feat: add 2fa

Author: Snowiiii

package-lock.json

@@ -11,39 +11,40 @@
     "preview": "vite preview"
   },
   "dependencies": {
-    "@marsidev/react-turnstile": "^1.5.1",
+    "@marsidev/react-turnstile": "^1.5.2",
     "@vnedyalk0v/react19-simple-maps": "^2.0.7",
-    "axios": "^1.15.2",
+    "axios": "^1.16.1",
     "d3-geo": "^3.1.1",
     "d3-scale": "^4.0.2",
-    "i18next": "^26.0.8",
+    "i18next": "^26.1.0",
     "i18next-browser-languagedetector": "^8.2.1",
-    "lucide-react": "^1.14.0",
+    "lucide-react": "^1.16.0",
     "or": "^0.2.0",
-    "react": "^19.2.5",
-    "react-dom": "^19.2.5",
-    "react-i18next": "^17.0.6",
-    "react-is": "^19.2.5",
+    "qrcode.react": "^4.2.0",
+    "react": "^19.2.6",
+    "react-dom": "^19.2.6",
+    "react-i18next": "^17.0.7",
+    "react-is": "^19.2.6",
     "react-markdown": "^10.1.0",
-    "react-router-dom": "^7.14.2",
+    "react-router-dom": "^7.15.1",
     "recharts": "^3.8.1",
     "remark-gfm": "^4.0.1"
   },
   "devDependencies": {
     "@eslint/js": "^10.0.1",
-    "@types/node": "^25.6.0",
+    "@types/node": "^25.8.0",
     "@types/react": "^19.2.14",
     "@types/react-dom": "^19.2.3",
     "@vitejs/plugin-react": "^6.0.1",
-    "eslint": "^10.2.1",
+    "eslint": "^10.3.0",
     "eslint-plugin-react-hooks": "^7.1.1",
     "eslint-plugin-react-refresh": "^0.5.2",
-    "globals": "^17.5.0",
+    "globals": "^17.6.0",
     "typescript": "^6.0.3",
-    "typescript-eslint": "^8.59.1",
-    "vite": "^8.0.10"
+    "typescript-eslint": "^8.59.3",
+    "vite": "^8.0.13"
   },
   "overrides": {
-    "vite": "^8.0.10"
+    "vite": "^8.0.13"
   }
 }

package.json

@@ -381,7 +381,6 @@ h3 {
     gap: 1.5rem;
     width: 100%;
     max-width: 100%;
-    overflow: hidden;
   }
 
   .plugin-sidebar {
@@ -406,11 +405,13 @@ h3 {
 
   .plugin-title {
     font-size: 2.25rem;
+    word-break: break-word;
+    overflow-wrap: break-word;
   }
 
   .plugin-detail-header {
     flex-direction: row;
-    align-items: center;
+    align-items: flex-start;
     gap: 1.25rem;
     margin-bottom: 2rem;
   }
@@ -1458,6 +1459,11 @@ h3 {
   margin-bottom: 3rem;
 }
 
+.plugin-header-info {
+  flex: 1;
+  min-width: 0;
+}
+
 .plugin-detail-layout {
   display: grid;
   grid-template-columns: 1fr 400px;
@@ -1468,6 +1474,8 @@ h3 {
 .plugin-title {
   font-size: 3.5rem;
   text-transform: uppercase;
+  overflow-wrap: break-word;
+  word-break: break-word;
 }
 
 .plugin-description {
@@ -1521,6 +1529,26 @@ h3 {
   border: 1px solid var(--border);
 }
 
+.markdown-content table {
+  width: 100%;
+  border-collapse: collapse;
+  margin-bottom: 1.5rem;
+  display: block;
+  overflow-x: auto;
+}
+
+.markdown-content th,
+.markdown-content td {
+  padding: 0.75rem 1rem;
+  border: 1px solid var(--border);
+}
+
+.markdown-content th {
+  background: rgba(255, 255, 255, 0.05);
+  font-weight: 700;
+  text-align: left;
+}
+
 .markdown-content pre code {
   background: none;
   padding: 0;

src/App.css

@@ -8,6 +8,7 @@ import RegisterPage from './pages/auth/RegisterPage';
 import ForgotPasswordPage from './pages/auth/ForgotPasswordPage';
 import ResetPasswordPage from './pages/auth/ResetPasswordPage';
 import VerifyEmailPage from './pages/auth/VerifyEmailPage';
+import ConfirmEmailChangePage from './pages/auth/ConfirmEmailChangePage';
 import CheckEmailPage from './pages/auth/CheckEmailPage';
 import ProfilePage from './pages/ProfilePage';
 import AuthorProfilePage from './pages/AuthorProfilePage';
@@ -125,6 +126,7 @@ const App = () => (
           <Route path="forgot-password" element={<ForgotPasswordPage />} />
           <Route path="reset-password" element={<ResetPasswordPage />} />
           <Route path="verify-email" element={<VerifyEmailPage />} />
+          <Route path="confirm-email" element={<ConfirmEmailChangePage />} />
           <Route path="check-email" element={<CheckEmailPage />} />
           <Route path="dashboard" element={<ProtectedRoute><DashboardLayout /></ProtectedRoute>}>
             <Route index element={<DashboardOverview />} />

src/App.tsx

@@ -494,7 +494,7 @@ const PluginDetail = () => {
     >
     {!plugin.preview_path && plugin.name.charAt(0)}
     </div>
-    <div>
+    <div className="plugin-header-info">
     <h1 className="plugin-title">{plugin.name}</h1>
     <p className="dev-name">by <Link to={`/profile/${plugin.dev_name}`} style={{ color: 'inherit', textDecoration: 'none' }} onMouseEnter={e => (e.currentTarget.style.textDecoration = 'underline')} onMouseLeave={e => (e.currentTarget.style.textDecoration = 'none')}>{plugin.dev_name}</Link></p>
     </div>

src/pages/PluginDetail.tsx

@@ -1,5 +1,6 @@
 import React, { useState, useEffect } from 'react';
 import { useNavigate, useLocation, Link } from 'react-router-dom';
+import { QRCodeSVG } from 'qrcode.react';
 import api from '../api';
 import { useAuth } from '../App';
 
@@ -30,7 +31,7 @@ const ProfilePage = () => {
     else                         setActiveTab('accountDetails');
   }, [location]);
 
-  const [formData, setFormData]         = useState({ username: '', email: '', password: '' });
+  const [formData, setFormData]         = useState({ username: '', email: '', password: '', currentPassword: '', disable2faPassword: '' });
   const [message, setMessage]           = useState({ text: '', type: '' });
   const [isStripeLoading, setIsStripeLoading] = useState(false);
 
@@ -39,11 +40,17 @@ const ProfilePage = () => {
   const [libraryLoading, setLibraryLoading] = useState(false);
   const [libraryError, setLibraryError] = useState<string | null>(null);
 
+  // 2FA state
+  const [is2faEnabled, setIs2faEnabled] = useState(false);
+  const [setup2faData, setSetup2faData] = useState<{ uri: string, secret: string } | null>(null);
+  const [verify2faCode, setVerify2faCode] = useState('');
+
   useEffect(() => { refreshUser?.(); }, []);
 
   useEffect(() => {
     if (user) {
       setFormData(prev => ({ ...prev, username: user.username || '', email: user.email || '' }));
+      setIs2faEnabled(user.totp_enabled || false);
     }
   }, [user]);
 
@@ -109,6 +116,46 @@ const ProfilePage = () => {
     }
   };
 
+  const start2faSetup = async () => {
+    try {
+      const res = await api.post('/user/2fa/setup');
+      setSetup2faData(res.data);
+    } catch (err: any) {
+      showMessage(err.response?.data?.error || 'Failed to start 2FA setup.', true);
+      if (err.response?.status === 400 && err.response?.data?.error === '2FA is already enabled') {
+        setIs2faEnabled(true);
+        refreshUser?.();
+      }
+    }
+  };
+
+  const confirm2faSetup = async (e: React.FormEvent) => {
+    e.preventDefault();
+    try {
+      await api.post('/user/2fa/verify', { code: verify2faCode });
+      setIs2faEnabled(true);
+      setSetup2faData(null);
+      setVerify2faCode('');
+      showMessage('2FA enabled successfully!');
+      refreshUser?.();
+    } catch (err: any) {
+      showMessage(err.response?.data?.error || 'Invalid 2FA code.', true);
+    }
+  };
+
+  const disable2fa = async (e: React.FormEvent) => {
+    e.preventDefault();
+    try {
+      await api.post('/user/2fa/disable', { password: formData.disable2faPassword });
+      setIs2faEnabled(false);
+      setFormData({ ...formData, disable2faPassword: '' });
+      showMessage('2FA has been disabled.');
+      refreshUser?.();
+    } catch (err: any) {
+      showMessage(err.response?.data?.error || 'Failed to disable 2FA.', true);
+    }
+  };
+
   return (
     <div className="container profile-page">
       <h1 className="page-title">User <span>Profile</span></h1>
@@ -328,11 +375,54 @@ const ProfilePage = () => {
           {/* ── Security ── */}
           {activeTab === 'security' && (
             <div className="profile-section">
+              <h2 className="section-title"><span>Two-Factor</span> Authentication</h2>
+              <div style={{ background: 'var(--surface-light)', padding: '1.5rem', borderRadius: '12px', border: '1px solid var(--border)', marginBottom: '3rem' }}>
+                {is2faEnabled ? (
+                  <div>
+                    <p style={{ color: 'var(--success)', fontWeight: 600, marginBottom: '1rem' }}>✓ Two-Factor Authentication is currently enabled.</p>
+                    <form onSubmit={disable2fa} style={{ marginTop: '1rem' }}>
+                      <p style={{ fontSize: '0.85rem', color: 'var(--text-muted)', marginBottom: '1rem' }}>Enter your password to disable 2FA.</p>
+                      <div className="form-group">
+                        <input type="password" placeholder="Current Password" value={formData.disable2faPassword} onChange={e => setFormData({ ...formData, disable2faPassword: e.target.value })} required />
+                      </div>
+                      <button type="submit" className="btn btn-secondary" style={{ color: '#ff4d4d', borderColor: '#ff4d4d' }}>Disable 2FA</button>
+                    </form>
+                  </div>
+                ) : (
+                  <div>
+                    <p style={{ marginBottom: '1rem', color: 'var(--text-muted)' }}>Protect your account with Two-Factor Authentication using an app like Google Authenticator or Authy.</p>
+                    {!setup2faData ? (
+                      <button className="btn" onClick={start2faSetup}>Set Up 2FA</button>
+                    ) : (
+                      <div style={{ marginTop: '1rem' }}>
+                        <p style={{ fontSize: '0.9rem', marginBottom: '1rem' }}>1. Scan this QR code with your authenticator app:</p>
+                        <div style={{ background: 'white', padding: '1rem', display: 'inline-block', borderRadius: '8px', marginBottom: '1rem' }}>
+                          <QRCodeSVG value={setup2faData.uri} size={150} />
+                        </div>
+                        <p style={{ fontSize: '0.8rem', color: 'var(--text-muted)', marginBottom: '1.5rem' }}>Or enter this code manually: <strong style={{ fontFamily: 'var(--font-mono)' }}>{setup2faData.secret}</strong></p>
+                        
+                        <form onSubmit={confirm2faSetup}>
+                          <p style={{ fontSize: '0.9rem', marginBottom: '0.5rem' }}>2. Enter the 6-digit code from your app:</p>
+                          <div className="form-group" style={{ display: 'flex', gap: '0.5rem', maxWidth: '300px' }}>
+                            <input type="text" placeholder="000000" maxLength={6} value={verify2faCode} onChange={e => setVerify2faCode(e.target.value.replace(/\D/g, ''))} required style={{ fontFamily: 'var(--font-mono)', fontSize: '1.2rem', letterSpacing: '0.2em', textAlign: 'center' }} />
+                            <button type="submit" className="btn">Verify</button>
+                          </div>
+                        </form>
+                      </div>
+                    )}
+                  </div>
+                )}
+              </div>
+
               <h2 className="section-title"><span>Change</span> Password</h2>
-              <form onSubmit={(e) => handleUpdate(e, '/user/settings', { newPassword: formData.password })}>
+              <form onSubmit={(e) => handleUpdate(e, '/user/settings', { currentPassword: formData.currentPassword, newPassword: formData.password })}>
+                <div className="form-group">
+                  <label>CURRENT PASSWORD</label>
+                  <input type="password" value={formData.currentPassword} onChange={e => setFormData({ ...formData, currentPassword: e.target.value })} required />
+                </div>
                 <div className="form-group">
                   <label>NEW PASSWORD</label>
-                  <input type="password" value={formData.password} onChange={e => setFormData({ ...formData, password: e.target.value })} />
+                  <input type="password" value={formData.password} onChange={e => setFormData({ ...formData, password: e.target.value })} required />
                 </div>
                 <button type="submit" className="btn">Update Password</button>
               </form>

src/pages/ProfilePage.tsx

@@ -0,0 +1,66 @@
+import { useEffect, useState } from 'react';
+import { useLocation, useNavigate } from 'react-router-dom';
+import api from '../../api';
+import { useAuth } from '../../App';
+
+const ConfirmEmailChangePage = () => {
+    const [status, setStatus] = useState<'verifying' | 'success' | 'error'>('verifying');
+    const [error, setError] = useState<string | null>(null);
+    const location = useLocation();
+    const navigate = useNavigate();
+    const { login } = useAuth();
+
+    useEffect(() => {
+        const verify = async () => {
+            const params = new URLSearchParams(location.search);
+            const token = params.get('token');
+
+            if (!token) {
+                setStatus('error');
+                setError('No verification token found.');
+                return;
+            }
+
+            try {
+                const res = await api.post('/user/confirm-email-change', { token });
+                
+                if (res.data.token) {
+                    login(res.data.token);
+                }
+
+                setStatus('success');
+
+                setTimeout(() => {
+                    navigate('/profile');
+                }, 3000);
+
+            } catch (err: any) {
+                setStatus('error');
+                setError(err.response?.data?.error || 'Verification failed. The link may be invalid or expired.');
+            }
+        };
+
+        verify();
+    }, [location, navigate, login]);
+
+    return (
+        <div style={{ textAlign: 'center', padding: '50px' }}>
+            {status === 'verifying' && <h1>Verifying your email change...</h1>}
+            {status === 'success' && (
+                <div>
+                    <h1>Email Updated Successfully!</h1>
+                    <p>Your new email is now active. Redirecting to your profile...</p>
+                </div>
+            )}
+            {status === 'error' && (
+                <div>
+                    <h1>Update Failed</h1>
+                    <p>{error}</p>
+                    <p>Please try updating your email again from your profile page.</p>
+                </div>
+            )}
+        </div>
+    );
+};
+
+export default ConfirmEmailChangePage;