2FA

.env_sample

@@ -7,6 +7,9 @@ POSTGRES_DB=transcendence
 PGADMIN_DEFAULT_EMAIL=admin@pg.com
 PGADMIN_DEFAULT_PASSWORD=admin
 
+MAIL_USER=vaganiwast@gmail.com
+MAIL_PASSWORD=
+
 FRONT_FPS=144
 
 HOST=localhost

back/entrypoint.sh

@@ -6,6 +6,9 @@ POSTGRES_USER=$POSTGRES_USER
 POSTGRES_PASSWORD=$POSTGRES_PASSWORD
 POSTGRES_DB=$POSTGRES_DB
 
+MAIL_USER=$MAIL_USER
+MAIL_PASSWORD=$MAIL_PASSWORD
+
 HOST=$HOST
 FRONT_PORT=$FRONT_PORT
 BACK_PORT=$BACK_PORT

back/volume/package.json

@@ -21,10 +21,12 @@
     "test:e2e": "jest --config ./test/jest-e2e.json"
   },
   "dependencies": {
+    "@nestjs-modules/mailer": "^1.8.1",
     "@nestjs/axios": "^2.0.0",
     "@nestjs/common": "^9.0.0",
     "@nestjs/config": "^2.3.1",
     "@nestjs/core": "^9.0.0",
+    "@nestjs/jwt": "^10.0.2",
     "@nestjs/mapped-types": "^1.2.2",
     "@nestjs/passport": "^9.0.3",
     "@nestjs/platform-express": "^9.0.0",
@@ -43,6 +45,7 @@
     "@types/express-session": "^1.17.6",
     "@types/multer": "^1.4.7",
     "@types/node": "^16.18.14",
+    "@types/nodemailer": "^6.4.7",
     "@types/passport": "^1.0.12",
     "@types/ws": "^8.5.3",
     "bcrypt": "^5.1.0",
@@ -51,6 +54,7 @@
     "cookie-parser": "^1.4.6",
     "express-session": "^1.17.3",
     "joi": "^17.8.3",
+    "nodemailer": "^6.9.1",
     "passport": "^0.6.0",
     "passport-42": "^1.2.6",
     "passport-jwt": "^4.0.1",

back/volume/src/app.module.ts

@@ -19,6 +19,8 @@ import { UsersModule } from './users/users.module'
         POSTGRES_USER: Joi.string().required(),
         POSTGRES_PASSWORD: Joi.string().required(),
         POSTGRES_DB: Joi.string().required(),
+        MAIL_USER: Joi.string().required(),
+        MAIL_PASSWORD: Joi.string().required(),
         JWT_SECRET: Joi.string().required(),
         JWT_EXPIRATION_TIME: Joi.string().required(),
         HOST: Joi.string().required(),

back/volume/src/auth/42.decorator.ts

@@ -1,7 +1,7 @@
 import { createParamDecorator, type ExecutionContext } from '@nestjs/common'
 import { type Profile } from 'passport-42'
 
-export const FtUser = createParamDecorator(
+export const Profile42 = createParamDecorator(
   (data: unknown, ctx: ExecutionContext): Profile => {
     const request = ctx.switchToHttp().getRequest()
     return request.user

back/volume/src/auth/42.strategy.ts

@@ -37,6 +37,7 @@ export class FtStrategy extends PassportStrategy(Strategy, '42') {
       newUser.ftId = profile.id as number
       newUser.username = profile.username
       newUser.avatar = `${ftId}.jpg`
+      newUser.email = profile.emails[0].value
       void this.usersService.create(newUser)
       const file = createWriteStream(`avatars/${ftId}.jpg`)
       get(profile._json.image.versions.small, function (response) {

back/volume/src/auth/auth.controller.ts

@@ -1,9 +1,21 @@
-import { Controller, Get, Redirect, UseGuards, Res, Req } from '@nestjs/common'
+import {
+  Controller,
+  Get,
+  Redirect,
+  UseGuards,
+  Res,
+  Req,
+  Post,
+  Body
+} from '@nestjs/common'
 import { Response, Request } from 'express'
-import { Profile } from 'passport-42'
 
 import { FtOauthGuard, AuthenticatedGuard } from './42-auth.guard'
-import { FtUser } from './42.decorator'
+import { Profile } from 'passport-42'
+import { Profile42 } from './42.decorator'
+
+import { AuthService } from './auth.service'
+import { UsersService } from 'src/users/users.service'
 
 const frontHost =
   process.env.HOST !== undefined && process.env.HOST !== ''
@@ -16,6 +28,11 @@ const frontPort =
 
