MFA

2026-01-16 18:04:39 -05:00
parent 63385e049c
commit cf97dffbfb
31 changed files with 4405 additions and 56 deletions
--- a/backend/migrations/20260116000001-mfa-security-enhancements.js
+++ b/backend/migrations/20260116000001-mfa-security-enhancements.js
@@ -0,0 +1,32 @@
+"use strict";
+
+/** @type {import('sequelize-cli').Migration} */
+module.exports = {
+  async up(queryInterface, Sequelize) {
+    // Add recentTotpCodes field for TOTP replay protection
+    await queryInterface.addColumn("Users", "recentTotpCodes", {
+      type: Sequelize.TEXT,
+      allowNull: true,
+      comment: "JSON array of hashed recently used TOTP codes for replay protection",
+    });
+
+    // Remove deprecated columns (if they exist)
+    await queryInterface.removeColumn("Users", "twoFactorEnabledAt").catch(() => {});
+    await queryInterface.removeColumn("Users", "recoveryCodesUsedCount").catch(() => {});
+  },
+
+  async down(queryInterface, Sequelize) {
+    await queryInterface.removeColumn("Users", "recentTotpCodes");
+
+    // Re-add deprecated columns for rollback
+    await queryInterface.addColumn("Users", "twoFactorEnabledAt", {
+      type: Sequelize.DATE,
+      allowNull: true,
+    });
+    await queryInterface.addColumn("Users", "recoveryCodesUsedCount", {
+      type: Sequelize.INTEGER,
+      defaultValue: 0,
+      allowNull: false,
+    });
+  },
+};