add some more logging so we can debug bad auth

mrrosoff · mrrosoff · commit 8d7b12d4c33f · 2026-01-04T23:31:58.000-08:00
diff --git a/api/endpoints/admin/passkeyAuth.ts b/api/endpoints/admin/passkeyAuth.ts
@@ -27,7 +27,7 @@ export const handler = async (event: APIGatewayEvent): Promise<APIGatewayProxyRe
     }
 
     const currentTime = DateTime.now().toSeconds();
-    if (challengeRecord.expiresAt > currentTime) {
+    if (currentTime > challengeRecord.expiresAt) {
         await deleteItem(PASSKEY_CHALLENGES_TABLE, challengeRecord.id);
         return buildErrorResponse(event, HttpResponseStatus.BAD_REQUEST, "Challenge Expired");
     }
@@ -39,6 +39,9 @@ export const handler = async (event: APIGatewayEvent): Promise<APIGatewayProxyRe
         const storedCredentialId = parameters["/website/admin/passkeyId"];
         const storedPublicKey = parameters["/website/admin/publicKey"];
 
+        console.error(parameters);
+        console.error(body.response, credentialIdBase64)
+
         if (credentialIdBase64 !== storedCredentialId) {
             return buildErrorResponse(event, HttpResponseStatus.UNAUTHORIZED, "Credential not found");
         }

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ export const handler = async (event: APIGatewayEvent): Promise<APIGatewayProxyRe`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`const currentTime = DateTime.now().toSeconds();`
`30`		`- if (challengeRecord.expiresAt > currentTime) {`
	`30`	`+ if (currentTime > challengeRecord.expiresAt) {`
`31`	`31`	`await deleteItem(PASSKEY_CHALLENGES_TABLE, challengeRecord.id);`
`32`	`32`	`return buildErrorResponse(event, HttpResponseStatus.BAD_REQUEST, "Challenge Expired");`
`33`	`33`	`}`
`@@ -39,6 +39,9 @@ export const handler = async (event: APIGatewayEvent): Promise<APIGatewayProxyRe`
`39`	`39`	`const storedCredentialId = parameters["/website/admin/passkeyId"];`
`40`	`40`	`const storedPublicKey = parameters["/website/admin/publicKey"];`
`41`	`41`
	`42`	`+ console.error(parameters);`
	`43`	`+ console.error(body.response, credentialIdBase64)`
	`44`	`+`
`42`	`45`	`if (credentialIdBase64 !== storedCredentialId) {`
`43`	`46`	`return buildErrorResponse(event, HttpResponseStatus.UNAUTHORIZED, "Credential not found");`
`44`	`47`	`}`