Merge remote-tracking branch 'upstream/dev/staging_2' into staging

2 files changed, 5 insertions, 2 deletions

diff --git a/src/util/config/types/SecurityConfiguration.ts b/src/util/config/types/SecurityConfiguration.ts
index 98c04c99..a2cebbd3 100644
--- a/src/util/config/types/SecurityConfiguration.ts
+++ b/src/util/config/types/SecurityConfiguration.ts
@@ -14,4 +14,6 @@ export class SecurityConfiguration {
 	// CF-Connecting-IP for cloudflare
 	forwadedFor: string | null = null;
 	ipdataApiKey: string | null = "eca677b284b3bac29eb72f5e496aa9047f26543605efe99ff2ce35c9";
+	mfaBackupCodeCount: number = 10;
+	mfaBackupCodeBytes: number = 4;
 }
diff --git a/src/util/util/MFA.ts b/src/util/util/MFA.ts
index a2afcad6..b9af6d23 100644
--- a/src/util/util/MFA.ts
+++ b/src/util/util/MFA.ts
@@ -1,12 +1,13 @@
 import crypto from "crypto";
+import { Config } from ".";
 import { BackupCode } from "../entities/BackupCodes";
 
 export function generateMfaBackupCodes(user_id: string) {
 	let backup_codes: BackupCode[] = [];
-	for (let i = 0; i < 10; i++) {
+	for (let i = 0; i < Config.get().security.mfaBackupCodeCount; i++) {
 		const code = BackupCode.create({
 			user: { id: user_id },
-			code: crypto.randomBytes(4).toString("hex"), // 8 characters
+			code: crypto.randomBytes(Config.get().security.mfaBackupCodeBytes).toString("hex"), // 8 characters
 			consumed: false,
 			expired: false
 		});