@technomoron/api-server-base 2.0.0-beta.4 → 2.0.0-beta.6

package/dist/cjs/api-server-base.cjs

@@ -448,6 +448,12 @@ class ApiServer {
         }
         return this.passkeyServiceAdapter;
     }
+    async listUserCredentials(userId) {
+        return this.ensurePasskeyService().listUserCredentials(userId);
+    }
+    async deletePasskeyCredential(credentialId) {
+        return this.ensurePasskeyService().deleteCredential(credentialId);
+    }
     ensureOAuthStore() {
         if (!this.oauthStoreAdapter) {
             throw new Error('OAuth store is not configured');

package/dist/cjs/api-server-base.d.ts

@@ -13,7 +13,7 @@ import type { AuthAdapter, AuthIdentifier } from './auth-api/types.js';
 import type { OAuthStore } from './oauth/base.js';
 import type { AuthCodeData, AuthCodeRequest, OAuthClient } from './oauth/types.js';
 import type { PasskeyService } from './passkey/service.js';
-import type { PasskeyChallenge, PasskeyChallengeParams, PasskeyVerificationParams, PasskeyVerificationResult } from './passkey/types.js';
+import type { PasskeyChallenge, PasskeyChallengeParams, StoredPasskeyCredential, PasskeyVerificationParams, PasskeyVerificationResult } from './passkey/types.js';
 import type { Token } from './token/types.js';
 import type { UserStore } from './user/base.js';
 import type { JwtPayload, SignOptions, VerifyOptions } from 'jsonwebtoken';
@@ -139,6 +139,8 @@ export declare class ApiServer {
     private ensureUserStore;
     private ensureTokenStore;
     private ensurePasskeyService;
+    listUserCredentials(userId: AuthIdentifier): Promise<StoredPasskeyCredential[]>;
+    deletePasskeyCredential(credentialId: Buffer | string): Promise<boolean>;
     private ensureOAuthStore;
     getUser(identifier: AuthIdentifier): Promise<any | null>;
     getUserPasswordHash(user: any): string;

package/dist/cjs/passkey/service.js

@@ -34,6 +34,26 @@ function toBuffer(value) {
     const view = value instanceof Uint8Array ? value : new Uint8Array(value);
     return Buffer.from(view);
 }
+function toBufferOrNull(value) {
+    if (!value) {
+        return null;
+    }
+    if (Buffer.isBuffer(value)) {
+        return value;
+    }
+    if (value instanceof ArrayBuffer || value instanceof Uint8Array) {
+        return toBuffer(value);
+    }
+    if (typeof value === 'string') {
+        try {
+            return fromBase64Url(value);
+        }
+        catch {
+            return null;
+        }
+    }
+    return null;
+}
 class PasskeyService {
     constructor(config, adapter, logger = console) {
         this.config = config;
@@ -113,7 +133,8 @@ class PasskeyService {
         return {
             challenge: options.challenge,
             expiresAt: expiresAt.toISOString(),
-            userId: user.id
+            userId: user.id,
+            publicKey: options
         };
     }
     async createAuthenticationChallenge(params, metadata) {
@@ -142,7 +163,8 @@ class PasskeyService {
         return {
             challenge: options.challenge,
             expiresAt: expiresAt.toISOString(),
-            userId: user.id
+            userId: user.id,
+            publicKey: options
         };
     }
     async verifyRegistration(params, record) {
@@ -161,14 +183,31 @@ class PasskeyService {
             requireUserVerification: true
         });
         if (!result.verified || !result.registrationInfo) {
+            if (!result.verified) {
+                const err = result.error ?? result;
+                this.logger.error?.('Passkey registration verification failed', err);
+            }
             return { verified: false };
         }
         const registrationInfo = result.registrationInfo;
+        const attestationResponse = params.response?.response;
+        const credentialIdPrimary = toBufferOrNull(registrationInfo.credentialID);
+        const credentialIdFallback = toBufferOrNull(params.response?.id);
+        const credentialId = credentialIdPrimary && credentialIdPrimary.length > 0 ? credentialIdPrimary : credentialIdFallback;
+        const publicKeyPrimary = toBufferOrNull(registrationInfo.credentialPublicKey);
+        const publicKeyFallback = toBufferOrNull(attestationResponse?.publicKey);
+        const publicKey = publicKeyPrimary && publicKeyPrimary.length > 0 ? publicKeyPrimary : publicKeyFallback;
+        if (!credentialId || credentialId.length === 0) {
+            return { verified: false, message: 'Missing credential id in registration response' };
+        }
+        if (!publicKey || publicKey.length === 0) {
+            return { verified: false, message: 'Missing public key in registration response' };
+        }
         await this.adapter.saveCredential({
             userId: user.id,
-            credentialId: toBuffer(registrationInfo.credentialID),
-            publicKey: toBuffer(registrationInfo.credentialPublicKey),
-            counter: registrationInfo.counter,
+            credentialId,
+            publicKey,
+            counter: registrationInfo.counter ?? 0,
             transports: sanitizeTransports(params.response.transports),
             backedUp: registrationInfo.credentialDeviceType === 'multiDevice',
             deviceType: registrationInfo.credentialDeviceType
@@ -204,6 +243,8 @@ class PasskeyService {
             requireUserVerification: true
         });
         if (!result.verified) {
+            const err = result.error ?? result;
+            this.logger.error?.('Passkey authentication verification failed', err);
             return { verified: false };
         }
         await this.adapter.updateCredentialCounter(credential.credentialId, result.authenticationInfo.newCounter);

