added 2FA

.gitignore

@@ -115,3 +115,5 @@ fabric.properties
 .idea/caches/build_file_checksums.ser
 /prisma/_____migrations___/
 /resources/images/
+/crib.md
+/**/**/*.log

actions/logger.ts

@@ -0,0 +1,45 @@
+import pino from 'pino'
+
+const pinoConfigProd: pino.LoggerOptions = {
+  transport: {
+    targets: [
+      {
+        target: 'pino/file', options: {
+          destination: './production.log', mkdir: true, minLength: 4096, sync: false,
+        },
+      },
+    ],
+  },
+  level: 'error',
+  redact: {
+    paths: ['password', '*.password'], remove: true,
+  },
+}
+
+const pinoConfigDev: pino.LoggerOptions = {
+  redact: {
+    paths: ['password', '*.password'], remove: false,
+  },
+  // formatters: {
+  //   bindings: (bindings) => {
+  //     return { pid: bindings.pid, host: bindings.hostname, node_version: process.version }
+  //   },
+  // },
+  transport: {
+    targets: [
+      {
+        //target: 'pino/file',
+        target: 'pino-pretty', options: { destination: `./pretty.log`, mkdir: true, colorize: false }, level: 'error',
+      }, {
+        target: 'pino-pretty', level: 'trace',
+      }],
+  },
+}
+
+const journal = process.env.NODE_ENV === 'production'
+  ? pino(pinoConfigProd)
+  : pino(pinoConfigDev)
+
+export default journal
+
+// TODO: wait for newer version of https://betterstack.com/docs/logs/javascript/pino/

actions/login.ts

@@ -6,7 +6,15 @@ import { signIn } from '@/config/auth'
 import { DEFAULT_LOGIN_REDIRECT } from '@/config/routes'
 import { AuthError } from 'next-auth'
 import { getUserByEmail } from '@/data/user'
-import { sendVerificationEmail } from '@/actions/send-verification-email'
+import { sendTwoFactorTokenEmail, sendVerificationEmail } from '@/actions/send-verification-email'
+import { generateTwoFactorToken } from '@/lib/tokens'
+import { deleteTwoFactorToken, getTwoFactorTokenByEmail } from '@/data/two-factor-token'
+import {
+  createTwoFactoComfirmation,
+  deleteTwoFactoComfirmation,
+  getTwoFactorConfirmationByUserId,
+} from '@/data/two-factor-confirmation'
+import journal from '@/actions/logger'
 
 export const login = async (values: zInfer<typeof LoginSchema>) => {
   const validatedFields = LoginSchema.safeParse(values)
@@ -15,7 +23,7 @@ export const login = async (values: zInfer<typeof LoginSchema>) => {
     return { error: 'auth.form.error.invalid_fields' }
   }
 
-  const { email, password } = validatedFields.data
+  const { email, password, code } = validatedFields.data
 
   const existingUser = await getUserByEmail(email)
 
@@ -27,6 +35,40 @@ export const login = async (values: zInfer<typeof LoginSchema>) => {
     return await sendVerificationEmail(existingUser.email, existingUser.name)
   }
 
+  if (existingUser.isTwoFactorEnabled && existingUser.email) {
+    if (code) {
+      const twoFactorToken = await getTwoFactorTokenByEmail(existingUser.email)
+      if (!twoFactorToken || twoFactorToken.token !== code) {
+        return { error: 'auth.form.error.invalid_code' }
+      }
+
+      const hasExpired = new Date(twoFactorToken.expires) < new Date()
+      if (hasExpired) {
+        return { error: 'auth.form.error.expired_token' }
+      }
+
+      await deleteTwoFactorToken(twoFactorToken.id)
+
+      const existingConfirmation = await getTwoFactorConfirmationByUserId(existingUser.id)
+
+      if (existingConfirmation) {
+        await deleteTwoFactoComfirmation(existingConfirmation.id)
+      }
+
+      await createTwoFactoComfirmation(existingUser.id)
+
+    } else {
+      const twoFactorToken = await generateTwoFactorToken(existingUser.email)
+
+      if (twoFactorToken) {
+        const isOk = await sendTwoFactorTokenEmail(twoFactorToken.email, twoFactorToken.token, existingUser.name)
+        return { twoFactor: isOk }
+      }
+      console.error('ERROR.TYPE: could not send token')
+      return { error: 'common.something_went_wrong' }
+    }
+  }
+
   try {
     await signIn('credentials', {
       email, password, redirectTo: DEFAULT_LOGIN_REDIRECT,

actions/send-verification-email.ts

@@ -2,11 +2,32 @@
 
 import mailer from '@/lib/mailer'
 import { AUTH_NEW_PASSWORD_URL, AUTH_USER_VERIFICATION_URL } from '@/config/routes'
-import { generatePasswordResetToken, generateVerificationToken } from '@/lib/tokens'
+import { generatePasswordResetToken, generateTwoFactorToken, generateVerificationToken } from '@/lib/tokens'
 import { env } from '@/lib/utils'
 import { __ct } from '@/lib/translate'
 import { body } from '@/templates/email/send-verification-email'
 
