boha_admin/app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 26 Wiki Activity

feat: add Zod validation for auth endpoints

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
BOHA
2026-03-23 08:49:54 +01:00
parent 7689b28d6d
commit a4303b0188
6 changed files with 62 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/routes/admin/totp.ts
View File

@@ -8,6 +8,8 @@ import { encrypt } from '../../utils/encryption';
import { OTPAuth } from '../../utils/totp';
import * as OTPAuthLib from 'otpauth';
import { logAudit } from '../../services/audit';
import { parseBody } from '../../schemas/common';
import { TotpBackupSchema } from '../../schemas/auth.schema';
export default async function totpRoutes(fastify: FastifyInstance): Promise<void> {
// GET - generate new TOTP secret
@@ -138,14 +140,11 @@ export default async function totpRoutes(fastify: FastifyInstance): Promise<void
// POST - verify backup code (pre-auth, no requireAuth)
fastify.post('/backup-verify', { bodyLimit: 10240 }, async (request, reply) => {
const body = request.body as Record<string, unknown>;
const { login_token, code } = body;
const parsed = parseBody(TotpBackupSchema, request.body);
if ('error' in parsed) return error(reply, parsed.error, 400);
const { login_token, backup_code: code } = parsed.data;
if (!login_token || !code) {
return error(reply, 'Login token a záložní kód jsou povinné', 400);
}
const tokenHash = crypto.createHash('sha256').update(String(login_token)).digest('hex');
const tokenHash = crypto.createHash('sha256').update(login_token).digest('hex');
const storedToken = await prisma.totp_login_tokens.findFirst({
where: { token_hash: tokenHash },