@mrgnw/anahtar 0.0.8 → 0.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/kit/handlers.js +5 -3
  2. package/dist/passkey.d.ts +6 -1
  3. package/dist/passkey.js +22 -9
  4. package/package.json +1 -1
package/dist/kit/handlers.js CHANGED
@@ -119,9 +119,11 @@ export function createHandlers(config) {
119
119
  return json({ error: 'Invalid input' }, { status: 400 });
120
120
  const { name, ...response } = body;
121
121
  const passkeyName = typeof name === 'string' && name.trim() ? name.trim() : null;
122
- const success = await verifyRegistrationResponse(config.db, user.id, response, event.url, passkeyName);
123
- if (!success)
124
- return json({ error: 'Passkey registration failed' }, { status: 400 });
122
+ const result = await verifyRegistrationResponse(config.db, user.id, response, event.url, passkeyName);
123
+ if (!result.ok) {
124
+ console.error('register-finish failed:', result.reason);
125
+ return json({ error: 'Passkey registration failed', reason: result.reason }, { status: 400 });
126
+ }
125
127
  return json({ success: true });
126
128
  }
127
129
  },
package/dist/passkey.d.ts CHANGED
@@ -8,7 +8,12 @@ export declare function generateRegistrationChallenge(db: AuthDB, user: {
8
8
  id: string;
9
9
  email: string;
10
10
  }, requestUrl: URL, config: ResolvedConfig): Promise<import("@simplewebauthn/server").PublicKeyCredentialCreationOptionsJSON>;
11
- export declare function verifyRegistrationResponse(db: AuthDB, userId: string, response: RegistrationResponseJSON, requestUrl: URL, name?: string | null): Promise<boolean>;
11
+ export declare function verifyRegistrationResponse(db: AuthDB, userId: string, response: RegistrationResponseJSON, requestUrl: URL, name?: string | null): Promise<{
12
+ ok: true;
13
+ } | {
14
+ ok: false;
15
+ reason: string;
16
+ }>;
12
17
  export declare function generateAuthenticationChallenge(db: AuthDB, requestUrl: URL): Promise<import("@simplewebauthn/server").PublicKeyCredentialRequestOptionsJSON>;
13
18
  export declare function verifyAuthenticationResponse(db: AuthDB, response: AuthenticationResponseJSON, requestUrl: URL): Promise<{
14
19
  user: {
package/dist/passkey.js CHANGED
@@ -32,19 +32,31 @@ export async function generateRegistrationChallenge(db, user, requestUrl, config
32
32
  }
33
33
  export async function verifyRegistrationResponse(db, userId, response, requestUrl, name = null) {
34
34
  const { rpID, origin } = getWebAuthnConfig(requestUrl);
35
- const challenge = JSON.parse(Buffer.from(response.response.clientDataJSON, 'base64url').toString()).challenge;
35
+ let challenge;
36
+ try {
37
+ const clientData = JSON.parse(Buffer.from(response.response.clientDataJSON, 'base64url').toString());
38
+ challenge = clientData.challenge;
39
+ }
40
+ catch (e) {
41
+ return { ok: false, reason: `clientDataJSON parse failed: ${e}` };
42
+ }
36
43
  const stored = await db.consumeChallenge(challenge);
37
- if (!stored || stored.userId !== userId)
38
- return false;
44
+ if (!stored)
45
+ return { ok: false, reason: 'challenge not found or expired' };
46
+ if (stored.userId !== userId)
47
+ return { ok: false, reason: `userId mismatch: challenge=${stored.userId} session=${userId}` };
39
48
  try {
40
49
  const verification = await verifyRegResponse({
41
50
  response,
42
51
  expectedChallenge: challenge,
43
52
  expectedOrigin: origin,
44
- expectedRPID: rpID
53
+ expectedRPID: rpID,
54
+ requireUserVerification: false
45
55
  });
46
- if (!verification.verified || !verification.registrationInfo)
47
- return false;
56
+ if (!verification.verified)
57
+ return { ok: false, reason: 'verification not verified' };
58
+ if (!verification.registrationInfo)
59
+ return { ok: false, reason: 'no registrationInfo' };
48
60
  const { credential } = verification.registrationInfo;
49
61
  await db.storePasskey({
50
62
  id: randomUUID(),
@@ -55,10 +67,10 @@ export async function verifyRegistrationResponse(db, userId, response, requestUr
55
67
  transports: response.response.transports ? JSON.stringify(response.response.transports) : null,
56
68
  name
57
69
  });
58
- return true;
70
+ return { ok: true };
59
71
  }
60
- catch {
61
- return false;
72
+ catch (e) {
73
+ return { ok: false, reason: `verification threw: ${e}` };
62
74
  }
63
75
  }
64
76
  export async function generateAuthenticationChallenge(db, requestUrl) {
@@ -86,6 +98,7 @@ export async function verifyAuthenticationResponse(db, response, requestUrl) {
86
98
  expectedChallenge: challenge,
87
99
  expectedOrigin: origin,
88
100
  expectedRPID: rpID,
101
+ requireUserVerification: false,
89
102
  credential: {
90
103
  id: passkey.credentialId,
91
104
  publicKey: new Uint8Array(passkey.publicKey),
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mrgnw/anahtar",
3
- "version": "0.0.8",
3
+ "version": "0.0.10",
4
4
  "description": "Opinionated, reusable auth for SvelteKit. Email+OTP + passkeys.",
5
5
  "license": "MIT",
6
6
  "type": "module",