feat(auth): add one-time QR code

Author: ngyngcphu

.gitignore

@@ -6,3 +6,4 @@ build/
 .cache/
 .env
 zapatos/
+.DS_Store

bun.lockb

@@ -1,5 +1,5 @@
 <script setup lang="ts">
-const { hasPermission } = usePermission();
+const { hasPermission, hasRole } = usePermission();
 </script>
 
 <template>
@@ -13,6 +13,7 @@ const { hasPermission } = usePermission();
     <NuxtLink v-if="hasPermission('/borrow-return:edit')" class="flex items-center cursor-pointer h-16 px-2 sm:px-5 hover:bg-primary-darker" href="/borrow-return">
       Mượn / Trả thiết bị
     </NuxtLink>
+    <UserQrButton v-if="hasRole(['student', 'teacher'])" />
     <button class="cursor-pointer h-16 px-2.5 sm:px-5 hover:bg-primary-darker"> Bài viết </button>
     <button class="cursor-pointer h-16 px-2.5 sm:px-5 hover:bg-primary-darker"> Quy định </button>
     <button class="cursor-pointer h-16 px-2.5 sm:px-5 hover:bg-primary-darker"> Liên hệ </button>

components/app/NavBar.vue

@@ -0,0 +1,109 @@
+<script setup lang="ts">
+import { onMounted, watch } from 'vue';
+import { useToast } from 'vue-toastification';
+
+const props = defineProps<{
+  userId: string;
+  isOpen: boolean;
+}>();
+
+const emit = defineEmits<{
+  (e: 'close'): void;
+}>();
+
+const { qrDataUrl, timeLeft, isLoading, generateQrCode, cleanUp } = useOneTimeQrCode();
+
+watch(() => props.isOpen, (isOpen) => {
+  if (isOpen) {
+    if (props.userId) {
+      generateQrCode(props.userId);
+    } else {
+      emit('close');
+      const toast = useToast();
+      toast.error('Không có ID người dùng. Vui lòng đăng nhập và thử lại.');
+    }
+  } else {
+    cleanUp();
+  }
+});
+
+watch(() => props.userId, (userId) => {
+  if (props.isOpen && userId) {
+    generateQrCode(userId);
+  }
+});
+
+watch(() => timeLeft.value, (newTime) => {
+  if (newTime === 0 && props.isOpen) {
+    // Automatically regenerate when timer reaches 0
+    regenerateQrCode();
+  }
+});
+
+function regenerateQrCode() {
+  if (props.userId) {
+    generateQrCode(props.userId);
+  }
+}
+
+onMounted(() => {
+  if (props.isOpen) {
+    if (props.userId) {
+      generateQrCode(props.userId);
+    } else {
+      emit('close');
+      const toast = useToast();
+      toast.error('Không có ID người dùng. Vui lòng đăng nhập và thử lại.');
+    }
+  }
+});
+</script>
+
+<template>
+  <Dialog :open="isOpen" @close="$emit('close')">
+    <DialogContent class="sm:max-w-md">
+      <DialogHeader>
+        <DialogTitle>Mã QR dùng một lần</DialogTitle>
+        <DialogDescription>
+          Quét mã QR này để xác thực danh tính của bạn. Mã QR này chỉ có hiệu lực trong {{ timeLeft }} giây.
+        </DialogDescription>
+      </DialogHeader>
+      <div class="flex flex-col items-center justify-center gap-4 p-4">
+        <div v-if="isLoading" class="flex items-center justify-center w-64 h-64">
+          <div class="animate-spin rounded-full h-12 w-12 border-t-2 border-b-2 border-primary"></div>
+        </div>
+        <div v-else-if="qrDataUrl" class="border-2 border-gray-200 p-2">
+          <img :src="qrDataUrl" alt="QR Code" class="w-64 h-64" />
+        </div>
+        <div v-else class="text-center text-red-500">
+          Không thể tạo mã QR. Vui lòng thử lại.
+        </div>
+        
+        <div class="flex items-center gap-2">
+          <div class="w-full bg-gray-200 rounded-full h-2.5">
+            <div
+              class="bg-primary h-2.5 rounded-full"
+              :style="{ width: `${(timeLeft / 30) * 100}%` }"
+            ></div>
+          </div>
+          <span class="text-sm text-gray-500">{{ timeLeft }}s</span>
+        </div>
+        
+        <Button
+          @click="regenerateQrCode"
+          class="w-full"
+          :disabled="isLoading"
+        >
+          <Icon v-if="isLoading" name="i-heroicons-arrow-path" class="w-4 h-4 mr-2 animate-spin" />
+          <Icon v-else name="i-heroicons-arrow-path" class="w-4 h-4 mr-2" />
+          Tạo lại mã QR
+        </Button>
+      </div>
+      <DialogFooter class="sm:justify-center">
+        <Button variant="outline" @click="$emit('close')">
+          Đóng
+        </Button>
+      </DialogFooter>
+    </DialogContent>
+  </Dialog>
+</template>

