npm - @technomoron/api-server-base - Versions diffs - 2.0.0-beta.5 → 2.0.0-beta.7 - Mend

@technomoron/api-server-base 2.0.0-beta.5 → 2.0.0-beta.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cjs/passkey/service.js +41 -8
package/dist/esm/passkey/service.js +41 -8
package/package.json +1 -1

package/dist/cjs/passkey/service.js CHANGED Viewed

@@ -34,6 +34,26 @@ function toBuffer(value) {
     const view = value instanceof Uint8Array ? value : new Uint8Array(value);
     return Buffer.from(view);
 }
+function toBufferOrNull(value) {
+    if (!value) {
+        return null;
+    }
+    if (Buffer.isBuffer(value)) {
+        return value;
+    }
+    if (value instanceof ArrayBuffer || value instanceof Uint8Array) {
+        return toBuffer(value);
+    }
+    if (typeof value === 'string') {
+        try {
+            return fromBase64Url(value);
+        }
+        catch {
+            return null;
+        }
+    }
+    return null;
+}
 class PasskeyService {
     constructor(config, adapter, logger = console) {
         this.config = config;
@@ -170,11 +190,24 @@ class PasskeyService {
             return { verified: false };
         }
         const registrationInfo = result.registrationInfo;
+        const attestationResponse = params.response?.response;
+        const credentialIdPrimary = toBufferOrNull(registrationInfo.credentialID);
+        const credentialIdFallback = toBufferOrNull(params.response?.id);
+        const credentialId = credentialIdPrimary && credentialIdPrimary.length > 0 ? credentialIdPrimary : credentialIdFallback;
+        const publicKeyPrimary = toBufferOrNull(registrationInfo.credentialPublicKey);
+        const publicKeyFallback = toBufferOrNull(attestationResponse?.publicKey);
+        const publicKey = publicKeyPrimary && publicKeyPrimary.length > 0 ? publicKeyPrimary : publicKeyFallback;
+        if (!credentialId || credentialId.length === 0) {
+            return { verified: false, message: 'Missing credential id in registration response' };
+        }
+        if (!publicKey || publicKey.length === 0) {
+            return { verified: false, message: 'Missing public key in registration response' };
+        }
         await this.adapter.saveCredential({
             userId: user.id,
-            credentialId: toBuffer(registrationInfo.credentialID),
-            publicKey: toBuffer(registrationInfo.credentialPublicKey),
-            counter: registrationInfo.counter,
+            credentialId,
+            publicKey,
+            counter: registrationInfo.counter ?? 0,
             transports: sanitizeTransports(params.response.transports),
             backedUp: registrationInfo.credentialDeviceType === 'multiDevice',
             deviceType: registrationInfo.credentialDeviceType
@@ -194,19 +227,19 @@ class PasskeyService {
         }
         const user = await this.requireUser({ userId: credential.userId, login: record.login });
         const storedAuthData = {
-            credentialID: credential.credentialId,
+            id: credential.credentialId,
+            publicKey: credential.publicKey,
             counter: credential.counter,
+            transports: credential.transports ?? undefined,
             credentialBackedUp: credential.backedUp,
-            credentialDeviceType: credential.deviceType,
-            credentialPublicKey: credential.publicKey,
-            transports: credential.transports ?? undefined
+            credentialDeviceType: credential.deviceType
         };
         const result = await (0, server_1.verifyAuthenticationResponse)({
             response,
             expectedChallenge: record.challenge,
             expectedOrigin: this.config.origins,
             expectedRPID: this.config.rpId,
-            authenticator: storedAuthData,
+            credential: storedAuthData,
             requireUserVerification: true
         });
         if (!result.verified) {

package/dist/esm/passkey/service.js CHANGED Viewed

@@ -31,6 +31,26 @@ function toBuffer(value) {
     const view = value instanceof Uint8Array ? value : new Uint8Array(value);
     return Buffer.from(view);
 }
+function toBufferOrNull(value) {
+    if (!value) {
+        return null;
+    }
+    if (Buffer.isBuffer(value)) {
+        return value;
+    }
+    if (value instanceof ArrayBuffer || value instanceof Uint8Array) {
+        return toBuffer(value);
+    }
+    if (typeof value === 'string') {
+        try {
+            return fromBase64Url(value);
+        }
+        catch {
+            return null;
+        }
+    }
+    return null;
+}
 export class PasskeyService {
     constructor(config, adapter, logger = console) {
         this.config = config;
@@ -167,11 +187,24 @@ export class PasskeyService {
             return { verified: false };
         }
         const registrationInfo = result.registrationInfo;
+        const attestationResponse = params.response?.response;
+        const credentialIdPrimary = toBufferOrNull(registrationInfo.credentialID);
+        const credentialIdFallback = toBufferOrNull(params.response?.id);
+        const credentialId = credentialIdPrimary && credentialIdPrimary.length > 0 ? credentialIdPrimary : credentialIdFallback;
+        const publicKeyPrimary = toBufferOrNull(registrationInfo.credentialPublicKey);
+        const publicKeyFallback = toBufferOrNull(attestationResponse?.publicKey);
+        const publicKey = publicKeyPrimary && publicKeyPrimary.length > 0 ? publicKeyPrimary : publicKeyFallback;
+        if (!credentialId || credentialId.length === 0) {
+            return { verified: false, message: 'Missing credential id in registration response' };
+        }
+        if (!publicKey || publicKey.length === 0) {
+            return { verified: false, message: 'Missing public key in registration response' };
+        }
         await this.adapter.saveCredential({
             userId: user.id,
-            credentialId: toBuffer(registrationInfo.credentialID),
-            publicKey: toBuffer(registrationInfo.credentialPublicKey),
-            counter: registrationInfo.counter,
+            credentialId,
+            publicKey,
+            counter: registrationInfo.counter ?? 0,
             transports: sanitizeTransports(params.response.transports),
             backedUp: registrationInfo.credentialDeviceType === 'multiDevice',
             deviceType: registrationInfo.credentialDeviceType
@@ -191,19 +224,19 @@ export class PasskeyService {
         }
         const user = await this.requireUser({ userId: credential.userId, login: record.login });
         const storedAuthData = {
-            credentialID: credential.credentialId,
+            id: credential.credentialId,
+            publicKey: credential.publicKey,
             counter: credential.counter,
+            transports: credential.transports ?? undefined,
             credentialBackedUp: credential.backedUp,
-            credentialDeviceType: credential.deviceType,
-            credentialPublicKey: credential.publicKey,
-            transports: credential.transports ?? undefined
+            credentialDeviceType: credential.deviceType
         };
         const result = await verifyAuthenticationResponse({
             response,
             expectedChallenge: record.challenge,
             expectedOrigin: this.config.origins,
             expectedRPID: this.config.rpId,
-            authenticator: storedAuthData,
+            credential: storedAuthData,
             requireUserVerification: true
         });
         if (!result.verified) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@technomoron/api-server-base",
-	"version": "2.0.0-beta.5",
+	"version": "2.0.0-beta.7",
 	"description": "Api Server Skeleton / Base Class",
 	"type": "module",
 	"main": "./dist/cjs/index.cjs",