Add MFA support

app/routing/middleware/auth/DMZOnly.middleware.js

@@ -0,0 +1,17 @@
+const Middleware = require('libflitter/middleware/Middleware')
+class DMZOnly extends Middleware {
+
+    async test(req, res, next, args = {}){
+
+        if ( req.is_auth ) return next()
+        else {
+            // If not signed in, save the target url so we can redirect back here after auth
+            req.session.auth.flow = req.originalUrl
+            return res.redirect('/auth/login')
+        }
+
+    }
+
+}
+
+module.exports = DMZOnly

app/routing/middleware/auth/UserOnly.middleware.js

@@ -7,8 +7,25 @@
  */
 const Middleware = require('flitter-auth/middleware/UserOnly')
 class UserOnly extends Middleware {
+    static get services() {
+        return [...super.services, 'output']
+    }
 
-    
+    async test(req, res, next, args = {}){
+
+        if ( req.is_auth && !req.session.auth.in_dmz ) return next()
+        else if ( req.is_auth ) { // Need an MFA challenge
+            if ( !req.session.auth.flow ) req.session.auth.flow = req.originalUrl
+            return res.redirect('/auth/mfa/challenge')
+        }
+        else {
+            // If not signed in, save the target url so we can redirect back here after auth
+            req.session.auth.flow = req.originalUrl
+            this.output.debug('Set auth flow: '+req.originalUrl)
+            return res.redirect('/auth/login')
+        }
+
+    }
     
 }