Fix some stuff maybe

Author: mrrosoff

api/aws/services/dynamodb.ts

@@ -1,9 +1,8 @@
 import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
 import { DynamoDBDocument, UpdateCommand, ScanCommand, PutCommand, GetCommand, DeleteCommand } from "@aws-sdk/lib-dynamodb";
-import { WebAuthnCredential } from "@simplewebauthn/server";
 
 import { FLAVORS_TABLE, PASSKEY_CHALLENGES_TABLE, PASSKEY_CREDENTIALS_TABLE } from "../../../infrastructure/WebsiteAPIStack";
-import { DatabaseFlavor, DynamoDBFieldValue, PasskeyChallenge } from "../../types";
+import { DatabaseFlavor, DynamoDBFieldValue, PasskeyChallenge, PasskeyCredential } from "../../types";
 
 // prettier-ignore
 export type Table =
@@ -26,7 +25,7 @@ type UpdateItemInput<T extends Table> = Partial<
 export type TableObject<T extends Table> =
     T extends typeof FLAVORS_TABLE ? DatabaseFlavor :
     T extends typeof PASSKEY_CHALLENGES_TABLE ? PasskeyChallenge :
-    T extends typeof PASSKEY_CREDENTIALS_TABLE ? WebAuthnCredential :
+    T extends typeof PASSKEY_CREDENTIALS_TABLE ? PasskeyCredential :
     never;
 
 // prettier-ignore

api/endpoints/admin/passkeyAuth.ts

@@ -40,12 +40,20 @@ export const handler = async (event: APIGatewayEvent): Promise<APIGatewayProxyRe
             return buildErrorResponse(event, HttpResponseStatus.UNAUTHORIZED, "Credential not found");
         }
 
+        // Convert database format (base64 publicKey) to WebAuthnCredential format (Buffer)
+        const webAuthnCredential = {
+            id: credential.id,
+            publicKey: Buffer.from(credential.publicKey, "base64"),
+            counter: credential.counter,
+            transports: credential.transports
+        };
+
         const verification = await verifyAuthenticationResponse({
             response: body.response,
             expectedChallenge: challengeRecord.challenge,
             expectedOrigin: RP_ORIGIN,
             expectedRPID: RP_ID,
-            credential: credential
+            credential: webAuthnCredential
         });
 
         if (!verification.verified) {

api/endpoints/admin/passkeyRegister.ts

@@ -56,10 +56,10 @@ export const handler = async (event: APIGatewayEvent): Promise<APIGatewayProxyRe
 
         const { credential } = verification.registrationInfo;
 
-        // Store the credential directly - DynamoDB handles binary data
+        // Store credential with base64-encoded publicKey for DynamoDB compatibility
         await putItem(PASSKEY_CREDENTIALS_TABLE, {
-            id: Buffer.from(credential.id).toString("base64"), // ID as base64 for easy lookup
-            publicKey: credential.publicKey, // Store as Buffer directly
+            id: Buffer.from(credential.id).toString("base64"),
+            publicKey: Buffer.from(credential.publicKey).toString("base64"),
             counter: credential.counter,
             transports: body.response.response.transports
         });

api/types.ts

@@ -1,3 +1,5 @@
+import type { AuthenticatorTransportFuture } from "@simplewebauthn/server";
+
 export type DynamoDBScalar = number | string | boolean | undefined | null;
 export type DynamoDBFieldValue =
     | DynamoDBScalar
@@ -19,6 +21,13 @@ export type DatabaseFlavor = {
     type: FlavorType | null;
 };
 
+export type PasskeyCredential = {
+    id: string;
+    publicKey: string;
+    counter: number;
+    transports?: AuthenticatorTransportFuture[];
+};
+
 export type PasskeyChallenge = {
     challenge: string;
     expiresAt: number;

scripts/registerPasskey.ts

@@ -7,6 +7,7 @@ import { exec } from 'child_process';
 import { RegistrationResponseJSON, generateRegistrationOptions, verifyRegistrationResponse } from '@simplewebauthn/server';
 import { DynamoDBClient } from '@aws-sdk/client-dynamodb';
 import { DynamoDBDocument, PutCommand } from '@aws-sdk/lib-dynamodb';
+import { putItem } from '../api/aws/services/dynamodb';
 
 const PORT = 3456;
 const RP_NAME = "Max Rosoff's Website";
@@ -86,17 +87,12 @@ async function handleRegistration(req: http.IncomingMessage, res: http.ServerRes
             }
 
             const { credential } = verification.registrationInfo;
-
-            // Store the credential directly - DynamoDB handles binary data
-            await documentClient.send(new PutCommand({
-                TableName: PASSKEY_CREDENTIALS_TABLE,
-                Item: {
-                    id: Buffer.from(credential.id).toString('base64'), // ID as base64 for easy lookup
-                    publicKey: credential.publicKey, // Store as Buffer directly
-                    counter: credential.counter,
-                    transports: registrationResponse.response.transports
-                }
-            }));
+            await putItem(PASSKEY_CREDENTIALS_TABLE, {
+                id: Buffer.from(credential.id).toString('base64'),
+                publicKey: Buffer.from(credential.publicKey).toString('base64'),
+                counter: credential.counter,
+                transports: registrationResponse.response.transports
+            })
 
             console.log('✓ Passkey registered successfully!');
             console.log('\nYou can now use your passkey to authenticate with sudo console');