Updating a bunch of stuff.

This version has partially support for TwoFactorAuthentication.
2019-08-06 17:06:22 +02:00 · 2019-08-06 17:06:22 +02:00 · 11f460406b
commit 11f460406b
parent d98588d1c3
22 changed files with 2224 additions and 1812 deletions
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@ -0,0 +1,15 @@
 {
   // Use IntelliSense to learn about possible attributes.
   // Hover to view descriptions of existing attributes.
   // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
   "version": "0.2.0",
   "configurations": [{
      "type": "node",
      "request": "launch",
      "name": "Launch Program",
      "program": "${workspaceFolder}/lib/index.js",
      "outFiles": [
         "${workspaceFolder}/**/*.js"
      ]
   }]
 }
--- a/locales/de.json
+++ b/locales/de.json
@ -1,37 +1,39 @@
 {
-	"User not found": "Benutzer nicht gefunden",
+   "User not found": "Benutzer nicht gefunden",
-	"Password or username wrong": "Passwort oder Benutzername falsch",
+   "Password or username wrong": "Passwort oder Benutzername falsch",
-	"Authorize %s": "Authorize %s",
+   "Authorize %s": "Authorize %s",
-	"Login": "Einloggen",
+   "Login": "Einloggen",
-	"You are not logged in or your login is expired": "Du bist nicht länger angemeldet oder deine Anmeldung ist abgelaufen.",
+   "You are not logged in or your login is expired": "Du bist nicht länger angemeldet oder deine Anmeldung ist abgelaufen.",
-	"Username or Email": "Benutzername oder Email",
+   "Username or Email": "Benutzername oder Email",
-	"Password": "Passwort",
+   "Password": "Passwort",
-	"Next": "Weiter",
+   "Next": "Weiter",
-	"Register": "Registrieren",
+   "Register": "Registrieren",
-	"Mail": "Mail",
+   "Mail": "Mail",
-	"Repeat Password": "Passwort wiederholen",
+   "Repeat Password": "Passwort wiederholen",
-	"Username": "Benutzername",
+   "Username": "Benutzername",
-	"Name": "Name",
+   "Name": "Name",
-	"Registration code": "Registrierungs Schlüssel",
+   "Registration code": "Registrierungs Schlüssel",
-	"You need to select one of the options": "Du musst eine der Optionen auswälen",
+   "You need to select one of the options": "Du musst eine der Optionen auswälen",
-	"Male": "Mann",
+   "Male": "Mann",
-	"Female": "Frau",
+   "Female": "Frau",
-	"Other": "Anderes",
+   "Other": "Anderes",
-	"Registration code required": "Registrierungs Schlüssel benötigt",
+   "Registration code required": "Registrierungs Schlüssel benötigt",
-	"Username required": "Benutzername benötigt",
+   "Username required": "Benutzername benötigt",
-	"Name required": "Name benötigt",
+   "Name required": "Name benötigt",
-	"Mail required": "Mail benötigt",
+   "Mail required": "Mail benötigt",
-	"The passwords do not match": "Die Passwörter stimmen nicht überein",
+   "The passwords do not match": "Die Passwörter stimmen nicht überein",
-	"Password is required": "Password benötigt",
+   "Password is required": "Password benötigt",
-	"Invalid registration code": "Ungültiger Registrierungs Schlüssel",
+   "Invalid registration code": "Ungültiger Registrierungs Schlüssel",
-	"Username taken": "Benutzername nicht verfügbar",
+   "Username taken": "Benutzername nicht verfügbar",
-	"Mail linked with other account": "Mail ist bereits mit einem anderen Account verbunden",
+   "Mail linked with other account": "Mail ist bereits mit einem anderen Account verbunden",
-	"Registration code already used": "Registrierungs Schlüssel wurde bereits verwendet",
+   "Registration code already used": "Registrierungs Schlüssel wurde bereits verwendet",
-	"Administration": "Administration",
+   "Administration": "Administration",
-	"Field {{field}} is not defined": "Feld {{field}} fehlt",
+   "Field {{field}} is not defined": "Feld {{field}} fehlt",
-	"Field {{field}} has wrong type. It should be from type {{type}}": "Feld {{field}} hat den falschen Typ. Es sollte vom Typ {{type}} sein",
+   "Field {{field}} has wrong type. It should be from type {{type}}": "Feld {{field}} hat den falschen Typ. Es sollte vom Typ {{type}} sein",
-	"Client has no permission for acces password auth": "Dieser Client hat keine Berechtigung password auth zu benutzen",
+   "Client has no permission for acces password auth": "Dieser Client hat keine Berechtigung password auth zu benutzen",
-	"Invalid token": "Ungültiger Token",
+   "Invalid token": "Ungültiger Token",
-	"By clicking on ALLOW, you allow this app to access the requested recources.": "Wenn sie ALLOW drücken, berechtigen sie die Applikation die beantragten Resourcen zu benutzen.",
+   "By clicking on ALLOW, you allow this app to access the requested recources.": "Wenn sie ALLOW drücken, berechtigen sie die Applikation die beantragten Resourcen zu benutzen.",
-	"User": "User"
+   "User": "User",
   "No special token": "No special token",
   "Login token invalid": "Login token invalid"
 }
--- a/locales/en.json
+++ b/locales/en.json
@ -3,5 +3,11 @@
 	"Username or Email": "Username or Email",
 	"Password": "Password",
 	"Next": "Next",
-	"Invalid code": "Invalid code"
+	"Invalid code": "Invalid code",
 	"You are not logged in or your login is expired": "You are not logged in or your login is expired",
 	"User not found": "User not found",
 	"No special token": "No special token",
 	"You are not logged in or your login is expired(No special token)": "You are not logged in or your login is expired(No special token)",
 	"Special token invalid": "Special token invalid",
 	"You are not logged in or your login is expired(Special token invalid)": "You are not logged in or your login is expired(Special token invalid)"
 }
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -17,44 +17,44 @@
