Feat/totp (#45)

* wip * feat: finalize totp gen code * refactor: split login screen and forms * feat: add totp logic and ui * refactor: make totp pending expiry time fixed * refactor: skip all checks when disable continue is enabled * fix: fix cli not exiting on invalid input
2025-10-29 05:05:42 +00:00 · 2025-03-09 18:39:25 +02:00
parent 47fff12bac
commit 5188089673
24 changed files with 862 additions and 270 deletions
--- a/site/src/components/auth/login-forn.tsx
+++ b/site/src/components/auth/login-forn.tsx
@@ -0,0 +1,46 @@
+import { TextInput, PasswordInput, Button } from "@mantine/core";
+import { useForm, zodResolver } from "@mantine/form";
+import { LoginFormValues, loginSchema } from "../../schemas/login-schema";
+
+interface LoginFormProps {
+  isLoading: boolean;
+  onSubmit: (values: LoginFormValues) => void;
+}
+
+export const LoginForm = (props: LoginFormProps) => {
+  const { isLoading, onSubmit } = props;
+
+  const form = useForm({
+    mode: "uncontrolled",
+    initialValues: {
+      username: "",
+      password: "",
+    },
+    validate: zodResolver(loginSchema),
+  });
+
+  return (
+    <form onSubmit={form.onSubmit(onSubmit)}>
+      <TextInput
+        label="Username"
+        placeholder="user@example.com"
+        required
+        disabled={isLoading}
+        key={form.key("username")}
+        {...form.getInputProps("username")}
+      />
+      <PasswordInput
+        label="Password"
+        placeholder="password"
+        required
+        mt="md"
+        disabled={isLoading}
+        key={form.key("password")}
+        {...form.getInputProps("password")}
+      />
+      <Button fullWidth mt="xl" type="submit" loading={isLoading}>
+        Login
+      </Button>
+    </form>
+  );
+};
--- a/site/src/components/auth/oauth-buttons.tsx
+++ b/site/src/components/auth/oauth-buttons.tsx
@@ -0,0 +1,72 @@
+import { Grid, Button } from "@mantine/core";
+import { GithubIcon } from "../../icons/github";
+import { GoogleIcon } from "../../icons/google";
+import { OAuthIcon } from "../../icons/oauth";
+import { TailscaleIcon } from "../../icons/tailscale";
+
+interface OAuthButtonsProps {
+  oauthProviders: string[];
+  isLoading: boolean;
+  mutate: (provider: string) => void;
+  genericName: string;
+}
+
+export const OAuthButtons = (props: OAuthButtonsProps) => {
+  const { oauthProviders, isLoading, genericName, mutate } = props;
+  return (
+    <Grid mb="md" mt="md" align="center" justify="center">
+      {oauthProviders.includes("google") && (
+        <Grid.Col span="content">
+          <Button
+            radius="xl"
+            leftSection={<GoogleIcon style={{ width: 14, height: 14 }} />}
+            variant="default"
+            onClick={() => mutate("google")}
+            loading={isLoading}
+          >
+            Google
+          </Button>
+        </Grid.Col>
+      )}
+      {oauthProviders.includes("github") && (
+        <Grid.Col span="content">
+          <Button
+            radius="xl"
+            leftSection={<GithubIcon style={{ width: 14, height: 14 }} />}
+            variant="default"
+            onClick={() => mutate("github")}
+            loading={isLoading}
+          >
+            Github
+          </Button>
+        </Grid.Col>
+      )}
+      {oauthProviders.includes("tailscale") && (
+        <Grid.Col span="content">
+          <Button
+            radius="xl"
+            leftSection={<TailscaleIcon style={{ width: 14, height: 14 }} />}
+            variant="default"
+            onClick={() => mutate("tailscale")}
+            loading={isLoading}
+          >
+            Tailscale
+          </Button>
+        </Grid.Col>
+      )}
+      {oauthProviders.includes("generic") && (
+        <Grid.Col span="content">
+          <Button
+            radius="xl"
+            leftSection={<OAuthIcon style={{ width: 14, height: 14 }} />}
+            variant="default"
+            onClick={() => mutate("generic")}
+            loading={isLoading}
+          >
+            {genericName}
+          </Button>
+        </Grid.Col>
+      )}
+    </Grid>
+  );
+};
--- a/site/src/components/auth/totp-form.tsx
+++ b/site/src/components/auth/totp-form.tsx
@@ -0,0 +1,40 @@
+import { Button, PinInput } from "@mantine/core";
+import { useForm, zodResolver } from "@mantine/form";
+import { z } from "zod";
+
+const schema = z.object({
+  code: z.string(),
+});
+
+type FormValues = z.infer<typeof schema>;
+
+interface TotpFormProps {
+  onSubmit: (values: FormValues) => void;
+  isLoading: boolean;
+}
+
+export const TotpForm = (props: TotpFormProps) => {
+  const { onSubmit, isLoading } = props;
+
+  const form = useForm({
+    mode: "uncontrolled",
+    initialValues: {
+      code: "",
+    },
+    validate: zodResolver(schema),
+  });
+
+  return (
+    <form onSubmit={form.onSubmit(onSubmit)}>
+      <PinInput
+        length={6}
+        type={"number"}
+        placeholder=""
+        {...form.getInputProps("code")}
+      />
+      <Button type="submit" mt="xl" loading={isLoading} fullWidth>
+        Verify
+      </Button>
+    </form>
+  );
+};
--- a/site/src/context/user-context.tsx
+++ b/site/src/context/user-context.tsx
@@ -1,7 +1,7 @@
 import { useQuery } from "@tanstack/react-query";
 import React, { createContext, useContext } from "react";
-import { UserContextSchemaType } from "../schemas/user-context-schema";
 import axios from "axios";
+import { UserContextSchemaType } from "../schemas/user-context-schema";

