🔒 fix: 2FA Encrypt TOTP Secrets & Improve Docs

[rubentalstra]

This pull request introduces changes to improve the security and functionality of the two-factor authentication (2FA) system. The main updates include encrypting TOTP secrets, adding a function to retrieve and decrypt these secrets, and enhancing the documentation for various functions.

Security Improvements:

• api/server/controllers/TwoFactorController.js: Updated the enable2FAController to encrypt TOTP secrets before storing them and modified verify2FAController and confirm2FAController to retrieve and decrypt TOTP secrets using the new getTOTPSecret function. [1] [2] [3]
• api/server/controllers/auth/TwoFactorAuthController.js: Enhanced the verify2FA function to use the getTOTPSecret function for retrieving and decrypting TOTP secrets.
• api/server/services/twoFactorService.js: Added the getTOTPSecret function to retrieve and decrypt stored TOTP secrets, and included the decryptV2 utility function.

Code Enhancements:

• api/server/services/twoFactorService.js: Improved documentation for various functions, including encodeBase32, decodeBase32, generate2FATempToken, generateTOTPSecret, generateTOTP, verifyTOTP, generateBackupCodes, and verifyBackupCode. [1] [2] [3] [4] [5] [6] [7] [8]

Additional Imports:

• api/server/controllers/TwoFactorController.js: Added the encryptV2 utility function for encrypting TOTP secrets.
• api/server/controllers/auth/TwoFactorAuthController.js: Imported the getTOTPSecret function from twoFactorService.

Change Type

Please delete any irrelevant options.

• Bug fix (non-breaking change which fixes an issue)

Testing

Test Configuration:

Checklist

• My code adheres to this project's style guidelines
• I have performed a self-review of my own code
• I have commented in any complex areas of my code
• My changes do not introduce new warnings
• Local unit tests pass with my changes
• Any changes dependent on mine have been merged and published in downstream modules.