feat: Implement TOTP inmemory classes

src/main/java/io/supertokens/Main.java

@@ -25,6 +25,7 @@
 import io.supertokens.cronjobs.deleteExpiredPasswordResetTokens.DeleteExpiredPasswordResetTokens;
 import io.supertokens.cronjobs.deleteExpiredPasswordlessDevices.DeleteExpiredPasswordlessDevices;
 import io.supertokens.cronjobs.deleteExpiredSessions.DeleteExpiredSessions;
+import io.supertokens.cronjobs.deleteExpiredTotpTokens.DeleteExpiredTotpTokens;
 import io.supertokens.cronjobs.telemetry.Telemetry;
 import io.supertokens.emailpassword.PasswordHashing;
 import io.supertokens.exceptions.QuitProgramException;
@@ -204,6 +205,9 @@ private void init() throws IOException {
         // removes passwordless devices with only expired codes
         Cronjobs.addCronjob(this, DeleteExpiredPasswordlessDevices.getInstance(this));
 
+        // removes expired TOTP used tokens
+        Cronjobs.addCronjob(this, DeleteExpiredTotpTokens.getInstance(this));
+
         // starts Telemetry cronjob if the user has not disabled it
         if (!Config.getConfig(this).isTelemetryDisabled()) {
             Cronjobs.addCronjob(this, Telemetry.getInstance(this));

src/main/java/io/supertokens/authRecipe/AuthRecipe.java

@@ -103,6 +103,7 @@ private static void deleteNonAuthRecipeUser(Main main, String userId) throws Sto
         StorageLayer.getSessionStorage(main).deleteSessionsOfUser(userId);
         StorageLayer.getEmailVerificationStorage(main).deleteEmailVerificationUserInfo(userId);
         StorageLayer.getUserRolesStorage(main).deleteAllRolesForUser(userId);
+        StorageLayer.getTOTPStorage(main).deleteAllDataForUser(userId);
     }
 
     private static void deleteAuthRecipeUser(Main main, String userId) throws StorageQueryException {

src/main/java/io/supertokens/config/CoreConfig.java

@@ -56,6 +56,9 @@ public class CoreConfig {
     @JsonProperty
     private long passwordless_code_lifetime = 900000; // in MS
 
+    @JsonProperty
+    private int totp_rate_limit_window_size = 5;
+
     private final String logDefault = "asdkfahbdfk3kjHS";
     @JsonProperty
     private String info_log_path = logDefault;
@@ -106,10 +109,13 @@ public class CoreConfig {
     private int bcrypt_log_rounds = 11;
 
     // TODO: add https in later version
-//	# (OPTIONAL) boolean value (true or false). Set to true if you want to enable https requests to SuperTokens.
-//	# If you are not running SuperTokens within a closed network along with your API process, for 
-//	# example if you are using multiple cloud vendors, then it is recommended to set this to true.
-//	# webserver_https_enabled:
+    // # (OPTIONAL) boolean value (true or false). Set to true if you want to enable
+    // https requests to SuperTokens.
+    // # If you are not running SuperTokens within a closed network along with your
+    // API process, for
+    // # example if you are using multiple cloud vendors, then it is recommended to
+    // set this to true.
+    // # webserver_https_enabled:
     @JsonProperty
     private boolean webserver_https_enabled = false;
 
@@ -191,9 +197,11 @@ public enum PASSWORD_HASHING_ALG {
     }
 
     public int getArgon2HashingPoolSize() {
-        // the reason we do Math.max below is that if the password hashing algo is bcrypt,
+        // the reason we do Math.max below is that if the password hashing algo is
+        // bcrypt,
         // then we don't check the argon2 hashing pool size config at all. In this case,
-        // if the user gives a <= 0 number, it crashes the core (since it creates a blockedqueue in PaswordHashing
+        // if the user gives a <= 0 number, it crashes the core (since it creates a
+        // blockedqueue in PaswordHashing
         // .java with length <= 0). So we do a Math.max
         return Math.max(1, argon2_hashing_pool_size);
     }
@@ -266,6 +274,10 @@ public long getPasswordlessCodeLifetime() {
         return passwordless_code_lifetime;
     }
 
