bookstack/app/Access/Mfa/TotpValidationRule.php

<?php

namespace BookStack\Access\Mfa;

use Closure;
use Illuminate\Contracts\Validation\ValidationRule;

class TotpValidationRule implements ValidationRule
{
    /**
     * Create a new rule instance.
     * Takes the TOTP secret that must be system provided, not user provided.
     */
    public function __construct(
        protected string $secret,
        protected TotpService $totpService,
    ) {
    }

    public function validate(string $attribute, mixed $value, Closure $fail): void
    {
        $passes = $this->totpService->verifyCode($value, $this->secret);
        if (!$passes) {
            $fail(trans('validation.totp'));
        }
    }
}