
||||
// Auth Types
|
||||
export interface User {
|
||||
id: string
|
||||
username: string
|
||||
passwordHash: string
|
||||
chatId: string
|
||||
knownIps: string[]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user