   },
   "devDependencies": {
      "@types/body-parser": "^1.17.0",
-      "@types/compression": "^0.0.36",
+      "@types/compression": "^1.0.0",
      "@types/cookie-parser": "^1.4.1",
-      "@types/dotenv": "^6.1.0",
+      "@types/dotenv": "^6.1.1",
-      "@types/express": "^4.16.1",
+      "@types/express": "^4.17.0",
      "@types/i18n": "^0.8.5",
      "@types/ini": "^1.3.30",
      "@types/jsonwebtoken": "^8.3.2",
-      "@types/mongodb": "^3.1.22",
+      "@types/mongodb": "^3.1.31",
-      "@types/node": "^11.11.3",
+      "@types/node": "^12.6.9",
      "@types/node-rsa": "^1.0.0",
-      "@types/qrcode": "^1.3.1",
+      "@types/qrcode": "^1.3.3",
-      "@types/speakeasy": "^2.0.4",
+      "@types/speakeasy": "^2.0.5",
-      "@types/uuid": "^3.4.4",
+      "@types/uuid": "^3.4.5",
      "apidoc": "^0.17.7",
-      "concurrently": "^4.1.0",
+      "concurrently": "^4.1.1",
-      "nodemon": "^1.18.10",
+      "nodemon": "^1.19.1",
-      "typescript": "^3.3.3333"
+      "speakeasy": "^2.0.0",
      "typescript": "^3.5.3"
   },
   "dependencies": {
-      "@hibas123/nodelogging": "^1.3.21",
+      "@hibas123/nodelogging": "^2.1.0",
      "@hibas123/nodeloggingserver_client": "^1.1.2",
-      "@hibas123/safe_mongo": "^1.5.3",
+      "@hibas123/safe_mongo": "^1.6.1",
-      "body-parser": "^1.18.3",
+      "body-parser": "^1.19.0",
-      "compression": "^1.7.3",
+      "compression": "^1.7.4",
      "cookie-parser": "^1.4.4",
      "cors": "^2.8.5",
-      "dotenv": "^7.0.0",
+      "dotenv": "^8.0.0",
-      "express": "^4.16.4",
+      "express": "^4.17.1",
-      "handlebars": "^4.1.0",
+      "handlebars": "^4.1.2",
      "i18n": "^0.8.3",
      "ini": "^1.3.5",
-      "jsonwebtoken": "^8.5.0",
+      "jsonwebtoken": "^8.5.1",
      "moment": "^2.24.0",
-      "mongodb": "^3.1.13",
+      "mongodb": "^3.2.7",
      "node-rsa": "^1.0.5",
-      "qrcode": "^1.3.3",
+      "qrcode": "^1.4.1",
      "reflect-metadata": "^0.1.13",
      "speakeasy": "^2.0.0",
      "u2f": "^0.1.3",
      "uuid": "^3.3.2"
   }
--- a/src/api/client/index.ts
+++ b/src/api/client/index.ts
@ -3,11 +3,17 @@ import Stacker from "../middlewares/stacker";
 import { GetClientAuthMiddleware } from "../middlewares/client";
 import { GetUserMiddleware } from "../middlewares/user";
 import { createJWT } from "../../keys";
 import Client from "../../models/client";
 import RequestError, { HttpStatusCode } from "../../helper/request_error";
 const ClientRouter = Router();
 /**
 * @api {get} /client/user
 * 
 * @apiDescription Can be used for simple authentication of user. It will redirect the user to the redirect URI with a very short lived jwt.
 * 
 * @apiParam {String} redirect_uri URL to redirect to on success
 * @apiParam {String} state A optional state, that will be included in the JWT and redirect_uri as parameter
 *
@ -18,6 +24,10 @@ const ClientRouter = Router();
 */
 ClientRouter.get("/user", Stacker(GetClientAuthMiddleware(false), GetUserMiddleware(false, false), async (req: Request, res: Response) => {
   let { redirect_uri, state } = req.query;
   if (redirect_uri !== req.client.redirect_url)
      throw new RequestError("Invalid redirect URI", HttpStatusCode.BAD_REQUEST);
   let jwt = await createJWT({
      client: req.client.client_id,
      uid: req.user.uid,
--- a/src/api/middlewares/user.ts
+++ b/src/api/middlewares/user.ts
@ -11,26 +11,33 @@ class Invalid extends Error { }
 * Returns customized Middleware function, that could also be called directly
 * by code and will return true or false depending on the token. In the false
 * case it will also send error and redirect if json is not set
- * @param json Checks if requests wants an json or html for returning errors
+ * @param json Default false. Checks if requests wants an json or html for returning errors
- * @param redirect_uri Sets the uri to redirect, if json is not set and user not logged in
+ * @param special_required Default false. If true, a special token is required
 * @param redirect_uri Default current uri. Sets the uri to redirect, if json is not set and user not logged in
 * @param validated Default true. If false, the token must not be validated
 */
 export function GetUserMiddleware(json = false, special_required: boolean = false, redirect_uri?: string, validated = true) {
   return promiseMiddleware(async function (req: Request, res: Response, next?: NextFunction) {
-      const invalid = () => {
+      const invalid = (message: string) => {
-         throw new Invalid();
+         throw new Invalid(req.__(message));
      }
      try {
         let { login, special } = req.cookies
-         if (!login) invalid()
+         if (!login) {
            login = req.query.login;
            special = req.query.special;
         }
         if (!login) invalid("No login token")
         if (!special && special_required) invalid("No special token")
         let token = await LoginToken.findOne({ token: login, valid: true })
-         if (!await CheckToken(token, validated)) invalid();
+         if (!await CheckToken(token, validated)) invalid("Login token invalid");
         let user = await User.findById(token.user);
         if (!user) {
            token.valid = false;
            await LoginToken.save(token);
-            invalid();
+            invalid("Login token invalid");
         }
         let special_token;
@ -38,12 +45,10 @@ export function GetUserMiddleware(json = false, special_required: boolean = fals
            Logging.debug("Special found")
            special_token = await LoginToken.findOne({ token: special, special: true, valid: true, user: token.user })
