/* 2FA Login flow + Settings/Security page */ const TwoFactorModal = ({ open, onClose }) => { const [me, setMe] = useCurrentUser(); const toast = useToast(); const [step, setStep] = useState("email"); // email | code | success const [email, setEmail] = useState(() => localStorage.getItem("kcc_last_email") || "benoitclarens123@gmail.com"); const [pwd, setPwd] = useState(""); const [code, setCode] = useState(["", "", "", "", "", ""]); const [attempts, setAttempts] = useState(0); const [ttl, setTtl] = useState(600); const [token, setToken] = useState(null); const [loading, setLoading] = useState(false); const [emailsDisabled, setEmailsDisabled] = useState(false); const inputsRef = useRef([]); useEffect(() => { if (step === "code" && ttl > 0) { const t = setTimeout(() => setTtl((s) => s - 1), 1000); return () => clearTimeout(t); } }, [step, ttl]); useEffect(() => { if (!open) { setStep("email"); setCode(["","","","","",""]); setAttempts(0); setTtl(600); setPwd(""); setToken(null); setLoading(false); setEmailsDisabled(false); } }, [open]); // Map email → user (used on success to switch the active cofounder) const matchUserFromEmail = (em) => { const e = (em || "").toLowerCase().trim(); const local = e.split("@")[0]; return USERS.find(u => (u.email && u.email.toLowerCase() === e) || u.id === local || u.name.toLowerCase() === local ) || null; }; const goCode = async (e) => { if (e && e.preventDefault) e.preventDefault(); if (!pwd) { toast({ message: "Mot de passe requis", tone: "red" }); return; } localStorage.setItem("kcc_last_email", email); setLoading(true); // SHA-256 of password — never sent in clear let pwd_hash = ""; try { const buf = new TextEncoder().encode(pwd); const hashBuf = await crypto.subtle.digest("SHA-256", buf); pwd_hash = Array.from(new Uint8Array(hashBuf)) .map(b => b.toString(16).padStart(2, "0")).join(""); } catch (_) { /* fallback below */ } try { const res = await fetch("/api/auth/code", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ email, pwd_hash }), }); if (res.status === 503) { // Kill-switch ON → bypass 2FA gracefully, log user in directly const match = matchUserFromEmail(email); if (match) setMe(match.id); setEmailsDisabled(true); setStep("success"); toast({ message: "Emails désactivés · session ouverte (mode dev)", tone: "blue" }); setTimeout(onClose, 1400); return; } const data = await res.json().catch(() => ({})); if (res.ok && data.ok && data.token) { setToken(data.token); if (typeof data.expires_in === "number") setTtl(data.expires_in); setStep("code"); toast({ message: `Code envoyé à ${data.sent_to || email}`, tone: "blue" }); setTimeout(() => inputsRef.current[0]?.focus(), 60); } else { toast({ message: data.error || "Échec de l'envoi du code", tone: "red" }); } } catch (err) { // Network failure → fallback to demo mode so dev work isn't blocked toast({ message: "Mode démo (backend indisponible)", tone: "blue" }); setStep("code"); setTimeout(() => inputsRef.current[0]?.focus(), 60); } finally { setLoading(false); } }; const verifyCode = async (fullCode) => { // Demo fallback when there's no token (offline / backend down) if (!token) { if (fullCode === "428931") { const match = matchUserFromEmail(email); if (match) setMe(match.id); setStep("success"); toast({ message: "Session ouverte · 2FA validé (démo)", tone: "green" }); setTimeout(onClose, 1400); } else { setAttempts((a) => a + 1); toast({ message: `Code invalide · essai ${attempts+1}/5`, tone: "red" }); setCode(["","","","","",""]); inputsRef.current[0]?.focus(); } return; } try { const res = await fetch("/api/auth/code", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ action: "verify", token, code: fullCode }), }); const data = await res.json().catch(() => ({})); if (res.ok && data.ok) { const match = matchUserFromEmail(email); if (match) setMe(match.id); setStep("success"); toast({ message: "Session ouverte · 2FA validé", tone: "green" }); setTimeout(onClose, 1400); } else { const a = typeof data.attempts === "number" ? data.attempts : attempts + 1; setAttempts(a); toast({ message: `Code invalide · essai ${a}/5`, tone: "red" }); setCode(["","","","","",""]); inputsRef.current[0]?.focus(); } } catch (_) { toast({ message: "Vérification impossible · réseau", tone: "red" }); } }; const updateCode = (i, v) => { const c = [...code]; c[i] = v.replace(/\D/g, "").slice(-1); setCode(c); if (v && i < 5) inputsRef.current[i + 1]?.focus(); if (c.every((d) => d) && c.join("").length === 6) { setTimeout(() => verifyCode(c.join("")), 200); } }; const resendCode = async () => { if (loading) return; setLoading(true); try { const res = await fetch("/api/auth/code", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ email, resend: true }), }); if (res.status === 503) { toast({ message: "Emails désactivés · code démo: 428931", tone: "blue" }); } else { const data = await res.json().catch(() => ({})); if (res.ok && data.ok && data.token) { setToken(data.token); setTtl(data.expires_in || 600); toast({ message: "Nouveau code envoyé", tone: "blue" }); } } } catch (_) { toast({ message: "Renvoi impossible", tone: "red" }); } finally { setLoading(false); } }; const fmtTtl = `${Math.floor(ttl/60)}:${(ttl%60).toString().padStart(2,"0")}`; return (
{/* Header */}
KC
KCC Holdings
kcc-admin.pages.dev
{step === "email" && (
Connexion sécurisée
Étape 1 / 2 · Vérification du mot de passe
setEmail(e.target.value)} style={{ flex: 1, background: "transparent", border: "none", outline: "none", color: "var(--text)" }} />
setPwd(e.target.value)} placeholder="••••••••••••" style={{ flex: 1, background: "transparent", border: "none", outline: "none", color: "var(--text)" }} />
Hash SHA-256 calculé côté client · jamais transmis en clair
Compatible iCloud Keychain · Google Password Manager · 1Password · Bitwarden
)} {step === "code" && ( <>
Code de vérification
Étape 2 / 2 · Code à 6 chiffres envoyé à {email}
{code.map((d, i) => ( inputsRef.current[i] = el} value={d} onChange={(e) => updateCode(i, e.target.value)} onKeyDown={(e) => e.key === "Backspace" && !d && i > 0 && inputsRef.current[i-1]?.focus()} inputMode="numeric" maxLength={1} style={{ width: 44, height: 52, textAlign: "center", background: "var(--bg-2)", border: `1px solid ${d ? "var(--accent)" : "var(--border)"}`, borderRadius: 8, fontSize: 22, fontWeight: 600, fontFamily: "var(--font-mono)", color: "var(--text)", outline: "none", boxShadow: d ? "0 0 0 3px var(--accent-soft)" : "none", transition: "all 100ms" }} /> ))}
Expire dans {fmtTtl} Essais = 3 ? "var(--red)" : "var(--text)" }}>{attempts}/5
{!token && (
Mode démo : tapez 428931
)} )} {step === "success" && (
Session ouverte
Bienvenue {me.name} · expiration dans 24h
)}
); }; const SettingsView = ({ onOpenAuth, theme, accent, onSetTheme, onSetAccent }) => { const toast = useToast(); const [killSwitch, setKillSwitch] = useState(true); const ACCENTS = ["#5fa8ff", "#7c3aed", "#10b981", "#f59e0b", "#ec4899"]; return (
Paramètres & Sécurité
Authentification 2FA · sync multi-appareils · gestion utilisateurs
Apparence
Thème et couleur d'accent · synchronisé multi-appareils via KV
Thème
{[ { id: "dark", label: "Sombre", bg: "#11141a", fg: "#e4e7ee", accent: "#5fa8ff" }, { id: "light", label: "Clair", bg: "#ffffff", fg: "#1a1d23", accent: "#3b82f6" }, ].map((opt) => ( ))}
Couleur d'accent
{ACCENTS.map((c) => (
KV key: kcc:prefs:theme, kcc:prefs:accent
Authentification 2FA
Code email · TTL 10 min · max 5 essais
2FA actif
Session courante
iPhone Safari · Montréal, QC · expire dans 23h 47min
MacBook Pro · Chrome
Dernière activité il y a 2 min
Approuvé
Kill-switch emails
Coupe tous les envois Resend (Daily Digest, alertes…)
{killSwitch ? "Emails ON" : "Emails OFF"}
KV key: kcc:email:killswitch · TTL persistant
Audit log
5 dernières actions · {USERS.length} utilisateurs actifs
{[ { d:"14:32", who:"clarens", act:"Connexion réussie", target:"2FA · iPhone Safari", ip:"24.114.x.x" }, { d:"14:18", who:"carly", act:"Modifié statut produit", target:"Distributeur croquettes → Commandé", ip:"108.172.x.x" }, { d:"13:55", who:"kevin", act:"Créé RFQ", target:"Yiwu OutdoorPro · RFQ-0042", ip:"66.130.x.x" }, { d:"13:21", who:"clarens", act:"Réconciliation banque", target:"CIBC · 18 transactions matchées", ip:"24.114.x.x" }, { d:"12:04", who:"carly", act:"Import CSV", target:"Seller Central · 142 lignes", ip:"108.172.x.x" }, ].map((r,i) => ( ))}
QuandQuiActionCibleIP
{r.d} {r.who} {r.act} {r.target} {r.ip}
); }; window.TwoFactorModal = TwoFactorModal; window.SettingsView = SettingsView;