-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauthentication.ts
More file actions
113 lines (99 loc) · 3.01 KB
/
authentication.ts
File metadata and controls
113 lines (99 loc) · 3.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
import {
generateAuthenticationOptions,
verifyAuthenticationResponse,
} from '@simplewebauthn/server'
import { getSessionExpirationDate } from '#app/utils/auth.server.ts'
import { prisma } from '#app/utils/db.server.ts'
import { handleNewSession } from '../login.server.ts'
import { type Route } from './+types/authentication.ts'
import {
PasskeyLoginBodySchema,
getWebAuthnConfig,
passkeyCookie,
} from './utils.server.ts'
export async function loader({ request }: Route.LoaderArgs) {
const config = getWebAuthnConfig(request)
const options = await generateAuthenticationOptions({
rpID: config.rpID,
userVerification: 'preferred',
})
const cookieHeader = await passkeyCookie.serialize({
challenge: options.challenge,
})
return Response.json({ options }, { headers: { 'Set-Cookie': cookieHeader } })
}
export async function action({ request }: Route.ActionArgs) {
const cookieHeader = request.headers.get('Cookie')
const cookie = await passkeyCookie.parse(cookieHeader)
const deletePasskeyCookie = await passkeyCookie.serialize('', { maxAge: 0 })
try {
if (!cookie?.challenge) {
throw new Error('Authentication challenge not found')
}
const body = await request.json()
const result = PasskeyLoginBodySchema.safeParse(body)
if (!result.success) {
throw new Error('Invalid authentication response')
}
const { authResponse, remember, redirectTo } = result.data
const passkey = await prisma.passkey.findUnique({
where: { id: authResponse.id },
include: { user: true },
})
if (!passkey) {
throw new Error('Passkey not found')
}
const config = getWebAuthnConfig(request)
const verification = await verifyAuthenticationResponse({
response: authResponse,
expectedChallenge: cookie.challenge,
expectedOrigin: config.origin,
expectedRPID: config.rpID,
credential: {
id: authResponse.id,
publicKey: passkey.publicKey,
counter: Number(passkey.counter),
},
})
if (!verification.verified) {
throw new Error('Authentication verification failed')
}
// Update the authenticator's counter in the DB to the newest count
await prisma.passkey.update({
where: { id: passkey.id },
data: { counter: BigInt(verification.authenticationInfo.newCounter) },
})
const session = await prisma.session.create({
select: { id: true, expirationDate: true, userId: true },
data: {
expirationDate: getSessionExpirationDate(),
userId: passkey.userId,
},
})
const response = await handleNewSession(
{
request,
session,
remember,
redirectTo: redirectTo ?? undefined,
},
{ headers: { 'Set-Cookie': deletePasskeyCookie } },
)
return Response.json(
{
status: 'success',
location: response.headers.get('Location'),
},
{ headers: response.headers },
)
} catch (error) {
if (error instanceof Response) throw error
return Response.json(
{
status: 'error',
error: error instanceof Error ? error.message : 'Verification failed',
} as const,
{ status: 400, headers: { 'Set-Cookie': deletePasskeyCookie } },
)
}
}