+export const sendTwoFactorTokenEmail = async (email: string, token: string, name?: string | null) => {
+  const { isOk, code, info, error } = await mailer({
+    to: name ? { name: name?.toString(), address: email } : email,
+    subject: await __ct({
+      key: 'mailer.subject.send_2FA_code',
+      params: { site_name: env('SITE_NAME') },
+    }),
+    text: `Your 2FA code: ${token}`,
+    html: `<p>Your 2FA code: ${token}</p>`,
+  })
+
+  return isOk
+  // TODO: Log this action
+  // if (isOk && code === 250) {
+  //   //return  //'auth.email.success._2FA_email_sent'
+  //   return { success: code === 250 ? 'auth.email.success._2FA_email_sent' : info?.response }
+  // } else {
+  //   return { error: env('DEBUG') === 'true' ? error?.response : 'auth.email.error._2FA_email_sending_error' }
+  // }
+}
+
 const sendVerificationEmail = async (
   email: string,
   name?: string | null,

actions/user-verification.ts

@@ -1,8 +1,7 @@
 'use server'
 
-import db from '@/lib/db'
-import { getVerificationTokenByToken } from '@/data/verification-token'
-import { getUserByEmail } from '@/data/user'
+import { deleteVerificationToken, getVerificationTokenByToken } from '@/data/verification-token'
+import { getUserByEmail, updateUserEmailVerified } from '@/data/user'
 
 export const userVerification = async (token: string) => {
   const existingToken = await getVerificationTokenByToken(token)
@@ -17,25 +16,9 @@ export const userVerification = async (token: string) => {
 
   if (!existingUser) return { error: 'Email associated with token not found!' }
 
-  try {
-    await db.user.update({
-      where: { id: existingUser.id }, data: {
-        email: existingToken.email, emailVerified: new Date(),
-      },
-    })
-  } catch (e) {
-    console.error(e)
-    return { error: 'db.error.update.user_data' }
-  }
+  await updateUserEmailVerified(existingUser.id, existingToken.email)
 
-  try {
-    await db.verificationToken.delete({
-      where: { id: existingToken.id },
-    })
-  } catch (e) {
-    // TODO: log error on disc or db
-    console.error(e)
-  }
+  await deleteVerificationToken(existingToken.id)
 
   return { success: 'User verified!' }
 }

app/[locale]/(protected)/cabinet/page.tsx

@@ -2,6 +2,7 @@ import { auth, signOut } from '@/config/auth'
 
 const CabinetPage = async () => {
   const session = await auth()
+
   return (
     <div>
       {JSON.stringify(session)}

app/[locale]/(root)/(routes)/about/page.tsx

@@ -1,10 +1,3 @@
-import type { Metadata } from 'next'
-
-export const metadata: Metadata = {
-  title: 'key',
-  description: '...',
-}
-
 const AboutPage = () => {
   return <>ABOUT</>
 }

app/[locale]/(root)/page.tsx

@@ -5,7 +5,6 @@ import { Button } from '@/components/ui/button'
 import LoginButton from '@/components/auth/login-button'
 import Image from 'next/image'
 import wolf from '@/img/Gray wolf portrait.jpg'
-import { Grid } from 'react-loader-spinner'
 
 const font = Poppins({
   subsets: ['latin'], weight: ['600'],

app/[locale]/layout.tsx

@@ -1,10 +1,9 @@
 import type { Metadata } from 'next'
 import { Inter } from 'next/font/google'
-import './globals.css'
 import { ReactElement } from 'react'
 import { I18nProviderClient } from '@/locales/client'
 import { lc } from '@/lib/utils'
-import { Loading } from '@/components/loading'
+import './globals.css'
 
 const inter = Inter({ subsets: ['cyrillic'] })
 
@@ -12,21 +11,17 @@ export const metadata: Metadata = {
   title: 'Create Next App', description: 'Generated by create next app',
 }
 
