-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathpasskey.ts
More file actions
37 lines (31 loc) · 1016 Bytes
/
passkey.ts
File metadata and controls
37 lines (31 loc) · 1016 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
import { env } from './env.js'
/**
* Parses Origin header and validates against ALLOWED_ORIGINS.
* Returns rpID (hostname) and expectedOrigin for WebAuthn.
*/
export function getWebAuthnOriginFromRequest(originHeader: string | undefined): {
rpID: string
expectedOrigin: string
} | null {
if (!originHeader || typeof originHeader !== 'string' || originHeader.trim().length === 0)
return null
const trimmed = originHeader.trim()
let parsed: URL
try {
parsed = new URL(trimmed)
} catch {
return null
}
if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') return null
if (parsed.protocol === 'http:') {
const host = parsed.hostname.toLowerCase()
const allowedHosts = ['localhost', '127.0.0.1', '::1', '[::1]']
if (!allowedHosts.includes(host)) return null
}
const allowed = env.ALLOWED_ORIGINS
if (!allowed.includes('*') && !allowed.includes(parsed.origin)) return null
return {
rpID: parsed.hostname,
expectedOrigin: parsed.origin,
}
}