@things-factory/auth-base 7.0.1-beta.7 → 7.0.1-beta.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/dist-server/constants/error-code.d.ts +1 -0
  2. package/dist-server/constants/error-code.js +2 -1
  3. package/dist-server/constants/error-code.js.map +1 -1
  4. package/dist-server/middlewares/webauthn-middleware.js +7 -1
  5. package/dist-server/middlewares/webauthn-middleware.js.map +1 -1
  6. package/dist-server/tsconfig.tsbuildinfo +1 -1
  7. package/package.json +4 -4
  8. package/server/constants/error-code.ts +1 -0
  9. package/server/middlewares/webauthn-middleware.ts +6 -1
  10. package/translations/en.json +1 -0
  11. package/translations/ja.json +1 -0
  12. package/translations/ko.json +1 -0
  13. package/translations/ms.json +1 -0
  14. package/translations/zh.json +1 -0
package/dist-server/constants/error-code.d.ts CHANGED
@@ -17,3 +17,4 @@ export declare const PASSWORD_USED_PAST = "password used in the past";
17
17
  export declare const VERIFICATION_ERROR = "user or verification token not found";
18
18
  export declare const USER_CREDENTIAL_NOT_FOUND = "user credential not found";
19
19
  export declare const AUTH_ERROR = "auth error";
20
+ export declare const FIDO2_CERT_UNSUPPORTED = "fido2 certificate unsupported";
package/dist-server/constants/error-code.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.AUTH_ERROR = exports.USER_CREDENTIAL_NOT_FOUND = exports.VERIFICATION_ERROR = exports.PASSWORD_USED_PAST = exports.USER_DUPLICATED = exports.PASSWORD_PATTERN_NOT_MATCHED = exports.CONFIRM_PASSWORD_NOT_MATCHED = exports.SUBDOMAIN_NOTFOUND = exports.AUTH_INVALID = exports.TOKEN_INVALID = exports.REDIRECT_TO_DEFAULT_DOMAIN = exports.NO_SELECTED_DOMAIN = exports.UNAVAILABLE_DOMAIN = exports.NO_AVAILABLE_DOMAIN = exports.USER_DELETED = exports.USER_LOCKED = exports.USER_NOT_ACTIVATED = exports.PASSWORD_NOT_MATCHED = exports.USER_NOT_FOUND = void 0;
3
+ exports.FIDO2_CERT_UNSUPPORTED = exports.AUTH_ERROR = exports.USER_CREDENTIAL_NOT_FOUND = exports.VERIFICATION_ERROR = exports.PASSWORD_USED_PAST = exports.USER_DUPLICATED = exports.PASSWORD_PATTERN_NOT_MATCHED = exports.CONFIRM_PASSWORD_NOT_MATCHED = exports.SUBDOMAIN_NOTFOUND = exports.AUTH_INVALID = exports.TOKEN_INVALID = exports.REDIRECT_TO_DEFAULT_DOMAIN = exports.NO_SELECTED_DOMAIN = exports.UNAVAILABLE_DOMAIN = exports.NO_AVAILABLE_DOMAIN = exports.USER_DELETED = exports.USER_LOCKED = exports.USER_NOT_ACTIVATED = exports.PASSWORD_NOT_MATCHED = exports.USER_NOT_FOUND = void 0;
4
4
  exports.USER_NOT_FOUND = 'user not found';
5
5
  exports.PASSWORD_NOT_MATCHED = 'password-not-matched';
6
6
  exports.USER_NOT_ACTIVATED = 'user not activated';
@@ -20,4 +20,5 @@ exports.PASSWORD_USED_PAST = 'password used in the past';
20
20
  exports.VERIFICATION_ERROR = 'user or verification token not found';
21
21
  exports.USER_CREDENTIAL_NOT_FOUND = 'user credential not found';
22
22
  exports.AUTH_ERROR = 'auth error';
23
+ exports.FIDO2_CERT_UNSUPPORTED = 'fido2 certificate unsupported';
23
24
  //# sourceMappingURL=error-code.js.map