-type Props = {
+type RootLayoutProps = {
   params: { locale: string }; children: ReactElement;
 }
 
-export default function RootLayout ({
-  params: { locale }, children,
-}: Readonly<Props>) {
+export default function RootLayout ({ params: { locale }, children }: Readonly<RootLayoutProps>) {
 
   return (<html lang={lc(locale)?.java}>
-  {/*<Suspense fallback={<Loading/>}>*/}
   <body className={inter.className}>
-  <I18nProviderClient locale={locale} fallback={<Loading/>}>
+  <I18nProviderClient locale={locale} fallback="Loading...">
     {children}
   </I18nProviderClient>
   </body>
-  {/*</Suspense>*/}
   </html>)
 }

components/auth/.PasswordInput.tsx.todo

@@ -1,65 +0,0 @@
-
-'use client'
-//https://gist.github.com/mjbalcueva/b21f39a8787e558d4c536bf68e267398
-
-import { forwardRef, useState } from 'react'
-import { EyeIcon, EyeOffIcon } from 'lucide-react'
-import { Button } from '@/components/ui/button'
-import { Input, InputProps } from '@/components/ui/input'
-import { cn } from '@/lib/utils'
-import { FormControl } from '@/components/ui/form'
-
-const PasswordInput = forwardRef<HTMLInputElement, InputProps>(
-  ({ className, ...props }, ref) => {
-    const [showPassword, setShowPassword] = useState(false)
-    const disabled = props.value === '' || props.value === undefined ||
-      props.disabled
-
-    return (<div className="relative">
-        <Input
-          type={showPassword ? 'text' : 'password'}
-          className={cn('hide-password-toggle pr-10', className)}
-          ref={ref}
-          {...props}
-        />
-        <Button
-          type="button"
-          variant="ghost"
-          size="sm"
-          className="absolute right-0 top-0 h-full px-3 py-2 hover:bg-transparent"
-          onClick={() => setShowPassword((prev) => !prev)}
-          disabled={disabled}
-        >
-          {showPassword && !disabled ? (
-            <EyeIcon
-              className="h-4 w-4"
-              aria-hidden="true"
-            />
-          ) : (
-            <EyeOffIcon
-              className="h-4 w-4"
-              aria-hidden="true"
-            />
-          )}
-          <span className="sr-only">
-						{showPassword ? 'Hide password' : 'Show password'}
-					</span>
-        </Button>
-
-        {/* hides browsers password toggles */}
-        <style>{`
-					.hide-password-toggle::-ms-reveal,
-					.hide-password-toggle::-ms-clear {
-						visibility: hidden;
-						pointer-events: none;
-						display: none;
-					}
-				`}</style>
-      </div>
-    )
-  },
-)
-PasswordInput.displayName = 'PasswordInput'
-
-export { PasswordInput }
-

components/auth/card-wrapper.tsx

@@ -1,10 +1,9 @@
 'use client'
+
 import { Card, CardContent, CardFooter, CardHeader } from '@/components/ui/card'
 import { Header } from '@/components/auth/header'
 import { Social } from '@/components/auth/social'
 import { BackButton } from '@/components/auth/back-button'
-import { Suspense } from 'react'
-import { Loading } from '@/components/loading'
 
 type Props = {
   children: React.ReactNode
@@ -26,9 +25,8 @@ export const CardWrapper = ({
   continueWithLabel,
 }: Props) => {
   return (
-    <Suspense fallback={<Loading/>}>
     <Card
-        className="border-8 border-muted shadow-2xl max-w-[430px] w-full sm:min-w-[430px]">
+      className="shadow-2xl max-w-[430px] w-full sm:min-w-[430px]">
       <CardHeader>
         <Header label={headerLabel} title={headerTitle}/>
       </CardHeader>
@@ -51,6 +49,5 @@ export const CardWrapper = ({
         <BackButton label={backButtonLabel} href={backButtonHref}/>
       </CardFooter>
     </Card>
-    </Suspense>
   )
 }

components/auth/login-form.tsx

@@ -5,14 +5,7 @@ import { useState, useTransition } from 'react'
 import { useForm } from 'react-hook-form'
 import { useSearchParams } from 'next/navigation'
 import { zodResolver } from '@hookform/resolvers/zod'
-import {
-  Form,
-  FormControl,
-  FormField,
-  FormItem,
-  FormLabel,
-  FormMessage,
-} from '@/components/ui/form'
+import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from '@/components/ui/form'
 import { Input } from '@/components/ui/input'
 import { CardWrapper } from '@/components/auth/card-wrapper'
 import { useI18n } from '@/locales/client'
@@ -28,10 +21,9 @@ export const LoginForm = () => {
   const t = useI18n()
 
   const searchParams = useSearchParams()
-  const urlError = searchParams.get('error') === 'OAuthAccountNotLinked'
-    ? t('auth.form.error.email_in_use')
-    : ''
+  const urlError = searchParams.get('error') === 'OAuthAccountNotLinked' ? t('auth.form.error.email_in_use') : ''
 
