From 15a9a8f7a0707cbbe5a01b64c9ee50604fe8e6b3 Mon Sep 17 00:00:00 2001
From: TheArcaneBrony <myrainbowdash949@gmail.com>
Date: Wed, 24 Aug 2022 19:02:51 +0200
Subject: Configurable backup code length

---
 src/util/config/types/SecurityConfiguration.ts | 1 +
 src/util/util/MFA.ts                           | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/util/config/types/SecurityConfiguration.ts b/src/util/config/types/SecurityConfiguration.ts
index 868f5f0a..a2cebbd3 100644
--- a/src/util/config/types/SecurityConfiguration.ts
+++ b/src/util/config/types/SecurityConfiguration.ts
@@ -15,4 +15,5 @@ export class SecurityConfiguration {
 	forwadedFor: string | null = null;
 	ipdataApiKey: string | null = "eca677b284b3bac29eb72f5e496aa9047f26543605efe99ff2ce35c9";
 	mfaBackupCodeCount: number = 10;
+	mfaBackupCodeBytes: number = 4;
 }
diff --git a/src/util/util/MFA.ts b/src/util/util/MFA.ts
index d0a5722a..b9af6d23 100644
--- a/src/util/util/MFA.ts
+++ b/src/util/util/MFA.ts
@@ -7,7 +7,7 @@ export function generateMfaBackupCodes(user_id: string) {
 	for (let i = 0; i < Config.get().security.mfaBackupCodeCount; i++) {
 		const code = BackupCode.create({
 			user: { id: user_id },
-			code: crypto.randomBytes(4).toString("hex"), // 8 characters
+			code: crypto.randomBytes(Config.get().security.mfaBackupCodeBytes).toString("hex"), // 8 characters
 			consumed: false,
 			expired: false
 		});
-- 
cgit 1.5.1