Encrypt TOTP secret before saving to database

2024-10-31 16:24:32 +07:00
parent f705d9538f
commit 197383c414
21 changed files with 271 additions and 172 deletions
--- a/handler/user/totp/setup.go
+++ b/handler/user/totp/setup.go
@ -82,12 +82,18 @@ func POST(w http.ResponseWriter, r *http.Request) {
 	}
 	var component templ.Component
 	if totp.Verify(code, time.Now().Unix()) {
-		if err := app.Server.Database.InitializeTotp(userSession.Email, secret); err != nil {
+		encryptedSecret, err := app.Server.Encryption.Encrypt(secret)
+		if err != nil {
 			w.WriteHeader(http.StatusInternalServerError)
 			app.Server.Logger.Error(err.Error())
 			return
 		}
-		err := app.Server.Cache.RemoveUserCache(r.Context(), userSession.Email)
+		if err := app.Server.Database.InitializeTotp(userSession.Email, encryptedSecret); err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+			app.Server.Logger.Error(err.Error())
+			return
+		}
+		err = app.Server.Cache.RemoveUserCache(r.Context(), userSession.Email)
 		if err != nil {
 			w.WriteHeader(http.StatusInternalServerError)
 			app.Server.Logger.Error(err.Error())