package/dist-server/constants/error-code.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"error-code.js","sourceRoot":"","sources":["../../server/constants/error-code.ts"],"names":[],"mappings":";;;AAAa,QAAA,cAAc,GAAG,gBAAgB,CAAA;AACjC,QAAA,oBAAoB,GAAG,sBAAsB,CAAA;AAC7C,QAAA,kBAAkB,GAAG,oBAAoB,CAAA;AACzC,QAAA,WAAW,GAAG,aAAa,CAAA;AAC3B,QAAA,YAAY,GAAG,cAAc,CAAA;AAC7B,QAAA,mBAAmB,GAAG,qBAAqB,CAAA;AAC3C,QAAA,kBAAkB,GAAG,oBAAoB,CAAA;AACzC,QAAA,kBAAkB,GAAG,oBAAoB,CAAA;AACzC,QAAA,0BAA0B,GAAG,4BAA4B,CAAA;AACzD,QAAA,aAAa,GAAG,eAAe,CAAA;AAC/B,QAAA,YAAY,GAAG,cAAc,CAAA;AAC7B,QAAA,kBAAkB,GAAG,qBAAqB,CAAA;AAC1C,QAAA,4BAA4B,GAAG,8BAA8B,CAAA;AAC7D,QAAA,4BAA4B,GAAG,gCAAgC,CAAA;AAC/D,QAAA,eAAe,GAAG,iBAAiB,CAAA;AACnC,QAAA,kBAAkB,GAAG,2BAA2B,CAAA;AAChD,QAAA,kBAAkB,GAAG,sCAAsC,CAAA;AAC3D,QAAA,yBAAyB,GAAG,2BAA2B,CAAA;AACvD,QAAA,UAAU,GAAG,YAAY,CAAA","sourcesContent":["export const USER_NOT_FOUND = 'user not found'\nexport const PASSWORD_NOT_MATCHED = 'password-not-matched'\nexport const USER_NOT_ACTIVATED = 'user not activated'\nexport const USER_LOCKED = 'user-locked'\nexport const USER_DELETED = 'user-deleted'\nexport const NO_AVAILABLE_DOMAIN = 'no-available-domain'\nexport const UNAVAILABLE_DOMAIN = 'unavailable-domain'\nexport const NO_SELECTED_DOMAIN = 'no-selected-domain'\nexport const REDIRECT_TO_DEFAULT_DOMAIN = 'redirect-to-default-domain'\nexport const TOKEN_INVALID = 'token-invalid'\nexport const AUTH_INVALID = 'auth-invalid'\nexport const SUBDOMAIN_NOTFOUND = 'subdomain not found'\nexport const CONFIRM_PASSWORD_NOT_MATCHED = 'confirm password not matched'\nexport const PASSWORD_PATTERN_NOT_MATCHED = 'password should match the rule'\nexport const USER_DUPLICATED = 'user duplicated'\nexport const PASSWORD_USED_PAST = 'password used in the past'\nexport const VERIFICATION_ERROR = 'user or verification token not found'\nexport const USER_CREDENTIAL_NOT_FOUND = 'user credential not found'\nexport const AUTH_ERROR = 'auth error'\n"]}
1
+ {"version":3,"file":"error-code.js","sourceRoot":"","sources":["../../server/constants/error-code.ts"],"names":[],"mappings":";;;AAAa,QAAA,cAAc,GAAG,gBAAgB,CAAA;AACjC,QAAA,oBAAoB,GAAG,sBAAsB,CAAA;AAC7C,QAAA,kBAAkB,GAAG,oBAAoB,CAAA;AACzC,QAAA,WAAW,GAAG,aAAa,CAAA;AAC3B,QAAA,YAAY,GAAG,cAAc,CAAA;AAC7B,QAAA,mBAAmB,GAAG,qBAAqB,CAAA;AAC3C,QAAA,kBAAkB,GAAG,oBAAoB,CAAA;AACzC,QAAA,kBAAkB,GAAG,oBAAoB,CAAA;AACzC,QAAA,0BAA0B,GAAG,4BAA4B,CAAA;AACzD,QAAA,aAAa,GAAG,eAAe,CAAA;AAC/B,QAAA,YAAY,GAAG,cAAc,CAAA;AAC7B,QAAA,kBAAkB,GAAG,qBAAqB,CAAA;AAC1C,QAAA,4BAA4B,GAAG,8BAA8B,CAAA;AAC7D,QAAA,4BAA4B,GAAG,gCAAgC,CAAA;AAC/D,QAAA,eAAe,GAAG,iBAAiB,CAAA;AACnC,QAAA,kBAAkB,GAAG,2BAA2B,CAAA;AAChD,QAAA,kBAAkB,GAAG,sCAAsC,CAAA;AAC3D,QAAA,yBAAyB,GAAG,2BAA2B,CAAA;AACvD,QAAA,UAAU,GAAG,YAAY,CAAA;AACzB,QAAA,sBAAsB,GAAG,+BAA+B,CAAA","sourcesContent":["export const USER_NOT_FOUND = 'user not found'\nexport const PASSWORD_NOT_MATCHED = 'password-not-matched'\nexport const USER_NOT_ACTIVATED = 'user not activated'\nexport const USER_LOCKED = 'user-locked'\nexport const USER_DELETED = 'user-deleted'\nexport const NO_AVAILABLE_DOMAIN = 'no-available-domain'\nexport const UNAVAILABLE_DOMAIN = 'unavailable-domain'\nexport const NO_SELECTED_DOMAIN = 'no-selected-domain'\nexport const REDIRECT_TO_DEFAULT_DOMAIN = 'redirect-to-default-domain'\nexport const TOKEN_INVALID = 'token-invalid'\nexport const AUTH_INVALID = 'auth-invalid'\nexport const SUBDOMAIN_NOTFOUND = 'subdomain not found'\nexport const CONFIRM_PASSWORD_NOT_MATCHED = 'confirm password not matched'\nexport const PASSWORD_PATTERN_NOT_MATCHED = 'password should match the rule'\nexport const USER_DUPLICATED = 'user duplicated'\nexport const PASSWORD_USED_PAST = 'password used in the past'\nexport const VERIFICATION_ERROR = 'user or verification token not found'\nexport const USER_CREDENTIAL_NOT_FOUND = 'user credential not found'\nexport const AUTH_ERROR = 'auth error'\nexport const FIDO2_CERT_UNSUPPORTED = 'fido2 certificate unsupported'\n"]}
