From 3617d260a60041f6565b86681dfff7a00de241b1 Mon Sep 17 00:00:00 2001
From: Aaron Dewes <aaron.dewes@protonmail.com>
Date: Sun, 26 Jun 2022 21:34:58 +0200
Subject: [PATCH] Fix setting update channel (#124)

Co-authored-by: William Connatser <43946230+WilliamConnatser@users.noreply.github.com>
---
 middlewares/auth.ts  | 3 ++-
 routes/v1/account.ts | 2 ++
 routes/v2/system.ts  | 5 +++--
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/middlewares/auth.ts b/middlewares/auth.ts
index 8d535ab..f52c7a2 100644
--- a/middlewares/auth.ts
+++ b/middlewares/auth.ts
@@ -1,5 +1,5 @@
 import {Buffer} from 'node:buffer';
-import {STATUS_CODES} from '@runcitadel/utils';
+import {STATUS_CODES, typeHelper} from '@runcitadel/utils';
 import * as passportJWT from 'passport-jwt';
 import * as passportHTTP from 'passport-http';
 import * as bcrypt from '@node-rs/bcrypt';
@@ -138,6 +138,7 @@ export async function basic(ctx: Context, next: Next): Promise<void> {
 
       // Check 2FA token when enabled
       if (userInfo.settings?.twoFactorAuth) {
+        typeHelper.isString(ctx.request.body.totpToken, ctx);
         const vres = notp.totp.verify(
           ctx.request.body.totpToken,
           userInfo.settings.twoFactorKey || '',
diff --git a/routes/v1/account.ts b/routes/v1/account.ts
index da50870..1f06557 100644
--- a/routes/v1/account.ts
+++ b/routes/v1/account.ts
@@ -170,6 +170,7 @@ router.post('/totp/enable', auth.jwt, async (ctx) => {
     // TOTP should be already set up
     const key = info.settings?.twoFactorKey;
 
+    typeHelper.isString(ctx.request.body.authenticatorToken, ctx);
     const vres = notp.totp.verify(ctx.request.body.authenticatorToken, key);
 
     if (vres && vres.delta === 0) {
@@ -190,6 +191,7 @@ router.post('/totp/disable', auth.jwt, async (ctx, next) => {
     // TOTP should be already set up
     const key = info.settings?.twoFactorKey;
 
+    typeHelper.isString(ctx.request.body.authenticatorToken, ctx);
     const vres = notp.totp.verify(ctx.request.body.authenticatorToken, key);
 
     if (vres && vres.delta === 0) {
diff --git a/routes/v2/system.ts b/routes/v2/system.ts
index 5daceee..24874c6 100644
--- a/routes/v2/system.ts
+++ b/routes/v2/system.ts
@@ -150,8 +150,9 @@ router.get('/disk-type', auth.jwt, async (ctx, next) => {
 });
 
 router.put('/update-channel', auth.jwt, async (ctx, next) => {
-  typeHelper.isString(ctx.body.channel, ctx);
-  await systemLogic.setUpdateChannel(ctx.body.channel as string);
+  typeHelper.isString(ctx.request.body.channel, ctx);
+  await systemLogic.setUpdateChannel(ctx.request.body.channel as string);
+  ctx.body = {};
   await next();
 });