 const UserContext = createContext<UserContextSchemaType | null>(null);

@@ -15,7 +15,7 @@ export const UserContextProvider = ({
    isLoading,
    error,
  } = useQuery({
-    queryKey: ["isLoggedIn"],
+    queryKey: ["userContext"],
    queryFn: async () => {
      const res = await axios.get("/api/status");
      return res.data;
--- a/site/src/main.tsx
+++ b/site/src/main.tsx
@@ -15,6 +15,7 @@ import { ContinuePage } from "./pages/continue-page.tsx";
 import { NotFoundPage } from "./pages/not-found-page.tsx";
 import { UnauthorizedPage } from "./pages/unauthorized-page.tsx";
 import { InternalServerError } from "./pages/internal-server-error.tsx";
+import { TotpPage } from "./pages/totp-page.tsx";

 const queryClient = new QueryClient({
  defaultOptions: {
@@ -34,6 +35,7 @@ createRoot(document.getElementById("root")!).render(
            <Routes>
              <Route path="/" element={<App />} />
              <Route path="/login" element={<LoginPage />} />
+              <Route path="/totp" element={<TotpPage />} />
              <Route path="/logout" element={<LogoutPage />} />
              <Route path="/continue" element={<ContinuePage />} />
              <Route path="/unauthorized" element={<UnauthorizedPage />} />
--- a/site/src/pages/continue-page.tsx
+++ b/site/src/pages/continue-page.tsx
@@ -50,26 +50,6 @@ export const ContinuePage = () => {
    );
  }

-  if (
-    window.location.protocol === "https:" &&
-    uri.protocol === "http:"
-  ) {
-    return (
-      <ContinuePageLayout>
-        <Text size="xl" fw={700}>
-          Insecure Redirect
-        </Text>
-        <Text>
-          Your are logged in but trying to redirect from <Code>https</Code> to{" "}
-          <Code>http</Code>, please click the button to redirect.
-        </Text>
-        <Button fullWidth mt="xl" onClick={redirect}>
-          Continue
-        </Button>
-      </ContinuePageLayout>
-    );
-  }
-
  if (disableContinue) {
    window.location.href = redirectUri;
    return (
@@ -82,6 +62,23 @@ export const ContinuePage = () => {
    );
  }

+  if (window.location.protocol === "https:" && uri.protocol === "http:") {
+    return (
+      <ContinuePageLayout>
+        <Text size="xl" fw={700}>
+          Insecure Redirect
+        </Text>
+        <Text>
+          Your are trying to redirect from <Code>https</Code> to{" "}
+          <Code>http</Code>, are you sure you want to continue?
+        </Text>
+        <Button fullWidth mt="xl" color="yellow" onClick={redirect}>
+          Continue
+        </Button>
+      </ContinuePageLayout>
+    );
+  }
+
  return (
    <ContinuePageLayout>
      <Text size="xl" fw={700}>
--- a/site/src/pages/login-page.tsx
+++ b/site/src/pages/login-page.tsx
@@ -1,25 +1,13 @@
-import {
-  Button,
-  Paper,
-  PasswordInput,
-  TextInput,
-  Title,
-  Text,
-  Divider,
-  Grid,
-} from "@mantine/core";
-import { useForm, zodResolver } from "@mantine/form";
+import { Paper, Title, Text, Divider } from "@mantine/core";
 import { notifications } from "@mantine/notifications";
 import { useMutation } from "@tanstack/react-query";
 import axios from "axios";
-import { z } from "zod";
 import { useUserContext } from "../context/user-context";
 import { Navigate } from "react-router";
 import { Layout } from "../components/layouts/layout";
-import { GoogleIcon } from "../icons/google";
-import { GithubIcon } from "../icons/github";
-import { OAuthIcon } from "../icons/oauth";
-import { TailscaleIcon } from "../icons/tailscale";
+import { OAuthButtons } from "../components/auth/oauth-buttons";
+import { LoginFormValues } from "../schemas/login-schema";
+import { LoginForm } from "../components/auth/login-forn";
 import { isQueryValid } from "../utils/utils";

