website/routes/api/webauthn/register/[step].ts

import {
	generateRegistrationOptions,
	verifyRegistrationResponse,
} from '@simplewebauthn/server'
import type {
	PublicKeyCredentialCreationOptionsJSON,
	RegistrationResponseJSON,
} from '@simplewebauthn/types'
import { respondApi } from '../../../../src/utils.ts'
import { SessionHandlers } from '../../../../src/session/mod.ts'

//TODO improve workspace imports
import { Passkey } from '@cohabit/ressources_manager/src/models/src/credential.ts'
import { Credential, Ref, User } from '@cohabit/ressources_manager/mod.ts'
import { getRelyingParty } from '../../../../src/webauthn/mod.ts'
import { encodeBase64 } from '@std/encoding'
import { db } from '../../../../src/db/mod.ts'

type Params = { step: 'start' | 'finish' }

export type WebAuthnRegisterStartPayload = { name: string }

export type WebAuthnRegisterFinishPayload = RegistrationResponseJSON

export const handler: SessionHandlers = {
	async POST(req, ctx) {
		const relyingParty = getRelyingParty(ctx.url)

		const { step } = ctx.params as Params
		const user = ctx.state.session.get<User>('user')

		if (user === undefined) {
			return respondApi(
				'error',
				new Error('no logged user in current session'),
				401,
			)
		}

		if (step === 'start') {
			const { name } = await req.json() as WebAuthnRegisterStartPayload

			// Get user credentials
			// Ensure latest user datas
			const dbUser = await db.ressource.user.get(user)
			// Resolve refs to credentials
			const resolver = Ref.dbResolver(db)
			const credentials = await Promise.all(dbUser.credentials.map(resolver))
			const excludeCredentials = credentials
				.filter((credential): credential is Credential<'passkey'> =>
					credential.category === 'passkey'
				)
				.map((credential) => credential.store)

			const options = await generateRegistrationOptions({
				rpName: relyingParty.name,
				rpID: relyingParty.id,
				userName: user.login,
				attestationType: 'none',
				excludeCredentials,
				authenticatorSelection: {
					residentKey: 'preferred',
					userVerification: 'preferred',
				},
			})

			ctx.state.session.flash('webauthn-registration', { name, options })

			return respondApi('success', options)
		}

		if (step === 'finish') {
			const registration = await req.json() as WebAuthnRegisterFinishPayload

			const { name, options } = ctx.state.session.get<
				{ name: string; options: PublicKeyCredentialCreationOptionsJSON }
			>('webauthn-registration')!

			try {
				if (options === undefined) {
					throw new Error(`no registration found for ${user.mail}`)
				}

				const verification = await verifyRegistrationResponse({
					response: registration,
					expectedChallenge: options.challenge,
					expectedOrigin: relyingParty.origin,
					expectedRPID: relyingParty.id,
					requireUserVerification: true,
				})

				const { registrationInfo } = verification

				if (registrationInfo === undefined) {
					throw new Error('no registration info found from verification')
				}

				const {
					credentialID,
					credentialPublicKey,
					counter,
					credentialDeviceType,
					credentialBackedUp,
				} = registrationInfo

				// Create new Passkey
				const store: Passkey = {
					user: user.uuid,
					webAuthnUserID: options.user.id,
					id: credentialID,
					publicKey: encodeBase64(credentialPublicKey),
					counter,
					deviceType: credentialDeviceType,
					backedUp: credentialBackedUp,
					transports: registration.response.transports,
				}

				// create and save new Credentials
				const credential = Credential.load({ name, category: 'passkey', store })
				await db.ressource.credential.set([credential])

				// Update user credentials
				// Ensure latest user datas
				const dbUser = await db.ressource.user.get(user)
				// Append new credentials
				const credentials = [...dbUser.credentials, credential.toRef()]
				const updatedUser = user.update({ credentials })
				// Save user to db
				await db.ressource.user.set([updatedUser])
				// Update session
				ctx.state.session.set('user', updatedUser)

				const { verified } = verification

				return respondApi('success', { verified })
			} catch (error) {
				console.error(error)
				return respondApi('error', error, 400)
			}
		}

		return respondApi('error', new Error('unknown step'), 400)
	},
}
feat(api): :sparkles: implement passkey login and register api 2024-06-19 16:09:45 +02:00			`import {`
			`generateRegistrationOptions,`
			`verifyRegistrationResponse,`
			`} from '@simplewebauthn/server'`
			`import type {`
			`PublicKeyCredentialCreationOptionsJSON,`
			`RegistrationResponseJSON,`
			`} from '@simplewebauthn/types'`
			`import { respondApi } from '../../../../src/utils.ts'`
			`import { SessionHandlers } from '../../../../src/session/mod.ts'`

