feat(auth): add trusted device support for 2FA

implement remember device option for two-factor authentication add trusted device service to manage device trust update login flow to check for trusted devices
2025-11-04 14:03:33 +00:00 · 2025-07-09 00:34:56 -03:00
parent ffd5005c8b
commit ad689bd6d9
10 changed files with 176 additions and 15 deletions
--- a/apps/server/src/modules/auth/controller.ts
+++ b/apps/server/src/modules/auth/controller.ts
@@ -12,10 +12,17 @@ import { AuthService } from "./service";
 export class AuthController {
  private authService = new AuthService();

+  private getClientInfo(request: FastifyRequest) {
+    const userAgent = request.headers["user-agent"] || "";
+    const ipAddress = request.ip || request.socket.remoteAddress || "";
+    return { userAgent, ipAddress };
+  }
+
  async login(request: FastifyRequest, reply: FastifyReply) {
    try {
      const input = LoginSchema.parse(request.body);
-      const result = await this.authService.login(input);
+      const { userAgent, ipAddress } = this.getClientInfo(request);
+      const result = await this.authService.login(input, userAgent, ipAddress);

      if ("requiresTwoFactor" in result) {
        return reply.send(result);
@@ -43,7 +50,14 @@ export class AuthController {
  async completeTwoFactorLogin(request: FastifyRequest, reply: FastifyReply) {
    try {
      const input = CompleteTwoFactorLoginSchema.parse(request.body);
-      const user = await this.authService.completeTwoFactorLogin(input.userId, input.token);
+      const { userAgent, ipAddress } = this.getClientInfo(request);
+      const user = await this.authService.completeTwoFactorLogin(
+        input.userId,
+        input.token,
+        input.rememberDevice,
+        userAgent,
+        ipAddress
+      );

      const token = await request.jwtSign({
        userId: user.id,