+  const [showTwoFactor, setShowTwoFactor] = useState<boolean>(false)
   const [error, setError] = useState<string | undefined>('')
   const [success, setSuccess] = useState<string | undefined>('')
   const [isPending, startTransition] = useTransition()
@@ -48,10 +40,26 @@ export const LoginForm = () => {
 
     startTransition(() => {
       login(values).then((data) => {
-        // @ts-ignore
+        //@ts-ignore
+        if (data?.error) {
+          form.reset() //@ts-ignore
           setError(t(data?.error))
-        // @ts-ignore
+        }
+
+        //@ts-ignore
+        if (data?.success) {
+          form.reset() //@ts-ignore
           setSuccess(t(data?.success))
+        }
+
+        //@ts-ignore
+        if (data?.twoFactor) { //@ts-ignore
+          setShowTwoFactor(data?.twoFactor)
+        }
+      }).catch((err) => {
+        setError('auth.common.something_went_wrong')
+        //TODO: do logging
+        console.log(err)
       })
     })
   }
@@ -67,9 +75,24 @@ export const LoginForm = () => {
     <Form {...form}>
       <form
         onSubmit={form.handleSubmit(onSubmit)}
-        className="space-y-0"
+        className={showTwoFactor ? 'space-y-6' : 'space-y-2'}
       >
         <div className="space-y-4">
+          {showTwoFactor && (
+            <FormField control={form.control} name="code"
+                       render={({ field }) => (<FormItem>
+                         <FormLabel>{t('form.label.two_factor')}</FormLabel>
+                         <FormControl>
+                           <Input
+                             {...field}
+                             disabled={isPending}
+                             placeholder="¹₂³₄⁵₆"
+                           />
+                         </FormControl>
+                         <FormMessage className="text-xs"/>
+                       </FormItem>)}/>
+          )}
+          {!showTwoFactor && (<>
             <FormField control={form.control} name="email"
                        render={({ field }) => (<FormItem>
                          <FormLabel>{t('form.label.email')}</FormLabel>
@@ -84,7 +107,6 @@ export const LoginForm = () => {
                          </FormControl>
                          <FormMessage className="text-xs"/>
                        </FormItem>)}/>
-          {/*Password*/}
             <FormField control={form.control} name="password"
                        render={({ field }) => (<FormItem>
                          <FormLabel>{t('form.label.password')}</FormLabel>
@@ -103,12 +125,12 @@ export const LoginForm = () => {
                          </Button>
                          <FormMessage className="text-xs"/>
                        </FormItem>)}/>
+          </>)}
         </div>
-
         <FormSuccess message={success}/>
         <FormError message={error || urlError}/>
         <Button type="submit" className="w-full" disabled={isPending}>
-          {t('form.label.login')}
+          {showTwoFactor ? t('form.button.two_factor') : t('form.button.login')}
         </Button>
       </form>
     </Form>

components/auth/new-password-form.tsx

@@ -58,7 +58,7 @@ export const NewPasswordForm = ({ token }: { token: string }) => {
     <Form {...form}>
       <form
         onSubmit={form.handleSubmit(onSubmit)}
-        className="space-y-4"
+        className="space-y-6"
       >
         <div className="space-y-4">
           <FormField control={form.control} name="password"

components/auth/reset-form.tsx

@@ -58,7 +58,7 @@ export const ResetForm = () => {
     <Form {...form}>
       <form
         onSubmit={form.handleSubmit(onSubmit)}
-        className="space-y-4"
+        className="space-y-6"
       >
         <div className="space-y-4">
           <FormField control={form.control} name="email"

components/loading.tsx

@@ -1,20 +0,0 @@
-'use client'
-
-import { Grid } from 'react-loader-spinner'
-
-export function Loading () {
-  return (
-    <h1>
-      <Grid
-        visible={true}
-        height="666"
-        width="666"
-        color="#4fa94d"
-        ariaLabel="grid-loading"
-        radius="12.5"
-        wrapperStyle={{}}
-        wrapperClass="grid-wrapper"
-      />
-    </h1>
-  )
-}

