jessikitty/drop
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Files
d5b4f9760b282d9814aa2b5bc3023f121385e41d
drop/server/api/v1/auth/passkey/finish.post.ts
T
DecDuck 63ac2b8ffc Depot API & v4 (#298) 
* feat: nginx + torrential basics & services system

* fix: lint + i18n

* fix: update torrential to remove openssl

* feat: add torrential to Docker build

* feat: move to self hosted runner

* fix: move off self-hosted runner

* fix: update nginx.conf

* feat: torrential cache invalidation

* fix: update torrential for cache invalidation

* feat: integrity check task

* fix: lint

* feat: move to version ids

* fix: client fixes and client-side checks

* feat: new depot apis and version id fixes

* feat: update torrential

* feat: droplet bump and remove unsafe update functions

* fix: lint

* feat: v4 featureset: emulators, multi-launch commands

* fix: lint

* fix: mobile ui for game editor

* feat: launch options

* fix: lint

* fix: remove axios, use $fetch

* feat: metadata and task api improvements

* feat: task actions

* fix: slight styling issue

* feat: fix style and lints

* feat: totp backend routes

* feat: oidc groups

* fix: update drop-base

* feat: creation of passkeys & totp

* feat: totp signin

* feat: webauthn mfa/signin

* feat: launch selecting ui

* fix: manually running tasks

* feat: update add company game modal to use new SelectorGame

* feat: executor selector

* fix(docker): update rust to rust nightly for torrential build (#305)

* feat: new version ui

* feat: move package lookup to build time to allow for deno dev

* fix: lint

* feat: localisation cleanup

* feat: apply localisation cleanup

* feat: potential i18n refactor logic

* feat: remove args from commands

* fix: lint

* fix: lockfile

---------

Co-authored-by: Aden Lindsay <140392385+AdenMGB@users.noreply.github.com>
2026-01-13 15:32:39 +11:00

106 lines
3.1 KiB
TypeScript
Raw Blame History

import { verifyAuthenticationResponse } from "@simplewebauthn/server";
import { MFAMec } from "~/prisma/client/enums";
import { dropDecodeArrayBase64 } from "~/server/internal/auth/totp";
import type { WebAuthNv1Credentials } from "~/server/internal/auth/webauthn";
import { getRpId } from "~/server/internal/auth/webauthn";
import { systemConfig } from "~/server/internal/config/sys-conf";
import prisma from "~/server/internal/db/database";
import sessionHandler from "~/server/internal/session";
export default defineEventHandler(async (h3) => {
const body = await readBody(h3);
const credentialId = body?.id;
if (!credentialId || typeof credentialId !== "string")
throw createError({
statusCode: 400,
message: "Missing credential id in body.",
});
const optionsRaw = await sessionHandler.getSessionDataKey<string>(
h3,
"webauthn/options",
);
if (!optionsRaw)
throw createError({
statusCode: 400,
message: "WebAuthn setup not started for this session.",
});
const options = JSON.parse(optionsRaw);
await sessionHandler.deleteSessionDataKey(h3, "webauthn/challenge");
// See WebAuthNv1Credentials for schema
const mfaMec = await prisma.linkedMFAMec.findFirst({
where: {
credentials: {
path: ["passkeys"],
array_contains: [
{
id: credentialId,
},
],
},
},
});
if (!mfaMec)
throw createError({ statusCode: 404, message: "Passkey not found" });
const passkeys = (mfaMec.credentials as unknown as WebAuthNv1Credentials)
.passkeys;
const passkeyIndex = passkeys.findIndex((v) => v.id === credentialId);
const passkey = passkeys[passkeyIndex]; // Exists guarantee by database
const rpID = await getRpId();
const externalUrl = await systemConfig.getExternalUrl();
const url = new URL(externalUrl);
let verification;
try {
verification = await verifyAuthenticationResponse({
response: body,
expectedChallenge: options.challenge,
expectedOrigin: url.origin,
expectedRPID: rpID,
credential: {
id: passkey.id,
publicKey: Buffer.from(dropDecodeArrayBase64(passkey.publicKey)),
counter: passkey.counter,
transports: passkey.transports ?? [],
},
});
} catch (error) {
throw createError({
statusCode: 400,
message: (error as string)?.toString(),
});
}
const { verified } = verification;
if (!verified)
throw createError({ statusCode: 403, message: "Invalid passkey." });
const { authenticationInfo } = verification;
const { newCounter } = authenticationInfo;
passkeys[passkeyIndex].counter = newCounter;
(mfaMec.credentials as unknown as WebAuthNv1Credentials).passkeys = passkeys;
// Safe because we query it before
// eslint-disable-next-line drop/no-prisma-delete
await prisma.linkedMFAMec.update({
where: {
userId_mec: {
userId: mfaMec.userId,
mec: MFAMec.WebAuthn,
},
},
data: {
credentials: mfaMec.credentials!,
},
});
await sessionHandler.signin(h3, mfaMec.userId, true);
await sessionHandler.mfa(h3, 10);
return {};
});
Reference in New Issue View Git Blame Copy Permalink