From c2472f1afce567909548f37d56d3f0d3cf4a74ec Mon Sep 17 00:00:00 2001
From: Kenichi Ishigaki <ishigaki@cpan.org>
Date: Sun, 28 Apr 2024 21:58:33 +0900
Subject: [PATCH] Generate qrcode image by ourselves

---
 lib/pause_2017/PAUSE/Web/Controller/User/Mfa.pm | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/pause_2017/PAUSE/Web/Controller/User/Mfa.pm b/lib/pause_2017/PAUSE/Web/Controller/User/Mfa.pm
index e30b5c832..903efa2c9 100644
--- a/lib/pause_2017/PAUSE/Web/Controller/User/Mfa.pm
+++ b/lib/pause_2017/PAUSE/Web/Controller/User/Mfa.pm
@@ -5,6 +5,8 @@ use Auth::GoogleAuth;
 use PAUSE::Crypt;
 use Crypt::URandom qw(urandom);
 use Convert::Base32 qw(encode_base32);
+use Imager::QRCode qw(plot_qrcode);
+use URI;
 
 sub edit {
   my $c = shift;
@@ -14,7 +16,7 @@ sub edit {
   my $u = $c->active_user_record;
 
   my $auth = $c->app->pause->authenticator_for($u);
-  $pause->{mfa_qrcode} = $auth->qr_code;
+  $pause->{mfa_qrcode} = _generate_qrcode($auth);
   if (!$u->{mfa_secret32}) {
     my $dbh = $mgr->authen_connect;
     my $tbl = $PAUSE::Config->{AUTHEN_USER_TABLE};
@@ -80,4 +82,16 @@ sub _generate_recovery_codes {
     @codes;
 }
 
+# using $auth->qr_code directly is handy but insecure
+sub _generate_qrcode {
+    my $auth = shift;
+    my $otpauth = $auth->qr_code(undef, undef, undef, 1);
+    my $img = plot_qrcode($otpauth, { casesensitive => 1 });
+    $img->write(data => \my $qr_png, type => 'png') or die "Failed to write image: " . $img->errstr;
+    my $data = URI->new("data:");
+    $data->data($qr_png);
+    $data->media_type('image/png');
+    $data;
+}
+
 1;