 @Controller('log')
 export class AuthController {
+  constructor (
+    private readonly authService: AuthService,
+    private readonly usersService: UsersService
+  ) {}
+
   @Get('in')
   @UseGuards(FtOauthGuard)
   ftAuth (): void {}
@@ -31,9 +48,25 @@ export class AuthController {
     response.cookie('connect.sid', request.cookies['connect.sid'])
   }
 
+  @Get('/verify')
+  @UseGuards(AuthenticatedGuard)
+  @Redirect(`http://${frontHost}:${frontPort}`)
+  async VerifyEmail (@Profile42() profile: Profile) {
+    const ftId: number = profile.id
+    const user = await this.usersService.findUser(ftId)
+    if (user == null) throw new Error('User not found')
+    this.authService.sendConfirmationEmail(user)
+  }
+
+  @Post('/verify')
+  @Redirect(`http://${frontHost}:${frontPort}`)
+  async Verify (@Body() body: any) {
+    await this.authService.verifyAccount(body.code)
+  }
+
   @Get('profile')
   @UseGuards(AuthenticatedGuard)
-  profile (@FtUser() user: Profile): any {
+  profile (@Profile42() user: Profile): any {
     return { user }
   }
 

back/volume/src/auth/auth.module.ts

@@ -1,14 +1,54 @@
 import { Module } from '@nestjs/common'
 import { UsersModule } from 'src/users/users.module'
 import { PassportModule } from '@nestjs/passport'
-import { ConfigService } from '@nestjs/config'
+import { ConfigModule, ConfigService } from '@nestjs/config'
 import { AuthController } from './auth.controller'
 import { FtStrategy } from './42.strategy'
 import { SessionSerializer } from './session.serializer'
+import { JwtModule } from '@nestjs/jwt'
+import { MailerModule } from '@nestjs-modules/mailer'
+import { AuthService } from './auth.service'
+import { HandlebarsAdapter } from '@nestjs-modules/mailer/dist/adapters/handlebars.adapter'
+
+const mail_user =
+  process.env.MAIL_USER && process.env.MAIL_USER !== ''
+    ? process.env.MAIL_USER
+    : ''
+const mail_pass =
+  process.env.MAIL_PASSWORD && process.env.MAIL_PASSWORD !== ''
+    ? process.env.MAIL_PASSWORD
+    : ''
 
 @Module({
-  imports: [UsersModule, PassportModule],
-  providers: [ConfigService, FtStrategy, SessionSerializer],
+  imports: [
+    UsersModule,
+    PassportModule,
+    ConfigModule.forRoot(),
+    JwtModule.register({
+      secret: process.env.JWT_SECRET,
+      signOptions: { expiresIn: '60s' }
+    }),
+    MailerModule.forRoot({
+      transport: {
+        service: 'gmail',
+        auth: {
+          user: mail_user,
+          pass: mail_pass
+        }
+      },
+      template: {
+        dir: 'src/auth/mails',
+        adapter: new HandlebarsAdapter(),
+        options: {
+          strict: true
+        }
+      },
+      defaults: {
+        from: '"No Reply" vaganiwast@gmail.com'
+      }
+    })
+  ],
+  providers: [ConfigService, FtStrategy, SessionSerializer, AuthService],
   controllers: [AuthController]
 })
 export class AuthModule {}

