summaryrefslogtreecommitdiff
path: root/src/server/api/endpoints/i/2fa/remove-key.ts
diff options
context:
space:
mode:
Diffstat (limited to 'src/server/api/endpoints/i/2fa/remove-key.ts')
-rw-r--r--src/server/api/endpoints/i/2fa/remove-key.ts46
1 files changed, 46 insertions, 0 deletions
diff --git a/src/server/api/endpoints/i/2fa/remove-key.ts b/src/server/api/endpoints/i/2fa/remove-key.ts
new file mode 100644
index 0000000000..cb28c8fbfb
--- /dev/null
+++ b/src/server/api/endpoints/i/2fa/remove-key.ts
@@ -0,0 +1,46 @@
+import $ from 'cafy';
+import * as bcrypt from 'bcryptjs';
+import define from '../../../define';
+import { UserProfiles, UserSecurityKeys, Users } from '../../../../../models';
+import { ensure } from '../../../../../prelude/ensure';
+import { publishMainStream } from '../../../../../services/stream';
+
+export const meta = {
+ requireCredential: true,
+
+ secure: true,
+
+ params: {
+ password: {
+ validator: $.str
+ },
+ credentialId: {
+ validator: $.str
+ },
+ }
+};
+
+export default define(meta, async (ps, user) => {
+ const profile = await UserProfiles.findOne(user.id).then(ensure);
+
+ // Compare password
+ const same = await bcrypt.compare(ps.password, profile.password!);
+
+ if (!same) {
+ throw new Error('incorrect password');
+ }
+
+ // Make sure we only delete the user's own creds
+ await UserSecurityKeys.delete({
+ userId: user.id,
+ id: ps.credentialId
+ });
+
+ // Publish meUpdated event
+ publishMainStream(user.id, 'meUpdated', await Users.pack(user.id, user, {
+ detail: true,
+ includeSecrets: true
+ }));
+
+ return {};
+});
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 15:10:45 +0000