components/locale-switcher.tsx

@@ -1,4 +1,5 @@
 'use client'
+
 import { useChangeLocale, useCurrentLocale } from '@/locales/client'
 import { LC, type loc } from '@/config/locales'
 import { ChangeEvent } from 'react'
@@ -7,18 +8,14 @@ import styles from '@/styles/locale-switcher.module.scss'
 export default function LocaleSwitcher () {
   const changeLocale = useChangeLocale()
   const locale = useCurrentLocale()
-  const selectHandler = (e: ChangeEvent<HTMLSelectElement>) => changeLocale(
-    e.target.value as loc)
+  const selectHandler = (e: ChangeEvent<HTMLSelectElement>) => changeLocale(e.target.value as loc)
 
-  return (
-    //@ts-ignore
-    <select onChange={selectHandler} defaultValue={locale}
-            className={styles['yo-locale-switcher']} aria-label="Switch language">
-      {LC.map(item => (
-        <option key={item.iso} value={item.code}>
+  return (//@ts-ignore
+    <select className={styles['yo-locale-switcher']} aria-label="Switch language"
+            defaultValue={locale} onChange={selectHandler}
+    >
+      {LC.map(item => (<option key={item.iso} value={item.code}>
         {item.iso.toUpperCase()}
-        </option>
-      ))}
-    </select>
-  )
+      </option>))}
+    </select>)
 }

config/auth.ts

@@ -7,6 +7,7 @@ import { getUserById } from '@/data/user'
 import { AUTH_ERROR_URL, AUTH_LOGIN_URL } from '@/config/routes'
 import { getCurrentLocale } from '@/locales/server'
 import { type loc } from '@/config/locales'
+import { getTwoFactorConfirmationByUserId } from '@/data/two-factor-confirmation'
 
 declare module 'next-auth' {
   interface Session {
@@ -44,7 +45,15 @@ export const {
       // Prevent sign in without email verification
       if (!existingUser?.emailVerified) return false
 
-      // TODO: Add 2FA check
+      if (existingUser.isTwoFactorEnabled) {
+        const twoFactorConfirmation = await getTwoFactorConfirmationByUserId(existingUser.id)
+        if (!twoFactorConfirmation) return false
+
+        // Delete 2FA for the next sign in
+        await db.twoFactorComfirmation.delete({
+          where: { id: twoFactorConfirmation.id },
+        })
+      }
 
       return true
     },

data/password-reset-token.ts

@@ -1,9 +1,13 @@
+'use server'
+
 import db from '@/lib/db'
+import journal from '@/actions/logger'
 
 export const getPasswordResetTokenByToken = async (token: string) => {
   try {
     return await db.passwordResetToken.findUnique({ where: { token } })
-  } catch {
+  } catch (err) {
+    journal.error({ getPasswordResetTokenByToken: err, token })
     return null
   }
 }
@@ -11,7 +15,8 @@ export const getPasswordResetTokenByToken = async (token: string) => {
 export const getPasswordResetTokenByEmail = async (email: string) => {
   try {
     return await db.passwordResetToken.findFirst({ where: { email } })
-  } catch {
+  } catch (err) {
+    journal.error({ getPasswordResetTokenByEmail: err, email })
     return null
   }
 }

data/two-factor-confirmation.ts

@@ -0,0 +1,33 @@
+'use server'
+
+import db from '@/lib/db'
+import journal from '@/actions/logger'
+
+export const createTwoFactoComfirmation = async (userId: string) => {
+  try {
+    return await db.twoFactorComfirmation.create({ data: { userId } })
+  } catch (err) {
+    journal.error({ createTwoFactoComfirmation: err, userId })
+    return null
+  }
+}
+
+export const getTwoFactorConfirmationByUserId = async (userId: string) => {
+  try {
+    return await db.twoFactorComfirmation.findUnique({
+      where: { userId },
+    })
+  } catch (err) {
+    journal.error({ getTwoFactorConfirmationByUserId: err, userId })
+    return null
+  }
+}
+
+export const deleteTwoFactoComfirmation = async (id: string) => {
+  try {
+    return await db.twoFactorComfirmation.delete({ where: { id } })
+  } catch (err) {
+    journal.error({ deleteTwoFactoComfirmation: err, id })
+    return null
+  }
+}