back/volume/src/auth/auth.service.ts

@@ -0,0 +1,55 @@
+import { HttpException, HttpStatus, Injectable } from '@nestjs/common'
+import { type User } from 'src/users/entity/user.entity'
+import { UsersService } from 'src/users/users.service'
+import { MailerService } from '@nestjs-modules/mailer'
+import { UserDto } from 'src/users/dto/user.dto'
+
+@Injectable()
+export class AuthService {
+  constructor (
+    private readonly usersService: UsersService,
+    private readonly mailerService: MailerService
+  ) {}
+
+  async sendConfirmedEmail (user: User) {
+    const { email, username } = user
+    await this.mailerService.sendMail({
+      to: email,
+      subject: 'Welcome to ft_transcendence! Email Confirmed',
+      template: 'confirmed',
+      context: {
+        username,
+        email
+      }
+    })
+  }
+
+  async sendConfirmationEmail (user: User) {
+    user.authToken = Math.floor(10000 + Math.random() * 90000).toString()
+    this.usersService.save(user)
+    await this.mailerService.sendMail({
+      to: user.email,
+      subject: 'Welcome to ft_transcendence! Confirm Email',
+      template: 'confirm',
+      context: {
+        username: user.username,
+        code: user.authToken
+      }
+    })
+  }
+
+  async verifyAccount (code: string): Promise<boolean> {
+    const user = await this.usersService.findByCode(code)
+    if (!user) {
+      throw new HttpException(
+        'Verification code has expired or not found',
+        HttpStatus.UNAUTHORIZED
+      )
+    }
+    user.authToken = ''
+    user.isVerified = true
+    await this.usersService.save(user)
+    await this.sendConfirmedEmail(user)
+    return true
+  }
+}

back/volume/src/auth/mails/confirm.hbs

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="x-ua-compatible" content="ie=edge">
+  <title>Transcendence confirmation mail</title>
+</head>
+<body>
+  <h2>Hello {{username}}! </h2>
+  <p> Once you clicked on the next verify button, you will have access to the app</p>
+  <form action="http://localhost:3001/log/verify" method="post">
+  <button type="submit" name="code" value={{code}}>Verify</button>
+  </form
+</body>
+</html>

back/volume/src/auth/mails/confirmed.hbs

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="x-ua-compatible" content="ie=edge">
+  <title>Welcome to transcendence</title>
+</head>
+<body>
+  <h2>Hello {{username}}! </h2>
+  <p>You well verified your account for this session.</p>
+</body>
+</html>

back/volume/src/chat/chat.gateway.ts

@@ -61,9 +61,9 @@ export class ChatGateway implements OnGatewayConnection, OnGatewayDisconnect {
   ): Promise<Channel | null> {
     const channel = new Channel()
     channel.name = channeldto.name
-    const owner = await this.userService.findUser(channeldto.owner)
-    if (owner == null) return null
-    channel.owners.push(owner)
+    // const owner = await this.userService.findUser(channeldto.owner)
+    // if (owner == null) return null
+    // channel.owners.push(owner)
     channel.password = channeldto.password
     /// ...///
     return await this.chatService.createChannel(channel, socket.data.user)

back/volume/src/chat/entity/channel.entity.ts

@@ -22,7 +22,7 @@ export class Channel {
 
   @ManyToMany(() => User)
   @JoinTable()
-    owners: User[]
+    owner: User
 
   @ManyToMany(() => User)
   @JoinTable()

back/volume/src/chat/entity/message.entity.ts

@@ -28,7 +28,7 @@ export class Message {
     channel: Channel
 
   @CreateDateColumn()
-    created_at: Date
+    createdAt: Date
 }
 
 export default Message

back/volume/src/users/dto/user.dto.ts

@@ -17,6 +17,12 @@ export class UserDto {
 
   @IsOptional()
   readonly avatar: string
+
+  @IsOptional()
+  readonly authToken: string
+
+  @IsOptional()
+  readonly isVerified: boolean
 }
 
 export class AvatarUploadDto {

back/volume/src/users/entity/user.entity.ts

@@ -22,6 +22,18 @@ export class User {
   @Column({ unique: true })
     ftId: number
 
+  @Column({ unique: true })
+    email: string
+
+  @Column({ select: false, nullable: true })
+    authToken: string
+
+  @Column({ default: false })
+    twoFA: boolean
+
+  @Column({ default: false, nullable: true })
+    isVerified: boolean
+
   @Column({ unique: true })
     socketKey: string
 

back/volume/src/users/users.controller.ts

@@ -23,7 +23,7 @@ import { UserDto, AvatarUploadDto } from './dto/user.dto'
 import { PongService } from 'src/pong/pong.service'
 
 import { AuthenticatedGuard } from 'src/auth/42-auth.guard'
-import { FtUser } from 'src/auth/42.decorator'
+import { Profile42 } from 'src/auth/42.decorator'
 import { Profile } from 'passport-42'
 
 import { ApiBody, ApiConsumes } from '@nestjs/swagger'
@@ -51,13 +51,13 @@ export class UsersController {
 
   @Get('friends')
   @UseGuards(AuthenticatedGuard)
-  async getFriends (@FtUser() profile: Profile): Promise<User[]> {
+  async getFriends (@Profile42() profile: Profile): Promise<User[]> {
     return await this.usersService.getFriends(profile.id)
   }
 
