From d0862a50985c1f172a646e9b9f9f9b28d63e02ae Mon Sep 17 00:00:00 2001
From: adjoly <contact@adjoly.fr>
Date: Thu, 23 Oct 2025 17:56:28 +0200
Subject: [PATCH] =?UTF-8?q?=E3=80=8C=E2=9C=A8=E3=80=8D=20feat:=20added=202?=
 =?UTF-8?q?fa=20checker?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/api/auth/default.js   |  8 ++++++--
 src/api/auth/totpCheck.js | 24 ++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 2 deletions(-)
 create mode 100644 src/api/auth/totpCheck.js

diff --git a/src/api/auth/default.js b/src/api/auth/default.js
index 5b80ed7..ecba601 100644
--- a/src/api/auth/default.js
+++ b/src/api/auth/default.js
@@ -2,6 +2,7 @@ import fastifyJWT from '@fastify/jwt';
 import fastifyCookie from '@fastify/cookie';
 import cors from '@fastify/cors';
 
+import { totpCheck } from './totpCheck.js';
 import { register } from './register.js';
 import { login } from './login.js';
 import { gRedir } from './gRedir.js';
@@ -28,7 +29,7 @@ export default async function(fastify, options) {
 	fastify.register(cors, {
 		origin: process.env.CORS_ORIGIN || 'http://localhost:5173',
 		credentials: true,
-		methods: [ "GET", "POST", "PATCH", "DELETE", "OPTIONS" ]
+		methods: ["GET", "POST", "PATCH", "DELETE", "OPTIONS"]
 	});
 
 	fastify.register(fastifyJWT, {
@@ -54,6 +55,9 @@ export default async function(fastify, options) {
 	fastify.get('/me', { preHandler: [fastify.authenticate] }, async (request, reply) => {
 		return { user: request.user };
 	});
+	fastify.get('/2fa', { preHandler: [fastify.authenticate] }, async (request, reply) => {
+		return totpCheck(request, reply);
+	});
 
 	// GOOGLE sign in
 	fastify.get('/login/google', async (request, reply) => {
@@ -119,5 +123,5 @@ export default async function(fastify, options) {
 
 	fastify.get('/logout', {}, async (request, reply) => { return logout(reply, fastify); })
 
-	 fastify.delete('/', { preHandler: fastify.authenticate }, async (request, reply) => { return remove(request, reply, fastify)})
+	fastify.delete('/', { preHandler: fastify.authenticate }, async (request, reply) => { return remove(request, reply, fastify) })
 }
diff --git a/src/api/auth/totpCheck.js b/src/api/auth/totpCheck.js
new file mode 100644
index 0000000..d76a12e
--- /dev/null
+++ b/src/api/auth/totpCheck.js
@@ -0,0 +1,24 @@
+import authDB from '../../utils/authDB.js';
+
+/**
+ *	@param {import('fastify').FastifyRequest} request
+ *	@param {import('fastify').FastifyReply} reply
+ */
+export async function totpCheck(request, reply) {
+	try {
+		const user = request.user;
+
+		if (authDB.checkUser(user) === false) {
+			return reply.code(400).send({ error: "User does not exist" });
+		}
+
+		return reply
+			.code(200)
+			.send({
+				totp: authDB.isTOTPEnabled(user)
+			});
+	} catch (err) {
+		fastify.log.error(err);
+		return reply.code(500).send({ error: "Internal server error" });
+	}
+}