@mrgnw/anahtar 0.0.10 → 0.0.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/passkey.d.ts +2 -2
- package/dist/passkey.js +30 -20
- package/package.json +1 -1
package/dist/passkey.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import type { AuthenticationResponseJSON, RegistrationResponseJSON } from
|
|
2
|
-
import type { AuthDB, ResolvedConfig } from
|
|
1
|
+
import type { AuthenticationResponseJSON, RegistrationResponseJSON } from "@simplewebauthn/server";
|
|
2
|
+
import type { AuthDB, ResolvedConfig } from "./types.js";
|
|
3
3
|
export declare function getWebAuthnConfig(requestUrl: URL): {
|
|
4
4
|
rpID: string;
|
|
5
5
|
origin: string;
|
package/dist/passkey.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { randomUUID } from
|
|
2
|
-
import { generateAuthenticationOptions, generateRegistrationOptions, verifyAuthenticationResponse as verifyAuthResponse, verifyRegistrationResponse as verifyRegResponse } from
|
|
1
|
+
import { randomUUID } from "node:crypto";
|
|
2
|
+
import { generateAuthenticationOptions, generateRegistrationOptions, verifyAuthenticationResponse as verifyAuthResponse, verifyRegistrationResponse as verifyRegResponse, } from "@simplewebauthn/server";
|
|
3
3
|
const CHALLENGE_EXPIRY_MS = 5 * 60 * 1000;
|
|
4
4
|
export function getWebAuthnConfig(requestUrl) {
|
|
5
5
|
const envOrigin = process.env.ORIGIN;
|
|
@@ -14,18 +14,21 @@ export async function generateRegistrationChallenge(db, user, requestUrl, config
|
|
|
14
14
|
const existingPasskeys = await db.getUserPasskeys(user.id);
|
|
15
15
|
const excludeCredentials = existingPasskeys.map((pk) => ({
|
|
16
16
|
id: pk.credentialId,
|
|
17
|
-
transports: pk.transports
|
|
17
|
+
transports: pk.transports
|
|
18
|
+
? JSON.parse(pk.transports)
|
|
19
|
+
: undefined,
|
|
18
20
|
}));
|
|
19
21
|
const options = await generateRegistrationOptions({
|
|
20
22
|
rpName: config.rpName,
|
|
21
23
|
rpID,
|
|
22
24
|
userName: user.email,
|
|
25
|
+
userDisplayName: user.email,
|
|
23
26
|
userID: new TextEncoder().encode(user.id),
|
|
24
27
|
authenticatorSelection: {
|
|
25
|
-
residentKey:
|
|
26
|
-
userVerification:
|
|
28
|
+
residentKey: "required",
|
|
29
|
+
userVerification: "preferred",
|
|
27
30
|
},
|
|
28
|
-
excludeCredentials
|
|
31
|
+
excludeCredentials,
|
|
29
32
|
});
|
|
30
33
|
await db.storeChallenge(options.challenge, user.id, Date.now() + CHALLENGE_EXPIRY_MS);
|
|
31
34
|
return options;
|
|
@@ -34,7 +37,7 @@ export async function verifyRegistrationResponse(db, userId, response, requestUr
|
|
|
34
37
|
const { rpID, origin } = getWebAuthnConfig(requestUrl);
|
|
35
38
|
let challenge;
|
|
36
39
|
try {
|
|
37
|
-
const clientData = JSON.parse(Buffer.from(response.response.clientDataJSON,
|
|
40
|
+
const clientData = JSON.parse(Buffer.from(response.response.clientDataJSON, "base64url").toString());
|
|
38
41
|
challenge = clientData.challenge;
|
|
39
42
|
}
|
|
40
43
|
catch (e) {
|
|
@@ -42,21 +45,24 @@ export async function verifyRegistrationResponse(db, userId, response, requestUr
|
|
|
42
45
|
}
|
|
43
46
|
const stored = await db.consumeChallenge(challenge);
|
|
44
47
|
if (!stored)
|
|
45
|
-
return { ok: false, reason:
|
|
48
|
+
return { ok: false, reason: "challenge not found or expired" };
|
|
46
49
|
if (stored.userId !== userId)
|
|
47
|
-
return {
|
|
50
|
+
return {
