feat(user): 2FA

Author: Cooooing

app/user/cmd/wire_gen.go

@@ -1,4 +1,5 @@
 server:
+  app: FishPi
   name: user-service
   version: 1.0.0
   mode: dev

app/user/configs/config.yaml

@@ -14,6 +14,7 @@ require (
 	github.com/google/wire v0.7.0
 	github.com/jinzhu/copier v0.4.0
 	github.com/lib/pq v1.10.9
+	github.com/pquerna/otp v1.5.0
 	github.com/prometheus/client_golang v1.23.2
 	github.com/qiniu/go-sdk/v7 v7.22.0
 	github.com/sony/sonyflake/v2 v2.2.0
@@ -39,6 +40,7 @@ require (
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bmatcuk/doublestar v1.3.4 // indirect
+	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
 	github.com/bytedance/gopkg v0.1.3 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect

app/user/go.mod

@@ -31,6 +31,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bmatcuk/doublestar v1.3.4 h1:gPypJ5xD31uhX6Tf54sDPUOBXTqKH4c9aPY66CyQrS0=
 github.com/bmatcuk/doublestar v1.3.4/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE=
+github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=
+github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
 github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
@@ -158,6 +160,8 @@ github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgm
 github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs=
+github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
 github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
 github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
 github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=

app/user/go.sum

@@ -21,6 +21,7 @@ var BizProviderSet = wire.NewSet(
 	NewAuthenticationDomain,
 	NewUserDomain,
 	NewUserRelationDomain,
+	NewTwoFactorAuthenticationDomain,
 )
 
 type BaseDomain struct {

app/user/internal/biz/biz.go

@@ -58,10 +58,13 @@ func (u *User) ConvertToRpc() *v1.User {
 		Province:             u.Province,
 		City:                 u.City,
 		PublicLocation:       u.PublicLocation,
-		TwofaSecret:          u.TwofaSecret,
+		TwofaEnable:          u.TwofaEnable,
 		CreatedAt:            timestamppb.New(*u.CreatedAt),
 		UpdatedAt:            timestamppb.New(*u.UpdatedAt),
 	}
+	if u.TwofaEnable && u.TwofaEnableTime != nil {
+		reply.TwofaEnableTime = timestamppb.New(*u.TwofaEnableTime)
+	}
 	if u.LastLoginTime != nil {
 		reply.LastLoginTime = timestamppb.New(*u.LastLoginTime)
 	}

app/user/internal/biz/model/user.go

@@ -14,6 +14,9 @@ type UserRepo interface {
 	Update(ctx context.Context, tx *gen.Client, u *model.User) (*model.User, error)
 	UpdateStat(ctx context.Context, tx *gen.Client, userId int64, statType v1.UserStatType, num int32) (*model.User, error)
 
+	EnableTwoFactorAuthentication(ctx context.Context, tx *gen.Client, name string, secret string) (int, error)
+	DisableTwoFactorAuthentication(ctx context.Context, tx *gen.Client, name string) (int, error)
+
 	ConstantAccount(ctx context.Context, tx *gen.Client, account string) (bool, error)
 	GetOne(ctx context.Context, tx *gen.Client, req *UserGetReq) (*model.User, error)
 	GetByAccount(ctx context.Context, tx *gen.Client, account string) (*model.User, error)

app/user/internal/biz/repo/user.go

@@ -0,0 +1,89 @@
+package biz
+
+import (
+	"bytes"
+	cv1 "common/api/common/v1"
+	"common/pkg/constant"
+	"context"
+	"image/png"
+	"time"
+	"user/internal/biz/repo"
+	"user/internal/data/ent"
+	"user/internal/data/ent/gen"
+
+	"github.com/pquerna/otp/totp"
+)
+
+type TwoFactorAuthenticationDomain struct {
+	*BaseDomain
+	userRepo repo.UserRepo
+}
+
+func NewTwoFactorAuthenticationDomain(base *BaseDomain, userRepo repo.UserRepo) (*TwoFactorAuthenticationDomain, error) {
+	return &TwoFactorAuthenticationDomain{
+		BaseDomain: base,
+		userRepo:   userRepo,
+	}, nil
+}
+
+func (d *TwoFactorAuthenticationDomain) Validate(ctx context.Context, secret string, code string) bool {
+	return totp.Validate(code, secret)
+}
+
+func (d *TwoFactorAuthenticationDomain) Enable(ctx context.Context, name string) ([]byte, error) {
+	buf := &bytes.Buffer{}
+	generate, err := totp.Generate(totp.GenerateOpts{
+		Issuer:      d.conf.Server.App,
+		AccountName: name,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	err = d.redis.Client.SetEx(ctx, constant.GetKeyTwoFactorAuthentication(name), generate.Secret(), 5*time.Minute).Err()
+	if err != nil {
+		return nil, err
+	}
+
+	image, err := generate.Image(256, 256)
+	if err != nil {
+		return nil, err
+	}
+	err = png.Encode(buf, image)
+	if err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+func (d *TwoFactorAuthenticationDomain) Disable(ctx context.Context, name string, secret string, code string) error {
+	if !totp.Validate(code, secret) {
+		return cv1.ErrorBadRequest("2FA code invalid")
+	}
+	err := ent.WithTx(ctx, d.db, func(tx *gen.Client) error {
+		_, err := d.userRepo.DisableTwoFactorAuthentication(ctx, tx, name)
+		return err
+	})
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (d *TwoFactorAuthenticationDomain) Confirm(ctx context.Context, name string, code string) error {
+	secret, err := d.redis.Client.Get(ctx, constant.GetKeyTwoFactorAuthentication(name)).Result()
+	if err != nil {
+		return err
+	}
+	if !totp.Validate(code, secret) {
+		return cv1.ErrorBadRequest("2FA code invalid")
+	}
+	err = ent.WithTx(ctx, d.db, func(tx *gen.Client) error {
+		_, err = d.userRepo.EnableTwoFactorAuthentication(ctx, tx, name, secret)
+		return err
+	})
+	if err != nil {
+		return err
+	}
+	return nil
+}

app/user/internal/biz/two_factor_authentication.go

@@ -15,6 +15,7 @@ message Bootstrap {
 }
 
 message Server {
+  string app = 6;
   string name = 1;
   string version = 2;
   string mode = 3;