npm - @things-factory/auth-base - Versions diffs - 8.0.0-beta.9 → 8.0.0 - Mend

@things-factory/auth-base 8.0.0-beta.9 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (212) hide show

package/client/actions/auth.ts +24 -0
package/client/auth.ts +272 -0
package/client/bootstrap.ts +47 -0
package/client/directive/privileged.ts +28 -0
package/client/index.ts +3 -0
package/client/profiled.ts +83 -0
package/client/reducers/auth.ts +31 -0
package/dist-client/index.d.ts +0 -1
package/dist-client/index.js +0 -1
package/dist-client/index.js.map +1 -1
package/dist-client/tsconfig.tsbuildinfo +1 -1
package/dist-server/constants/error-code.d.ts +0 -2
package/dist-server/constants/error-code.js +1 -3
package/dist-server/constants/error-code.js.map +1 -1
package/dist-server/controllers/change-pwd.js +2 -2
package/dist-server/controllers/change-pwd.js.map +1 -1
package/dist-server/controllers/delete-user.js +12 -13
package/dist-server/controllers/delete-user.js.map +1 -1
package/dist-server/controllers/invitation.d.ts +1 -2
package/dist-server/controllers/invitation.js +5 -30
package/dist-server/controllers/invitation.js.map +1 -1
package/dist-server/controllers/profile.d.ts +3 -4
package/dist-server/controllers/profile.js +2 -20
package/dist-server/controllers/profile.js.map +1 -1
package/dist-server/controllers/signin.d.ts +1 -4
package/dist-server/controllers/signin.js +1 -17
package/dist-server/controllers/signin.js.map +1 -1
package/dist-server/controllers/signup.js +4 -13
package/dist-server/controllers/signup.js.map +1 -1
package/dist-server/controllers/unlock-user.js +0 -1
package/dist-server/controllers/unlock-user.js.map +1 -1
package/dist-server/controllers/verification.js +0 -1
package/dist-server/controllers/verification.js.map +1 -1
package/dist-server/middlewares/signin-middleware.js +4 -9
package/dist-server/middlewares/signin-middleware.js.map +1 -1
package/dist-server/middlewares/webauthn-middleware.js.map +1 -1
package/dist-server/migrations/1548206416130-SeedUser.js +1 -2
package/dist-server/migrations/1548206416130-SeedUser.js.map +1 -1
package/dist-server/router/auth-checkin-router.js +2 -8
package/dist-server/router/auth-checkin-router.js.map +1 -1
package/dist-server/router/auth-private-process-router.js +7 -12
package/dist-server/router/auth-private-process-router.js.map +1 -1
package/dist-server/router/auth-public-process-router.js +9 -20
package/dist-server/router/auth-public-process-router.js.map +1 -1
package/dist-server/router/auth-signin-router.js +3 -3
package/dist-server/router/auth-signin-router.js.map +1 -1
package/dist-server/router/webauthn-router.js +1 -51
package/dist-server/router/webauthn-router.js.map +1 -1
package/dist-server/service/invitation/invitation-mutation.d.ts +2 -3
package/dist-server/service/invitation/invitation-mutation.js +8 -20
package/dist-server/service/invitation/invitation-mutation.js.map +1 -1
package/dist-server/service/user/user-mutation.d.ts +9 -10
package/dist-server/service/user/user-mutation.js +54 -112
package/dist-server/service/user/user-mutation.js.map +1 -1
package/dist-server/service/user/user-types.d.ts +0 -1
package/dist-server/service/user/user-types.js +0 -4
package/dist-server/service/user/user-types.js.map +1 -1
package/dist-server/service/user/user.d.ts +0 -1
package/dist-server/service/user/user.js +14 -40
package/dist-server/service/user/user.js.map +1 -1
package/dist-server/templates/account-unlock-email.d.ts +1 -2
package/dist-server/templates/account-unlock-email.js +1 -1
package/dist-server/templates/account-unlock-email.js.map +1 -1
package/dist-server/templates/invitation-email.d.ts +1 -2
package/dist-server/templates/invitation-email.js +1 -1
package/dist-server/templates/invitation-email.js.map +1 -1
package/dist-server/templates/verification-email.d.ts +1 -2
package/dist-server/templates/verification-email.js +1 -1
