UNPKG

payload-auth-plugin

Version:

Authentication plugin for Payload CMS

github.com/authsmith/payload-auth-plugin

authsmith/payload-auth-plugin

83 lines (82 loc) 2.69 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
// src/core/protocols/passkey/authentication.ts import { parseCookies } from "payload"; import { generateAuthenticationOptions, verifyAuthenticationResponse } from "@simplewebauthn/server"; import { PasskeyVerificationAPIError } from "../../errors/apiErrors.js"; import { MissingOrInvalidSession } from "../../errors/consoleErrors.js"; import { hashCode } from "../../utils/hash.js"; async function GeneratePasskeyAuthentication(request, rpID) { const { data } = await request.json(); const registrationOptions = { rpID, timeout: 60000, allowCredentials: [ { id: data.passkey.credentialId, transports: data.passkey.transports } ], userVerification: "required" }; const options = await generateAuthenticationOptions(registrationOptions); const cookieMaxage = new Date(Date.now() + 300 * 1000); const cookies = []; cookies.push(`__session-webpk-challenge=${options.challenge};Path=/;HttpOnly;SameSite=lax;Expires=${cookieMaxage.toUTCString()}`); const res = new Response(JSON.stringify({ options }), { status: 201 }); cookies.forEach((cookie) => { res.headers.append("Set-Cookie", cookie); }); return res; } async function VerifyPasskeyAuthentication(request, rpID, session_callback) { try { const parsedCookies = parseCookies(request.headers); const challenge = parsedCookies.get("__session-webpk-challenge"); if (!challenge) { throw new MissingOrInvalidSession; } const { data } = await request.json(); const verification = await verifyAuthenticationResponse({ response: data.authentication, expectedChallenge: challenge, expectedOrigin: request.payload.config.serverURL, expectedRPID: rpID, credential: { id: data.passkey.credentialId, publicKey: new Uint8Array(Object.values(data.passkey.publicKey)), counter: data.passkey.counter, transports: data.passkey.transports } }); if (!verification.verified) { throw new PasskeyVerificationAPIError; } const { credentialID, credentialDeviceType, credentialBackedUp, newCounter } = verification.authenticationInfo; return await session_callback({ sub: hashCode(data.email + request.payload.secret).toString(), name: "", picture: "", email: data.email, passKey: { credentialId: credentialID, counter: newCounter, deviceType: credentialDeviceType, backedUp: credentialBackedUp } }); } catch (error) { console.error(error); return Response.json({}); } } export { VerifyPasskeyAuthentication, GeneratePasskeyAuthentication };