+    public int getTotpRateLimitWindowSize() {
+        return totp_rate_limit_window_size;
+    }
+
     public boolean isTelemetryDisabled() {
         return disable_telemetry;
     }
@@ -384,6 +396,10 @@ void validateAndInitialise(Main main) throws IOException {
             throw new QuitProgramException("'passwordless_max_code_input_attempts' must be > 0");
         }
 
+        if (totp_rate_limit_window_size <= 0) {
+            throw new QuitProgramException("'totp_rate_limit_window_size' must be > 0");
+        }
+
         if (max_server_pool_size <= 0) {
             throw new QuitProgramException("'max_server_pool_size' must be >= 1. The config file can be found here: "
                     + getConfigFileLocation(main));
@@ -475,4 +491,4 @@ void validateAndInitialise(Main main) throws IOException {
         }
     }
 
-}
+}

src/main/java/io/supertokens/cronjobs/deleteExpiredTotpTokens/DeleteExpiredTotpTokens.java

@@ -1,6 +1,7 @@
 package io.supertokens.cronjobs.deleteExpiredTotpTokens;
 
 import io.supertokens.Main;
+import io.supertokens.ResourceDistributor;
 import io.supertokens.pluginInterface.STORAGE_TYPE;
 import io.supertokens.pluginInterface.totp.sqlStorage.TOTPSQLStorage;
 import io.supertokens.cronjobs.CronTask;
@@ -15,6 +16,14 @@ private DeleteExpiredTotpTokens(Main main) {
         super("DeleteExpiredTotpTokens", main);
     }
 
+    public static DeleteExpiredTotpTokens getInstance(Main main) {
+        ResourceDistributor.SingletonResource instance = main.getResourceDistributor().getResource(RESOURCE_KEY);
+        if (instance == null) {
+            instance = main.getResourceDistributor().setResource(RESOURCE_KEY, new DeleteExpiredTotpTokens(main));
+        }
+        return (DeleteExpiredTotpTokens) instance;
+    }
+
     @Override
     protected void doTask() throws Exception {
         if (StorageLayer.getStorage(this.main).getType() != STORAGE_TYPE.SQL) {

src/main/java/io/supertokens/inmemorydb/Start.java

@@ -1633,35 +1633,28 @@ public void addInfoToNonAuthRecipesBasedOnUserId(String className, String userId
     @Override
     public void createDevice(TOTPDevice device) throws StorageQueryException, DeviceAlreadyExistsException {
         try {
-            TOTPQueries.createDevice(this, device);
-        } catch (SQLException e) {
-            if (e.getMessage()
-                    .equals("[SQLITE_CONSTRAINT]  Abort due to constraint violation (UNIQUE constraint failed: "
-                            + Config.getConfig(this).getTotpUserDevicesTable() + ".user_id, "
-                            + Config.getConfig(this).getTotpUserDevicesTable() + ".device_name" + ")")) {
+            TOTPQueries.createDeviceAndUser(this, device);
+        } catch (StorageTransactionLogicException e) {
+            String message = e.actualException.getMessage();
+            if (message.equals("[SQLITE_CONSTRAINT]  Abort due to constraint violation (UNIQUE constraint failed: "
+                    + Config.getConfig(this).getTotpUserDevicesTable() + ".user_id, "
+                    + Config.getConfig(this).getTotpUserDevicesTable() + ".device_name" + ")")) {
                 throw new DeviceAlreadyExistsException();
             }
 
-            throw new StorageQueryException(e);
+            throw new StorageQueryException(e.actualException);
         }
     }
 
