continued

implemented HTMX implemented ORM (sequelize)
2025-11-29 21:56:21 +01:00 · 2025-11-29 21:56:21 +01:00 · d756a192e4
commit d756a192e4
parent 2a9bd4e81b
71 changed files with 3822 additions and 694 deletions
--- a/routes/htmx/totpForm.mjs
+++ b/routes/htmx/totpForm.mjs
@ -0,0 +1,53 @@
+
+import {
+    validateOTPCode
+} from "../../lib/otp.mjs";
+
+
+function sendTOTPForm(response, errors=[]) {
+    response.render(`views/htmx/totpForm.njk`, {
+        errors: errors
+    });
+}
+
+
+export const get = async function(request, response) {
+    if (request.getAuthState() != 'totp-verfication') {
+        response.redirect('/htmx/authForm');
+        return;
+    }
+
+    sendTOTPForm(response);
+}
+
+export const post = async function(request, response) {
+    // redirect if not in TOTP verification state
+    if (request.getAuthState() != 'totp-verfication') {
+        response.redirect('/htmx/authForm');
+        return;
+    }
+
+    // validate input
+    if (!request.body.otpToken || typeof request.body.otpToken != 'string') {
+        sendTOTPForm(response, [{
+            title: 'OTP token is required',
+            detail: 'no OTP token was received.'
+        }]);
+        return;
+    }
+
+    let otpToken = request.body.otpToken;
+    let dbUser = await request.getUser();
+
+    let validationResult = await validateOTPCode(dbUser.mail, dbUser.otpsecret, otpToken);
+
+    if (validationResult != null) {
+        request.setAuthState('authenticated');
+        response.set('HX-Redirect', '/profile').status(200).end();
+    } else {
+        sendTOTPForm(response, [{
+            title: 'OTP validation failed',
+            detail: 'the provided OTP token is invalid. Please try again.'
+        }]);
+    }
+}