data/two-factor-token.ts

@@ -0,0 +1,33 @@
+'use server'
+
+import db from '@/lib/db'
+import journal from '@/actions/logger'
+
+export const getTwoFactorTokenByToken = async (token: string) => {
+  try {
+    return await db.twoFactorToken.findUnique({
+      where: { token },
+    })
+  } catch (err) {
+    journal.error({ getTwoFactorTokenByToken: err, token })
+    return null
+  }
+}
+
+export const getTwoFactorTokenByEmail = async (email: string) => {
+  try {
+    return await db.twoFactorToken.findFirst({ where: { email } })
+  } catch (err) {
+    journal.error({ getTwoFactorTokenByEmail: err, email })
+    return null
+  }
+}
+
+export const deleteTwoFactorToken = async (id: string) => {
+  try {
+    return await db.twoFactorToken.delete({ where: { id } })
+  } catch (err) {
+    journal.error({ deleteTwoFactorToken: err, id })
+    return null
+  }
+}

data/user.ts

@@ -1,10 +1,14 @@
+'use server'
+
 import { User } from '@prisma/client'
 import db from '@/lib/db'
+import journal from '@/actions/logger'
 
 export const getUserByEmail = async (email: string): Promise<User | null> => {
   try {
     return await db.user.findUnique({ where: { email } })
-  } catch {
+  } catch (err) {
+    journal.error({ getUserByEmail: err, email })
     return null
   }
 }
@@ -12,7 +16,22 @@ export const getUserByEmail = async (email: string): Promise<User | null> => {
 export const getUserById = async (id: string): Promise<User | null> => {
   try {
     return await db.user.findUnique({ where: { id } })
-  } catch {
+  } catch (err) {
+    journal.error({ getUserById: err, id })
     return null
   }
 }
+
+export const updateUserEmailVerified = async (id: string, email: string) => {
+  try {
+    await db.user.update({
+      where: { id },
+      data: {
+        email, emailVerified: new Date(),
+      },
+    })
+  } catch (err) {
+    journal.error({ updateUserEmailVerified: err, id, email })
+    return { error: 'db.error.update.user_data' }
+  }
+}

data/verification-token.ts

@@ -1,9 +1,13 @@
+'use server'
+
 import db from '@/lib/db'
+import journal from '@/actions/logger'
 
 export const getVerificationTokenByToken = async (token: string) => {
   try {
     return await db.verificationToken.findUnique({ where: { token } })
-  } catch {
+  } catch (err) {
+    journal.error({ getVerificationTokenByToken: err, token })
     return null
   }
 }
@@ -11,7 +15,18 @@ export const getVerificationTokenByToken = async (token: string) => {
 export const getVerificationTokenByEmail = async (email: string) => {
   try {
     return await db.verificationToken.findFirst({ where: { email } })
-  } catch {
+  } catch (err) {
+    journal.error({ getVerificationTokenByEmail: err, email })
     return null
   }
 }
+
+export const deleteVerificationToken = async (id: string) => {
+  try {
+    await db.verificationToken.delete({
+      where: { id },
+    })
+  } catch (err) {
+    journal.error({ deleteVerificationToken: err, id })
+  }
+}

lib/server.ts

@@ -3,5 +3,7 @@
 import { readdir } from 'fs/promises'
 
 export const getDirectories = async (source: string) => {
-  return (await readdir(source, { withFileTypes: true })).filter(dirent => dirent.isDirectory()).map(dirent => dirent.name)
+  return (await readdir(source, { withFileTypes: true }))
+    .filter(dirent => dirent.isDirectory())
+    .map(dirent => dirent.name)
 }

lib/tokens.ts

@@ -1,10 +1,28 @@
+import crypto from 'crypto'
 import { v4 as uuidV4 } from 'uuid'
-import {
-  VERIFICATION_TOKEN_EXPIRATION_DURATION,
-} from '@/config/auth'
+import { VERIFICATION_TOKEN_EXPIRATION_DURATION } from '@/config/auth'
 import db from '@/lib/db'
 import { getVerificationTokenByEmail } from '@/data/verification-token'
 import { getPasswordResetTokenByEmail } from '@/data/password-reset-token'
+import { deleteTwoFactorToken, getTwoFactorTokenByEmail } from '@/data/two-factor-token'
+
+export const generateTwoFactorToken = async (email: string) => {
+  const token = crypto.randomInt(100_000, 1_000_000).toString()
+  const expires = new Date(new Date().getTime() + VERIFICATION_TOKEN_EXPIRATION_DURATION)
+
+  const existingToken = await getTwoFactorTokenByEmail(email)
+
+  if (existingToken) {
+    await deleteTwoFactorToken(existingToken.id)
+  }
+
+  try {
+    return await db.twoFactorToken.create({ data: { email, token, expires } })
+  } catch (err) {
+    console.log(err)
+    return null
+  }
+}
 
 export const generatePasswordResetToken = async (email: string) => {
   const token = uuidV4()
@@ -21,9 +39,7 @@ export const generatePasswordResetToken = async (email: string) => {
 
   const passwordResetToken = await db.passwordResetToken.create({
     data: {
-      email,
-      token,
-      expires,
+      email, token, expires,
     },
   })
 