     @Override
-    public boolean markDeviceAsVerified(String userId, String deviceName)
+    public void markDeviceAsVerified(String userId, String deviceName)
             throws StorageQueryException, UnknownDeviceException {
         try {
             int updatedCount = TOTPQueries.markDeviceAsVerified(this, userId, deviceName);
             if (updatedCount == 0) {
-                TOTPDevice[] devices = TOTPQueries.getDevices(this, userId);
-                for (TOTPDevice device : devices) {
-                    if (device.deviceName.equals(deviceName) && device.verified) {
-                        return true; // Device was already verified
-                    }
-                }
-                // Device was not found:
                 throw new UnknownDeviceException();
             }
-            return false; // Device was marked as verified
+            return; // Device was marked as verified
         } catch (SQLException e) {
             throw new StorageQueryException(e);
         }
@@ -1675,12 +1668,8 @@ public void deleteDevice(String userId, String deviceName)
             if (deletedCount == 0) {
                 throw new UnknownDeviceException();
             }
-
-            // Note: This step is only required for in-memory databases.
-            // They don't have cascading deletes, so we need to manually delete the codes
-            TOTPQueries.removeUsedCodes(this, userId, deviceName);
-        } catch (SQLException e) {
-            throw new StorageQueryException(e);
+        } catch (StorageTransactionLogicException e) {
+            throw new StorageQueryException(e.actualException);
         }
     }
 
@@ -1715,26 +1704,26 @@ public TOTPDevice[] getDevices(String userId)
     }
 
     @Override
-    public boolean insertUsedCode(TOTPUsedCode usedCodeObj)
+    public void insertUsedCode(TOTPUsedCode usedCodeObj)
             throws StorageQueryException, TotpNotEnabledException {
         try {
-            TOTPDevice[] devices = TOTPQueries.getDevices(this, usedCodeObj.userId);
-            if (devices.length == 0) {
+            TOTPQueries.insertUsedCode(this, usedCodeObj);
+        } catch (StorageTransactionLogicException e) {
+            String message = e.actualException.getMessage();
+            if (message
+                    .equals("[SQLITE_CONSTRAINT]  Abort due to constraint violation (FOREIGN KEY constraint failed)")) {
+                // No user/device exists for the given usedCodeObj.userId
                 throw new TotpNotEnabledException();
             }
-
-            int insertCount = TOTPQueries.insertUsedCode(this, usedCodeObj);
-            return insertCount == 1;
-        } catch (SQLException e) {
-            throw new StorageQueryException(e);
+            throw new StorageQueryException(e.actualException);
         }
     }
 
     @Override
-    public TOTPUsedCode[] getUsedCodes(String userId)
+    public TOTPUsedCode[] getNonExpiredUsedCodes(String userId)
             throws StorageQueryException {
         try {
-            return TOTPQueries.getUsedCodes(this, userId);
+            return TOTPQueries.getNonExpiredUsedCodesDescOrder(this, userId);
         } catch (SQLException e) {
             throw new StorageQueryException(e);
         }
@@ -1749,4 +1738,13 @@ public void removeExpiredCodes()
             throw new StorageQueryException(e);
         }
     }
+
+    @Override
+    public void deleteAllDataForUser(String userId) throws StorageQueryException {
+        try {
+            TOTPQueries.deleteAllDataForUser(this, userId);
+        } catch (StorageTransactionLogicException e) {
+            throw new StorageQueryException(e);
+        }
+    }
 }

src/main/java/io/supertokens/inmemorydb/config/SQLiteConfig.java

@@ -90,6 +90,10 @@ public String getUserIdMappingTable() {
         return "userid_mapping";
     }
 
+    public String getTotpUsersTable() {
+        return "totp_users";
+    }
+
     public String getTotpUserDevicesTable() {
         return "totp_user_devices";
     }

src/main/java/io/supertokens/inmemorydb/queries/GeneralQueries.java

@@ -186,6 +186,10 @@ public static void createTablesIfNotExists(Start start, Main main) throws SQLExc
             update(start, UserIdMappingQueries.getQueryToCreateUserIdMappingTable(start), NO_OP_SETTER);
         }
 
+        if (!doesTableExists(start, Config.getConfig(start).getTotpUsersTable())) {
+            getInstance(main).addState(CREATING_NEW_TABLE, null);
+            update(start, TOTPQueries.getQueryToCreateUsersTable(start), NO_OP_SETTER);
+        }
 
         if (!doesTableExists(start, Config.getConfig(start).getTotpUserDevicesTable())) {
             getInstance(main).addState(CREATING_NEW_TABLE, null);