WIP: Enrollement MFA avec TOTP

2024-12-21 21:54:51 +01:00 · 2024-12-21 21:54:51 +01:00 · 53c94a490c
commit 53c94a490c
parent 274a30480e
10 changed files with 144 additions and 1 deletions
--- a/controllers/mfa.go
+++ b/controllers/mfa.go
@ -0,0 +1,80 @@
+package controllers
+
+import (
+	"bytes"
+	"encoding/base64"
+	"fmt"
+	"image/png"
+
+	"git.readonly.ch/bouzoure/popvaud-people/helpers"
+	"git.readonly.ch/bouzoure/popvaud-people/models"
+	"github.com/gofiber/fiber/v2"
+	"github.com/pquerna/otp/totp"
+)
+
+func TotpEnrollPage(c *fiber.Ctx) error {
+	db, err := helpers.GetDatabase()
+	if err != nil {
+		return err
+	}
+
+	userid, err := helpers.GetSessionUserId(c)
+	if err != nil {
+		return err
+	}
+
+	var user models.User
+	result := db.First(&user, "id = ?", userid)
+
+	if result.Error != nil {
+		return err
+	}
+
+	if user.TotpSercet.Valid {
+		return fiber.NewError(fiber.StatusForbidden, "Forbidden")
+	}
+
+	sess, err := helpers.GetSessionStore(c)
+	if err != nil {
+		return err
+	}
+
+	options := totp.GenerateOpts{
+		Issuer:      "POP Vaud",
+		AccountName: user.Email,
+	}
+
+	key, err := totp.Generate(options)
+	if err != nil {
+		return err
+	}
+
+	img, err := key.Image(200, 200)
+	if err != nil {
+		return err
+	}
+
+	var buf bytes.Buffer
+	err = png.Encode(&buf, img)
+	if err != nil {
+		return err
+	}
+
+	imgBase64 := fmt.Sprintf(
+		"data:image/png;base64,%s",
+		base64.StdEncoding.EncodeToString(buf.Bytes()),
+	)
+	fmt.Println(imgBase64)
+
+	sess.Set("totp-enroll-secret", key.Secret())
+	err = sess.Save()
+	if err != nil {
+		return err
+	}
+
+	return c.Render("totp_enroll", fiber.Map{
+		"PageTitle": "Enregistrement multifacteur",
+		"QrCode":    imgBase64,
+		"Secret":    key.Secret(),
+	}, "layouts/main")
+}