package/dist/esm/api-server-base.d.ts

@@ -13,7 +13,7 @@ import type { AuthAdapter, AuthIdentifier } from './auth-api/types.js';
 import type { OAuthStore } from './oauth/base.js';
 import type { AuthCodeData, AuthCodeRequest, OAuthClient } from './oauth/types.js';
 import type { PasskeyService } from './passkey/service.js';
-import type { PasskeyChallenge, PasskeyChallengeParams, PasskeyVerificationParams, PasskeyVerificationResult } from './passkey/types.js';
+import type { PasskeyChallenge, PasskeyChallengeParams, StoredPasskeyCredential, PasskeyVerificationParams, PasskeyVerificationResult } from './passkey/types.js';
 import type { Token } from './token/types.js';
 import type { UserStore } from './user/base.js';
 import type { JwtPayload, SignOptions, VerifyOptions } from 'jsonwebtoken';
@@ -139,6 +139,8 @@ export declare class ApiServer {
     private ensureUserStore;
     private ensureTokenStore;
     private ensurePasskeyService;
+    listUserCredentials(userId: AuthIdentifier): Promise<StoredPasskeyCredential[]>;
+    deletePasskeyCredential(credentialId: Buffer | string): Promise<boolean>;
     private ensureOAuthStore;
     getUser(identifier: AuthIdentifier): Promise<any | null>;
     getUserPasswordHash(user: any): string;

package/dist/esm/api-server-base.js

@@ -440,6 +440,12 @@ export class ApiServer {
         }
         return this.passkeyServiceAdapter;
     }
+    async listUserCredentials(userId) {
+        return this.ensurePasskeyService().listUserCredentials(userId);
+    }
+    async deletePasskeyCredential(credentialId) {
+        return this.ensurePasskeyService().deleteCredential(credentialId);
+    }
     ensureOAuthStore() {
         if (!this.oauthStoreAdapter) {
             throw new Error('OAuth store is not configured');

