UNPKG

payload-auth-plugin

Version:

Authentication plugin for Payload CMS

github.com/authsmith/payload-auth-plugin

authsmith/payload-auth-plugin

75 lines (74 loc) 2.57 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
// src/core/protocols/passkey/registration.ts import { parseCookies } from "payload"; import { generateRegistrationOptions, verifyRegistrationResponse } from "@simplewebauthn/server"; import { PasskeyVerificationAPIError } from "../../errors/apiErrors.js"; import { MissingOrInvalidSession } from "../../errors/consoleErrors.js"; import { hashCode } from "../../utils/hash.js"; async function GeneratePasskeyRegistration(request, rpID) { const { data } = await request.json(); const registrationOptions = { rpName: "Payload Passkey Webauth", rpID, userName: data.email, timeout: 60000, attestationType: "none", authenticatorSelection: { residentKey: "required", userVerification: "required" }, supportedAlgorithmIDs: [-7, -257] }; const options = await generateRegistrationOptions(registrationOptions); const cookieMaxage = new Date(Date.now() + 300 * 1000); const cookies = []; cookies.push(`__session-webpk-challenge=${options.challenge};Path=/;HttpOnly;SameSite=lax;Expires=${cookieMaxage.toUTCString()}`); const res = new Response(JSON.stringify({ options }), { status: 201 }); cookies.forEach((cookie) => { res.headers.append("Set-Cookie", cookie); }); return res; } async function VerifyPasskeyRegistration(request, rpID, session_callback) { try { const parsedCookies = parseCookies(request.headers); const challenge = parsedCookies.get("__session-webpk-challenge"); if (!challenge) { throw new MissingOrInvalidSession; } const body = await request.json(); const verification = await verifyRegistrationResponse({ response: body.data.registration, expectedChallenge: challenge, expectedOrigin: request.payload.config.serverURL, expectedRPID: rpID }); if (!verification.verified) { throw new PasskeyVerificationAPIError; } const { credential, credentialDeviceType, credentialBackedUp } = verification.registrationInfo; return await session_callback({ sub: hashCode(body.data.email + request.payload.secret).toString(), name: "", picture: "", email: body.data.email, passKey: { credentialId: credential.id, publicKey: credential.publicKey, counter: credential.counter, transports: credential.transports, deviceType: credentialDeviceType, backedUp: credentialBackedUp } }); } catch (error) { console.error(error); return Response.json({}); } } export { VerifyPasskeyRegistration, GeneratePasskeyRegistration };