add builtin two-factor auth support

The builtin two-factor authentication is based on time-based one time passwords (RFC 6238) which works with Authy, Google Authenticator and other compatible apps.
2025-12-07 23:00:55 +03:00 · 2021-09-04 12:11:04 +02:00
parent 16ba7ddb34
commit 8a4c21b64a
52 changed files with 5985 additions and 475 deletions
--- a/httpd/web.go
+++ b/httpd/web.go
@@ -5,16 +5,19 @@ import (
 )

 const (
-	page400Title      = "Bad request"
-	page403Title      = "Forbidden"
-	page404Title      = "Not found"
-	page404Body       = "The page you are looking for does not exist."
-	page500Title      = "Internal Server Error"
-	page500Body       = "The server is unable to fulfill your request."
-	webDateTimeFormat = "2006-01-02 15:04:05" // YYYY-MM-DD HH:MM:SS
-	redactedSecret    = "[**redacted**]"
-	csrfFormToken     = "_form_token"
-	csrfHeaderToken   = "X-CSRF-TOKEN"
+	pageMFATitle              = "Two-factor authentication"
+	page400Title              = "Bad request"
+	page403Title              = "Forbidden"
+	page404Title              = "Not found"
+	page404Body               = "The page you are looking for does not exist."
+	page500Title              = "Internal Server Error"
+	page500Body               = "The server is unable to fulfill your request."
+	webDateTimeFormat         = "2006-01-02 15:04:05" // YYYY-MM-DD HH:MM:SS
+	redactedSecret            = "[**redacted**]"
+	csrfFormToken             = "_form_token"
+	csrfHeaderToken           = "X-CSRF-TOKEN"
+	templateTwoFactor         = "twofactor.html"
+	templateTwoFactorRecovery = "twofactor-recovery.html"
 )

 type loginPage struct {
@@ -26,6 +29,15 @@ type loginPage struct {
 	AltLoginURL string
 }

+type twoFactorPage struct {
+	CurrentURL  string
+	Version     string
+	Error       string
+	CSRFToken   string
+	StaticURL   string
+	RecoveryURL string
+}
+
 func getSliceFromDelimitedValues(values, delimiter string) []string {
 	result := []string{}
 	for _, v := range strings.Split(values, delimiter) {