Archive/screentinker
1
0
Fork 0
mirror of https://github.com/screentinker/screentinker.git synced 2026-06-17 03:32:32 -06:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
screentinker/server/middleware
History
ScreenTinker 1d3e9acea4 feat(server): TOTP MFA login flow + enrollment/verify endpoints (#100) 
Two-token login: /login returns an mfa_pending token when TOTP is on; requireAuth/optionalAuth
REJECT mfa_pending (tightening #1 - else password-alone is a session). /totp/verify exchanges
it + a TOTP or recovery code for a full session (per-user lockout; recovery checked
independently of the decryptable secret). Enrollment: setup -> enable (confirm-then-enable) ->
recovery codes shown once; disable/regenerate require re-auth; regenerate replaces atomically;
status surfaces codes-remaining (tightening #3). API tokens + SSO bypass TOTP by construction.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-13 20:48:55 -05:00
..
apiToken.js feat(api): scoped API token foundation + secure-by-exclusion mounts 2026-06-12 18:45:09 -05:00
auth.js feat(server): TOTP MFA login flow + enrollment/verify endpoints (#100) 2026-06-13 20:48:55 -05:00
sanitize.js Initial open source release 2026-04-08 12:14:53 -05:00
subscription.js Initial open source release 2026-04-08 12:14:53 -05:00
upload.js docs(upload): correct misleading defParamCharset comment 2026-05-12 11:57:54 -05:00