Totp algorithm migration

[kentcdodds]

Upgrades @epic-web/totp to v4.0.1, addressing breaking changes by:

• Updating calls to be async.
• Normalizing algorithm names (e.g., SHA1 to SHA-1) in totp.server.ts for backward compatibility.
• Adding a Prisma migration to update existing Verification records in the database to the new SHA-X algorithm format.

Test Plan

• Ran PORT=3001 npm run test:e2e:run -- tests/e2e/2fa.test.ts to verify the 2FA flow.
• Manually tested enabling 2FA in the browser to confirm end-to-end verification.

Checklist

• Tests updated
• Docs updated

Screenshots

https://github.com/epicweb-dev/epic-stack/assets/1500684/10427387-9878-4395-8968-381907720977

---

 

---

Note

Medium Risk
Touches login/2FA verification logic and introduces a DB migration that rewrites stored TOTP algorithms; mistakes could break authentication for existing users or invalidate codes.

Overview
Upgrades @epic-web/totp to ^4.0.1 and updates 2FA/verification flows to use the library’s now-async generateTOTP/verifyTOTP APIs (including updating default algorithm strings to SHA-256).

Replaces the totp.server.ts re-export with wrapper functions that normalize algorithm names (SHA1/SHA256/SHA512 → SHA-1/SHA-256/SHA-512) and adds a Prisma migration to rewrite existing Verification.algorithm values in the DB; e2e 2FA tests are updated to await OTP generation.

^{Written by Cursor Bugbot for commit 485d703. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}