   @Get('invits')
   @UseGuards(AuthenticatedGuard)
-  async getInvits (@FtUser() profile: Profile): Promise<User[]> {
+  async getInvits (@Profile42() profile: Profile): Promise<User[]> {
     return await this.usersService.getInvits(profile.id)
   }
 
@@ -110,7 +110,7 @@ export class UsersController {
     type: AvatarUploadDto
   })
   async changeAvatar (
-    @FtUser() profile: Profile,
+    @Profile42() profile: Profile,
       @UploadedFile() file: Express.Multer.File
   ): Promise<void> {
     if (file === undefined) return
@@ -120,7 +120,7 @@ export class UsersController {
   @Get('avatar')
   @UseGuards(AuthenticatedGuard)
   async getAvatar (
-    @FtUser() profile: Profile,
+    @Profile42() profile: Profile,
       @Res({ passthrough: true }) response: Response
   ): Promise<StreamableFile> {
     return await this.getAvatarById(profile.id, response)
@@ -136,7 +136,7 @@ export class UsersController {
   @Get('invit/:username')
   @UseGuards(AuthenticatedGuard)
   async invitUser (
-    @FtUser() profile: Profile,
+    @Profile42() profile: Profile,
       @Param('username') username: string
   ): Promise<void> {
     const target: User | null = await this.usersService.findUserByName(username)
@@ -187,7 +187,7 @@ export class UsersController {
 
   @Get()
   @UseGuards(AuthenticatedGuard)
-  async getUser (@FtUser() profile: Profile): Promise<User | null> {
+  async getUser (@Profile42() profile: Profile): Promise<User | null> {
     return await this.usersService.findUser(profile.id)
   }
 
@@ -195,7 +195,7 @@ export class UsersController {
   @UseGuards(AuthenticatedGuard)
   async updateUser (
     @Body() payload: UserDto,
-      @FtUser() profile: Profile
+      @Profile42() profile: Profile
   ): Promise<BadRequestException | User | null> {
     const user = await this.usersService.findUser(profile.id)
     if (user == null) throw new BadRequestException('User not found.')

back/volume/src/users/users.service.ts

@@ -41,6 +41,7 @@ export class UsersService {
     const users = await this.usersRepository.find({})
     users.forEach((usr) => {
       if (Date.now() - usr.lastAccess > 60000) {
+        usr.isVerified = false
         usr.status = 'offline'
         this.usersRepository.save(usr).catch((err) => {
           console.log(err)
@@ -161,21 +162,33 @@ export class UsersService {
         friends: true
       }
     })
-    if (target === null) return 'Target not found.'
+    if (target == null) return 'Target not found.'
     const id = user.followers.findIndex(
       (follower) => follower.ftId === targetFtId
     )
-    if (target.followers.findIndex((follower) => follower.ftId === user.ftId) !== -1) {
+    if (
+      target.followers.findIndex((follower) => follower.ftId === user.ftId) !== -1
+    ) {
       return 'Invitation already sent.'
-    } else if (user.followers.findIndex((follower) => follower.ftId === targetFtId) !== -1) {
+    } else if (
+      user.followers.findIndex((follower) => follower.ftId === targetFtId) !== -1
+    ) {
       user.friends.push(target)
       target.friends.push(user)
       user.followers.slice(id, 1)
       await this.usersRepository.save(user)
-    } else {
-      target.followers.push(user)
-    }
+    } else target.followers.push(user)
     await this.usersRepository.save(target)
     return 'OK'
   }
+
+  async findByCode (code: string) {
+    const user = await this.usersRepository.findOneBy({ authToken: code })
+    if (user == null) throw new BadRequestException('User not found')
+    return user
+  }
+
+  async turnOnTwoFactorAuthentication (ftId: number) {
+    return await this.usersRepository.update({ ftId }, { twoFA: true})
+  }
 }

front/volume/src/App.svelte

@@ -32,7 +32,7 @@
   import type { Friend } from "./components/Friends.svelte";
   import type { ChannelsType } from "./components/Channels.svelte";
 
-  import { store, getUser, login, API_URL } from "./Auth";
+  import { store, getUser, login, verify, API_URL } from "./Auth";
   import FakeLogin from "./FakeLogin.svelte";
 