            if (!await CheckToken(special_token, validated))
-               invalid();
+               invalid("Special token invalid");
            req.special = true;
         }
         if (special_required && !req.special) invalid();
         req.user = user
         req.isAdmin = user.admin;
         req.token = {
@ -60,7 +65,7 @@ export function GetUserMiddleware(json = false, special_required: boolean = fals
               res.status(HttpStatusCode.UNAUTHORIZED)
               res.redirect("/login?base64=true&state=" + Buffer.from(redirect_uri ? redirect_uri : req.originalUrl).toString("base64"))
            } else {
-               throw new RequestError(req.__("You are not logged in or your login is expired"), HttpStatusCode.UNAUTHORIZED)
+               throw new RequestError(req.__("You are not logged in or your login is expired" + ` (${e.message})`), HttpStatusCode.UNAUTHORIZED, undefined, { auth: true })
            }
         } else {
            if (next) next(e);
--- a/src/api/user/account.ts
+++ b/src/api/user/account.ts
@ -0,0 +1,16 @@
 import { Request, Response } from "express";
 import Stacker from "../middlewares/stacker";
 import { GetUserMiddleware } from "../middlewares/user";
 import LoginToken, { CheckToken } from "../../models/login_token";
 import RequestError, { HttpStatusCode } from "../../helper/request_error";
 export const GetAccount = Stacker(GetUserMiddleware(true, true), async (req: Request, res: Response) => {
   let user = {
      id: req.user.uid,
      name: req.user.name,
      username: req.user.username,
      birthday: req.user.birthday,
      gender: req.user.gender,
   };
   res.json({ user });
 });
--- a/src/api/user/index.ts
+++ b/src/api/user/index.ts
@ -3,6 +3,7 @@ import Register from "./register";
 import Login from "./login";
 import TwoFactorRoute from "./twofactor";
 import { GetToken, DeleteToken } from "./token";
 import { GetAccount } from "./account";
 const UserRoute: Router = Router();
@ -84,7 +85,6 @@ UserRoute.get("/token", GetToken);
 * 
 * @apiName UserDeleteToken
 * 
 * @apiParam {String} type Type could be either "username" or "password"
 * 
 * @apiGroup user
 * @apiPermission user
@ -92,4 +92,22 @@ UserRoute.get("/token", GetToken);
 * @apiSuccess {Boolean} success
 */
 UserRoute.delete("/token/:id", DeleteToken);
 /**
 * @api {delete} /user/account
 * @apiName UserGetAccount
 * 
 * @apiGroup user
 * @apiPermission user
 * 
 * @apiSuccess {Boolean} success
 * @apiSuccess {Object[]} user
 * @apiSuccess {String} user.id User ID
 * @apiSuccess {String} token.name Full name of the user
 * @apiSuccess {String} token.username Username of user
 * @apiSuccess {Date} token.birthday Birthday
 * @apiSuccess {Number} token.gender Gender of user (none = 0, male = 1, female = 2, other = 3)
 */
 UserRoute.get("/account", GetAccount);
 export default UserRoute;
--- a/src/api/user/login.ts
+++ b/src/api/user/login.ts
@ -4,7 +4,7 @@ import { randomBytes } from "crypto";
 import moment = require("moment");
 import LoginToken from "../../models/login_token";
 import promiseMiddleware from "../../helper/promiseMiddleware";
-import TwoFactor from "../../models/twofactor";
+import TwoFactor, { TFATypes, TFANames } from "../../models/twofactor";
 const Login = promiseMiddleware(async (req: Request, res: Response) => {
   let type = req.query.type;
@ -58,8 +58,6 @@ const Login = promiseMiddleware(async (req: Request, res: Response) => {
         });
      }
      let { username, password, uid } = req.body;
      let user = await User.findOne(username ? { username: username.toLowerCase() } : { uid: uid })
@ -80,7 +78,7 @@ const Login = promiseMiddleware(async (req: Request, res: Response) => {
               let tfa = twofactor.map(e => {
                  return {
                     id: e._id,
-                     name: e.name,
+                     name: e.name || TFANames.get(e.type),
                     type: e.type
                  }
               })
--- a/src/api/user/token.ts
+++ b/src/api/user/token.ts
@ -5,25 +5,25 @@ import LoginToken, { CheckToken } from "../../models/login_token";
 import RequestError, { HttpStatusCode } from "../../helper/request_error";
 export const GetToken = Stacker(GetUserMiddleware(true, true), async (req: Request, res: Response) => {
-    let raw_token = await LoginToken.find({ user: req.user._id, valid: true });
+   let raw_token = await LoginToken.find({ user: req.user._id, valid: true });
-    let token = await Promise.all(raw_token.map(async token => {
+   let token = await Promise.all(raw_token.map(async token => {
-        await CheckToken(token);
+      await CheckToken(token);
-        return {
+      return {
-            id: token._id,
+         id: token._id,
-            special: token.special,
+         special: token.special,
-            ip: token.ip,
+         ip: token.ip,
-            browser: token.browser,
+         browser: token.browser,
-            isthis: token._id.equals(token.special ? req.token.special._id : req.token.login._id)
+         isthis: token._id.equals(token.special ? req.token.special._id : req.token.login._id)
-        }
+      }
-    }).filter(t => t !== undefined));
+   }).filter(t => t !== undefined));
-    res.json({ token });
+   res.json({ token });
 });
 export const DeleteToken = Stacker(GetUserMiddleware(true, true), async (req: Request, res: Response) => {
-    let { id } = req.query;
+   let { id } = req.params;
-    let token = await LoginToken.findById(id);
+   let token = await LoginToken.findById(id);
-    if (!token || !token.user.equals(req.user._id)) throw new RequestError("Invalid ID", HttpStatusCode.BAD_REQUEST);
