"use client"; import { useState, useEffect } from "react"; import { Shield, QrCode, Check, AlertCircle, Loader2, Eye, EyeOff, Trash2 } from "lucide-react"; import { useUI } from "@/context/UIContext"; const API = process.env.NEXT_PUBLIC_API_URL || "http://localhost:3001"; export default function TwoFASettingsPage() { const { toast, alert } = useUI(); const [status, setStatus] = useState<{ enabled: boolean; hasSecret: boolean } | null>(null); const [setupData, setSetupData] = useState<{ secret: string; otpUri: string } | null>(null); const [token, setToken] = useState(""); const [password, setPassword] = useState(""); const [showPass, setShowPass] = useState(false); const [loading, setLoading] = useState(false); const [qrUrl, setQrUrl] = useState(""); const authHeaders = () => ({ "Content-Type": "application/json", Authorization: `Bearer ${localStorage.getItem("mhb_token") || ""}` }); async function load2FAStatus() { const res = await fetch(`${API}/api/auth/2fa/status`, { headers: authHeaders() }); const data = await res.json(); setStatus(data); } useEffect(() => { load2FAStatus(); }, []); async function handleSetup() { setLoading(true); try { const res = await fetch(`${API}/api/auth/2fa/setup`, { method: "POST", headers: authHeaders() }); const data = await res.json(); if (!data.success) throw new Error(data.error); setSetupData({ secret: data.secret, otpUri: data.otpUri }); // QR code via Google Charts API (no server-side QR dependency) setQrUrl(`https://api.qrserver.com/v1/create-qr-code/?size=200x200&data=${encodeURIComponent(data.otpUri)}`); } catch (e: any) { alert({ title: "Setup Failed", message: e.message, type: "error" }); } setLoading(false); } async function handleVerify() { setLoading(true); try { const res = await fetch(`${API}/api/auth/2fa/verify`, { method: "POST", headers: authHeaders(), body: JSON.stringify({ token }), }); const data = await res.json(); if (!data.success) throw new Error(data.error); toast("2FA enabled! You will be prompted on next login.", "success"); setSetupData(null); setToken(""); load2FAStatus(); } catch (e: any) { alert({ title: "Verification Failed", message: e.message, type: "error" }); } setLoading(false); } async function handleDisable() { if (!confirm("Disable 2FA? This reduces security.")) return; setLoading(true); try { const res = await fetch(`${API}/api/auth/2fa/disable`, { method: "POST", headers: authHeaders(), body: JSON.stringify({ token, password }), }); const data = await res.json(); if (!data.success) throw new Error(data.error); toast("2FA disabled.", "info"); setToken(""); setPassword(""); load2FAStatus(); } catch (e: any) { alert({ title: "Disable Failed", message: e.message, type: "error" }); } setLoading(false); } return (

Two-Factor Authentication

Protect your dashboard with TOTP (Google Authenticator, Authy).

{/* Status */} {status && (
{status.enabled ? : }

{status.enabled ? "2FA is Active" : "2FA is Disabled"}

{status.enabled ? "Your account requires a TOTP code on login." : "Your account is protected by password only."}

)} {/* Setup flow */} {!status?.enabled && !setupData && ( )} {setupData && (

Step 1: Scan QR Code

{qrUrl && QR Code}

Or enter manually:

{setupData.secret}

Step 2: Enter Code to Verify

setToken(e.target.value.replace(/\D/g, ''))} placeholder="000000" className="input w-full text-center text-2xl font-mono tracking-widest" />
)} {/* Disable flow */} {status?.enabled && (

Disable 2FA

setToken(e.target.value.replace(/\D/g, ''))} placeholder="Current TOTP code" className="input w-full text-center font-mono tracking-widest" />
setPassword(e.target.value)} placeholder="Admin password" className="input w-full pr-10" />
)}
); }