illusory-mapp/packages/logic/domains/2fa/sensitive-actions.ts

import { FlowExecCtx } from "@core/flow.execution.context";
import { getTwofaController } from "./controller";
import type { User } from "@/domains/user/data";

const twofaController = getTwofaController();

/**
 * Check if user needs 2FA verification for sensitive actions
 * Call this before executing sensitive operations like:
 * - Changing password
 * - Viewing billing info
 * - Deleting account
 * - etc.
 */
export async function requiresSensitiveAction2FA(
    fctx: FlowExecCtx,
    user: User,
): Promise<boolean> {
    const result = await twofaController.requiresSensitiveActionVerification(
        fctx,
        user,
    );
    return result.match(
        (data) => data,
        () => true, // On error, require verification for security
    );
}

export async function checkInitial2FaRequired(
    fctx: FlowExecCtx,
    user: User,
    sessionId: string,
): Promise<boolean> {
    const result = await twofaController.requiresInitialVerification(
        fctx,
        user,
        sessionId,
    );
    return result.match(
        (data) => data,
        () => true,
    );
}