+   if (!token || !token.user.equals(req.user._id)) throw new RequestError("Invalid ID", HttpStatusCode.BAD_REQUEST);
-    token.valid = false;
+   token.valid = false;
-    await LoginToken.save(token);
+   await LoginToken.save(token);
-    res.json({ success: true });
+   res.json({ success: true });
 });
--- a/src/api/user/twofactor/backup/index.ts
+++ b/src/api/user/twofactor/backup/index.ts
@ -0,0 +1,74 @@
 import { Router } from "express"
 import Stacker from "../../../middlewares/stacker";
 import { GetUserMiddleware } from "../../../middlewares/user";
 import TwoFactor, { TFATypes as TwoFATypes, IBackupCode } from "../../../../models/twofactor";
 import RequestError, { HttpStatusCode } from "../../../../helper/request_error";
 import moment = require("moment");
 import { upgradeToken } from "../helper";
 import * as crypto from "crypto";
 import Logging from "@hibas123/nodelogging";
 const BackupCodeRoute = Router();
 // TODO: Further checks if this is good enough randomness
 function generateCode(length: number) {
   let bytes = crypto.randomBytes(length);
   let nrs = "";
   bytes.forEach((b, idx) => {
      let nr = Math.floor((b / 255) * 9.9999)
      if (nr > 9) nr = 9;
      nrs += String(nr);
   })
   return nrs;
 }
 BackupCodeRoute.post("/", Stacker(GetUserMiddleware(true, true), async (req, res) => {
   //Generating new 
   let codes = Array(10).map(() => generateCode(8));
   console.log(codes);
   let twofactor = TwoFactor.new(<IBackupCode>{
      user: req.user._id,
      type: TwoFATypes.OTC,
      valid: true,
      data: codes,
      name: ""
   })
   await TwoFactor.save(twofactor);
   res.json({
      codes,
      id: twofactor._id
   })
 }));
 BackupCodeRoute.put("/", Stacker(GetUserMiddleware(true, false, undefined, false), async (req, res) => {
   let { login, special } = req.token;
   let { id, code }: { id: string, code: string } = req.body;
   let twofactor: IBackupCode = await TwoFactor.findById(id);
   if (!twofactor || !twofactor.valid || !twofactor.user.equals(req.user._id) || twofactor.type !== TwoFATypes.OTC) {
      throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
   }
   if (twofactor.expires && moment().isAfter(twofactor.expires)) {
      twofactor.valid = false;
      await TwoFactor.save(twofactor);
      throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
   }
   code = code.replace(/\s/g, "");
   let valid = twofactor.data.find(c => c === code);
   if (valid) {
      twofactor.data = twofactor.data.filter(c => c !== code);
      await TwoFactor.save(twofactor);
      let [login_exp, special_exp] = await Promise.all([
         upgradeToken(login),
         upgradeToken(special)
      ]);
      res.json({ success: true, login_exp, special_exp })
   } else {
      throw new RequestError("Invalid or already used code!", HttpStatusCode.BAD_REQUEST);
   }
 }))
 export default BackupCodeRoute;
--- a/src/api/user/twofactor/helper.ts
+++ b/src/api/user/twofactor/helper.ts
@ -1,79 +1,13 @@
 import LoginToken, { ILoginToken } from "../../../models/login_token";
 import moment = require("moment");
 // export async function unlockToken() {
 //     let { type, code, login, special } = req.body;
 //       let [login_t, special_t] = await Promise.all([LoginToken.findOne({ token: login }), LoginToken.findOne({ token: special })]);
 //       if ((login && !login_t) || (special && !special_t)) {
 //          res.json({ error: req.__("Token not found!") });
 //       } else {
 //          let atoken = special_t || login_t;
 //          let user = await User.findById(atoken.user);
 //          let tf = await TwoFactor.find({ user: user._id, valid: true })
 //          let valid = false;
 //          switch (type) {
 //             case TokenTypes.OTC: {
 //                let twofactor = await TwoFactor.findOne({ type, valid: true })
 //                if (twofactor) {
 //                   valid = speakeasy.totp.verify({
 //                      secret: twofactor.token,
 //                      encoding: "base64",
 //                      token: code
 //                   })
 //                }
 //                break;
 //             }
 //             case TokenTypes.BACKUP_CODE: {
 //                let twofactor = await TwoFactor.findOne({ type, valid: true, token: code })
 //                if (twofactor) {
 //                   twofactor.valid = false;
 //                   await TwoFactor.save(twofactor);
 //                   valid = true;
 //                }
 //                break;
 //             }
 //             case TokenTypes.APP_ALLOW:
 //             case TokenTypes.YUBI_KEY:
 //             default:
 //                res.json({ error: req.__("Invalid twofactor!") });
 //                return;
 //          }
 //          if (!valid) {
 //             res.json({ error: req.__("Invalid code!") });
 //             return;
 //          }
 //          let result: any = {};
 //          if (login_t) {
 //             login_t.validated = true
 //             await LoginToken.save(login_t)
 //             result.login = { token: login_t.token, expires: login_t.validTill.toUTCString() }
 //          }
 //          if (special_t) {
 //             special_t.validated = true;
 //             await LoginToken.save(special_t);
 //             result.special = { token: special_t.token, expires: special_t.validTill.toUTCString() }
 //          }
 //          res.json(result);
 //       }
 // }
 export async function upgradeToken(token: ILoginToken) {
-    token.data = undefined;
+   token.data = undefined;
-    token.valid = true;
+   token.valid = true;
-    token.validated = true;
