diff options
| author | Shishkevich D. <135337715+shishkevichd@users.noreply.github.com> | 2025-05-08 17:20:58 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-05-08 17:20:58 +0300 |
| commit | fe3b1c9b52f584b0f045907585b206344fed55db (patch) | |
| tree | aeef0fa82a0355ee899ec3aecee23045a327a6dc /web/controller | |
| parent | d39ccf4b8f77f99d4468580085e9d89e8b5f0b1c (diff) | |
chore: implement 2fa auth (#2968)
* chore: implement 2fa auth
from #2786
* chore: format code
* chore: replace two factor token input with qr-code
* chore: requesting confirmation of setting/removing two-factor authentication
otpauth library was taken from cdnjs
* chore: revert changes in `ClipboardManager`
don't need it.
* chore: removing twoFactor prop in settings page
* chore: remove `twoFactorQr` object in `mounted` function
Diffstat (limited to 'web/controller')
| -rw-r--r-- | web/controller/index.go | 17 | ||||
| -rw-r--r-- | web/controller/setting.go | 29 |
2 files changed, 8 insertions, 38 deletions
diff --git a/web/controller/index.go b/web/controller/index.go index 9af4ed7f..c19d1b6e 100644 --- a/web/controller/index.go +++ b/web/controller/index.go @@ -14,9 +14,9 @@ import ( ) type LoginForm struct { - Username string `json:"username" form:"username"` - Password string `json:"password" form:"password"` - LoginSecret string `json:"loginSecret" form:"loginSecret"` + Username string `json:"username" form:"username"` + Password string `json:"password" form:"password"` + TwoFactorCode string `json:"twoFactorCode" form:"twoFactorCode"` } type IndexController struct { @@ -37,7 +37,7 @@ func (a *IndexController) initRouter(g *gin.RouterGroup) { g.GET("/", a.index) g.POST("/login", a.login) g.GET("/logout", a.logout) - g.POST("/getSecretStatus", a.getSecretStatus) + g.POST("/getTwoFactorEnable", a.getTwoFactorEnable) } func (a *IndexController) index(c *gin.Context) { @@ -64,14 +64,13 @@ func (a *IndexController) login(c *gin.Context) { return } - user := a.userService.CheckUser(form.Username, form.Password, form.LoginSecret) + user := a.userService.CheckUser(form.Username, form.Password, form.TwoFactorCode) timeStr := time.Now().Format("2006-01-02 15:04:05") safeUser := template.HTMLEscapeString(form.Username) safePass := template.HTMLEscapeString(form.Password) - safeSecret := template.HTMLEscapeString(form.LoginSecret) if user == nil { - logger.Warningf("wrong username: \"%s\", password: \"%s\", secret: \"%s\", IP: \"%s\"", safeUser, safePass, safeSecret, getRemoteIp(c)) + logger.Warningf("wrong username: \"%s\", password: \"%s\", IP: \"%s\"", safeUser, safePass, getRemoteIp(c)) a.tgbot.UserLoginNotify(safeUser, safePass, getRemoteIp(c), timeStr, 0) pureJsonMsg(c, http.StatusOK, false, I18nWeb(c, "pages.login.toasts.wrongUsernameOrPassword")) return @@ -108,8 +107,8 @@ func (a *IndexController) logout(c *gin.Context) { c.Redirect(http.StatusTemporaryRedirect, c.GetString("base_path")) } -func (a *IndexController) getSecretStatus(c *gin.Context) { - status, err := a.settingService.GetSecretStatus() +func (a *IndexController) getTwoFactorEnable(c *gin.Context) { + status, err := a.settingService.GetTwoFactorEnable() if err == nil { jsonObj(c, status, nil) } diff --git a/web/controller/setting.go b/web/controller/setting.go index 1ca65b07..dd99e0f5 100644 --- a/web/controller/setting.go +++ b/web/controller/setting.go @@ -19,10 +19,6 @@ type updateUserForm struct { NewPassword string `json:"newPassword" form:"newPassword"` } -type updateSecretForm struct { - LoginSecret string `json:"loginSecret" form:"loginSecret"` -} - type SettingController struct { settingService service.SettingService userService service.UserService @@ -44,8 +40,6 @@ func (a *SettingController) initRouter(g *gin.RouterGroup) { g.POST("/updateUser", a.updateUser) g.POST("/restartPanel", a.restartPanel) g.GET("/getDefaultJsonConfig", a.getDefaultXrayConfig) - g.POST("/updateUserSecret", a.updateSecret) - g.POST("/getUserSecret", a.getUserSecret) } func (a *SettingController) getAllSetting(c *gin.Context) { @@ -107,29 +101,6 @@ func (a *SettingController) restartPanel(c *gin.Context) { jsonMsg(c, I18nWeb(c, "pages.settings.restartPanel"), err) } -func (a *SettingController) updateSecret(c *gin.Context) { - form := &updateSecretForm{} - err := c.ShouldBind(form) - if err != nil { - jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err) - } - user := session.GetLoginUser(c) - err = a.userService.UpdateUserSecret(user.Id, form.LoginSecret) - if err == nil { - user.LoginSecret = form.LoginSecret - session.SetLoginUser(c, user) - } - jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifyUser"), err) -} - -func (a *SettingController) getUserSecret(c *gin.Context) { - loginUser := session.GetLoginUser(c) - user := a.userService.GetUserSecret(loginUser.Id) - if user != nil { - jsonObj(c, user, nil) - } -} - func (a *SettingController) getDefaultXrayConfig(c *gin.Context) { defaultJsonConfig, err := a.settingService.GetDefaultXrayConfig() if err != nil { |