@@ -46,9 +62,7 @@ export const generateVerificationToken = async (email: string) => {
 
   const verificationToken = await db.verificationToken.create({
     data: {
-      email,
-      token,
-      expires,
+      email, token, expires,
     },
   })
 

lib/utils.ts

@@ -21,8 +21,6 @@ export const testPathnameRegex = (
   const pattern: string = `^(/(${locales.join('|')}))?(${pages.flatMap(
     (p) => (p === '/' ? ['', '/'] : p)).join('|')})/?$`
 
-  //console.log(pattern)
-
   return RegExp(pattern, 'is').test(pathName)
 }
 

locales/custom/mailer/en.ts

@@ -5,6 +5,7 @@ export default {
   confirmed_email: 'to confirm email',
   subject: {
     send_verification_email: 'Complete email verification for site {site_name}',
+    send_2FA_code: 'Your 2FA code from {site_name}',
   },
   body: {
     send_verification_email: {

locales/custom/mailer/uk.ts

@@ -5,6 +5,7 @@ export default {
   confirmed_email: 'для підтвердження електронної пошти',
   subject: {
     send_verification_email: 'Завершіть верифікацію Вашої електронної пошти для сайту {site_name}',
+    send_2FA_code: 'Ваш код двофакторної аутентифікації із сайту {site_name}',
   },
   body: {
     send_verification_email: {

locales/en/auth.ts

@@ -45,17 +45,20 @@ export default {
       missing_token: 'Missing token!',
       invalid_token: 'Invalid token!',
       expired_token: 'Token has expired!',
+      invalid_code: 'Invalid code!',
+      expired_code: 'Code has expired!',
     },
   },
   email: {
     success: {
       confirmation_email_sent: 'Confirmation email sent!',
       reset_email_sent: 'A password reset letter has been sent to the specified email address!',
+      _2FA_email_sent: '2FA email sent!',
     },
     error: {
       verification_email_sending_error: 'Could not send verification email!',
       reset_password_sending_error: 'Could not send reset password email!',
-
+      _2FA_email_sending_error: 'Could not send 2FA email!',
     },
   },
 } as const

locales/en/form.ts

@@ -5,6 +5,11 @@ export default {
     confirm_password: 'Confirm password',
     login: 'Login',
     name: 'Name',
+    two_factor: 'Two Factor Authentication Code',
+  },
+  button: {
+    two_factor: 'Confirm',
+    login: 'Login',
   },
   placeholder: {
     email: 'dead.end@acme.com',

locales/en/schema.ts

@@ -15,4 +15,7 @@ export default {
   name: {
     required: `Name is required`,
   },
+  two_factor: {
+    length: 'Code must contain exactly {length} digits',
+  },
 } as const

locales/uk/auth.ts

@@ -45,15 +45,19 @@ export default {
       missing_token: 'Відсутній токен!',
       invalid_token: 'Недійсний токен!',
       expired_token: 'Сплив термін дії токена!',
+      invalid_code: 'Невірний код!',
+      expired_code: 'Сплив термін дії коду!',
     },
   },
   email: {
     success: {
       confirmation_email_sent: 'Лист із підтвердженням надіслано!',
       reset_email_sent: 'Лист для скидання паролю надіслано на вказану електронну адресу',
+      _2FA_email_sent: 'Код 2FA надіслано на вказану електронну адресу',
     },
     error: {
       verification_email_sending_error: 'Не вдалося надіслати електронний лист для підтвердження!',
+      _2FA_email_sending_error: 'Не вдалося надіслати електронний лист з 2FA кодом!',
     },
   },
 } as const

locales/uk/form.ts

@@ -5,6 +5,11 @@ export default {
     confirm_password: 'Підтвердьте пароль',
     login: 'Лоґін',
     name: 'Ім\'я та прізвище',
+    two_factor: 'Код двофакторної перевірки',
+  },
+  button: {
+    two_factor: 'Підтвердити',
+    login: 'Лоґін',
   },
   placeholder: {
     email: 'dead.end@acme.com',

locales/uk/schema.ts

@@ -15,4 +15,7 @@ export default {
   name: {
     required: `Необхідно вказати ім'я`,
   },
+  two_factor: {
+    length: 'Код має містити рівно {length} цифр',
+  },
 } as const

next.config.mjs

@@ -2,6 +2,9 @@ import path from 'node:path'
 