+   token.validated = true;
-    //TODO durations from config
+   //TODO durations from config
-    let expires = (token.special ? moment().add(30, "minute") : moment().add(6, "months")).toDate();
+   let expires = (token.special ? moment().add(30, "minute") : moment().add(6, "months")).toDate();
-    token.validTill = expires;
+   token.validTill = expires;
-    await LoginToken.save(token);
+   await LoginToken.save(token);
-    return expires;
+   return expires;
 }
--- a/src/api/user/twofactor/index.ts
+++ b/src/api/user/twofactor/index.ts
@ -5,38 +5,42 @@ import Stacker from "../../middlewares/stacker";
 import TwoFactor from "../../../models/twofactor";
 import * as moment from "moment"
 import RequestError, { HttpStatusCode } from "../../../helper/request_error";
 import OTCRoute from "./otc";
 import BackupCodeRoute from "./backup";
 const TwoFactorRouter = Router();
 TwoFactorRouter.get("/", Stacker(GetUserMiddleware(true, true), async (req, res) => {
-    let twofactor = await TwoFactor.find({ user: req.user._id, valid: true })
+   let twofactor = await TwoFactor.find({ user: req.user._id, valid: true })
-    let expired = twofactor.filter(e => e.expires ? moment().isAfter(moment(e.expires)) : false)
+   let expired = twofactor.filter(e => e.expires ? moment().isAfter(moment(e.expires)) : false)
-    await Promise.all(expired.map(e => {
+   await Promise.all(expired.map(e => {
-        e.valid = false;
+      e.valid = false;
-        return TwoFactor.save(e);
+      return TwoFactor.save(e);
-    }));
+   }));
-    twofactor = twofactor.filter(e => e.valid);
+   twofactor = twofactor.filter(e => e.valid);
-    let tfa = twofactor.map(e => {
+   let tfa = twofactor.map(e => {
-        return {
+      return {
-            id: e._id,
+         id: e._id,
-            name: e.name,
+         name: e.name,
-            type: e.type
+         type: e.type
-        }
+      }
-    })
+   })
-    res.json({ methods: tfa });
+   res.json({ methods: tfa });
 }));
-TwoFactorRouter.delete("/", Stacker(GetUserMiddleware(true, true), async (req, res) => {
+TwoFactorRouter.delete("/:id", Stacker(GetUserMiddleware(true, true), async (req, res) => {
-    let { id } = req.query;
+   let { id } = req.params;
-    let tfa = await TwoFactor.findById(id);
+   let tfa = await TwoFactor.findById(id);
-    if (!tfa || !tfa.user.equals(req.user._id)) {
+   if (!tfa || !tfa.user.equals(req.user._id)) {
-        throw new RequestError("Invalid id", HttpStatusCode.BAD_REQUEST);
+      throw new RequestError("Invalid id", HttpStatusCode.BAD_REQUEST);
-    }
+   }
-    tfa.valid = false;
+   tfa.valid = false;
-    await TwoFactor.save(tfa);
+   await TwoFactor.save(tfa);
-    res.json({ success: true });
+   res.json({ success: true });
 }));
 TwoFactorRouter.use("/yubikey", YubiKeyRoute);
 TwoFactorRouter.use("/otc", OTCRoute);
 TwoFactorRouter.use("/backup", BackupCodeRoute);
 export default TwoFactorRouter;
--- a/src/api/user/twofactor/otc/index.ts
+++ b/src/api/user/twofactor/otc/index.ts
@ -0,0 +1,105 @@
 import { Router } from "express"
 import Stacker from "../../../middlewares/stacker";
 import { GetUserMiddleware } from "../../../middlewares/user";
 import TwoFactor, { TFATypes as TwoFATypes, IOTC } from "../../../../models/twofactor";
 import RequestError, { HttpStatusCode } from "../../../../helper/request_error";
 import moment = require("moment");
 import { upgradeToken } from "../helper";
 import Logging from "@hibas123/nodelogging";
 import * as speakeasy from "speakeasy";
 import * as qrcode from "qrcode";
 import config from "../../../../config";
 const OTCRoute = Router();
 OTCRoute.post("/", Stacker(GetUserMiddleware(true, true), async (req, res) => {
   const { type } = req.query;
   if (type === "create") {
      //Generating new 
      let secret = speakeasy.generateSecret({
         name: config.core.name,
         issuer: config.core.name
      });
      let twofactor = TwoFactor.new(<IOTC>{
         user: req.user._id,
         type: TwoFATypes.OTC,
         valid: false,
         data: secret.base32
      })
      let dataurl = await qrcode.toDataURL(secret.otpauth_url);
      await TwoFactor.save(twofactor);
      res.json({
         image: dataurl,
         id: twofactor._id
      })
   } else if (type === "validate") {
      // Checking code and marking as valid
      const { code, id } = req.body;
      Logging.debug(req.body, id);
      let twofactor: IOTC = await TwoFactor.findById(id);
      const err = () => { throw new RequestError("Invalid ID!", HttpStatusCode.BAD_REQUEST) };
      if (!twofactor || !twofactor.user.equals(req.user._id) || twofactor.type !== TwoFATypes.OTC || !twofactor.data || twofactor.valid) {
         Logging.debug("Not found or wrong user", twofactor);
         err();
      }
      if (twofactor.expires && moment().isAfter(moment(twofactor.expires))) {
         await TwoFactor.delete(twofactor);
         Logging.debug("Expired!", twofactor);
         err();
      }
      let valid = speakeasy.totp.verify({
         secret: twofactor.data,
         encoding: "base32",
         token: code
      })
      if (valid) {
         twofactor.expires = undefined;
         twofactor.valid = true;
         await TwoFactor.save(twofactor);
         res.json({ success: true });
      } else {
         throw new RequestError("Invalid Code!", HttpStatusCode.BAD_REQUEST);
      }
   } else {
      throw new RequestError("Invalid type", HttpStatusCode.BAD_REQUEST);
   }
 }));
 OTCRoute.put("/", Stacker(GetUserMiddleware(true, false, undefined, false), async (req, res) => {
   let { login, special } = req.token;
