luci-app-2fa: Add priority option and QR code display

Signed-off-by: tokisaki galaxy <moebest@outlook.jp>

Author: Tokisaki-Galaxy

applications/luci-app-2fa/Makefile

@@ -14,7 +14,7 @@ PKG_MAINTAINER:=tokisaki galaxy <moebest@outlook.jp>
 PKG_DESCRIPTION:=LuCI 2-Factor Authentication Plugin
 
 LUCI_TITLE:=LuCI 2-Factor Authentication
-LUCI_DEPENDS:=+luci-base +ucode-mod-struct +ucode-mod-digest
+LUCI_DEPENDS:=+luci-base +luci-lib-uqr +ucode-mod-struct +ucode-mod-digest
 LUCI_PKGARCH:=all
 LUCI_URL:=https://github.com/tokisaki-galaxy/luci-app-2fa
 

applications/luci-app-2fa/htdocs/luci-static/resources/uqr.js

@@ -25,6 +25,17 @@ const DEFAULT_MIN_VALID_TIME = 1767225600;
 // Rate limit state file
 const RATE_LIMIT_FILE = '/tmp/2fa_rate_limit.json';
 const RATE_LIMIT_LOCK_FILE = '/tmp/2fa_rate_limit.lock';
+const DEFAULT_PRIORITY = 15;
+
+function get_priority() {
+	let ctx = cursor();
+	let value = ctx.get('luci_plugins', PLUGIN_UUID, 'priority');
+
+	if (!value || !match(value, /^-?[0-9]+$/))
+		return DEFAULT_PRIORITY;
+
+	return int(value);
+}
 
 // Check if system time is calibrated (not earlier than minimum valid time)
 function check_time_calibration() {
@@ -509,7 +520,7 @@ function get_client_ip(http) {
 }
 
 return {
-	priority: 10,
+	priority: get_priority(),
 
 		check: function(http, user) {
 			let client_ip = get_client_ip(http);

applications/luci-app-2fa/root/usr/share/ucode/luci/plugins/auth/login/bb4ea47fcffb44ec9bb3d3673c9b4ed2.uc

@@ -3,6 +3,42 @@
 'require form';
 'require uci';
 'require rpc';
+'require uqr';
+
+var CBIQRCode = form.DummyValue.extend({
+	renderWidget(section_id) {
+		var key = uci.get('luci_plugins', section_id, 'key_root') || '';
+		var type = uci.get('luci_plugins', section_id, 'type_root') || 'totp';
+
+		if (!key)
+			return E('em', {}, _('Set and save the secret key first to display a QR code.'));
+
+		var issuer = 'OpenWrt';
+		var label = 'root';
+		var option;
+
+		if (type == 'hotp') {
+			var counter = uci.get('luci_plugins', section_id, 'counter_root') || '0';
+			option = 'counter=' + counter;
+		}
+		else {
+			var step = uci.get('luci_plugins', section_id, 'step_root') || '30';
+			option = 'period=' + step;
+		}
+
+		var otpAuth = 'otpauth://' + type + '/' + encodeURIComponent(issuer) + ':' + encodeURIComponent(label) +
+			'?secret=' + key + '&issuer=' + encodeURIComponent(issuer) + '&' + option;
+		var svg = uqr.renderSVG(otpAuth, { pixelSize: 4 });
+
+		return E('div', {}, [
+			E('div', { 'style': 'max-width:260px' }, [ E(svg) ]),
+			E('br'),
+			E('em', {}, _('Scan this QR code with your authenticator app.')),
+			E('br'),
+			E('code', { 'style': 'word-break:break-all;font-size:10px;' }, otpAuth)
+		]);
+	}
+});
 
 return baseclass.extend({
 	class: 'auth',
@@ -27,6 +63,13 @@ return baseclass.extend({
 		o.default = o.disabled;
 		o.rmempty = false;
 
+		o = s.taboption('basic', form.Value, 'priority', _('Priority'),
+			_('Execution order for this plugin. Lower values run earlier.'));
+		o.depends('enabled', '1');
+		o.datatype = 'integer';
+		o.placeholder = '15';
+		o.rmempty = true;
+
 		// User configuration section
 		o = s.taboption('basic', form.SectionValue, '_users', form.TableSection, 'luci_plugins', _('User Configuration'),
 			_('Configure 2FA keys for individual users. The key must be a Base32-encoded secret.'));
@@ -66,6 +109,9 @@ return baseclass.extend({
 		o.datatype = 'uinteger';
 		o.rmempty = true;
 
+		o = s.taboption('basic', CBIQRCode, '_qrcode', _('Authenticator QR Code'));
+		o.depends('enabled', '1');
+
 		// Tab: Security
 		s.tab('security', _('Security'));