package/dist-server/middlewares/webauthn-middleware.js CHANGED
@@ -20,7 +20,13 @@ koa_passport_1.default.use(new passport_fido2_webauthn_1.Strategy({ store: expor
20
20
  if (!credential) {
21
21
  return cb(null, false, { errorCode: auth_error_1.AuthError.ERROR_CODES.USER_CREDENTIAL_NOT_FOUND });
22
22
  }
23
- return cb(null, user, credential.publicKey);
23
+ try {
24
+ return cb(null, user, credential.publicKey);
25
+ }
26
+ catch (error) {
27
+ console.error(error);
28
+ return cb(null, false, { errorCode: auth_error_1.AuthError.ERROR_CODES.FIDO2_CERT_UNSUPPORTED });
29
+ }
24
30
  }, async function register(user, id, publicKey, cb) {
25
31
  const userObject = await (0, shell_1.getRepository)(user_1.User).findOne({ where: { id: user.id.toString() } });
26
32
  const webAuthRepository = (0, shell_1.getRepository)(web_auth_credential_1.WebAuthCredential);
package/dist-server/middlewares/webauthn-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"webauthn-middleware.js","sourceRoot":"","sources":["../../server/middlewares/webauthn-middleware.ts"],"names":[],"mappings":";;;;AAAA,wEAAmC;AACnC,qEAA6F;AAE7F,iDAAqD;AAErD,+CAA2C;AAC3C,qDAAgD;AAChD,4FAAsF;AAEzE,QAAA,KAAK,GAAG,IAAI,+CAAqB,EAAE,CAAA;AAEhD,sBAAQ,CAAC,GAAG,CACV,IAAI,kCAAgB,CAClB,EAAE,KAAK,EAAL,aAAK,EAAE,EACT,KAAK,UAAU,MAAM,CAAC,EAAU,EAAE,UAAsB,EAAE,EAAE;IAC1D,MAAM,IAAI,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAA;IACxF,IAAI,CAAC,IAAI,EAAE;QACT,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,cAAc,EAAE,CAAC,CAAA;KAC5E;IACD,MAAM,UAAU,GAAG,MAAM,IAAA,qBAAa,EAAC,uCAAiB,CAAC,CAAC,OAAO,CAAC;QAChE,KAAK,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE;KACnD,CAAC,CAAA;IACF,IAAI,CAAC,UAAU,EAAE;QACf,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,yBAAyB,EAAE,CAAC,CAAA;KACvF;IAED,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC,CAAA;AAC7C,CAAC,EACD,KAAK,UAAU,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE;IAC7C,MAAM,UAAU,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAA;IAC3F,MAAM,iBAAiB,GAAG,IAAA,qBAAa,EAAC,uCAAiB,CAAC,CAAA;IAE1D,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE;KAC7D,CAAC,CAAA;IAEF,0CAA0C;IAC1C,IAAI,aAAa,EAAE;QACjB,MAAM,iBAAiB,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAA;KACjD;IAED,MAAM,iBAAiB,CAAC,IAAI,CAAC;QAC3B,IAAI,EAAE,UAAU;QAChB,YAAY,EAAE,EAAE;QAChB,SAAS;QACT,OAAO,EAAE,CAAC;KACX,CAAC,CAAA;IAEF,OAAO,EAAE,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;AAC7B,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,kBAAkB,CAAC,OAAO,EAAE,IAAI;IACpD,OAAO,sBAAQ,CAAC,YAAY,CAC1B,UAAU,EACV,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,EAC5D,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QACxB,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE;YAChB,IAAI,IAAI,CAAC,SAAS,EAAE;gBAClB,MAAM,IAAI,sBAAS,CAAC,IAAI,CAAC,CAAA;aAC1B;iBAAM;gBACL,MAAM,IAAI,sBAAS,CAAC;oBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,UAAU;oBAC3C,MAAM,EAAE,IAAI;iBACb,CAAC,CAAA;aACH;SACF;aAAM;YACL,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAA;YAEzB,MAAM,IAAI,EAAE,CAAA;SACb;IACH,CAAC,CACF,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AAClB,CAAC;AArBD,gDAqBC","sourcesContent":["import