   let { id, code } = req.body;
   let twofactor: IOTC = await TwoFactor.findById(id);
   if (!twofactor || !twofactor.valid || !twofactor.user.equals(req.user._id) || twofactor.type !== TwoFATypes.OTC) {
      throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
   }
   if (twofactor.expires && moment().isAfter(twofactor.expires)) {
      twofactor.valid = false;
      await TwoFactor.save(twofactor);
      throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
   }
   let valid = speakeasy.totp.verify({
      secret: twofactor.data,
      encoding: "base32",
      token: code
   })
   if (valid) {
      let [login_exp, special_exp] = await Promise.all([
         upgradeToken(login),
         upgradeToken(special)
      ]);
      res.json({ success: true, login_exp, special_exp })
   } else {
      throw new RequestError("Invalid Code", HttpStatusCode.BAD_REQUEST);
   }
 }))
 export default OTCRoute;
--- a/src/api/user/twofactor/yubikey/index.ts
+++ b/src/api/user/twofactor/yubikey/index.ts
@ -12,120 +12,123 @@ import Logging from "@hibas123/nodelogging";
 const U2FRoute = Router();
 /**
 * Registerinf a new YubiKey
 */
 U2FRoute.post("/", Stacker(GetUserMiddleware(true, true), async (req, res) => {
-    const { type } = req.query;
+   const { type } = req.query;
-    if (type === "challenge") {
+   if (type === "challenge") {
-        const registrationRequest = u2f.request(config.core.url);
+      const registrationRequest = u2f.request(config.core.url);
-        let twofactor = TwoFactor.new(<IYubiKey>{
+      let twofactor = TwoFactor.new(<IYubiKey>{
-            user: req.user._id,
+         user: req.user._id,
-            type: TwoFATypes.U2F,
+         type: TwoFATypes.U2F,
-            valid: false,
+         valid: false,
-            data: {
+         data: {
-                registration: registrationRequest
+            registration: registrationRequest
-            }
+         }
-        })
+      })
-        await TwoFactor.save(twofactor);
+      await TwoFactor.save(twofactor);
-        res.json({ request: registrationRequest, id: twofactor._id, appid: config.core.url });
+      res.json({ request: registrationRequest, id: twofactor._id, appid: config.core.url });
-    } else {
+   } else {
-        const { response, id } = req.body;
+      const { response, id } = req.body;
-        Logging.debug(req.body, id);
+      Logging.debug(req.body, id);
-        let twofactor: IYubiKey = await TwoFactor.findById(id);
+      let twofactor: IYubiKey = await TwoFactor.findById(id);
-        const err = () => { throw new RequestError("Invalid ID!", HttpStatusCode.BAD_REQUEST) };
+      const err = () => { throw new RequestError("Invalid ID!", HttpStatusCode.BAD_REQUEST) };
-        if (!twofactor || !twofactor.user.equals(req.user._id) || twofactor.type !== TwoFATypes.U2F || !twofactor.data.registration || twofactor.valid) {
+      if (!twofactor || !twofactor.user.equals(req.user._id) || twofactor.type !== TwoFATypes.U2F || !twofactor.data.registration || twofactor.valid) {
-            Logging.debug("Not found or wrong user", twofactor);
+         Logging.debug("Not found or wrong user", twofactor);
-            err();
+         err();
-        }
+      }
-        if (twofactor.expires && moment().isAfter(moment(twofactor.expires))) {
+      if (twofactor.expires && moment().isAfter(moment(twofactor.expires))) {
-            await TwoFactor.delete(twofactor);
+         await TwoFactor.delete(twofactor);
-            Logging.debug("Expired!", twofactor);
+         Logging.debug("Expired!", twofactor);
-            err();
+         err();
-        }
+      }
-        const result = u2f.checkRegistration(twofactor.data.registration, response);
+      const result = u2f.checkRegistration(twofactor.data.registration, response);
-        if (result.successful) {
+      if (result.successful) {
-            twofactor.data = {
+         twofactor.data = {
-                keyHandle: result.keyHandle,
+            keyHandle: result.keyHandle,
-                publicKey: result.publicKey
+            publicKey: result.publicKey
-            }
+         }
-            twofactor.expires = undefined;
+         twofactor.expires = undefined;
-            twofactor.valid = true;
+         twofactor.valid = true;
-            await TwoFactor.save(twofactor);
+         await TwoFactor.save(twofactor);
-            res.json({ success: true });
+         res.json({ success: true });
-        } else {
+      } else {
-            throw new RequestError(result.errorMessage, HttpStatusCode.BAD_REQUEST);
+         throw new RequestError(result.errorMessage, HttpStatusCode.BAD_REQUEST);
-        }
+      }
-    }
+   }
 }));
 U2FRoute.get("/", Stacker(GetUserMiddleware(true, false, undefined, false), async (req, res) => {
-    let { login, special } = req.token;
+   let { login, special } = req.token;
-    let twofactor: IYubiKey = await TwoFactor.findOne({ user: req.user._id, type: TwoFATypes.U2F, valid: true })
+   let twofactor: IYubiKey = await TwoFactor.findOne({ user: req.user._id, type: TwoFATypes.U2F, valid: true })
-    if (!twofactor) {
+   if (!twofactor) {
-        throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
+      throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
-    }
+   }
-    if (twofactor.expires) {
+   if (twofactor.expires) {
-        if (moment().isAfter(twofactor.expires)) {
+      if (moment().isAfter(twofactor.expires)) {
-            twofactor.valid = false;
+         twofactor.valid = false;
-            await TwoFactor.save(twofactor);
+         await TwoFactor.save(twofactor);