package/dist-server/templates/verification-email.js.map +1 -1
package/dist-server/tsconfig.tsbuildinfo +1 -1
package/package.json +6 -6
package/server/constants/error-code.ts +20 -0
package/server/constants/error-message.ts +0 -0
package/server/constants/max-age.ts +1 -0
package/server/controllers/auth.ts +5 -0
package/server/controllers/change-pwd.ts +99 -0
package/server/controllers/checkin.ts +21 -0
package/server/controllers/delete-user.ts +68 -0
package/server/controllers/invitation.ts +132 -0
package/server/controllers/profile.ts +28 -0
package/server/controllers/reset-password.ts +126 -0
package/server/controllers/signin.ts +79 -0
package/server/controllers/signup.ts +60 -0
package/server/controllers/unlock-user.ts +61 -0
package/server/controllers/utils/make-invitation-token.ts +5 -0
package/server/controllers/utils/make-verification-token.ts +4 -0
package/server/controllers/utils/password-rule.ts +120 -0
package/server/controllers/utils/save-invitation-token.ts +10 -0
package/server/controllers/utils/save-verification-token.ts +12 -0
package/server/controllers/verification.ts +83 -0
package/server/errors/auth-error.ts +24 -0
package/server/errors/index.ts +2 -0
package/server/errors/user-domain-not-match-error.ts +29 -0
package/server/index.ts +37 -0
package/server/middlewares/authenticate-401-middleware.ts +114 -0
package/server/middlewares/domain-authenticate-middleware.ts +78 -0
package/server/middlewares/graphql-authenticate-middleware.ts +13 -0
package/server/middlewares/index.ts +67 -0
package/server/middlewares/jwt-authenticate-middleware.ts +84 -0
package/server/middlewares/signin-middleware.ts +55 -0
package/server/middlewares/webauthn-middleware.ts +127 -0
package/server/migrations/1548206416130-SeedUser.ts +59 -0
package/server/migrations/1566805283882-SeedPrivilege.ts +28 -0
package/server/migrations/index.ts +9 -0
package/server/router/auth-checkin-router.ts +107 -0
package/server/router/auth-private-process-router.ts +107 -0
package/server/router/auth-public-process-router.ts +302 -0
package/server/router/auth-signin-router.ts +55 -0
package/server/router/auth-signup-router.ts +95 -0
package/server/router/index.ts +9 -0
package/server/router/oauth2/index.ts +2 -0
package/server/router/oauth2/oauth2-authorize-router.ts +81 -0
package/server/router/oauth2/oauth2-router.ts +165 -0
package/server/router/oauth2/oauth2-server.ts +262 -0
package/server/router/oauth2/passport-oauth2-client-password.ts +87 -0
package/server/router/oauth2/passport-refresh-token.ts +87 -0
package/server/router/path-base-domain-router.ts +8 -0
package/server/router/site-root-router.ts +48 -0
package/server/router/webauthn-router.ts +87 -0
package/server/routes.ts +80 -0
package/server/service/app-binding/app-binding-mutation.ts +22 -0
package/server/service/app-binding/app-binding-query.ts +92 -0
package/server/service/app-binding/app-binding-types.ts +11 -0
package/server/service/app-binding/app-binding.ts +17 -0
package/server/service/app-binding/index.ts +4 -0
package/server/service/appliance/appliance-mutation.ts +113 -0
package/server/service/appliance/appliance-query.ts +76 -0
package/server/service/appliance/appliance-types.ts +56 -0
package/server/service/appliance/appliance.ts +133 -0
package/server/service/appliance/index.ts +6 -0
package/server/service/application/application-mutation.ts +104 -0
package/server/service/application/application-query.ts +98 -0
package/server/service/application/application-types.ts +76 -0
package/server/service/application/application.ts +216 -0
package/server/service/application/index.ts +6 -0
package/server/service/auth-provider/auth-provider-mutation.ts +159 -0
package/server/service/auth-provider/auth-provider-parameter-spec.ts +24 -0
package/server/service/auth-provider/auth-provider-query.ts +88 -0
package/server/service/auth-provider/auth-provider-type.ts +67 -0