package/dist/esm/passkey/service.js

@@ -31,6 +31,26 @@ function toBuffer(value) {
     const view = value instanceof Uint8Array ? value : new Uint8Array(value);
     return Buffer.from(view);
 }
+function toBufferOrNull(value) {
+    if (!value) {
+        return null;
+    }
+    if (Buffer.isBuffer(value)) {
+        return value;
+    }
+    if (value instanceof ArrayBuffer || value instanceof Uint8Array) {
+        return toBuffer(value);
+    }
+    if (typeof value === 'string') {
+        try {
+            return fromBase64Url(value);
+        }
+        catch {
+            return null;
+        }
+    }
+    return null;
+}
 export class PasskeyService {
     constructor(config, adapter, logger = console) {
         this.config = config;
@@ -110,7 +130,8 @@ export class PasskeyService {
         return {
             challenge: options.challenge,
             expiresAt: expiresAt.toISOString(),
-            userId: user.id
+            userId: user.id,
+            publicKey: options
         };
     }
     async createAuthenticationChallenge(params, metadata) {
@@ -139,7 +160,8 @@ export class PasskeyService {
         return {
             challenge: options.challenge,
             expiresAt: expiresAt.toISOString(),
-            userId: user.id
+            userId: user.id,
+            publicKey: options
         };
     }
     async verifyRegistration(params, record) {
@@ -158,14 +180,31 @@ export class PasskeyService {
             requireUserVerification: true
         });
         if (!result.verified || !result.registrationInfo) {
+            if (!result.verified) {
+                const err = result.error ?? result;
+                this.logger.error?.('Passkey registration verification failed', err);
+            }
             return { verified: false };
         }
         const registrationInfo = result.registrationInfo;
+        const attestationResponse = params.response?.response;
+        const credentialIdPrimary = toBufferOrNull(registrationInfo.credentialID);
+        const credentialIdFallback = toBufferOrNull(params.response?.id);
+        const credentialId = credentialIdPrimary && credentialIdPrimary.length > 0 ? credentialIdPrimary : credentialIdFallback;
+        const publicKeyPrimary = toBufferOrNull(registrationInfo.credentialPublicKey);
+        const publicKeyFallback = toBufferOrNull(attestationResponse?.publicKey);
+        const publicKey = publicKeyPrimary && publicKeyPrimary.length > 0 ? publicKeyPrimary : publicKeyFallback;
+        if (!credentialId || credentialId.length === 0) {
+            return { verified: false, message: 'Missing credential id in registration response' };
+        }
+        if (!publicKey || publicKey.length === 0) {
+            return { verified: false, message: 'Missing public key in registration response' };
+        }
         await this.adapter.saveCredential({
             userId: user.id,
-            credentialId: toBuffer(registrationInfo.credentialID),
-            publicKey: toBuffer(registrationInfo.credentialPublicKey),
-            counter: registrationInfo.counter,
+            credentialId,
+            publicKey,
+            counter: registrationInfo.counter ?? 0,
             transports: sanitizeTransports(params.response.transports),
             backedUp: registrationInfo.credentialDeviceType === 'multiDevice',
             deviceType: registrationInfo.credentialDeviceType
@@ -201,6 +240,8 @@ export class PasskeyService {
             requireUserVerification: true
         });
         if (!result.verified) {
+            const err = result.error ?? result;
+            this.logger.error?.('Passkey authentication verification failed', err);
             return { verified: false };
         }
         await this.adapter.updateCredentialCounter(credential.credentialId, result.authenticationInfo.newCounter);

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@technomoron/api-server-base",
-	"version": "2.0.0-beta.4",
+	"version": "2.0.0-beta.6",
 	"description": "Api Server Skeleton / Base Class",
 	"type": "module",
 	"main": "./dist/cjs/index.cjs",
@@ -30,6 +30,8 @@
 		"build:esm": "tsc --project tsconfig/tsconfig.esm.json",
 		"build": "node scripts/run-builds.cjs",
 		"test": "vitest run",
+		"test:unit": "vitest run tests/unit",
+		"test:functional": "vitest run tests/functional",
 		"test:watch": "vitest --watch",
 		"prepublishOnly": "node scripts/run-builds.cjs",
 		"lint": "eslint --ext .js,.ts,.vue ./",