passport from 'koa-passport'\nimport { Strategy as WebAuthnStrategy, SessionChallengeStore } from 'passport-fido2-webauthn'\n\nimport { getRepository } from '@things-factory/shell'\n\nimport { User } from '../service/user/user'\nimport { AuthError } from '../errors/auth-error'\nimport { WebAuthCredential } from '../service/web-auth-credential/web-auth-credential'\n\nexport const store = new SessionChallengeStore()\n\npassport.use(\n new WebAuthnStrategy(\n { store },\n async function verify(id: string, userHandle: Uint8Array, cb) {\n const user = await getRepository(User).findOne({ where: { id: userHandle.toString() } })\n if (!user) {\n return cb(null, false, { errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND })\n }\n const credential = await getRepository(WebAuthCredential).findOne({\n where: { credentialId: id, user: { id: user.id } }\n })\n if (!credential) {\n return cb(null, false, { errorCode: AuthError.ERROR_CODES.USER_CREDENTIAL_NOT_FOUND })\n }\n\n return cb(null, user, credential.publicKey)\n },\n async function register(user, id, publicKey, cb) {\n const userObject = await getRepository(User).findOne({ where: { id: user.id.toString() } })\n const webAuthRepository = getRepository(WebAuthCredential)\n\n const oldCredential = await webAuthRepository.findOne({\n where: { user: { id: userObject.id }, publicKey: publicKey }\n })\n\n /* TODO publicKey 비교로는 중복된 등록을 막을 수 없다. */\n if (oldCredential) {\n await webAuthRepository.delete(oldCredential.id)\n }\n\n await webAuthRepository.save({\n user: userObject,\n credentialId: id,\n publicKey,\n counter: 0\n })\n\n return cb(null, userObject)\n }\n )\n)\n\nexport async function webAuthnMiddleware(context, next) {\n return passport.authenticate(\n 'webauthn',\n { session: true, failureMessage: true, failWithError: true },\n async (err, user, info) => {\n if (err || !user) {\n if (info.errorCode) {\n throw new AuthError(info)\n } else {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.AUTH_ERROR,\n detail: info\n })\n }\n } else {\n context.state.user = user\n\n await next()\n }\n }\n )(context, next)\n}\n"]}
1
+ {"version":3,"file":"webauthn-middleware.js","sourceRoot":"","sources":["../../server/middlewares/webauthn-middleware.ts"],"names":[],"mappings":";;;;AAAA,wEAAmC;AACnC,qEAA6F;AAE7F,iDAAqD;AAErD,+CAA2C;AAC3C,qDAAgD;AAChD,4FAAsF;AAEzE,QAAA,KAAK,GAAG,IAAI,+CAAqB,EAAE,CAAA;AAEhD,sBAAQ,CAAC,GAAG,CACV,IAAI,kCAAgB,CAClB,EAAE,KAAK,EAAL,aAAK,EAAE,EACT,KAAK,UAAU,MAAM,CAAC,EAAU,EAAE,UAAsB,EAAE,EAAE;IAC1D,MAAM,IAAI,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAA;IACxF,IAAI,CAAC,IAAI,EAAE;QACT,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,cAAc,EAAE,CAAC,CAAA;KAC5E;IACD,MAAM,UAAU,GAAG,MAAM,IAAA,qBAAa,EAAC,uCAAiB,CAAC,CAAC,OAAO,CAAC;QAChE,KAAK,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE;KACnD,CAAC,CAAA;IACF,IAAI,CAAC,UAAU,EAAE;QACf,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,yBAAyB,EAAE,CAAC,CAAA;KACvF;IAED,IAAI;QACF,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC,CAAA;KAC5C;IAAC,OAAO,KAAK,EAAE;QACd,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;QACpB,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,sBAAsB,EAAE,CAAC,CAAA;KACpF;AACH,CAAC,EACD,KAAK,UAAU,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE;IAC7C,MAAM,UAAU,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAA;IAC3F,MAAM,iBAAiB,GAAG,IAAA,qBAAa,EAAC,uCAAiB,CAAC,CAAA;IAE1D,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE;KAC7D,CAAC,CAAA;IAEF,0CAA0C;IAC1C,IAAI,aAAa,EAAE;QACjB,MAAM,iBAAiB,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAA;KACjD;IAED,MAAM,iBAAiB,CAAC,IAAI,CAAC;QAC3B,IAAI,EAAE,UAAU;QAChB,YAAY,EAAE,EAAE;QAChB,SAAS;QACT,OAAO,EAAE,CAAC;KACX,CAAC,CAAA;IAEF,OAAO,EAAE,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;AAC7B,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,kBAAkB,CAAC,OAAO,EAAE,IAAI;IACpD,OAAO,sBAAQ,CAAC,YAAY,CAC1B,UAAU,EACV,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,EAC5D,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QACxB,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE;YAChB,IAAI,IAAI,CAAC,SAAS,EAAE;gBAClB,MAAM,IAAI,sBAAS,CAAC,IAAI,CAAC,CAAA;aAC1B;iBAAM;gBACL,MAAM,IAAI,sBAAS,CAAC;oBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,UAAU;oBAC3C,MAAM,EAAE,IAAI;iBACb,CAAC,CAAA;aACH;SACF;aAAM;YACL,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAA;YAEzB,MAAM,IAAI,EAAE,CAAA;SACb;IACH,CAAC,CACF,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AAClB,CAAC;AArBD,gDAqBC","sourcesContent":["import passport from 'koa-passport'\nimport { Strategy as WebAuthnStrategy, SessionChallengeStore } from 'passport-fido2-webauthn'\n\nimport { getRepository } from '@things-factory/shell'\n\nimport { User } from '../service/user/user'\nimport { AuthError } from '../errors/auth-error'\nimport { WebAuthCredential } from '../service/web-auth-credential/web-auth-credential'\n\nexport const store = new SessionChallengeStore()\n\npassport.use(\n new WebAuthnStrategy(\n { store },\n async function verify(id: string, userHandle: Uint8Array, cb) {\n const user = await getRepository(User).findOne({ where: { id: userHandle.toString() } })\n if (!user) {\n return cb(null, false, { errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND })\n }\n const credential = await getRepository(WebAuthCredential).findOne({\n where: { credentialId: id, user: { id: user.id } }\n })\n if (!credential) {\n return cb(null, false, { errorCode: AuthError.ERROR_CODES.USER_CREDENTIAL_NOT_FOUND })\n }\n\n try {\n return cb(null, user, credential.publicKey)\n } catch (error) {\n console.error(error)\n return cb(null, false, { errorCode: AuthError.ERROR_CODES.FIDO2_CERT_UNSUPPORTED })\n }\n },\n async function register(user, id, publicKey, cb) {\n const userObject = await getRepository(User).findOne({ where: { id: user.id.toString() } })\n const webAuthRepository = getRepository(WebAuthCredential)\n\n const oldCredential = await webAuthRepository.findOne({\n where: { user: { id: userObject.id }, publicKey: publicKey }\n })\n\n /* TODO publicKey 비교로는 중복된 등록을 막을 수 없다. */\n if (oldCredential) {\n await webAuthRepository.delete(oldCredential.id)\n }\n\n await webAuthRepository.save({\n user: userObject,\n credentialId: id,\n publicKey,\n counter: 0\n })\n\n return cb(null, userObject)\n }\n )\n)\n\nexport async function webAuthnMiddleware(context, next) {\n return passport.authenticate(\n 'webauthn',\n { session: true, failureMessage: true, failWithError: true },\n async (err, user, info) => {\n if (err || !user) {\n if (info.errorCode) {\n throw new AuthError(info)\n } else {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.AUTH_ERROR,\n detail: info\n })\n }\n } else {\n context.state.user = user\n\n await next()\n }\n }\n )(context, next)\n}\n"]}