-            throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
+         throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
-        }
+      }
-    }
+   }
-    let request = u2f.request(config.core.url, twofactor.data.keyHandle);
+   let request = u2f.request(config.core.url, twofactor.data.keyHandle);
-    login.data = {
+   login.data = {
-        type: "ykr",
+      type: "ykr",
-        request
+      request
-    };
+   };
-    let r;;
+   let r;;
-    if (special) {
+   if (special) {
-        special.data = login.data;
+      special.data = login.data;
-        r = LoginToken.save(special);
+      r = LoginToken.save(special);
-    }
+   }
-    await Promise.all([r, LoginToken.save(login)]);
+   await Promise.all([r, LoginToken.save(login)]);
-    res.json({ request });
+   res.json({ request });
 }))
 U2FRoute.put("/", Stacker(GetUserMiddleware(true, false, undefined, false), async (req, res) => {
-    let { login, special } = req.token;
+   let { login, special } = req.token;
-    let twofactor: IYubiKey = await TwoFactor.findOne({ user: req.user._id, type: TwoFATypes.U2F, valid: true })
+   let twofactor: IYubiKey = await TwoFactor.findOne({ user: req.user._id, type: TwoFATypes.U2F, valid: true })
-    let { response } = req.body;
+   let { response } = req.body;
-    if (!twofactor || !login.data || login.data.type !== "ykr" || special && (!special.data || special.data.type !== "ykr")) {
+   if (!twofactor || !login.data || login.data.type !== "ykr" || special && (!special.data || special.data.type !== "ykr")) {
-        throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
+      throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
-    }
+   }
-    if (twofactor.expires && moment().isAfter(twofactor.expires)) {
+   if (twofactor.expires && moment().isAfter(twofactor.expires)) {
-        twofactor.valid = false;
+      twofactor.valid = false;
-        await TwoFactor.save(twofactor);
+      await TwoFactor.save(twofactor);
-        throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
+      throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
-    }
+   }
-    let login_exp;
+   let login_exp;
-    let special_exp;
+   let special_exp;
-    let result = u2f.checkSignature(login.data.request, response, twofactor.data.publicKey);
+   let result = u2f.checkSignature(login.data.request, response, twofactor.data.publicKey);
-    if (result.successful) {
+   if (result.successful) {
-        if (special) {
+      if (special) {
-            let result = u2f.checkSignature(special.data.request, response, twofactor.data.publicKey);
+         let result = u2f.checkSignature(special.data.request, response, twofactor.data.publicKey);
-            if (result.successful) {
+         if (result.successful) {
-                special_exp = await upgradeToken(special);
+            special_exp = await upgradeToken(special);
-            }
+         }
-            else {
+         else {
-                throw new RequestError(result.errorMessage, HttpStatusCode.BAD_REQUEST);
+            throw new RequestError(result.errorMessage, HttpStatusCode.BAD_REQUEST);
-            }
+         }
-        }
+      }
-        login_exp = await upgradeToken(login);
+      login_exp = await upgradeToken(login);
-    }
+   }
-    else {
+   else {
-        throw new RequestError(result.errorMessage, HttpStatusCode.BAD_REQUEST);
+      throw new RequestError(result.errorMessage, HttpStatusCode.BAD_REQUEST);
-    }
+   }
-    res.json({ success: true, login_exp, special_exp })
+   res.json({ success: true, login_exp, special_exp })
 }))
 export default U2FRoute;
--- a/src/helper/request_error.ts
+++ b/src/helper/request_error.ts
@ -381,7 +381,7 @@ export enum HttpStatusCode {
 export default class RequestError extends Error {
-   constructor(message: any, public status: HttpStatusCode, public nolog: boolean = false) {
+   constructor(message: any, public status: HttpStatusCode, public nolog: boolean = false, public additional: any = undefined) {
      super("")
      this.message = message;
   }
--- a/src/index.ts
+++ b/src/index.ts
@ -37,6 +37,8 @@ DB.connect().then(async () => {
      await TestData()
   let web = new Web(config.web)
   web.listen()
   let already = new Set();
   function print(path, layer) {
      if (layer.route) {
         layer.route.stack.forEach(print.bind(null, path.concat(split(layer.route.path))))
@ -45,7 +47,11 @@ DB.connect().then(async () => {
      } else if (layer.method) {
         let me: string = layer.method.toUpperCase();
         me += " ".repeat(6 - me.length);
-         Logging.log(`${me} /${path.concat(split(layer.regexp)).filter(Boolean).join('/')}`);
+         let msg = `${me} /${path.concat(split(layer.regexp)).filter(Boolean).join('/')}`;
         if (!already.has(msg)) {
            already.add(msg);
            Logging.log(msg);
         }
      }
   }
@ -64,9 +70,9 @@ DB.connect().then(async () => {
            : '<complex:' + thing.toString() + '>'
      }
   }
-   Logging.log("--- Endpoints:    ---");
+   // Logging.log("--- Endpoints:    ---");
-   web.server._router.stack.forEach(print.bind(null, []))
+   // web.server._router.stack.forEach(print.bind(null, []))
-   Logging.log("--- Endpoints end ---")
+   // Logging.log("--- Endpoints end ---")
 }).catch(e => {
   Logging.error(e)
   process.exit();
--- a/src/models/login_token.ts
+++ b/src/models/login_token.ts
@ -52,8 +52,10 @@ const LoginToken = DB.addModel<ILoginToken>({
 })
 export async function CheckToken(token: ILoginToken, validated: boolean = true): Promise<boolean> {
-   if (!token || !token.valid) return false;
+   if (!token || !token.valid)
