feat(auth): Added 2FA/OTP manage endpoints

- CodeWise: Changed everything to use undefined when not present - CodeWise: checks for nonpresent value using `isNullish` - enableOtp: enable Otp, return topt url. Does nothing when already enabled - disableOtp: disable 2FA Totp for the user - statusOtp: get the 2FA status for the user. return the Totp Url if enabled - loginDemo: split into two files - loginDemo: supports for 2FA - loginDemo: better response box
2025-08-31 16:27:42 +02:00 · 2025-08-31 16:27:42 +02:00 · a7c753f38b
commit a7c753f38b
parent 29a5d38530
17 changed files with 341 additions and 175 deletions
--- a/src/auth/extra/login_demo.js
+++ b/src/auth/extra/login_demo.js
@ -0,0 +1,107 @@
+const headers = {
+	'Accept': 'application/json',
+	'Content-Type': 'application/json'
+};
+
+const tUsername = document.querySelector("#t-username")
+
+const iUsername = document.querySelector("#i-username");
+const iPassword = document.querySelector("#i-password");
+const iOtp = document.querySelector("#i-otp");
+
+const bOtpSend = document.querySelector("#b-otpSend");
+const bLogin = document.querySelector("#b-login");
+const bLogout = document.querySelector("#b-logout");
+const bSignin = document.querySelector("#b-signin");
+const bWhoami = document.querySelector("#b-whoami");
+
+const bOtpStatus = document.querySelector("#b-otpStatus");
+const bOtpEnable = document.querySelector("#b-otpEnable");
+const bOtpDisable = document.querySelector("#b-otpDisable");
+
+const dResponse = document.querySelector("#d-response");
+
+function setResponse(obj) {
+	let obj_str = JSON.stringify(obj, null, 4);
+	dResponse.innerText = obj_str;
+}
+let otpToken = null;
+
+bOtpSend.addEventListener("click", async () => {
+	let res = await fetch("/api/auth/otp", { method: "POST", body: JSON.stringify({ code: iOtp.value, token: otpToken }), headers });
+	const json = await res.json();
+
+	setResponse(json);
+	if (json.kind === "success") {
+		if (json?.payload?.token)
+			document.cookie = `token=${json?.payload?.token}`;
+	}
+});
+
+bOtpStatus.addEventListener("click", async () => {
+	let res = await fetch("/api/auth/statusOtp");
+	const json = await res.json();
+
+	setResponse(json);
+});
+
+bOtpEnable.addEventListener("click", async () => {
+	let res = await fetch("/api/auth/enableOtp", { method: "PUT" });
+	const json = await res.json();
+
+	setResponse(json);
+});
+
+bOtpDisable.addEventListener("click", async () => {
+	let res = await fetch("/api/auth/disableOtp", { method: "PUT" });
+	const json = await res.json();
+
+	setResponse(json);
+});
+
+bWhoami.addEventListener("click", async () => {
+	let username = "";
+	try {
+		let res = await fetch("/api/auth/whoami");
+		const json = await res.json();
+		setResponse(json);
+		if (json?.kind === "success")
+			username = json?.payload?.name;
+		else
+			username = `<not logged in:${json.msg}>`
+	} catch {
+		username = `<not logged in: threw>`
+	}
+	tUsername.innerText = username;
+});
+
+bLogin.addEventListener("click", async () => {
+	const name = iUsername.value;
+	const password = iPassword.value;
+
+	let res = await fetch("/api/auth/login", { method: "POST", body: JSON.stringify({ name, password }), headers });
+	let json = await res.json();
+	if (json?.kind === "otpRequired") {
+		otpToken = json?.payload?.token;
+	} else if (json?.kind === "success") {
+		if (json?.payload?.token)
+			document.cookie = `token=${json?.payload?.token}`;
+	}
+	setResponse(json);
+})
+
+bLogout.addEventListener("click", async () => {
+	let res = await fetch("/api/auth/logout", { method: "POST" });
+	setResponse(await res.json());
+})
+
+bSignin.addEventListener("click", async () => {
+	const name = iUsername.value;
+	const password = iPassword.value;
+
+	let res = await fetch("/api/auth/signin", { method: "POST", body: JSON.stringify({ name, password }), headers });
+	let json = await res.json();
+	if (json?.payload?.token)
+		document.cookie = `token=${json?.payload?.token};`;
+	setResponse(json);
+})