feat(menu): added menu password

Author: tabarra

.deploy.config.js

@@ -1,6 +1,6 @@
 export default {
     debouncerInterval: 250,
-    preReleaseExpirationDays: 21,
+    preReleaseExpirationDays: 60,
 
     //NOTE: to test the panel from LAN, change localhost to your LAN IP
     //but the NUI will not work due to HTTPS->HTTP restrictions

resource/cl_main.lua

@@ -176,7 +176,8 @@ CreateThread(function()
         '/txAdmin-menuAlignRight',
         '/txAdmin-menuPageKey',
         '/txAdmin-menuPlayerIdDistance',
-        '/txAdmin-menuDrunkDuration'
+        '/txAdmin-menuDrunkDuration',
+        '/tx2faSecret'
     }
 
     for _, suggestion in ipairs(suggestionsToRemove) do

resource/menu/client/cl_base.lua

@@ -14,10 +14,13 @@ lastTpCoords = false;
 -- Locals
 local noMenuReason = 'unknown reason'
 local awaitingReauth = false
+local passHelpMessage = 'To authenticate to txAdmin, use the command /txAdmin-reauth <password>.'
 
 --- Logic to displaying the menu auth rejected snackbar
 local function displayAuthRejectedError()
-  if noMenuReason == 'nui_admin_not_found' then
+  if noMenuReason == 'password_required' then
+    sendSnackbarMessage('error', passHelpMessage, false)
+  elseif noMenuReason == 'nui_admin_not_found' then
     sendSnackbarMessage('error', 'nui_menu.misc.menu_not_admin', true)
   else
     sendSnackbarMessage('error', 'nui_menu.misc.menu_auth_failed', true, { reason = noMenuReason })
@@ -130,15 +133,25 @@ end)
 
 --[[ Debug Events / Commands ]]
 -- Command/event to trigger a authentication attempt
+local authPassword = false
 local function retryAuthentication()
+  if type(authPassword) ~= 'string' then
+    return
+  end
   debugPrint("^5[AUTH] Retrying menu authentication.")
   menuIsAccessible = false
   menuPermissions = {}
   sendMenuMessage('setPermissions', menuPermissions)
-  TriggerServerEvent('txsv:checkIfAdmin')
+  TriggerServerEvent('txsv:checkIfAdmin', authPassword)
 end
 RegisterNetEvent('txcl:reAuth', retryAuthentication)
-RegisterCommand('txAdmin-reauth', function()
+RegisterCommand('txAdmin-reauth', function(_, args)
+  if type(args[1]) ~= 'string' then
+    sendSnackbarMessage('error', passHelpMessage, false)
+    return
+  end
+
+  authPassword = args[1]
   sendSnackbarMessage('info', 'Retrying menu authentication.', false)
   awaitingReauth = true
   retryAuthentication()
@@ -158,7 +171,8 @@ CreateThread(function()
   TriggerEvent(
     'chat:addSuggestion',
     '/txAdmin-reauth',
-    'Retries to authenticate the menu NUI.'
+    'Retries to authenticate the menu NUI.',
+    { { name = "password", help = "2fa secret" } }
   )
 end)
 

resource/sv_admins.lua

@@ -35,16 +35,30 @@ local function handleAuthFail(src, reason)
 end
 
 -- Handle menu auth requests
-RegisterNetEvent('txsv:checkIfAdmin', function()
+RegisterNetEvent('txsv:checkIfAdmin', function(authPassword)
     local src = source
     local srcString = tostring(source)
+
+    --Early return if no password
+    if type(authPassword) ~= 'string' or authPassword == '' then
+        return TriggerClientEvent('txcl:setAdmin', src, false, false, 'password_required')
+    end
     debugPrint('Handling authentication request from player #'..srcString)
 
     -- Rate Limiter
     if type(failedAuths[srcString]) == 'number' and failedAuths[srcString] + attemptCooldown > GetGameTimer() then
         return handleAuthFail(source, "too many auth attempts")
     end
 
+    -- Check Password
+    local expectedPassword = GetConvar('tx2faSecret', 'invalid')
+    if expectedPassword == 'invalid' then
+        return handleAuthFail(src, "invalid server 2FA configuration")
+    end
+    if authPassword ~= expectedPassword then
+        return handleAuthFail(src, "invalid 2FA password")
+    end
+
     -- Prepping http request
     local url = "http://"..TX_LUACOMHOST.."/auth/self"
     local headers = {