enhance: 2FA is no longer required for the first 3min of login

0xJacky · 0xJacky · commit 83981349d713 · 2024-07-29T11:00:54.000+08:00
diff --git a/api/user/auth.go b/api/user/auth.go
@@ -32,10 +32,11 @@ const (
 )
 
 type LoginResponse struct {
-	Message string `json:"message"`
-	Error   string `json:"error,omitempty"`
-	Code    int    `json:"code"`
-	Token   string `json:"token,omitempty"`
+	Message         string `json:"message"`
+	Error           string `json:"error,omitempty"`
+	Code            int    `json:"code"`
+	Token           string `json:"token,omitempty"`
+	SecureSessionID string `json:"secure_session_id,omitempty"`
 }
 
 func Login(c *gin.Context) {
@@ -86,6 +87,8 @@ func Login(c *gin.Context) {
 	}
 
 	// Check if the user enables 2FA
+	var secureSessionID string
+
 	if u.EnabledOTP() {
 		if json.OTP == "" && json.RecoveryCode == "" {
 			c.JSON(http.StatusOK, LoginResponse{
@@ -104,6 +107,8 @@ func Login(c *gin.Context) {
 			user.BanIP(clientIP)
 			return
 		}
+
+		secureSessionID = user.SetSecureSessionID(u.ID)
 	}
 
 	// login success, clear banned record
@@ -119,9 +124,10 @@ func Login(c *gin.Context) {
 	}
 
 	c.JSON(http.StatusOK, LoginResponse{
-		Code:    LoginSuccess,
-		Message: "ok",
-		Token:   token,
+		Code:            LoginSuccess,
+		Message:         "ok",
+		Token:           token,
+		SecureSessionID: secureSessionID,
 	})
 }
 
diff --git a/app/src/api/auth.ts b/app/src/api/auth.ts
@@ -7,6 +7,8 @@ export interface AuthResponse {
   message: string
   token: string
   code: number
+  error: string
+  secure_session_id: string
 }
 
 const auth = {
diff --git a/app/src/lib/websocket/index.ts b/app/src/lib/websocket/index.ts
@@ -16,7 +16,7 @@ function ws(url: string, reconnect: boolean = true): ReconnectingWebSocket | Web
     url, `?token=${btoa(token.value)}`, node_id)
 
   if (reconnect)
-    return new ReconnectingWebSocket(_url)
+    return new ReconnectingWebSocket(_url, undefined, { maxRetries: 10 })
 
   return new WebSocket(_url)
 }
diff --git a/app/src/version.json b/app/src/version.json
@@ -1 +1 @@
-{"version":"2.0.0-beta.29","build_id":151,"total_build":355}
+{"version":"2.0.0-beta.29","build_id":152,"total_build":356}
diff --git a/app/src/views/other/Login.vue b/app/src/views/other/Login.vue
@@ -1,6 +1,7 @@
 <script setup lang="ts">
 import { LockOutlined, UserOutlined } from '@ant-design/icons-vue'
 import { Form, message } from 'ant-design-vue'
+import { useCookies } from '@vueuse/integrations/useCookies'
 import { useUserStore } from '@/pinia'
 import auth from '@/api/auth'
 import install from '@/api/install'
@@ -46,19 +47,23 @@ const rulesRef = reactive({
 })
 
 const { validate, validateInfos, clearValidate } = Form.useForm(modelRef, rulesRef)
-const { login } = useUserStore()
+const userStore = useUserStore()
+const { login } = userStore
+const { secureSessionId } = storeToRefs(userStore)
 
 const onSubmit = () => {
   validate().then(async () => {
     loading.value = true
 
     await auth.login(modelRef.username, modelRef.password, passcode.value, recoveryCode.value).then(async r => {
       const next = (route.query?.next || '').toString() || '/'
-
+      const cookies = useCookies(['nginx-ui-2fa'])
       switch (r.code) {
         case 200:
           message.success($gettext('Login successful'), 1)
           login(r.token)
+          secureSessionId.value = r.secure_session_id
+          cookies.set('secure_session_id', r.secure_session_id, { maxAge: 60 * 3 })
           await router.push(next)
           break
         case 199:
diff --git a/app/src/views/system/About.vue b/app/src/views/system/About.vue
@@ -1,9 +1,9 @@
 <script setup lang="ts">
 import GithubButton from 'vue-github-button'
 import logo from '@/assets/img/logo.png'
-import version from '@/version.json'
+import ver from '@/version.json'
 
