[feature] add TOTP two-factor authentication (2FA) (#3960)

* [feature] add TOTP two-factor authentication (2FA) * use byteutil.S2B to avoid allocations when comparing + generating password hashes * don't bother with string conversion for consts * use io.ReadFull * use MustGenerateSecret for backup codes * rename util functions
2025-10-28 20:02:24 -05:00 · 2025-04-07 16:14:41 +02:00 · 2025-04-07 16:14:41 +02:00 · 365b575341
commit 365b575341
parent 6f24205a26
78 changed files with 5593 additions and 825 deletions
--- a/cmd/gotosocial/action/server/server.go
+++ b/cmd/gotosocial/action/server/server.go
@ -515,16 +515,16 @@ var Start action.GTSAction = func(ctx context.Context) error {
 	}

 	var (
-		authModule        = api.NewAuth(dbService, process, idp, routerSession, sessionName) // auth/oauth paths
-		clientModule      = api.NewClient(state, process)                                    // api client endpoints
-		metricsModule     = api.NewMetrics()                                                 // Metrics endpoints
-		healthModule      = api.NewHealth(dbService.Ready)                                   // Health check endpoints
-		fileserverModule  = api.NewFileserver(process)                                       // fileserver endpoints
-		robotsModule      = api.NewRobots()                                                  // robots.txt endpoint
-		wellKnownModule   = api.NewWellKnown(process)                                        // .well-known endpoints
-		nodeInfoModule    = api.NewNodeInfo(process)                                         // nodeinfo endpoint
-		activityPubModule = api.NewActivityPub(dbService, process)                           // ActivityPub endpoints
-		webModule         = web.New(dbService, process)                                      // web pages + user profiles + settings panels etc
+		authModule        = api.NewAuth(state, process, idp, routerSession, sessionName) // auth/oauth paths
+		clientModule      = api.NewClient(state, process)                                // api client endpoints
+		metricsModule     = api.NewMetrics()                                             // Metrics endpoints
+		healthModule      = api.NewHealth(dbService.Ready)                               // Health check endpoints
+		fileserverModule  = api.NewFileserver(process)                                   // fileserver endpoints
+		robotsModule      = api.NewRobots()                                              // robots.txt endpoint
+		wellKnownModule   = api.NewWellKnown(process)                                    // .well-known endpoints
+		nodeInfoModule    = api.NewNodeInfo(process)                                     // nodeinfo endpoint
+		activityPubModule = api.NewActivityPub(dbService, process)                       // ActivityPub endpoints
+		webModule         = web.New(dbService, process)                                  // web pages + user profiles + settings panels etc
 	)

 	// Create per-route / per-grouping middlewares.
--- a/cmd/gotosocial/action/testrig/testrig.go
+++ b/cmd/gotosocial/action/testrig/testrig.go
@ -283,16 +283,16 @@ var Start action.GTSAction = func(ctx context.Context) error {
 	}

 	var (
-		authModule        = api.NewAuth(state.DB, processor, idp, routerSession, sessionName) // auth/oauth paths
-		clientModule      = api.NewClient(state, processor)                                   // api client endpoints
-		metricsModule     = api.NewMetrics()                                                  // Metrics endpoints
-		healthModule      = api.NewHealth(state.DB.Ready)                                     // Health check endpoints
-		fileserverModule  = api.NewFileserver(processor)                                      // fileserver endpoints
-		robotsModule      = api.NewRobots()                                                   // robots.txt endpoint
-		wellKnownModule   = api.NewWellKnown(processor)                                       // .well-known endpoints
-		nodeInfoModule    = api.NewNodeInfo(processor)                                        // nodeinfo endpoint
-		activityPubModule = api.NewActivityPub(state.DB, processor)                           // ActivityPub endpoints
-		webModule         = web.New(state.DB, processor)                                      // web pages + user profiles + settings panels etc
+		authModule        = api.NewAuth(state, processor, idp, routerSession, sessionName) // auth/oauth paths
+		clientModule      = api.NewClient(state, processor)                                // api client endpoints
+		metricsModule     = api.NewMetrics()                                               // Metrics endpoints
+		healthModule      = api.NewHealth(state.DB.Ready)                                  // Health check endpoints
+		fileserverModule  = api.NewFileserver(processor)                                   // fileserver endpoints
+		robotsModule      = api.NewRobots()                                                // robots.txt endpoint
+		wellKnownModule   = api.NewWellKnown(processor)                                    // .well-known endpoints
+		nodeInfoModule    = api.NewNodeInfo(processor)                                     // nodeinfo endpoint
+		activityPubModule = api.NewActivityPub(state.DB, processor)                        // ActivityPub endpoints
+		webModule         = web.New(state.DB, processor)                                   // web pages + user profiles + settings panels etc
 	)

 	// these should be routed in order