package/server/service/auth-provider/auth-provider.ts +155 -0
package/server/service/auth-provider/index.ts +7 -0
package/server/service/domain-generator/domain-generator-mutation.ts +117 -0
package/server/service/domain-generator/domain-generator-types.ts +46 -0
package/server/service/domain-generator/index.ts +3 -0
package/server/service/granted-role/granted-role-mutation.ts +156 -0
package/server/service/granted-role/granted-role-query.ts +60 -0
package/server/service/granted-role/granted-role.ts +27 -0
package/server/service/granted-role/index.ts +6 -0
package/server/service/index.ts +90 -0
package/server/service/invitation/index.ts +6 -0
package/server/service/invitation/invitation-mutation.ts +63 -0
package/server/service/invitation/invitation-query.ts +33 -0
package/server/service/invitation/invitation-types.ts +11 -0
package/server/service/invitation/invitation.ts +63 -0
package/server/service/login-history/index.ts +5 -0
package/server/service/login-history/login-history-query.ts +51 -0
package/server/service/login-history/login-history-type.ts +12 -0
package/server/service/login-history/login-history.ts +45 -0
package/server/service/partner/index.ts +6 -0
package/server/service/partner/partner-mutation.ts +61 -0
package/server/service/partner/partner-query.ts +102 -0
package/server/service/partner/partner-types.ts +11 -0
package/server/service/partner/partner.ts +57 -0
package/server/service/password-history/index.ts +3 -0
package/server/service/password-history/password-history.ts +16 -0
package/server/service/privilege/index.ts +6 -0
package/server/service/privilege/privilege-directive.ts +77 -0
package/server/service/privilege/privilege-mutation.ts +92 -0
package/server/service/privilege/privilege-query.ts +94 -0
package/server/service/privilege/privilege-types.ts +60 -0
package/server/service/privilege/privilege.ts +102 -0
package/server/service/role/index.ts +6 -0
package/server/service/role/role-mutation.ts +109 -0
package/server/service/role/role-query.ts +155 -0
package/server/service/role/role-types.ts +81 -0
package/server/service/role/role.ts +72 -0
package/server/service/user/domain-query.ts +24 -0
package/server/service/user/index.ts +7 -0
package/server/service/user/user-mutation.ts +413 -0
package/server/service/user/user-query.ts +145 -0
package/server/service/user/user-types.ts +97 -0
package/server/service/user/user.ts +354 -0
package/server/service/users-auth-providers/index.ts +5 -0
package/server/service/users-auth-providers/users-auth-providers.ts +71 -0
package/server/service/verification-token/index.ts +3 -0
package/server/service/verification-token/verification-token.ts +60 -0
package/server/service/web-auth-credential/index.ts +3 -0
package/server/service/web-auth-credential/web-auth-credential.ts +67 -0
package/server/templates/account-unlock-email.ts +65 -0
package/server/templates/invitation-email.ts +66 -0
package/server/templates/reset-password-email.ts +65 -0
package/server/templates/verification-email.ts +66 -0
package/server/types.ts +21 -0
package/server/utils/accepts.ts +11 -0
package/server/utils/access-token-cookie.ts +61 -0
package/server/utils/check-permission.ts +52 -0
package/server/utils/check-user-belongs-domain.ts +19 -0
package/server/utils/check-user-has-role.ts +29 -0
package/server/utils/encrypt-state.ts +22 -0
package/server/utils/get-aes-256-key.ts +13 -0
package/server/utils/get-domain-from-hostname.ts +7 -0
package/server/utils/get-domain-users.ts +38 -0
package/server/utils/get-secret.ts +13 -0
package/server/utils/get-user-domains.ts +112 -0
package/translations/en.json +1 -5
package/translations/ja.json +1 -5
package/translations/ko.json +3 -6
package/translations/ms.json +1 -5
package/translations/zh.json +1 -5
package/dist-client/verify-webauthn.d.ts +0 -13
package/dist-client/verify-webauthn.js +0 -72
package/dist-client/verify-webauthn.js.map +0 -1

