zitadel/apps/login/src/app/api/otp/set/route.ts

import {
  getMostRecentSessionCookie,
  getSessionCookieById,
  getSessionCookieByLoginName,
} from "@zitadel/next";
import { setSessionAndUpdateCookie } from "@/utils/session";
import { NextRequest, NextResponse, userAgent } from "next/server";
import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
import { PlainMessage } from "@zitadel/client";

export async function POST(request: NextRequest) {
  const body = await request.json();

  if (body) {
    const { loginName, sessionId, organization, authRequestId, code, method } =
      body;

    const recentPromise = sessionId
      ? getSessionCookieById({ sessionId }).catch((error) => {
          return Promise.reject(error);
        })
      : loginName
        ? getSessionCookieByLoginName({ loginName, organization }).catch(
            (error) => {
              return Promise.reject(error);
            },
          )
        : getMostRecentSessionCookie().catch((error) => {
            return Promise.reject(error);
          });

    return recentPromise
      .then((recent) => {
        const checks: PlainMessage<Checks> = {};

        if (method === "time-based") {
          checks.totp = {
            code,
          };
        } else if (method === "sms") {
          checks.otpSms = {
            code,
          };
        } else if (method === "email") {
          checks.otpEmail = {
            code,
          };
        }

        return setSessionAndUpdateCookie(
          recent,
          checks,
          undefined,
          authRequestId,
        ).then((session) => {
          return NextResponse.json({
            sessionId: session.id,
            factors: session.factors,
            challenges: session.challenges,
          });
        });
      })
      .catch((error) => {
        return NextResponse.json({ details: error }, { status: 500 });
      });
  } else {
    return NextResponse.json(
      { details: "Request body is missing" },
      { status: 400 },
    );
  }
}
totp page, totp api 2024-04-04 13:50:54 +02:00			`import {`
			`getMostRecentSessionCookie,`
			`getSessionCookieById,`
			`getSessionCookieByLoginName,`
cookie utils 2024-08-08 08:58:54 +02:00			`} from "@zitadel/next";`
chore: move app code into src dir 2024-05-13 16:17:12 -04:00			`import { setSessionAndUpdateCookie } from "@/utils/session";`
totp page, totp api 2024-04-04 13:50:54 +02:00			`import { NextRequest, NextResponse, userAgent } from "next/server";`
update paths 2024-08-06 09:34:45 +02:00			`import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";`
fix: remove old zitadel client 2024-07-25 23:16:07 -04:00			`import { PlainMessage } from "@zitadel/client";`
totp page, totp api 2024-04-04 13:50:54 +02:00
			`export async function POST(request: NextRequest) {`
			`const body = await request.json();`

			`if (body) {`
otp methods 2024-04-16 15:33:14 +02:00			`const { loginName, sessionId, organization, authRequestId, code, method } =`
			`body;`
totp page, totp api 2024-04-04 13:50:54 +02:00
cookie utils 2024-08-08 08:58:54 +02:00			`const recentPromise = sessionId`
single-object 2024-08-08 09:28:59 +02:00			`? getSessionCookieById({ sessionId }).catch((error) => {`
totp page, totp api 2024-04-04 13:50:54 +02:00			`return Promise.reject(error);`
			`})`
			`: loginName`
single-object 2024-08-08 09:24:03 +02:00			`? getSessionCookieByLoginName({ loginName, organization }).catch(`
chore: move app code into src dir 2024-05-13 16:17:12 -04:00			`(error) => {`
			`return Promise.reject(error);`
			`},`
			`)`
			`: getMostRecentSessionCookie().catch((error) => {`
			`return Promise.reject(error);`
			`});`
totp page, totp api 2024-04-04 13:50:54 +02:00
			`return recentPromise`
			`.then((recent) => {`
refactor: zitadel server Signed-off-by: Yordis Prieto <yordis.prieto@gmail.com> 2024-04-07 03:56:46 -04:00			`const checks: PlainMessage<Checks> = {};`
otp methods 2024-04-16 15:33:14 +02:00
			`if (method === "time-based") {`
			`checks.totp = {`
			`code,`
			`};`
			`} else if (method === "sms") {`
			`checks.otpSms = {`
			`code,`
			`};`
			`} else if (method === "email") {`
			`checks.otpEmail = {`
			`code,`
			`};`
			`}`

totp page, totp api 2024-04-04 13:50:54 +02:00			`return setSessionAndUpdateCookie(`
			`recent,`
otp methods 2024-04-16 15:33:14 +02:00			`checks,`
totp page, totp api 2024-04-04 13:50:54 +02:00			`undefined,`
chore: move app code into src dir 2024-05-13 16:17:12 -04:00			`authRequestId,`
totp page, totp api 2024-04-04 13:50:54 +02:00			`).then((session) => {`
			`return NextResponse.json({`
			`sessionId: session.id,`
			`factors: session.factors,`
			`challenges: session.challenges,`
			`});`
			`});`
			`})`
			`.catch((error) => {`
			`return NextResponse.json({ details: error }, { status: 500 });`
			`});`
			`} else {`
			`return NextResponse.json(`
			`{ details: "Request body is missing" },`
chore: move app code into src dir 2024-05-13 16:17:12 -04:00			`{ status: 400 },`
totp page, totp api 2024-04-04 13:50:54 +02:00			`);`
			`}`
			`}`