-const this_year = new Date().getFullYear()
+const thisYear = new Date().getFullYear()
 </script>
 
 <template>
@@ -19,7 +19,7 @@ const this_year = new Date().getFullYear()
     </div>
     <h2>Nginx UI</h2>
     <p>Yet another WebUI for Nginx</p>
-    <p>Version: {{ version.version }} ({{ version.build_id || $gettext('Development Mode') }})</p>
+    <p>Version: {{ ver.version }} ({{ ver.build_id || $gettext('Development Mode') }})</p>
     <div class="star-on-github">
       <GithubButton
         href="https://github.com/0xJacky/nginx-ui"
@@ -47,7 +47,7 @@ const this_year = new Date().getFullYear()
       {{ $gettext('License') }}
     </h3>
     <p>GNU General Public License v3.0</p>
-    <p>Copyright © 2021 - {{ this_year }} Nginx UI Team</p>
+    <p>Copyright © 2021 - {{ thisYear }} Nginx UI Team</p>
   </ACard>
 </template>
 

Original file line number	Diff line number	Diff line change
`@@ -32,10 +32,11 @@ const (`
`32`	`32`	`)`
`33`	`33`
`34`	`34`	`type LoginResponse struct {`
`35`		- Message string `json:"message"`
`36`		- Error string `json:"error,omitempty"`
`37`		- Code int `json:"code"`
`38`		- Token string `json:"token,omitempty"`
	`35`	+ Message string `json:"message"`
	`36`	+ Error string `json:"error,omitempty"`
	`37`	+ Code int `json:"code"`
	`38`	+ Token string `json:"token,omitempty"`
	`39`	+ SecureSessionID string `json:"secure_session_id,omitempty"`
`39`	`40`	`}`
`40`	`41`
`41`	`42`	`func Login(c *gin.Context) {`
`@@ -86,6 +87,8 @@ func Login(c *gin.Context) {`
`86`	`87`	`}`
`87`	`88`
`88`	`89`	`// Check if the user enables 2FA`
	`90`	`+ var secureSessionID string`
	`91`	`+`
`89`	`92`	`if u.EnabledOTP() {`
`90`	`93`	`if json.OTP == "" && json.RecoveryCode == "" {`
`91`	`94`	`c.JSON(http.StatusOK, LoginResponse{`
`@@ -104,6 +107,8 @@ func Login(c *gin.Context) {`
`104`	`107`	`user.BanIP(clientIP)`
`105`	`108`	`return`
`106`	`109`	`}`
	`110`	`+`
	`111`	`+ secureSessionID = user.SetSecureSessionID(u.ID)`
`107`	`112`	`}`
`108`	`113`
`109`	`114`	`// login success, clear banned record`
`@@ -119,9 +124,10 @@ func Login(c *gin.Context) {`
`119`	`124`	`}`
`120`	`125`
`121`	`126`	`c.JSON(http.StatusOK, LoginResponse{`
`122`		`- Code: LoginSuccess,`
`123`		`- Message: "ok",`
`124`		`- Token: token,`
	`127`	`+ Code: LoginSuccess,`
	`128`	`+ Message: "ok",`
	`129`	`+ Token: token,`
	`130`	`+ SecureSessionID: secureSessionID,`
`125`	`131`	`})`
`126`	`132`	`}`
`127`	`133`
Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,8 @@ export interface AuthResponse {`
`7`	`7`	`message: string`
`8`	`8`	`token: string`
`9`	`9`	`code: number`
	`10`	`+ error: string`
	`11`	`+ secure_session_id: string`
`10`	`12`	`}`
`11`	`13`
`12`	`14`	`const auth = {`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ function ws(url: string, reconnect: boolean = true): ReconnectingWebSocket \| Web`
`16`	`16`	url, `?token=${btoa(token.value)}`, node_id)
`17`	`17`
`18`	`18`	`if (reconnect)`
`19`		`- return new ReconnectingWebSocket(_url)`
	`19`	`+ return new ReconnectingWebSocket(_url, undefined, { maxRetries: 10 })`
`20`	`20`
`21`	`21`	`return new WebSocket(_url)`
`22`	`22`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-{"version":"2.0.0-beta.29","build_id":151,"total_build":355}`
	`1`	`+{"version":"2.0.0-beta.29","build_id":152,"total_build":356}`