package/translations/ms.json CHANGED Viewed

@@ -4,7 +4,6 @@
   "error.confirm password not matched": "Kata laluan baru dan pengesahan kata laluan tidak sepadan",
   "error.domain mismatch": "Sijil tidak sesuai untuk domain ini",
   "error.domain not allowed": "Pengguna tidak dibenarkan domain `{subdomain}`",
-  "error.email already exists": "Emel telah digunakan oleh pengguna lain",
   "error.failed to find x": "Gagal mencari {x}",
   "error.password should be supported": "kata laluan awal atau kata laluan lalai harus disokong",
   "error.password should match the rule": "Kata laluan harus mematuhi peraturan berikut. ${rule}",
@@ -12,15 +11,13 @@
   "error.subdomain not found": "Domain tidak ditemui",
   "error.token or password is invalid": "Token atau kata laluan tidak sah",
   "error.unavailable-domain": "Domain tidak tersedia",
-  "error.user credential not found": "kelayakan pengguna tidak ditemui. Anda perlu mendaftarkan peranti untuk menggunakan pengesahan biometrik.",
   "error.user credential registeration failed": "pendaftaran kelayakan pengguna gagal. Mungkin kelayakan tersebut sudah didaftarkan.",
   "error.user credential registration not allowed": "pendaftaran kelayakan pengguna gagal. Masa pendaftaran telah tamat atau pendaftaran tidak dibenarkan.",
-  "error.user duplicated": "terdapat akaun pengguna yang menggunakan e-mel atau ID pengguna yang sama.",
+  "error.user duplicated": "Emel telah digunakan oleh akaun lain",
   "error.user not activated": "Pengguna tidak diaktifkan",
   "error.user not found": "Pengguna tidak ditemui",
   "error.user or verification token not found": "Pengguna atau token pengesahan tidak ditemui",
   "error.user validation failed": "Validasi pengguna gagal",
-  "error.username already exists": "Nama pengguna telah digunakan oleh pengguna lain",
   "error.x is not a member of y": "{x} bukan ahli {y}",
   "field.active": "Aktif",
   "field.appliance_id": "Perkakas",
@@ -59,7 +56,6 @@
   "text.signout successfully": "Berjaya keluar",
   "text.user activated successfully": "Pengguna diaktifkan dengan berjaya",
   "text.user credential registered successfully": "pendaftaran peranti berjaya diselesaikan. Kini anda boleh menggunakan pengesahan biometrik.",
-  "text.user inactivated successfully": "Pengguna tidak aktif dengan berjaya",
   "text.user registered successfully": "Pengguna berjaya didaftarkan. Cari e-mel anda untuk mengaktifkan akaun",
   "text.verification email sent": "E-mel pengesahan telah dihantar"
 }

package/translations/zh.json CHANGED Viewed

@@ -5,7 +5,6 @@
   "error.confirm password not matched": "新密码与确认密码不匹配！",
   "error.domain mismatch": "证书不适用于该域！",
   "error.domain not allowed": "用户无权限使用`{subdomain}`域！",
-  "error.email already exists": "电子邮件已被其他用户使用！",
   "error.failed to find x": "查询{x}失败！",
   "error.password should be supported": "应支持初始密码或默认密码",
   "error.password should match the rule": "密码应符合以下规则。${rule}",
@@ -13,15 +12,13 @@
   "error.subdomain not found": "用户域查询失败！",
   "error.token or password is invalid": "令牌或密码无效！",
   "error.unavailable-domain": "不可用的域名",
-  "error.user credential not found": "用户凭证未找到。您需要注册设备以使用生物识别认证。",
   "error.user credential registeration failed": "用户凭证注册失败。可能是已注册的凭证。",
   "error.user credential registration not allowed": "用户凭证注册失败。注册超时或注册不被允许。",
-  "error.user duplicated": "存在一个用户帐户使用相同的电子邮件或用户ID。",
+  "error.user duplicated": "有一个用户帐户使用相同的电子邮件",
   "error.user not activated": "用户未激活！",
   "error.user not found": "找不到用户",
   "error.user or verification token not found": "找不到用户或验证令牌。",
   "error.user validation failed": "用户验证失败！",
-  "error.username already exists": "用户名已被其他用户使用",
   "error.x is not a member of y": "{x}不是{y}的成员",
   "field.active": "激活",
   "field.appliance_id": "终端机ID",
@@ -60,7 +57,6 @@
   "text.signout successfully": "登出成功。",
   "text.user activated successfully": "用户激活成功",
   "text.user credential registered successfully": "设备注册已成功完成。现在可以使用生物识别认证。",
-  "text.user inactivated successfully": "用户已成功停用",
   "text.user registered successfully": "用户注册成功。 请查看电子邮件以激活帐户。",
   "text.verification email sent": "验证邮件已发送"
 }