components/app/OneTimeQrModal.vue

@@ -0,0 +1,30 @@
+<script setup lang="ts">
+import { useToast } from 'vue-toastification';
+
+const { userId } = usePermission();
+const showQrModal = ref(false);
+
+function openQrModal() {
+  if (!userId.value) {
+    // User not logged in, handle this case
+    const toast = useToast();
+    toast.error('Vui lòng đăng nhập để sử dụng tính năng này');
+    return;
+  }
+  
+  showQrModal.value = true;
+}
+</script>
+
+<template>
+  <button @click="openQrModal" class="cursor-pointer h-16 px-2.5 sm:px-5 hover:bg-primary-darker flex items-center">
+    <Icon aria-hidden name="i-heroicons-qr-code" class="mr-1.5" />
+    QR của tôi
+  </button>
+  
+  <OneTimeQrModal
+    :is-open="showQrModal"
+    :user-id="userId || ''" 
+    @close="showQrModal = false" 
+  />
+</template>

components/app/UserQrButton.vue

@@ -0,0 +1,212 @@
+import QRCode from 'qrcode';
+import { ref, onUnmounted } from 'vue';
+
+// TOTP configuration
+const TOTP_CONFIG = {
+  digits: 6,
+  timeStep: 30, // seconds
+};
+
+export function useOneTimeQrCode() {
+  const qrDataUrl = ref<string>('');
+  const expiryTimestamp = ref<number>(0);
+  const timeLeft = ref<number>(0);
+  const isLoading = ref<boolean>(false);
+  let intervalId: NodeJS.Timeout | null = null;
+
+  /**
+   * Convert string to Uint8Array
+   */
+  const stringToBytes = (str: string): Uint8Array => {
+    return new TextEncoder().encode(str);
+  };
+
+  /**
+   * Generate HMAC using Web Crypto API
+   */
+  const generateHMAC = async (key: Uint8Array, message: Uint8Array): Promise<ArrayBuffer> => {
+    const cryptoKey = await crypto.subtle.importKey(
+      'raw',
+      key,
+      { name: 'HMAC', hash: 'SHA-256' },
+      false,
+      ['sign']
+    );
+    return crypto.subtle.sign('HMAC', cryptoKey, message);
+  };
+
+  /**
+   * Generates a time-based one-time password token for a user
+   * @param userId The ID of the user
+   * @param secret An optional secret. If not provided, one will be generated based on the userId
+   * @returns The generated token
+   */
+  const generateToken = async (userId: string, secret?: string): Promise<string> => {
+    try {
+      const userSecret = secret || `LabSyncro-${userId}-${new Date().toISOString().split('T')[0]}`;
+      const counter = Math.floor(Date.now() / 1000 / TOTP_CONFIG.timeStep);
+      
+      // Convert counter to 8-byte buffer
+      const counterBytes = new Uint8Array(8);
+      let tempCounter = counter;
+      for (let i = counterBytes.length - 1; i >= 0; i--) {
+        counterBytes[i] = tempCounter & 0xff;
+        tempCounter >>= 8;
+      }
+
+      const hmac = await generateHMAC(stringToBytes(userSecret), counterBytes);
+      const hmacArray = new Uint8Array(hmac);
+      
+      // Get offset from last nibble
+      const offset = hmacArray[hmacArray.length - 1] & 0xf;
+      
+      // Generate 4-byte code from HMAC
+      let code = 
+        ((hmacArray[offset] & 0x7f) << 24) |
+        (hmacArray[offset + 1] << 16) |
+        (hmacArray[offset + 2] << 8) |
+        hmacArray[offset + 3];
+
+      // Get last n digits
+      code = code % Math.pow(10, TOTP_CONFIG.digits);
+      
+      // Pad with leading zeros if needed
+      return code.toString().padStart(TOTP_CONFIG.digits, '0');
+    } catch (error) {
+      console.error('Error generating token:', error);
+      throw error;
+    }
+  };
+
+  /**
+   * Verify a token against expected values
+   * @param token The token to verify
+   * @param userId The userId that was used to generate the token
+   * @param secret Optional secret used when generating the token
