initial upload

routes/profile/[page].mjs

@@ -0,0 +1,59 @@
+
+import {
+    getUser,
+    getUserMFA
+} from "../../lib/mysql.mjs";
+
+import {
+    generateOTPQRCode
+} from "../../lib/otp.mjs";
+
+
+export const get = async function(request, response) {
+    if (!request.isLoginCompleted()) {
+        response.redirect('/login');
+        return;
+    }
+
+    let userData = await getUser(request.session.userid);
+    let mfaData = await getUserMFA(request.session.userid);
+
+    switch (request.params.page) {
+        case 'personal':
+            response.render(`ui/profile.njk`, {
+                page: 'profile/personal',
+                data: {
+                    firstName: userData.givenname,
+                    lastName: userData.sn,
+                    mail: userData.mail,
+                }
+            });
+            break;
+        case 'security':
+            response.render(`ui/profile.njk`, {
+                page: 'profile/security',
+                otp: {
+                    active: mfaData.otpsecret != '' ? true : false,
+                    qrcode: await generateOTPQRCode(userData.mail, mfaData.otpsecret)
+                }
+            });
+            break;
+        case 'createOTPSecret':
+            response.render(`ui/profile.njk`, {
+                page: 'profile/createOTPSecret',
+                otp: {
+                    active: mfaData.otpsecret != '' ? true : false,
+                    qrcode: await generateOTPQRCode(userData.mail, mfaData.otpsecret)
+                }
+            });
+            break;
+        default:
+            response.redirect('/page/personal');
+            break;
+    }
+}
+
+export const post = async function(request, response) {
+    console.log(request.body);
+    response.redirect("/login");
+}

routes/profile/index.mjs

@@ -0,0 +1,9 @@
+
+export const get = async function (request, response) {
+    if (!request.isLoginCompleted()) {
+        response.redirect('/login');
+        return;
+    }
+
+    response.redirect('/profile/personal');
+}

routes/profile/otp/create.mjs

@@ -0,0 +1,62 @@
+import {
+    generateOTPQRCode,
+    generateOTPSecret,
+    validateOTPCode,
+    saveOTPSecret
+} from "../../../lib/otp.mjs";
+
+import {
+    getUser,
+    getUserMFA
+} from "../../../lib/mysql.mjs";
+
+export const get = async function (request, response) {
+    if (!request.isLoginCompleted()) {
+        response.redirect('/login');
+        return;
+    }
+
+    if (typeof request.session.otpConfig != 'object') {
+        request.session.otpConfig = {
+            completed: false,
+            otpSecret: await generateOTPSecret()
+        }
+    }
+
+    let userData = await getUser(request.session.userid);
+    let otpsecret = request.session.otpConfig.otpSecret;
+
+    response.render(`ui/profile.njk`, {
+        page: 'otp/create',
+        otp: {
+            active: request.session.otpConfig.completed != '' ? true : false,
+            qrcode: await generateOTPQRCode(userData.name, otpsecret),
+            otpsecret: request.session.otpConfig.otpSecret
+        }
+    });
+}
+
+
+export const post = async function (request, response) {
+    if (!request.isLoginCompleted()) {
+        response.redirect('/login');
+        return;
+    }
+
+    let userData = await getUser(request.session.userid);
+
+    if (validateOTPCode(userData.name, request.body.otpsecret, request.body.otpcode)) {
+        saveOTPSecret(request.session.userid, request.body.otpsecret)
+
+        response.render(`ui/messages/success.njk`, {
+            message: {
+                title: 'OTP Secret created!',
+                text: 'Your new OTP-Secret was successfull generated',
+                link: '/profile/security'
+            }
+        });
+    } else {
+        response.redirect('/profile/otp/create')
+    }
+
+}

routes/profile/otp/delete.mjs

@@ -0,0 +1,62 @@
+import {
+    generateOTPQRCode,
+    generateOTPSecret,
+    validateOTPCode,
+    saveOTPSecret
+} from "../../../lib/otp.mjs";
+
+import {
+    getUser,
+    getUserMFA
+} from "../../../lib/mysql.mjs";
+
+export const get = async function (request, response) {
+    if (!request.isLoginCompleted()) {
+        response.redirect('/login');
+        return;
+    }
+
+    if (typeof request.session.otpConfig != 'object') {
+        request.session.otpConfig = {
+            completed: false,
+            otpSecret: await generateOTPSecret()
+        }
+    }
+
+    let userData = await getUser(request.session.userid);
+    let otpsecret = request.session.otpConfig.otpSecret;
+
+    response.render(`ui/profile.njk`, {
+        page: 'otp/create',
+        otp: {
+            active: request.session.otpConfig.completed != '' ? true : false,
+            qrcode: await generateOTPQRCode(userData.name, otpsecret),
+            otpsecret: request.session.otpConfig.otpSecret
+        }
+    });
+}
+
+
+export const post = async function (request, response) {
+    if (!request.isLoginCompleted()) {
+        response.redirect('/login');
+        return;
+    }
+
+    let userData = await getUser(request.session.userid);
+
+    if (validateOTPCode(userData.name, request.body.otpsecret, request.body.otpcode)) {
+        saveOTPSecret(request.session.userid, request.body.otpsecret)
+
+        response.render(`ui/messages/success.njk`, {
+            message: {
+                title: 'OTP Secret created!',
+                text: 'Your new OTP-Secret was successfull generated',
+                link: '/profile/security'
+            }
+        });
+    } else {
+        response.redirect('/profile/otp/create')
+    }
+
+}