()
| 118 | } |
| 119 | |
| 120 | func (app *BaseApp) registerOTPHooks() { |
| 121 | recordRefHooks[*OTP](app, CollectionNameOTPs, CollectionTypeAuth) |
| 122 | |
| 123 | // run on every hour to cleanup expired otp sessions |
| 124 | app.Cron().Add("__pbOTPCleanup__", "0 * * * *", func() { |
| 125 | if err := app.DeleteExpiredOTPs(); err != nil { |
| 126 | app.Logger().Warn("Failed to delete expired OTP sessions", "error", err) |
| 127 | } |
| 128 | }) |
| 129 | |
| 130 | // delete all record OTPs on tokenKey change to minimize the risk of hijacking attacks |
| 131 | app.OnRecordUpdateExecute().Bind(&hook.Handler[*RecordEvent]{ |
| 132 | Func: func(e *RecordEvent) error { |
| 133 | err := e.Next() |
| 134 | if err != nil || !e.Record.Collection().IsAuth() { |
| 135 | return err |
| 136 | } |
| 137 | |
| 138 | if !e.Record.Original().IsNew() && e.Record.Original().TokenKey() != e.Record.TokenKey() { |
| 139 | err := e.App.DeleteAllOTPsByRecord(e.Record) |
| 140 | if err != nil { |
| 141 | return fmt.Errorf( |
| 142 | "[%s] failed to delete all previous OTPs for record %q: %w", |
| 143 | e.Record.Collection().Name, |
| 144 | e.Record.Id, |
| 145 | err, |
| 146 | ) |
| 147 | } |
| 148 | } |
| 149 | |
| 150 | return nil |
| 151 | }, |
| 152 | Priority: 99, |
| 153 | }) |
| 154 | } |
no test coverage detected