package/dist-client/verify-webauthn.d.ts DELETED Viewed

@@ -1,13 +0,0 @@
-interface BiometricVerificationResult {
-    verified: boolean;
-    message: string;
-    needsRegistration?: boolean;
-}
-/**
- * Performs biometric verification for the current user.
- * @param challengeUrl The URL to fetch the authentication challenge.
- * @param verifyUrl The URL to send the authentication assertion for verification.
- * @returns A promise that resolves to a BiometricVerificationResult.
- */
-export declare function verifyBiometric(challengeUrl?: string, verifyUrl?: string): Promise<BiometricVerificationResult>;
-export {};

package/dist-client/verify-webauthn.js DELETED Viewed

@@ -1,72 +0,0 @@
-/*
-// Usage example
-async function performSensitiveAction() {
-  try {
-    const result = await verifyBiometric()
-    if (result.verified) {
-      console.log('Verification successful. Proceeding with sensitive action.')
-      // Perform the sensitive action here
-    } else if (result.needsRegistration) {
-      console.log('Biometric registration needed:', result.message)
-      // Redirect user to biometric registration page or show registration prompt
-    } else {
-      console.log('Verification failed:', result.message)
-      // Handle the failure (e.g., show an error message to the user)
-    }
-  } catch (error) {
-    console.error('Error during biometric verification:', error)
-    // Handle any unexpected errors
-  }
-}
-*/
-import { startAuthentication } from '@simplewebauthn/browser';
-/**
- * Performs biometric verification for the current user.
- * @param challengeUrl The URL to fetch the authentication challenge.
- * @param verifyUrl The URL to send the authentication assertion for verification.
- * @returns A promise that resolves to a BiometricVerificationResult.
- */
-export async function verifyBiometric(challengeUrl = '/auth/verify-webauthn/challenge', verifyUrl = '/auth/verify-webauthn') {
-    try {
-        // 1. Get the challenge from the server
-        const challengeResponse = await fetch(challengeUrl);
-        if (!challengeResponse.ok) {
-            const errorData = await challengeResponse.json();
-            if (challengeResponse.status === 400 && errorData.error === 'No biometric credentials registered for this user') {
-                return {
-                    verified: false,
-                    message: 'Biometric authentication is not set up for this account. Please register first.',
-                    needsRegistration: true
-                };
-            }
-            throw new Error(`Failed to get challenge: ${errorData.error || challengeResponse.statusText}`);
-        }
-        const options = await challengeResponse.json();
-        // 2. Start the authentication process
-        const assertion = await startAuthentication(options);
-        // 3. Send the assertion to the server for verification
-        const verificationResponse = await fetch(verifyUrl, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json'
-            },
-            body: JSON.stringify(assertion)
-        });
-        if (!verificationResponse.ok) {
-            throw new Error(`Verification failed: ${verificationResponse.statusText}`);
-        }
-        const verificationResult = await verificationResponse.json();
-        return {
-            verified: verificationResult.verified,
-            message: verificationResult.message || 'Biometric verification successful!'
-        };
-    }
-    catch (error) {
-        console.error('Biometric verification error:', error);
-        return {
-            verified: false,
-            message: `Error: ${error.message}`
-        };
-    }
-}
-//# sourceMappingURL=verify-webauthn.js.map