 export const LoginPage = () => {
@@ -27,7 +15,8 @@ export const LoginPage = () => {
  const params = new URLSearchParams(queryString);
  const redirectUri = params.get("redirect_uri") ?? "";

-  const { isLoggedIn, configuredProviders, title, genericName } = useUserContext();
+  const { isLoggedIn, configuredProviders, title, genericName } =
+    useUserContext();

  const oauthProviders = configuredProviders.filter(
    (value) => value !== "username",
@@ -37,24 +26,8 @@ export const LoginPage = () => {
    return <Navigate to="/logout" />;
  }

-  const schema = z.object({
-    username: z.string(),
-    password: z.string(),
-  });
-
-  type FormValues = z.infer<typeof schema>;
-
-  const form = useForm({
-    mode: "uncontrolled",
-    initialValues: {
-      username: "",
-      password: "",
-    },
-    validate: zodResolver(schema),
-  });
-
  const loginMutation = useMutation({
-    mutationFn: (login: FormValues) => {
+    mutationFn: (login: LoginFormValues) => {
      return axios.post("/api/login", login);
    },
    onError: () => {
@@ -64,18 +37,25 @@ export const LoginPage = () => {
        color: "red",
      });
    },
-    onSuccess: () => {
+    onSuccess: async (data) => {
+      if (data.data.totpPending) {
+        window.location.replace(`/totp?redirect_uri=${redirectUri}`);
+        return;
+      }
+
      notifications.show({
        title: "Logged in",
        message: "Welcome back!",
        color: "green",
      });
+
      setTimeout(() => {
        if (!isQueryValid(redirectUri)) {
          window.location.replace("/");
-        } else {
-          window.location.replace(`/continue?redirect_uri=${redirectUri}`);
+          return;
        }
+
+        window.location.replace(`/continue?redirect_uri=${redirectUri}`);
      }, 500);
    },
  });
@@ -105,7 +85,7 @@ export const LoginPage = () => {
    },
  });

-  const handleSubmit = (values: FormValues) => {
+  const handleSubmit = (values: LoginFormValues) => {
    loginMutation.mutate(values);
  };

