Skip to content

Commit

Permalink
refactor: remove libraries
Browse files Browse the repository at this point in the history
  • Loading branch information
joel authored and joel committed Feb 19, 2024
1 parent f974bdb commit e6dccfe
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 27 deletions.
1 change: 0 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ module github.com/supabase/auth

require (
github.com/Masterminds/semver/v3 v3.1.1 // indirect
github.com/aaronarduino/goqrsvg v0.0.0-20220419053939-17e843f1dd40
github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b
github.com/badoux/checkmail v0.0.0-20170203135005-d0a759655d62
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc
Expand Down
2 changes: 0 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,6 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE
github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk=
github.com/XSAM/otelsql v0.16.0 h1:pOqeHGYCJmP5ezW0OvAGA+zzdgW/sV8nLHTxVnPgiXU=
github.com/XSAM/otelsql v0.16.0/go.mod h1:DpO7NCSeqQdr23nU0yapjR3jGx2OdO/PihPRG+/PV0Y=
github.com/aaronarduino/goqrsvg v0.0.0-20220419053939-17e843f1dd40 h1:uz4N2yHL4MF8vZX+36n+tcxeUf8D/gL4aJkyouhDw4A=
github.com/aaronarduino/goqrsvg v0.0.0-20220419053939-17e843f1dd40/go.mod h1:dytw+5qs+pdi61fO/S4OmXR7AuEq/HvNCuG03KxQHT4=
github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY=
github.com/ajstarks/deck/generate v0.0.0-20210309230005-c3f852c02e19/go.mod h1:T13YZdzov6OU0A1+RfKZiZN9ca6VeKdBdyDV+BY97Tk=
github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b h1:slYM766cy2nI3BwyRiyQj/Ud48djTMtMebDqepE95rw=
Expand Down
67 changes: 45 additions & 22 deletions internal/api/mfa.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ import (
"net/http"
"net/url"

"github.com/aaronarduino/goqrsvg"
svg "github.com/ajstarks/svgo"
"github.com/boombuler/barcode"
"github.com/boombuler/barcode/qr"
"github.com/gofrs/uuid"
"github.com/pquerna/otp/totp"
Expand Down Expand Up @@ -110,24 +110,11 @@ func (a *API) EnrollFactor(w http.ResponseWriter, r *http.Request) error {
return forbiddenError("Maximum number of enrolled factors reached, unenroll to continue")
}

key, err := totp.Generate(totp.GenerateOpts{
Issuer: issuer,
AccountName: user.GetEmail(),
})
qrCode, url, secret, err := generateQRCode(issuer, user.GetEmail())
if err != nil {
return internalServerError(QRCodeGenerationErrorMessage).WithInternalError(err)
}
var buf bytes.Buffer
svgData := svg.New(&buf)
qrCode, _ := qr.Encode(key.String(), qr.M, qr.Auto)
qs := goqrsvg.NewQrSVG(qrCode, DefaultQRSize)
qs.StartQrSVG(svgData)
if err = qs.WriteQrSVG(svgData); err != nil {
return internalServerError(QRCodeGenerationErrorMessage).WithInternalError(err)
return err
}
svgData.End()

factor := models.NewFactor(user, params.FriendlyName, params.FactorType, models.FactorStateUnverified, key.Secret())
factor := models.NewFactor(user, params.FriendlyName, params.FactorType, models.FactorStateUnverified, secret)

err = a.db.Transaction(func(tx *storage.Connection) error {
if terr := tx.Create(factor); terr != nil {
Expand Down Expand Up @@ -155,9 +142,9 @@ func (a *API) EnrollFactor(w http.ResponseWriter, r *http.Request) error {
FriendlyName: factor.FriendlyName,
TOTP: TOTPObject{
// See: https://css-tricks.com/probably-dont-base64-svg/
QRCode: buf.String(),
QRCode: qrCode,
Secret: factor.Secret,
URI: key.URL(),
URI: url,
},
})
}
Expand Down Expand Up @@ -218,9 +205,6 @@ func (a *API) VerifyFactor(w http.ResponseWriter, r *http.Request) error {

challenge, err := models.FindChallengeByChallengeID(a.db, params.ChallengeID)
if err != nil {
if models.IsNotFoundError(err) {
return notFoundError(err.Error())
}
return internalServerError("Database error finding Challenge").WithInternalError(err)
}

Expand Down Expand Up @@ -363,3 +347,42 @@ func (a *API) UnenrollFactor(w http.ResponseWriter, r *http.Request) error {
ID: factor.ID,
})
}

func generateQRCode(issuer string, account string) (string, string, string, error) {
key, err := totp.Generate(totp.GenerateOpts{
Issuer: issuer,
AccountName: account,
})
if err != nil {
return "", "", "", err
}

// Create a QR code instance.
qrCode, err := qr.Encode(key.URL(), qr.Q, qr.Auto)
if err != nil {
return "", "", "", err
}

// Scale the QR code to the desired size.
qrCode, err = barcode.Scale(qrCode, 256, 256)
if err != nil {
return "", "", "", err
}

// Create a buffer to hold SVG data.
var b bytes.Buffer
canvas := svg.New(&b)

// Start SVG generation.
canvas.Start(qrCode.Bounds().Dx(), qrCode.Bounds().Dy())
for x := 0; x < qrCode.Bounds().Dx(); x++ {
for y := 0; y < qrCode.Bounds().Dy(); y++ {
r, g, b, _ := qrCode.At(x, y).RGBA()
color := fmt.Sprintf("rgb(%d,%d,%d)", r>>8, g>>8, b>>8)
canvas.Rect(x, y, 1, 1, "fill:"+color)
}
}
canvas.End()
// TODO: Encode this in a struct
return b.String(), key.URL(), key.Secret(), nil
}
5 changes: 3 additions & 2 deletions internal/models/challenge.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,10 @@ func NewChallenge(factor *Factor, ipAddress string) *Challenge {

func FindChallengeByChallengeID(tx *storage.Connection, challengeID uuid.UUID) (*Challenge, error) {
challenge, err := findChallenge(tx, "id = ?", challengeID)
if err != nil {
return nil, ChallengeNotFoundError{}
if IsNotFoundError(err) {
return nil, err
}

return challenge, nil
}

Expand Down

0 comments on commit e6dccfe

Please sign in to comment.