package/dist-client/verify-webauthn.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"verify-webauthn.js","sourceRoot":"","sources":["../client/verify-webauthn.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;EAoBE;AAEF,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAA;AAQ7D;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,eAAuB,iCAAiC,EACxD,YAAoB,uBAAuB;IAE3C,IAAI,CAAC;QACH,uCAAuC;QACvC,MAAM,iBAAiB,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAA;QACnD,IAAI,CAAC,iBAAiB,CAAC,EAAE,EAAE,CAAC;YAC1B,MAAM,SAAS,GAAG,MAAM,iBAAiB,CAAC,IAAI,EAAE,CAAA;YAChD,IAAI,iBAAiB,CAAC,MAAM,KAAK,GAAG,IAAI,SAAS,CAAC,KAAK,KAAK,mDAAmD,EAAE,CAAC;gBAChH,OAAO;oBACL,QAAQ,EAAE,KAAK;oBACf,OAAO,EAAE,iFAAiF;oBAC1F,iBAAiB,EAAE,IAAI;iBACxB,CAAA;YACH,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,4BAA4B,SAAS,CAAC,KAAK,IAAI,iBAAiB,CAAC,UAAU,EAAE,CAAC,CAAA;QAChG,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,IAAI,EAAE,CAAA;QAE9C,sCAAsC;QACtC,MAAM,SAAS,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,CAAA;QAEpD,uDAAuD;QACvD,MAAM,oBAAoB,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YAClD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;SAChC,CAAC,CAAA;QAEF,IAAI,CAAC,oBAAoB,CAAC,EAAE,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,wBAAwB,oBAAoB,CAAC,UAAU,EAAE,CAAC,CAAA;QAC5E,CAAC;QAED,MAAM,kBAAkB,GAAG,MAAM,oBAAoB,CAAC,IAAI,EAAE,CAAA;QAE5D,OAAO;YACL,QAAQ,EAAE,kBAAkB,CAAC,QAAQ;YACrC,OAAO,EAAE,kBAAkB,CAAC,OAAO,IAAI,oCAAoC;SAC5E,CAAA;IACH,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAA;QACrD,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,UAAU,KAAK,CAAC,OAAO,EAAE;SACnC,CAAA;IACH,CAAC;AACH,CAAC","sourcesContent":["/*\n// Usage example\nasync function performSensitiveAction() {\n try {\n const result = await verifyBiometric()\n if (result.verified) {\n console.log('Verification successful. Proceeding with sensitive action.')\n // Perform the sensitive action here\n } else if (result.needsRegistration) {\n console.log('Biometric registration needed:', result.message)\n // Redirect user to biometric registration page or show registration prompt\n } else {\n console.log('Verification failed:', result.message)\n // Handle the failure (e.g., show an error message to the user)\n }\n } catch (error) {\n console.error('Error during biometric verification:', error)\n // Handle any unexpected errors\n }\n}\n*/\n\nimport { startAuthentication } from '@simplewebauthn/browser'\n\ninterface BiometricVerificationResult {\n verified: boolean\n message: string\n needsRegistration?: boolean\n}\n\n/**\n * Performs biometric verification for the current user.\n * @param challengeUrl The URL to fetch the authentication challenge.\n * @param verifyUrl The URL to send the authentication assertion for verification.\n * @returns A promise that resolves to a BiometricVerificationResult.\n */\nexport async function verifyBiometric(\n challengeUrl: string = '/auth/verify-webauthn/challenge',\n verifyUrl: string = '/auth/verify-webauthn'\n): Promise<BiometricVerificationResult> {\n try {\n // 1. Get the challenge from the server\n const challengeResponse = await fetch(challengeUrl)\n if (!challengeResponse.ok) {\n const errorData = await challengeResponse.json()\n if (challengeResponse.status === 400 && errorData.error === 'No biometric credentials registered for this user') {\n return {\n verified: false,\n message: 'Biometric authentication is not set up for this account. Please register first.',\n needsRegistration: true\n }\n }\n throw new Error(`Failed to get challenge: ${errorData.error || challengeResponse.statusText}`)\n }\n const options = await challengeResponse.json()\n\n // 2. Start the authentication process\n const assertion = await startAuthentication(options)\n\n // 3. Send the assertion to the server for verification\n const verificationResponse = await fetch(verifyUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json'\n },\n body: JSON.stringify(assertion)\n })\n\n if (!verificationResponse.ok) {\n throw new Error(`Verification failed: ${verificationResponse.statusText}`)\n }\n\n const verificationResult = await verificationResponse.json()\n\n return {\n verified: verificationResult.verified,\n message: verificationResult.message || 'Biometric verification successful!'\n }\n } catch (error: any) {\n console.error('Biometric verification error:', error)\n return {\n verified: false,\n message: `Error: ${error.message}`\n }\n }\n}\n"]}