-   if (validated && !token.validated) return false;
+      return false;
   if (validated && !token.validated)
      return false;
   if (moment().isAfter(token.validTill)) {
      token.valid = false;
      await LoginToken.save(token)
--- a/src/models/twofactor.ts
+++ b/src/models/twofactor.ts
@ -3,55 +3,65 @@ import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
 import { ObjectID } from "bson";
 export enum TFATypes {
-    OTC,
+   OTC,
-    BACKUP_CODE,
+   BACKUP_CODE,
-    U2F,
+   U2F,
-    APP_ALLOW
+   APP_ALLOW
 }
 export const TFANames = new Map<TFATypes, string>();
 TFANames.set(TFATypes.OTC, "Authenticator");
 TFANames.set(TFATypes.BACKUP_CODE, "Backup Codes");
 TFANames.set(TFATypes.U2F, "Security Key (U2F)");
 TFANames.set(TFATypes.APP_ALLOW, "App Push");
 export interface ITwoFactor extends ModelDataBase {
-    user: ObjectID
+   user: ObjectID
-    valid: boolean
+   valid: boolean
-    expires?: Date;
+   expires?: Date;
-    name?: string;
+   name?: string;
-    type: TFATypes
+   type: TFATypes
-    data: any;
+   data: any;
 }
-export interface IOTP extends ITwoFactor {
+export interface IOTC extends ITwoFactor {
-    data: string;
+   data: string;
 }
 export interface IYubiKey extends ITwoFactor {
-    data: {
+   data: {
-        registration?: any;
+      registration?: any;
-        publicKey: string;
+      publicKey: string;
-        keyHandle: string;
+      keyHandle: string;
-    }
+   }
 }
 export interface IU2F extends ITwoFactor {
-    data: {
+   data: {
-        challenge?: string;
+      challenge?: string;
-        publicKey: string;
+      publicKey: string;
-        keyHandle: string;
+      keyHandle: string;
-        registration?: string;
+      registration?: string;
-    }
+   }
 }
 export interface IBackupCode extends ITwoFactor {
   data: string[];
 }
 const TwoFactor = DB.addModel<ITwoFactor>({
-    name: "twofactor",
+   name: "twofactor",
-    versions: [{
+   versions: [{
-        migration: (e) => { },
+      migration: (e) => { },
-        schema: {
+      schema: {
-            user: { type: ObjectID },
+         user: { type: ObjectID },
-            valid: { type: Boolean },
+         valid: { type: Boolean },
-            expires: { type: Date, optional: true },
+         expires: { type: Date, optional: true },
-            name: { type: String, optional: true },
+         name: { type: String, optional: true },
-            type: { type: Number },
+         type: { type: Number },
-            data: { type: "any" },
+         data: { type: "any" },
-        }
+      }
-    }]
+   }]
 });
 export default TwoFactor;
--- a/src/testdata.ts
+++ b/src/testdata.ts
@ -8,6 +8,11 @@ import { ObjectID } from "bson";
 import DB from "./database";
 import TwoFactor from "./models/twofactor";
 import * as speakeasy from "speakeasy";
 import LoginToken from "./models/login_token";
 import { log } from "handlebars";
 export default async function TestData() {
   await DB.db.dropDatabase();
   let u = await User.findOne({ username: "test" });
@ -63,18 +68,56 @@ export default async function TestData() {
      await RegCode.save(r);
   }
-   let t = await TwoFactor.findOne({ user: u._id, type: 2 })
+   let t = await TwoFactor.findOne({ user: u._id, type: 0 })
   if (!t) {
      t = TwoFactor.new({
         user: u._id,
-         type: 2,
+         type: 0,
         valid: true,
-         data: {
+         data: "IIRW2P2UJRDDO2LDIRYW4LSREZLWMOKDNBJES2LLHRREK3R6KZJQ",
            keyHandle: "tWSaMoHX2E96CoZOKOi_4aj6WVEh1e46FKXN0oDY2Z-laNOFcATlStNDo52HX7ygupW-v9qZOCX3J4d5nhOzWQ",
            publicKey: "BPsgBxR8M7MyrknlFuvYZv0Z1lZxiJQJNrLDA1yi3XKD_lrhIpnAh2OY_TsFjASvn3JTtwlCh62QdMvN-ejQL78"
         },
         expires: null
      })
      TwoFactor.save(t);
   }
   let login_token = await LoginToken.findOne({ token: "test01" });
   if (login_token)
      await LoginToken.delete(login_token);
   login_token = LoginToken.new({
      browser: "DEMO",
      ip: "10.0.0.1",
      special: false,
      token: "test01",
      valid: true,
      validTill: moment().add("10", "years").toDate(),
      user: u._id,
      validated: true
   });
   await LoginToken.save(login_token);
   let special_token = await LoginToken.findOne({ token: "test02" });
   if (special_token)
      await LoginToken.delete(special_token);
   special_token = LoginToken.new({
      browser: "DEMO",
      ip: "10.0.0.1",
      special: true,
      token: "test02",
      valid: true,
      validTill: moment().add("10", "years").toDate(),
      user: u._id,
      validated: true
   });
   await LoginToken.save(special_token);
   // setInterval(() => {
   //    let code = speakeasy.totp({
   //       secret: t.data,
   //       encoding: "base32"
   //    })
   //    Logging.debug("OTC Code is:", code);
   // }, 1000)
 }  
--- a/src/web.ts
+++ b/src/web.ts
@ -88,12 +88,12 @@ export default class Web {
         if (error.status === 500 && !(<any>error).nolog) {
            Logging.error(error);
         } else {
-            Logging.log(typeof error.message === "string" ? error.message.split("\n", 1)[0] : error.message);
+            Logging.log("Responded with Error:", typeof error.message === "string" ? error.message.split("\n", 1)[0] : error.message);
         }
         if (req.accepts(["json"])) {
            res.json_status = error.status || 500;
-            res.json({ error: error.message, status: error.status || 500 })
+            res.json({ error: error.message, status: error.status || 500, additional: error.additional })
         } else
            res.status(error.status || 500).send(error.message)
      })