mirror of
https://github.com/documenso/documenso
synced 2026-04-21 21:37:18 +00:00
fabd69bd62
The v9 packages are deprecated. This updates to v13 which includes breaking API changes: optionsJSON wrapper for auth functions, renamed properties (authenticator→credential), and base64 encoding for credential IDs via isoBase64URL helper.
78 lines
2.1 KiB
TypeScript
78 lines
2.1 KiB
TypeScript
import type { Passkey } from '@prisma/client';
|
|
import { generateAuthenticationOptions } from '@simplewebauthn/server';
|
|
import type { AuthenticatorTransportFuture } from '@simplewebauthn/server';
|
|
import { isoBase64URL } from '@simplewebauthn/server/helpers';
|
|
import { DateTime } from 'luxon';
|
|
|
|
import { prisma } from '@documenso/prisma';
|
|
|
|
import { AppError, AppErrorCode } from '../../errors/app-error';
|
|
import { getAuthenticatorOptions } from '../../utils/authenticator';
|
|
|
|
type CreatePasskeyAuthenticationOptions = {
|
|
userId: number;
|
|
|
|
/**
|
|
* The ID of the passkey to request authentication for.
|
|
*
|
|
* If not set, we allow the browser client to handle choosing.
|
|
*/
|
|
preferredPasskeyId?: string;
|
|
};
|
|
|
|
export const createPasskeyAuthenticationOptions = async ({
|
|
userId,
|
|
preferredPasskeyId,
|
|
}: CreatePasskeyAuthenticationOptions) => {
|
|
const { rpId, timeout } = getAuthenticatorOptions();
|
|
|
|
let preferredPasskey: Pick<Passkey, 'credentialId' | 'transports'> | null = null;
|
|
|
|
if (preferredPasskeyId) {
|
|
preferredPasskey = await prisma.passkey.findFirst({
|
|
where: {
|
|
userId,
|
|
id: preferredPasskeyId,
|
|
},
|
|
select: {
|
|
credentialId: true,
|
|
transports: true,
|
|
},
|
|
});
|
|
|
|
if (!preferredPasskey) {
|
|
throw new AppError(AppErrorCode.NOT_FOUND, {
|
|
message: 'Requested passkey not found',
|
|
});
|
|
}
|
|
}
|
|
|
|
const options = await generateAuthenticationOptions({
|
|
rpID: rpId,
|
|
userVerification: 'preferred',
|
|
timeout,
|
|
allowCredentials: preferredPasskey
|
|
? [
|
|
{
|
|
id: isoBase64URL.fromBuffer(preferredPasskey.credentialId),
|
|
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions
|
|
transports: preferredPasskey.transports as AuthenticatorTransportFuture[],
|
|
},
|
|
]
|
|
: undefined,
|
|
});
|
|
|
|
const { secondaryId } = await prisma.verificationToken.create({
|
|
data: {
|
|
userId,
|
|
token: options.challenge,
|
|
expires: DateTime.now().plus({ minutes: 2 }).toJSDate(),
|
|
identifier: 'PASSKEY_CHALLENGE',
|
|
},
|
|
});
|
|
|
|
return {
|
|
tokenReference: secondaryId,
|
|
options,
|
|
};
|
|
};
|