|
|
51
|
+
ok: false,
|
|
52
|
+
reason: `userId mismatch: challenge=${stored.userId} session=${userId}`,
|
|
53
|
+
};
|
|
48
54
|
try {
|
|
49
55
|
const verification = await verifyRegResponse({
|
|
50
56
|
response,
|
|
51
57
|
expectedChallenge: challenge,
|
|
52
58
|
expectedOrigin: origin,
|
|
53
59
|
expectedRPID: rpID,
|
|
54
|
-
requireUserVerification: false
|
|
60
|
+
requireUserVerification: false,
|
|
55
61
|
});
|
|
56
62
|
if (!verification.verified)
|
|
57
|
-
return { ok: false, reason:
|
|
63
|
+
return { ok: false, reason: "verification not verified" };
|
|
58
64
|
if (!verification.registrationInfo)
|
|
59
|
-
return { ok: false, reason:
|
|
65
|
+
return { ok: false, reason: "no registrationInfo" };
|
|
60
66
|
const { credential } = verification.registrationInfo;
|
|
61
67
|
await db.storePasskey({
|
|
62
68
|
id: randomUUID(),
|
|
@@ -64,8 +70,10 @@ export async function verifyRegistrationResponse(db, userId, response, requestUr
|
|
|
64
70
|
credentialId: credential.id,
|
|
65
71
|
publicKey: new Uint8Array(credential.publicKey),
|
|
66
72
|
counter: credential.counter,
|
|
67
|
-
transports: response.response.transports
|
|
68
|
-
|
|
73
|
+
transports: response.response.transports
|
|
74
|
+
? JSON.stringify(response.response.transports)
|
|
75
|
+
: null,
|
|
76
|
+
name,
|
|
69
77
|
});
|
|
70
78
|
return { ok: true };
|
|
71
79
|
}
|
|
@@ -78,9 +86,9 @@ export async function generateAuthenticationChallenge(db, requestUrl) {
|
|
|
78
86
|
const options = await generateAuthenticationOptions({
|
|
79
87
|
rpID,
|
|
80
88
|
allowCredentials: [],
|
|
81
|
-
userVerification:
|
|
89
|
+
userVerification: "preferred",
|
|
82
90
|
});
|
|
83
|
-
await db.storeChallenge(options.challenge,
|
|
91
|
+
await db.storeChallenge(options.challenge, "anonymous", Date.now() + CHALLENGE_EXPIRY_MS);
|
|
84
92
|
return options;
|
|
85
93
|
}
|
|
86
94
|
export async function verifyAuthenticationResponse(db, response, requestUrl) {
|
|
@@ -88,7 +96,7 @@ export async function verifyAuthenticationResponse(db, response, requestUrl) {
|
|
|
88
96
|
const passkey = await db.getPasskeyByCredentialId(response.id);
|
|
89
97
|
if (!passkey)
|
|
90
98
|
return null;
|
|
91
|
-
const challenge = JSON.parse(Buffer.from(response.response.clientDataJSON,
|
|
99
|
+
const challenge = JSON.parse(Buffer.from(response.response.clientDataJSON, "base64url").toString()).challenge;
|
|
92
100
|
const stored = await db.consumeChallenge(challenge);
|
|
93
101
|
if (!stored)
|
|
94
102
|
return null;
|
|
@@ -103,14 +111,16 @@ export async function verifyAuthenticationResponse(db, response, requestUrl) {
|
|
|
103
111
|
id: passkey.credentialId,
|
|
104
112
|
publicKey: new Uint8Array(passkey.publicKey),
|
|
105
113
|
counter: passkey.counter,
|
|
106
|
-
transports: passkey.transports
|
|
107
|
-
|
|
114
|
+
transports: passkey.transports
|
|
115
|
+
? JSON.parse(passkey.transports)
|
|
116
|
+
: undefined,
|
|
117
|
+
},
|
|
108
118
|
});
|
|
109
119
|
if (!verification.verified)
|
|
110
120
|
return null;
|
|
111
121
|
await db.updatePasskeyCounter(passkey.id, verification.authenticationInfo.newCounter);
|
|
112
122
|
return {
|
|
113
|
-
user: { id: passkey.userId, email: passkey.email }
|
|
123
|
+
user: { id: passkey.userId, email: passkey.email },
|
|
114
124
|
};
|
|
115
125
|
}
|
|
116
126
|
catch {
|