@@ -118,68 +98,12 @@ export const LoginPage = () => {
            <Text size="lg" fw={500} ta="center">
              Welcome back, login with
            </Text>
-            <Grid mb="md" mt="md" align="center" justify="center">
-              {oauthProviders.includes("google") && (
-                <Grid.Col span="content">
-                  <Button
-                    radius="xl"
-                    leftSection={
-                      <GoogleIcon style={{ width: 14, height: 14 }} />
-                    }
-                    variant="default"
-                    onClick={() => loginOAuthMutation.mutate("google")}
-                    loading={loginOAuthMutation.isLoading}
-                  >
-                    Google
-                  </Button>
-                </Grid.Col>
-              )}
-              {oauthProviders.includes("github") && (
-                <Grid.Col span="content">
-                  <Button
-                    radius="xl"
-                    leftSection={
-                      <GithubIcon style={{ width: 14, height: 14 }} />
-                    }
-                    variant="default"
-                    onClick={() => loginOAuthMutation.mutate("github")}
-                    loading={loginOAuthMutation.isLoading}
-                  >
-                    Github
-                  </Button>
-                </Grid.Col>
-              )}
-              {oauthProviders.includes("tailscale") && (
-                <Grid.Col span="content">
-                  <Button
-                    radius="xl"
-                    leftSection={
-                      <TailscaleIcon style={{ width: 14, height: 14 }} />
-                    }
-                    variant="default"
-                    onClick={() => loginOAuthMutation.mutate("tailscale")}
-                    loading={loginOAuthMutation.isLoading}
-                  >
-                    Tailscale
-                  </Button>
-                </Grid.Col>
-              )}
-              {oauthProviders.includes("generic") && (
-                <Grid.Col span="content">
-                  <Button
-                    radius="xl"
-                    leftSection={
-                      <OAuthIcon style={{ width: 14, height: 14 }} />
-                    }
-                    variant="default"
-                    onClick={() => loginOAuthMutation.mutate("generic")}
-                    loading={loginOAuthMutation.isLoading}
-                  >
-                    {genericName}
-                  </Button>
-                </Grid.Col>
-              )}
-            </Grid>
+            <OAuthButtons
+              oauthProviders={oauthProviders}
+              isLoading={loginOAuthMutation.isLoading}
+              mutate={loginOAuthMutation.mutate}
+              genericName={genericName}
+            />
            {configuredProviders.includes("username") && (
              <Divider
                label="Or continue with password"
@@ -190,33 +114,10 @@ export const LoginPage = () => {
          </>
        )}
        {configuredProviders.includes("username") && (
-          <form onSubmit={form.onSubmit(handleSubmit)}>
-            <TextInput
-              label="Username"
-              placeholder="user@example.com"
-              required
-              disabled={loginMutation.isLoading}
-              key={form.key("username")}
-              {...form.getInputProps("username")}
-            />
-            <PasswordInput
-              label="Password"
-              placeholder="password"
-              required
-              mt="md"
-              disabled={loginMutation.isLoading}
-              key={form.key("password")}
-              {...form.getInputProps("password")}
-            />
-            <Button
-              fullWidth
-              mt="xl"
-              type="submit"
-              loading={loginMutation.isLoading}
-            >
-              Login
-            </Button>
-          </form>
+          <LoginForm
+            isLoading={loginMutation.isLoading}
+            onSubmit={handleSubmit}
+          />
        )}
      </Paper>
    </Layout>
--- a/site/src/pages/totp-page.tsx
+++ b/site/src/pages/totp-page.tsx
@@ -0,0 +1,62 @@
+import { Navigate } from "react-router";
+import { useUserContext } from "../context/user-context";
+import { Title, Paper, Text } from "@mantine/core";
+import { Layout } from "../components/layouts/layout";
+import { TotpForm } from "../components/auth/totp-form";
+import { useMutation } from "@tanstack/react-query";
+import axios from "axios";
+import { notifications } from "@mantine/notifications";
+
+export const TotpPage = () => {
+  const queryString = window.location.search;
+  const params = new URLSearchParams(queryString);
+  const redirectUri = params.get("redirect_uri") ?? "";
+
+  const { totpPending, isLoggedIn, title } = useUserContext();
+
+  if (isLoggedIn) {
+    return <Navigate to={`/logout`} />;
+  }
+
+  if (!totpPending) {
+    return <Navigate to={`/login?redirect_uri=${redirectUri}`} />;
+  }
+
+  const totpMutation = useMutation({
+    mutationFn: async (totp: { code: string }) => {
+      await axios.post("/api/totp", totp);
+    },
+    onError: () => {
+      notifications.show({
+        title: "Failed to verify code",
+        message: "Please try again",
+        color: "red",
+      });
+    },
+    onSuccess: () => {
+      notifications.show({
+        title: "Verified",
+        message: "Redirecting to your app",
+        color: "green",
+      });
+      setTimeout(() => {
+        window.location.replace(`/continue?redirect_uri=${redirectUri}`);
+      }, 500);
+    },
+  });
+
+  return (
+    <Layout>
+      <Title ta="center">{title}</Title>
+      <Paper shadow="md" p="xl" mt={30} radius="md" withBorder>
+        <Text size="lg" fw={500} mb="md" ta="center">
+          Enter your TOTP code
+        </Text>
+        <TotpForm
+          isLoading={totpMutation.isLoading}
+          onSubmit={(values) => totpMutation.mutate(values)}
+        />
+      </Paper>
+    </Layout>
+  );
+};
--- a/site/src/schemas/login-schema.ts
+++ b/site/src/schemas/login-schema.ts
@@ -0,0 +1,8 @@
+import { z } from "zod";
+
+export const loginSchema = z.object({
+  username: z.string(),
+  password: z.string(),
+});
+
+export type LoginFormValues = z.infer<typeof loginSchema>;
--- a/site/src/schemas/user-context-schema.ts
+++ b/site/src/schemas/user-context-schema.ts
@@ -9,6 +9,7 @@ export const userContextSchema = z.object({
  disableContinue: z.boolean(),
  title: z.string(),
  genericName: z.string(),
+  totpPending: z.boolean(),
 });

 export type UserContextSchemaType = z.infer<typeof userContextSchema>;