UNPKG

@auth/core

Version:

Authentication for the Web.

authjs.dev

nextauthjs/next-auth

69 lines (60 loc) 2.36 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import type { InternalOptions, RequestInternal, ResponseInternal, User } from "../../types.js" import type { Cookie, SessionStore } from "../utils/cookie.js" import { getLoggedInUser } from "../utils/session.js" import { assertInternalOptionsWebAuthn, inferWebAuthnOptions, getAuthenticationResponse, getRegistrationResponse } from "../utils/webauthn-utils.js" /** * Returns authentication or registration options for a WebAuthn flow * depending on the parameters provided. */ export async function webAuthnOptions( request: RequestInternal, options: InternalOptions, sessionStore: SessionStore, cookies: Cookie[] ): Promise<ResponseInternal> { // Return an error if the adapter is missing or if the provider // is not a webauthn provider. const narrowOptions = assertInternalOptionsWebAuthn(options) const { provider } = narrowOptions // Extract the action from the query parameters const { action } = (request.query ?? {}) as Record<string, unknown> // Action must be either "register", "authenticate", or undefined if (action !== "register" && action !== "authenticate" && typeof action !== "undefined") { return { status: 400, body: { error: "Invalid action" }, cookies, headers: { "Content-Type": "application/json" } } } // Get the user info from the session const sessionUser = await getLoggedInUser(options, sessionStore) // Extract user info from request // If session user exists, we don't need to call getUserInfo const getUserInfoResponse = sessionUser ? { user: sessionUser, exists: true } : await provider.getUserInfo(options, request) const userInfo = getUserInfoResponse?.user // Make a decision on what kind of webauthn options to return const decision = inferWebAuthnOptions(action, !!sessionUser, getUserInfoResponse) switch (decision) { case "authenticate": return getAuthenticationResponse(narrowOptions, request, userInfo, cookies) case "register": if (typeof userInfo?.email === "string") { return getRegistrationResponse(narrowOptions, request, userInfo as User & { email: string }, cookies) } default: return { status: 400, body: { error: "Invalid request" }, cookies, headers: { "Content-Type": "application/json" } } } }