+   * @returns True if the token is valid, false otherwise
+   */
+  const verifyToken = async (token: string, userId: string, secret?: string): Promise<boolean> => {
+    try {
+      const currentToken = await generateToken(userId, secret);
+      return token === currentToken;
+    } catch (error) {
+      console.error('Error verifying token:', error);
+      return false;
+    }
+  };
+
+  /**
+   * Generate a QR code containing a one-time token for a user
+   * @param userId The ID of the user  
+   * @param extraData Optional additional data to include in the QR code
+   */
+  const generateQrCode = async (userId: string, extraData?: Record<string, any>) => {
+    try {
+      isLoading.value = true;
+      
+      // Generate token
+      const token = await generateToken(userId);
+      
+      // Calculate token expiry time
+      const now = Math.floor(Date.now() / 1000);
+      const step = TOTP_CONFIG.timeStep;
+      expiryTimestamp.value = (Math.floor(now / step) + 1) * step * 1000;
+      
+      // Create data object to be encoded in QR code 
+      const qrData = JSON.stringify({
+        token,
+        userId,
+        timestamp: Date.now(),
+        expiry: expiryTimestamp.value,
+        ...extraData,
+      });
+      
+      // Generate QR code as data URL
+      qrDataUrl.value = await QRCode.toDataURL(qrData);
+      
+      // Start the countdown
+      startCountdown();
+    } catch (error) {
+      console.error('Error generating QR code:', error);
+    } finally {
+      isLoading.value = false;
+    }
+  };
+
+  /**
+   * Start countdown for token expiry 
+   */
+  const startCountdown = () => {
+    // Clear any existing interval
+    if (intervalId) clearInterval(intervalId);
+    
+    // Update time left on interval
+    intervalId = setInterval(() => {
+      const now = Date.now();
+      if (now >= expiryTimestamp.value) {
+        // Token expired, regenerate
+        timeLeft.value = 0;
+        if (intervalId) clearInterval(intervalId);
+      } else {
+        timeLeft.value = Math.floor((expiryTimestamp.value - now) / 1000);
+      }
+    }, 1000);
+  };
+
+  /**
+   * Handle a scanned QR code to verify the token inside
+   * @param scannedQrData The data from the scanned QR code
+   * @returns The user ID and any extra data if verification succeeds, null otherwise
+   */
+  const verifyScannedQrCode = async (scannedQrData: string): Promise<{ userId: string; extraData?: any } | null> => {
+    try {
+      // Parse the QR data
+      const qrData = JSON.parse(scannedQrData);
+      const { token, userId, timestamp, expiry, ...extraData } = qrData;
+      
+      // Check if token has expired
+      if (Date.now() > expiry) {
+        console.error('Token has expired');
+        return null;
+      }
+      
+      // Verify the token
+      const isValid = await verifyToken(token, userId);
+      if (!isValid) {
+        console.error('Invalid token');
+        return null;
+      }
+      
+      // Token is valid, return user ID and any extra data
+      return { userId, extraData };
+    } catch (error) {
+      console.error('Error verifying QR code:', error);
+      return null;
+    }
+  };
+
+  /**
+   * Clean up resources when component unmounts
+   */
+  const cleanUp = () => {
+    if (intervalId) clearInterval(intervalId);
+    qrDataUrl.value = '';
+    expiryTimestamp.value = 0;
+    timeLeft.value = 0;
+  };
+
+  onUnmounted(() => {
+    cleanUp();
+  });
+
+  return {
+    qrDataUrl,
+    timeLeft,
+    isLoading,
+    generateToken,
+    verifyToken,
+    generateQrCode,
+    verifyScannedQrCode,
+    cleanUp,
+  };
+}