feat: TOTP (two-factor) Authentication (#55)

* Working on some initial prototype stuff for TOTP

* Fixed a bug that prevented the change password menu from working

* Enable/disable totp working

* Added the new login procedure including TOTP! :)

* misc: Changed bad description for the TOTP_SECRET env var

* I forgot to include the migration for the new prisma stuff

* fix: refresh user context instead refreshing the page

* refactor: simplify totp error handling

* Removed U2F tab + format schema

* fix: tokens not saved in cookies

* refactor: deleted commented out code

* refactor: move password text to input description

* refactor: remove tabler icon package

Co-authored-by: Elias Schneider <login@eliasschneider.com>
Co-authored-by: Elias Schneider <58886915+stonith404@users.noreply.github.com>

backend/prisma/migrations/20221219061131_user_entity/migration.sql

@@ -0,0 +1,31 @@
+-- CreateTable
+CREATE TABLE "LoginToken" (
+    "token" TEXT NOT NULL PRIMARY KEY,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "expiresAt" DATETIME NOT NULL,
+    "userId" TEXT NOT NULL,
+    "used" BOOLEAN NOT NULL DEFAULT false,
+    CONSTRAINT "LoginToken_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+-- RedefineTables
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_User" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" DATETIME NOT NULL,
+    "username" TEXT NOT NULL,
+    "email" TEXT NOT NULL,
+    "password" TEXT NOT NULL,
+    "isAdmin" BOOLEAN NOT NULL DEFAULT false,
+    "totpEnabled" BOOLEAN NOT NULL DEFAULT false,
+    "totpVerified" BOOLEAN NOT NULL DEFAULT false,
+    "totpSecret" TEXT
+);
+INSERT INTO "new_User" ("createdAt", "email", "id", "isAdmin", "password", "updatedAt", "username") SELECT "createdAt", "email", "id", "isAdmin", "password", "updatedAt", "username" FROM "User";
+DROP TABLE "User";
+ALTER TABLE "new_User" RENAME TO "User";
+CREATE UNIQUE INDEX "User_username_key" ON "User"("username");
+CREATE UNIQUE INDEX "User_email_key" ON "User"("email");
+PRAGMA foreign_key_check;
+PRAGMA foreign_keys=ON;

backend/prisma/schema.prisma

@@ -19,6 +19,11 @@ model User {
 
   shares        Share[]
   refreshTokens RefreshToken[]
+  loginTokens   LoginToken[]
+
+  totpEnabled  Boolean @default(false)
+  totpVerified Boolean @default(false)
+  totpSecret   String?
 }
 
 model RefreshToken {
@@ -31,6 +36,17 @@ model RefreshToken {
   user   User   @relation(fields: [userId], references: [id], onDelete: Cascade)
 }
 
+model LoginToken {
+  token     String   @id @default(uuid())
+  createdAt DateTime @default(now())
+
+  expiresAt DateTime
+
+  userId String
+  user   User    @relation(fields: [userId], references: [id], onDelete: Cascade)
+  used   Boolean @default(false)
+}
+
 model Share {
   id        String   @id @default(uuid())
   createdAt DateTime @default(now())

backend/prisma/seed/config.seed.ts

@@ -52,6 +52,13 @@ const configVariables: Prisma.ConfigCreateInput[] = [
     value: crypto.randomBytes(256).toString("base64"),
     locked: true,
   },
+  {
+    key: "TOTP_SECRET",
+    description: "A 16 byte random string used to generate TOTP secrets",
+    type: "string",
+    value: crypto.randomBytes(16).toString("base64"),
+    locked: true,
+  },
   {
     key: "ENABLE_EMAIL_RECIPIENTS",
     description: