@casual-simulation/aux-records 3.2.16 → 3.2.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AAGUID.d.ts +11 -0
- package/AAGUID.js +100 -0
- package/AAGUID.js.map +1 -0
- package/AuthController.d.ts +171 -3
- package/AuthController.js +426 -1
- package/AuthController.js.map +1 -1
- package/AuthStore.d.ts +182 -0
- package/Base64UrlUtils.d.ts +16 -0
- package/Base64UrlUtils.js +59 -0
- package/Base64UrlUtils.js.map +1 -0
- package/FileRecordsStore.d.ts +12 -1
- package/MemoryFileRecordsLookup.d.ts +1 -1
- package/MemoryFileRecordsLookup.js +4 -1
- package/MemoryFileRecordsLookup.js.map +1 -1
- package/MemoryStore.d.ts +14 -1
- package/MemoryStore.js +89 -0
- package/MemoryStore.js.map +1 -1
- package/RecordsServer.d.ts +6 -0
- package/RecordsServer.js +214 -0
- package/RecordsServer.js.map +1 -1
- package/Utils.d.ts +1 -1
- package/Utils.js +3 -0
- package/Utils.js.map +1 -1
- package/package.json +4 -2
package/RecordsServer.js
CHANGED
|
@@ -328,6 +328,30 @@ export class RecordsServer {
|
|
|
328
328
|
request.path === '/api/v2/register/privo') {
|
|
329
329
|
return formatResponse(request, yield this._registerPrivo(request), this._allowedAccountOrigins);
|
|
330
330
|
}
|
|
331
|
+
else if (request.method === 'GET' &&
|
|
332
|
+
request.path === '/api/v2/webauthn/register/options') {
|
|
333
|
+
return formatResponse(request, yield this._webAuthnRegisterOptions(request), true);
|
|
334
|
+
}
|
|
335
|
+
else if (request.method === 'POST' &&
|
|
336
|
+
request.path === '/api/v2/webauthn/register') {
|
|
337
|
+
return formatResponse(request, yield this._webAuthnRegister(request), true);
|
|
338
|
+
}
|
|
339
|
+
else if (request.method === 'GET' &&
|
|
340
|
+
request.path === '/api/v2/webauthn/login/options') {
|
|
341
|
+
return formatResponse(request, yield this._webAuthnLoginOptions(request), true);
|
|
342
|
+
}
|
|
343
|
+
else if (request.method === 'POST' &&
|
|
344
|
+
request.path === '/api/v2/webauthn/login') {
|
|
345
|
+
return formatResponse(request, yield this._webAuthnLogin(request), true);
|
|
346
|
+
}
|
|
347
|
+
else if (request.method === 'GET' &&
|
|
348
|
+
request.path === '/api/v2/webauthn/authenticators') {
|
|
349
|
+
return formatResponse(request, yield this._listWebAuthnAuthenticators(request), this._allowedAccountOrigins);
|
|
350
|
+
}
|
|
351
|
+
else if (request.method === 'POST' &&
|
|
352
|
+
request.path === '/api/v2/webauthn/authenticators/delete') {
|
|
353
|
+
return formatResponse(request, yield this._deleteWebAuthnAuthenticator(request), this._allowedAccountOrigins);
|
|
354
|
+
}
|
|
331
355
|
else if (request.method === 'POST' &&
|
|
332
356
|
request.path === '/api/v2/meet/token') {
|
|
333
357
|
return formatResponse(request, yield this._postMeetToken(request), this._allowedApiOrigins);
|
|
@@ -2756,6 +2780,196 @@ export class RecordsServer {
|
|
|
2756
2780
|
return returnResult(result);
|
|
2757
2781
|
});
|
|
2758
2782
|
}
|
|
2783
|
+
_webAuthnRegisterOptions(request) {
|
|
2784
|
+
var _a, _b;
|
|
2785
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
2786
|
+
// We don't validate origin because the AuthController will validate it based on the allowed
|
|
2787
|
+
// relying parties.
|
|
2788
|
+
const validation = yield this._validateSessionKey(request);
|
|
2789
|
+
if (validation.success === false) {
|
|
2790
|
+
if (validation.errorCode === 'no_session_key') {
|
|
2791
|
+
return returnResult(NOT_LOGGED_IN_RESULT);
|
|
2792
|
+
}
|
|
2793
|
+
return returnResult(validation);
|
|
2794
|
+
}
|
|
2795
|
+
const result = yield this._auth.requestWebAuthnRegistration({
|
|
2796
|
+
userId: validation.userId,
|
|
2797
|
+
originOrHost: (_b = (_a = request.headers.origin) !== null && _a !== void 0 ? _a : request.headers['x-dev-proxy-host']) !== null && _b !== void 0 ? _b : request.headers.host,
|
|
2798
|
+
});
|
|
2799
|
+
return returnResult(result);
|
|
2800
|
+
});
|
|
2801
|
+
}
|
|
2802
|
+
_webAuthnRegister(request) {
|
|
2803
|
+
var _a, _b;
|
|
2804
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
2805
|
+
// We don't validate origin because the AuthController will validate it based on the allowed
|
|
2806
|
+
// relying parties.
|
|
2807
|
+
if (typeof request.body !== 'string') {
|
|
2808
|
+
return returnResult(UNACCEPTABLE_REQUEST_RESULT_MUST_BE_JSON);
|
|
2809
|
+
}
|
|
2810
|
+
const jsonResult = tryParseJson(request.body);
|
|
2811
|
+
if (!jsonResult.success || typeof jsonResult.value !== 'object') {
|
|
2812
|
+
return returnResult(UNACCEPTABLE_REQUEST_RESULT_MUST_BE_JSON);
|
|
2813
|
+
}
|
|
2814
|
+
const schema = z.object({
|
|
2815
|
+
response: z.object({
|
|
2816
|
+
id: z.string().nonempty(),
|
|
2817
|
+
rawId: z.string().nonempty(),
|
|
2818
|
+
response: z.object({
|
|
2819
|
+
clientDataJSON: z.string().nonempty(),
|
|
2820
|
+
attestationObject: z.string().nonempty(),
|
|
2821
|
+
authenticatorData: z.string().nonempty().optional(),
|
|
2822
|
+
transports: z.array(z.string().min(1).max(64)).optional(),
|
|
2823
|
+
publicKeyAlgorithm: z.number().optional(),
|
|
2824
|
+
publicKey: z.string().nonempty().optional(),
|
|
2825
|
+
}),
|
|
2826
|
+
authenticatorAttachment: z
|
|
2827
|
+
.enum(['cross-platform', 'platform'])
|
|
2828
|
+
.optional(),
|
|
2829
|
+
clientExtensionResults: z.object({
|
|
2830
|
+
appid: z.boolean().optional(),
|
|
2831
|
+
credProps: z
|
|
2832
|
+
.object({
|
|
2833
|
+
rk: z.boolean().optional(),
|
|
2834
|
+
})
|
|
2835
|
+
.optional(),
|
|
2836
|
+
hmacCreateSecret: z.boolean().optional(),
|
|
2837
|
+
}),
|
|
2838
|
+
type: z.literal('public-key'),
|
|
2839
|
+
}),
|
|
2840
|
+
});
|
|
2841
|
+
const parseResult = schema.safeParse(jsonResult.value);
|
|
2842
|
+
if (parseResult.success === false) {
|
|
2843
|
+
return returnZodError(parseResult.error);
|
|
2844
|
+
}
|
|
2845
|
+
const { response } = parseResult.data;
|
|
2846
|
+
const validation = yield this._validateSessionKey(request);
|
|
2847
|
+
if (validation.success === false) {
|
|
2848
|
+
if (validation.errorCode === 'no_session_key') {
|
|
2849
|
+
return returnResult(NOT_LOGGED_IN_RESULT);
|
|
2850
|
+
}
|
|
2851
|
+
return returnResult(validation);
|
|
2852
|
+
}
|
|
2853
|
+
const result = yield this._auth.completeWebAuthnRegistration({
|
|
2854
|
+
userId: validation.userId,
|
|
2855
|
+
response: response,
|
|
2856
|
+
originOrHost: (_b = (_a = request.headers.origin) !== null && _a !== void 0 ? _a : request.headers['x-dev-proxy-host']) !== null && _b !== void 0 ? _b : request.headers.host,
|
|
2857
|
+
userAgent: request.headers['user-agent'],
|
|
2858
|
+
});
|
|
2859
|
+
return returnResult(result);
|
|
2860
|
+
});
|
|
2861
|
+
}
|
|
2862
|
+
_webAuthnLoginOptions(request) {
|
|
2863
|
+
var _a, _b;
|
|
2864
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
2865
|
+
// We don't validate origin because the AuthController will validate it based on the allowed
|
|
2866
|
+
// relying parties.
|
|
2867
|
+
const result = yield this._auth.requestWebAuthnLogin({
|
|
2868
|
+
ipAddress: request.ipAddress,
|
|
2869
|
+
originOrHost: (_b = (_a = request.headers.origin) !== null && _a !== void 0 ? _a : request.headers['x-dev-proxy-host']) !== null && _b !== void 0 ? _b : request.headers.host,
|
|
2870
|
+
});
|
|
2871
|
+
return returnResult(result);
|
|
2872
|
+
});
|
|
2873
|
+
}
|
|
2874
|
+
_webAuthnLogin(request) {
|
|
2875
|
+
var _a, _b;
|
|
2876
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
2877
|
+
// We don't validate origin because the AuthController will validate it based on the allowed
|
|
2878
|
+
// relying parties.
|
|
2879
|
+
if (typeof request.body !== 'string') {
|
|
2880
|
+
return returnResult(UNACCEPTABLE_REQUEST_RESULT_MUST_BE_JSON);
|
|
2881
|
+
}
|
|
2882
|
+
const jsonResult = tryParseJson(request.body);
|
|
2883
|
+
if (!jsonResult.success || typeof jsonResult.value !== 'object') {
|
|
2884
|
+
return returnResult(UNACCEPTABLE_REQUEST_RESULT_MUST_BE_JSON);
|
|
2885
|
+
}
|
|
2886
|
+
const schema = z.object({
|
|
2887
|
+
requestId: z.string().nonempty(),
|
|
2888
|
+
response: z.object({
|
|
2889
|
+
id: z.string().nonempty(),
|
|
2890
|
+
rawId: z.string().nonempty(),
|
|
2891
|
+
response: z.object({
|
|
2892
|
+
clientDataJSON: z.string().nonempty(),
|
|
2893
|
+
authenticatorData: z.string().nonempty(),
|
|
2894
|
+
signature: z.string().nonempty(),
|
|
2895
|
+
userHandle: z.string().nonempty().optional(),
|
|
2896
|
+
}),
|
|
2897
|
+
authenticatorAttachment: z
|
|
2898
|
+
.enum(['cross-platform', 'platform'])
|
|
2899
|
+
.optional(),
|
|
2900
|
+
clientExtensionResults: z.object({
|
|
2901
|
+
appid: z.boolean().optional(),
|
|
2902
|
+
credProps: z
|
|
2903
|
+
.object({
|
|
2904
|
+
rk: z.boolean().optional(),
|
|
2905
|
+
})
|
|
2906
|
+
.optional(),
|
|
2907
|
+
hmacCreateSecret: z.boolean().optional(),
|
|
2908
|
+
}),
|
|
2909
|
+
type: z.literal('public-key'),
|
|
2910
|
+
}),
|
|
2911
|
+
});
|
|
2912
|
+
const parseResult = schema.safeParse(jsonResult.value);
|
|
2913
|
+
if (parseResult.success === false) {
|
|
2914
|
+
return returnZodError(parseResult.error);
|
|
2915
|
+
}
|
|
2916
|
+
const { response, requestId } = parseResult.data;
|
|
2917
|
+
const result = yield this._auth.completeWebAuthnLogin({
|
|
2918
|
+
requestId: requestId,
|
|
2919
|
+
ipAddress: request.ipAddress,
|
|
2920
|
+
response: response,
|
|
2921
|
+
originOrHost: (_b = (_a = request.headers.origin) !== null && _a !== void 0 ? _a : request.headers['x-dev-proxy-host']) !== null && _b !== void 0 ? _b : request.headers.host,
|
|
2922
|
+
});
|
|
2923
|
+
return returnResult(result);
|
|
2924
|
+
});
|
|
2925
|
+
}
|
|
2926
|
+
_listWebAuthnAuthenticators(request) {
|
|
2927
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
2928
|
+
if (!validateOrigin(request, this._allowedAccountOrigins)) {
|
|
2929
|
+
return returnResult(INVALID_ORIGIN_RESULT);
|
|
2930
|
+
}
|
|
2931
|
+
const validation = yield this._validateSessionKey(request);
|
|
2932
|
+
if (validation.success === false) {
|
|
2933
|
+
if (validation.errorCode === 'no_session_key') {
|
|
2934
|
+
return returnResult(NOT_LOGGED_IN_RESULT);
|
|
2935
|
+
}
|
|
2936
|
+
return returnResult(validation);
|
|
2937
|
+
}
|
|
2938
|
+
const result = yield this._auth.listUserAuthenticators(validation.userId);
|
|
2939
|
+
return returnResult(result);
|
|
2940
|
+
});
|
|
2941
|
+
}
|
|
2942
|
+
_deleteWebAuthnAuthenticator(request) {
|
|
2943
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
2944
|
+
if (!validateOrigin(request, this._allowedAccountOrigins)) {
|
|
2945
|
+
return returnResult(INVALID_ORIGIN_RESULT);
|
|
2946
|
+
}
|
|
2947
|
+
if (typeof request.body !== 'string') {
|
|
2948
|
+
return returnResult(UNACCEPTABLE_REQUEST_RESULT_MUST_BE_JSON);
|
|
2949
|
+
}
|
|
2950
|
+
const jsonResult = tryParseJson(request.body);
|
|
2951
|
+
if (!jsonResult.success || typeof jsonResult.value !== 'object') {
|
|
2952
|
+
return returnResult(UNACCEPTABLE_REQUEST_RESULT_MUST_BE_JSON);
|
|
2953
|
+
}
|
|
2954
|
+
const schema = z.object({
|
|
2955
|
+
authenticatorId: z.string().nonempty(),
|
|
2956
|
+
});
|
|
2957
|
+
const parseResult = schema.safeParse(jsonResult.value);
|
|
2958
|
+
if (parseResult.success === false) {
|
|
2959
|
+
return returnZodError(parseResult.error);
|
|
2960
|
+
}
|
|
2961
|
+
const { authenticatorId } = parseResult.data;
|
|
2962
|
+
const validation = yield this._validateSessionKey(request);
|
|
2963
|
+
if (validation.success === false) {
|
|
2964
|
+
if (validation.errorCode === 'no_session_key') {
|
|
2965
|
+
return returnResult(NOT_LOGGED_IN_RESULT);
|
|
2966
|
+
}
|
|
2967
|
+
return returnResult(validation);
|
|
2968
|
+
}
|
|
2969
|
+
const result = yield this._auth.deleteUserAuthenticator(validation.userId, authenticatorId);
|
|
2970
|
+
return returnResult(result);
|
|
2971
|
+
});
|
|
2972
|
+
}
|
|
2759
2973
|
_postCompleteLogin(request) {
|
|
2760
2974
|
return __awaiter(this, void 0, void 0, function* () {
|
|
2761
2975
|
if (!validateOrigin(request, this._allowedAccountOrigins)) {
|