   // Single Page Application config
@@ -197,6 +197,8 @@
   <div>
     {#if $store === null}
       <h1><button type="button" on:click={login}>Log In</button></h1>
+    {:else if $store.twoFA === true && $store.isVerified === false}
+      <h1><button type="button" on:click={verify}>verify</button></h1>
     {:else}
       <Navbar
         {clickProfile}
@@ -255,9 +257,7 @@
       {/if}
       {#if appState === APPSTATE.PROFILE}
         <div on:click={resetAppState} on:keydown={resetAppState}>
-          <Profile user={$store} edit={1}
-              on:view-history={openIdHistory}
-          />
+          <Profile user={$store} edit={1} on:view-history={openIdHistory} />
         </div>
       {/if}
       {#if appState === APPSTATE.PROFILE_ID}

front/volume/src/Auth.ts

@@ -29,6 +29,17 @@ export function login() {
   window.location.replace(API_URL + "/log/in");
 }
 
+export function verify() {
+  fetch(API_URL + "/log/verify", {
+    method: "get",
+    mode: "cors",
+    credentials: "include",
+  });
+  alert(
+    "We have sent you an email to verify your account. Check the mailbox which is linked to your 42's profile."
+  );
+}
+
 export function logout() {
   window.location.replace(API_URL + "/log/out");
   store.set(null);

front/volume/src/components/Friends.svelte

@@ -19,8 +19,8 @@
     if (response.ok) {
       alert("Invitation send.");
     } else {
-      const error = (await response.json()).message
-      alert("Invitation failed: " +  error);;
+      const error = (await response.json()).message;
+      alert("Invitation failed: " + error);
     }
   }
 </script>

front/volume/src/components/Profile.svelte

@@ -6,7 +6,7 @@
     matchs: number;
     winrate: number;
     rank: number;
-    is2faEnabled: boolean;
+    twoFA: boolean;
   }
 </script>
 
@@ -35,7 +35,16 @@
 
   async function handle2fa(event: Event) {
     event.preventDefault();
-    alert("Trying to " + (user.is2faEnabled ? "disable" : "enable") + " 2FA");
+    let response = await fetch(API_URL, {
+      headers: { "content-type": "application/json" },
+      method: "POST",
+      body: JSON.stringify(user),
+      credentials: "include",
+    });
+    if (response.ok) {
+      alert("Succefully " + (user.twoFA ? "disabled" : "enabled") + " 2FA");
+      user.twoFA = !user.twoFA;
+    }
   }
 </script>
 
@@ -66,32 +75,36 @@
       {/if}
     </div>
     <div class="profile-body">
-      <p><button on:click={() => dispatch("view-history", user.ftId)}>View History</button></p>
+      <p>
+        <button on:click={() => dispatch("view-history", user.ftId)}
+          >View History</button
+        >
+      </p>
       <p>Wins: {user.wins}</p>
       <p>Looses: {user.looses}</p>
       <p>Winrate: {user.winrate}%</p>
       <p>Rank: {user.rank}</p>
     </div>
-      {#if edit == 1}
-        <form
-          id="username-form"
-          class="username"
-          on:submit|preventDefault={handleSubmit}
+    {#if edit == 1}
+      <form
+        id="username-form"
+        class="username"
+        on:submit|preventDefault={handleSubmit}
+      >
+        <input type="text" id="username" bind:value={user.username} />
+        <button type="submit" class="username" form="username-form"
+          >Change</button
         >
-          <input type="text" id="username" bind:value={user.username} />
-          <button type="submit" class="username" form="username-form"
-            >Change</button
-          >
-        </form>
-        <button type="button" on:click={handle2fa}>
-          {#if user.is2faEnabled}
-            Disable 2FA
-          {:else}
-            Enable user.2FA
-          {/if}
-        </button>
-        <button id="logout" type="button" on:click={logout}>Log Out</button>
-      {/if}
+      </form>
+      <button type="button" on:click={handle2fa}>
+        {#if user.twoFA}
+          Disable 2FA
+        {:else}
+          Enable 2FA
+        {/if}
+      </button>
+      <button id="logout" type="button" on:click={logout}>Log Out</button>
+    {/if}
   </div>
 </div>
 
@@ -141,7 +154,7 @@
     justify-content: center;
   }
 
-  .profile-body >p {
+  .profile-body > p {
     display: flex;
     justify-content: center;
   }