ui fixes, input fixes, better dev workflow
This commit is contained in:
94
api/src/scripts/verify-break-glass.ts
Normal file
94
api/src/scripts/verify-break-glass.ts
Normal file
@@ -0,0 +1,94 @@
|
||||
import { PrismaClient } from "@prisma/client";
|
||||
import { timingSafeEqual } from "node:crypto";
|
||||
|
||||
function parseArgs() {
|
||||
const args = process.argv.slice(2);
|
||||
const parsed: Record<string, string> = {};
|
||||
for (const arg of args) {
|
||||
if (!arg.startsWith("--")) continue;
|
||||
const [key, ...rest] = arg.slice(2).split("=");
|
||||
parsed[key] = rest.join("=");
|
||||
}
|
||||
return parsed;
|
||||
}
|
||||
|
||||
function parseBool(value: string | undefined): boolean {
|
||||
if (!value) return false;
|
||||
const normalized = value.trim().toLowerCase();
|
||||
return normalized === "1" || normalized === "true" || normalized === "yes";
|
||||
}
|
||||
|
||||
function safeEqual(a: string, b: string): boolean {
|
||||
const left = Buffer.from(a, "utf8");
|
||||
const right = Buffer.from(b, "utf8");
|
||||
if (left.length !== right.length) return false;
|
||||
return timingSafeEqual(left, right);
|
||||
}
|
||||
|
||||
const prisma = new PrismaClient();
|
||||
|
||||
async function main() {
|
||||
const args = parseArgs();
|
||||
const email = (args.email || "").trim().toLowerCase();
|
||||
const providedCode = args.code || process.env.BREAK_GLASS_VERIFY_CODE_INPUT || "";
|
||||
const expectedCode = process.env.BREAK_GLASS_VERIFY_CODE || "";
|
||||
const enabled = parseBool(process.env.BREAK_GLASS_VERIFY_ENABLED);
|
||||
|
||||
if (!enabled) {
|
||||
throw new Error("BREAK_GLASS_VERIFY_ENABLED must be true to use this command.");
|
||||
}
|
||||
if (expectedCode.length < 32) {
|
||||
throw new Error("BREAK_GLASS_VERIFY_CODE must be set and at least 32 characters.");
|
||||
}
|
||||
if (!email || !email.includes("@")) {
|
||||
throw new Error("Usage: npm run verify:break-glass -- --email=user@example.com --code=<long-secret>");
|
||||
}
|
||||
if (!providedCode) {
|
||||
throw new Error("Missing --code (or BREAK_GLASS_VERIFY_CODE_INPUT).");
|
||||
}
|
||||
if (!safeEqual(providedCode, expectedCode)) {
|
||||
throw new Error("Invalid break-glass code.");
|
||||
}
|
||||
|
||||
const user = await prisma.user.findUnique({
|
||||
where: { email },
|
||||
select: { id: true, email: true, emailVerified: true },
|
||||
});
|
||||
if (!user) {
|
||||
throw new Error(`No user found for email: ${email}`);
|
||||
}
|
||||
|
||||
if (!user.emailVerified) {
|
||||
await prisma.user.update({
|
||||
where: { id: user.id },
|
||||
data: { emailVerified: true },
|
||||
});
|
||||
}
|
||||
|
||||
await prisma.emailToken.deleteMany({
|
||||
where: { userId: user.id, type: "signup" },
|
||||
});
|
||||
|
||||
console.log(
|
||||
JSON.stringify(
|
||||
{
|
||||
ok: true,
|
||||
email: user.email,
|
||||
wasAlreadyVerified: user.emailVerified,
|
||||
action: "email_marked_verified_break_glass",
|
||||
},
|
||||
null,
|
||||
2
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
main()
|
||||
.catch((err) => {
|
||||
console.error(err instanceof Error ? err.message : err);
|
||||
process.exit(1);
|
||||
})
|
||||
.finally(async () => {
|
||||
await prisma.$disconnect();
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user