			`//TODO improve workspace imports`
			`import { Passkey } from '@cohabit/ressources_manager/src/models/src/credential.ts'`
			`import { Credential, Ref, User } from '@cohabit/ressources_manager/mod.ts'`
			`import { getRelyingParty } from '../../../../src/webauthn/mod.ts'`
			`import { encodeBase64 } from '@std/encoding'`
			`import { db } from '../../../../src/db/mod.ts'`

			`type Params = { step: 'start' \| 'finish' }`

			`export type WebAuthnRegisterStartPayload = { name: string }`

			`export type WebAuthnRegisterFinishPayload = RegistrationResponseJSON`

			`export const handler: SessionHandlers = {`
			`async POST(req, ctx) {`
			`const relyingParty = getRelyingParty(ctx.url)`

			`const { step } = ctx.params as Params`
			`const user = ctx.state.session.get<User>('user')`

			`if (user === undefined) {`
			`return respondApi(`
			`'error',`
			`new Error('no logged user in current session'),`
			`401,`
			`)`
			`}`

			`if (step === 'start') {`
			`const { name } = await req.json() as WebAuthnRegisterStartPayload`

			`// Get user credentials`
			`// Ensure latest user datas`
			`const dbUser = await db.ressource.user.get(user)`
			`// Resolve refs to credentials`
			`const resolver = Ref.dbResolver(db)`
			`const credentials = await Promise.all(dbUser.credentials.map(resolver))`
			`const excludeCredentials = credentials`
			`.filter((credential): credential is Credential<'passkey'> =>`
			`credential.category === 'passkey'`
			`)`
			`.map((credential) => credential.store)`

			`const options = await generateRegistrationOptions({`
			`rpName: relyingParty.name,`
			`rpID: relyingParty.id,`
			`userName: user.login,`
			`attestationType: 'none',`
			`excludeCredentials,`
			`authenticatorSelection: {`
			`residentKey: 'preferred',`
			`userVerification: 'preferred',`
			`},`
			`})`

			`ctx.state.session.flash('webauthn-registration', { name, options })`

			`return respondApi('success', options)`
			`}`

			`if (step === 'finish') {`
			`const registration = await req.json() as WebAuthnRegisterFinishPayload`

			`const { name, options } = ctx.state.session.get<`
			`{ name: string; options: PublicKeyCredentialCreationOptionsJSON }`
			`>('webauthn-registration')!`

			`try {`
			`if (options === undefined) {`
			throw new Error(`no registration found for ${user.mail}`)
			`}`

			`const verification = await verifyRegistrationResponse({`
			`response: registration,`
			`expectedChallenge: options.challenge,`
			`expectedOrigin: relyingParty.origin,`
			`expectedRPID: relyingParty.id,`
			`requireUserVerification: true,`
			`})`

			`const { registrationInfo } = verification`

			`if (registrationInfo === undefined) {`
			`throw new Error('no registration info found from verification')`
			`}`

			`const {`
			`credentialID,`
			`credentialPublicKey,`
			`counter,`
			`credentialDeviceType,`
			`credentialBackedUp,`
			`} = registrationInfo`

			`// Create new Passkey`
			`const store: Passkey = {`
			`user: user.uuid,`
			`webAuthnUserID: options.user.id,`
			`id: credentialID,`
			`publicKey: encodeBase64(credentialPublicKey),`
			`counter,`
			`deviceType: credentialDeviceType,`
			`backedUp: credentialBackedUp,`
			`transports: registration.response.transports,`
			`}`

			`// create and save new Credentials`
			`const credential = Credential.load({ name, category: 'passkey', store })`
			`await db.ressource.credential.set([credential])`

			`// Update user credentials`
			`// Ensure latest user datas`
			`const dbUser = await db.ressource.user.get(user)`
			`// Append new credentials`
			`const credentials = [...dbUser.credentials, credential.toRef()]`
			`const updatedUser = user.update({ credentials })`
			`// Save user to db`
			`await db.ressource.user.set([updatedUser])`
			`// Update session`
			`ctx.state.session.set('user', updatedUser)`

			`const { verified } = verification`

			`return respondApi('success', { verified })`
			`} catch (error) {`
			`console.error(error)`
			`return respondApi('error', error, 400)`
			`}`
			`}`

			`return respondApi('error', new Error('unknown step'), 400)`
			`},`
			`}`