 /** @type {import('next').NextConfig} */
 const nextConfig = {
+  experimental: {
+    serverComponentsExternalPackages: ['pino'],
+  },
   sassOptions: {
     includePaths: [path.join(path.resolve('.'), 'styles')],
   },

package.json

@@ -1,6 +1,6 @@
 {
-  "name": "a-naklejka",
-  "version": "0.1.0",
+  "name": "yo-next-space",
+  "version": "0.1.1",
   "private": true,
   "scripts": {
     "dev": "next dev",
@@ -31,6 +31,8 @@
     "next-auth": "^5.0.0-beta.16",
     "next-international": "^1.2.4",
     "nodemailer": "^6.9.13",
+    "pino": "^9.0.0",
+    "pino-http": "^9.0.0",
     "react": "^18",
     "react-dom": "^18",
     "react-hook-form": "^7.51.2",
@@ -54,6 +56,8 @@
     "eslint": "^8",
     "eslint-config-next": "14.1.4",
     "eslint-plugin-validate-filename": "^0.0.4",
+    "pino-caller": "^3.4.0",
+    "pino-pretty": "^11.0.0",
     "postcss": "^8",
     "prisma": "^5.12.1",
     "sass": "^1.74.1",

prisma/schema.prisma

@@ -35,6 +35,8 @@ model User {
   role                  UserRole               @default(CUSTOMER)
   extendedData          Json?
   accounts              Account[]
+  isTwoFactorEnabled    Boolean                @default(false)
+  twoFactorComfirmation TwoFactorComfirmation?
 }
 
 model Account {
@@ -73,3 +75,18 @@ model PasswordResetToken {
 
   @@unique([email, token])
 }
+
+model TwoFactorToken {
+  id      String   @id @default(cuid())
+  email   String
+  token   String   @unique
+  expires DateTime
+
+  @@unique([email, token])
+}
+
+model TwoFactorComfirmation {
+  id     String @id @default(cuid())
+  userId String @unique
+  user   User   @relation(fields: [userId], references: [id], onDelete: Cascade)
+}

schemas/index.ts

@@ -1,5 +1,8 @@
 import { MAX_PASSWORD_LENGTH, MIN_PASSWORD_LENGTH, PASSWORD_STRENGTH_ACME } from '@/config/validation'
-import { object, string } from 'zod'
+import { object, optional, string } from 'zod'
+
+const _2FA_CODE_LENGTH = 6
+const _2FA_CODE_REGEX = /^\d{6}$/
 
 // all translations is implemented in '@/components/ui/form' via TranslateClientFragment
 
@@ -7,6 +10,7 @@ const minPasswordMessage = JSON.stringify(['schema.password.length.min', { min:
 const maxPasswordMessage = JSON.stringify(['schema.password.length.max', { max: MAX_PASSWORD_LENGTH }])
 const maxPasswordStrength = JSON.stringify(
   ['schema.password.strength.acme', { min: MIN_PASSWORD_LENGTH, max: MAX_PASSWORD_LENGTH }])
+const regexCodeMessage = JSON.stringify(['schema.two_factor.length', { length: _2FA_CODE_LENGTH }])
 
 const email = string().trim().toLowerCase().email({ message: 'schema.email.required' })
 const password = string().trim().regex(new RegExp(PASSWORD_STRENGTH_ACME, 'mg'),
@@ -14,7 +18,13 @@ const password = string().trim().regex(new RegExp(PASSWORD_STRENGTH_ACME, 'mg'),
   max(MAX_PASSWORD_LENGTH, { message: maxPasswordMessage })
 
 export const LoginSchema = object({
-  email, password: string().trim().min(1, { message: 'schema.password.required' }),
+  email,
+  password: string().trim().min(1, { message: 'schema.password.required' }),
+  code: string({ message: regexCodeMessage }).
+    trim().
+    length(_2FA_CODE_LENGTH, { message: regexCodeMessage }).
+    regex(_2FA_CODE_REGEX, { message: regexCodeMessage }).
+    optional(),
 })
 
 export const RegisterSchema = object({