From 7be74e7b7ef471030385f191e0377b28a7f04976 Mon Sep 17 00:00:00 2001
From: c0repwn3r <core@coredoes.dev>
Date: Sun, 5 Feb 2023 21:25:24 -0500
Subject: [PATCH] find the actual totp check endpoint

---
 api/v1/auth/totp.txt | 71 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)
 create mode 100644 api/v1/auth/totp.txt

diff --git a/api/v1/auth/totp.txt b/api/v1/auth/totp.txt
new file mode 100644
index 0000000..2b530a7
--- /dev/null
+++ b/api/v1/auth/totp.txt
@@ -0,0 +1,71 @@
+POST /v1/auth/totp HTTP/2
+Host: api.defined.net
+Content-Length: 17
+Sec-Ch-Ua: "Chromium";v="109", "Not_A Brand";v="99"
+Accept: application/json
+Content-Type: application/json
+Sec-Ch-Ua-Mobile: ?0
+Authorization: Bearer sess-DWS8oVIMsJCvMLt-7hz0aJp6cOkQm66rLgoiDdzHbMY
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36
+Sec-Ch-Ua-Platform: "Linux"
+Origin: https://admin.defined.net
+Sec-Fetch-Site: same-site
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+
+{"code":"984116"}
+
+HTTP/2 200 OK
+Access-Control-Allow-Credentials: true
+Access-Control-Allow-Origin: https://admin.defined.net
+Access-Control-Expose-Headers: X-Request-Id
+Cache-Control: no-store
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json; charset=utf-8
+Strict-Transport-Security: max-age=31536000; includeSubdomains
+Vary: Origin
+X-Content-Type-Options: nosniff
+X-Frame-Options: DENY
+X-Request-Id: C5PCDZHGIW4D3M5PRHMHUJH4OQ
+Content-Length: 88
+Date: Mon, 06 Feb 2023 02:23:20 GMT
+
+{"data":{"authToken":"auth-Fj02D6a8dfs_l-J3NVOITW9C0M_674NmEjWZc8Xo6Ao"},"metadata":{}}
+
+POST /v1/auth/totp HTTP/2
+Host: api.defined.net
+Content-Length: 17
+Sec-Ch-Ua: "Chromium";v="109", "Not_A Brand";v="99"
+Accept: application/json
+Content-Type: application/json
+Sec-Ch-Ua-Mobile: ?0
+Authorization: Bearer sess-DWS8oVIMsJCvMLt-7hz0aJp6cOkQm66rLgoiDdzHbMY
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36
+Sec-Ch-Ua-Platform: "Linux"
+Origin: https://admin.defined.net
+Sec-Fetch-Site: same-site
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+
+{"code":"237077"}
+
+HTTP/2 400 Bad Request
+Access-Control-Allow-Credentials: true
+Access-Control-Allow-Origin: https://admin.defined.net
+Access-Control-Expose-Headers: X-Request-Id
+Cache-Control: no-store
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json; charset=utf-8
+Strict-Transport-Security: max-age=31536000; includeSubdomains
+Vary: Origin
+X-Content-Type-Options: nosniff
+X-Frame-Options: DENY
+X-Request-Id: Z7HHBRHXJRTFJXY5PTZ6HRDY6Q
+Content-Length: 110
+Date: Mon, 06 Feb 2023 02:22:54 GMT
+
+{"errors":[{"code":"ERR_INVALID_TOTP_CODE","message":"invalid TOTP code (maybe it expired?)","path":"code"}]}