Add MFA Flow also to Super Admin (#186)

* Add MFA flow to Super Admin checks

apps/web/middleware.ts

@@ -115,6 +115,18 @@ async function adminMiddleware(request: NextRequest, response: NextResponse) {
     );
   }
 
+  const supabase = createMiddlewareClient(request, response);
+
+  const requiresMultiFactorAuthentication =
+    await checkRequiresMultiFactorAuthentication(supabase);
+
+  // If user requires multi-factor authentication, redirect to MFA page.
+  if (requiresMultiFactorAuthentication) {
+    return NextResponse.redirect(
+      new URL(pathsConfig.auth.verifyMfa, origin).href,
+    );
+  }
+
   const role = user?.app_metadata.role;
 
   // If user is not an admin, redirect to 404 page.

packages/features/admin/src/lib/server/utils/is-super-admin.ts

@@ -1,5 +1,6 @@
 import { SupabaseClient } from '@supabase/supabase-js';
 
+import { checkRequiresMultiFactorAuthentication } from '@kit/supabase/check-requires-mfa';
 import { Database } from '@kit/supabase/database';
 
 /**
@@ -18,6 +19,14 @@ export async function isSuperAdmin(client: SupabaseClient<Database>) {
     return false;
   }
 
+  const requiresMultiFactorAuthentication =
+    await checkRequiresMultiFactorAuthentication(client);
+
+  // If user requires multi-factor authentication, deny access.
+  if (requiresMultiFactorAuthentication) {
+    return false;
+  }
+
   const appMetadata = data.user.app_metadata;
 
   return appMetadata?.role === 'super-admin';