y/kotsukotsu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

server for auth, more goodies

Browse source
This commit is contained in:
polwex 2026-04-19 00:54:39 +07:00
parent f83bce8e2b
commit 7cebe39a14
7 changed files with 80 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

27
server/auth.ts
View file

@ -4,6 +4,7 @@ import {
generateAuthenticationOptions,
verifyAuthenticationResponse,
} from "@simplewebauthn/server";
import { runtimeConfig, resolveOrigin, resolveRpId } from "./config";
import { isoBase64URL } from "@simplewebauthn/server/helpers";
import type {
RegistrationResponseJSON,
@ -37,16 +38,6 @@ setInterval(() => {
}
}, 60_000);
function getRpId(req: Request): string {
const url = new URL(req.url);
return url.hostname;
}
function getOrigin(req: Request): string {
const url = new URL(req.url);
return url.origin;
}
function getCookie(req: Request, name: string): string | undefined {
const cookies = req.headers.get("cookie");
if (!cookies) return undefined;
@ -55,11 +46,11 @@ function getCookie(req: Request, name: string): string | undefined {
}
function sessionCookie(token: string, maxAge = 7 * 24 * 60 * 60): string {
return `session=${token}; HttpOnly; SameSite=Strict; Path=/; Max-Age=${maxAge}`;
return `session=${token}; HttpOnly; SameSite=Strict; Path=/; Max-Age=${maxAge}${runtimeConfig.sessionCookieSecure ? "; Secure" : ""}`;
}
function challengeCookie(key: string): string {
return `challenge_key=${key}; HttpOnly; SameSite=Strict; Path=/; Max-Age=120`;
return `challenge_key=${key}; HttpOnly; SameSite=Strict; Path=/; Max-Age=120${runtimeConfig.sessionCookieSecure ? "; Secure" : ""}`;
}
function clearChallengeCookie(): string {
@ -86,7 +77,7 @@ export async function registerOptions(req: Request): Promise<Response> {
// Create user
const user = await createUser(username);
const rpID = getRpId(req);
const rpID = resolveRpId(req);
const options = await generateRegistrationOptions({
rpName: RP_NAME,
rpID,
@ -131,8 +122,8 @@ export async function registerVerify(req: Request): Promise<Response> {
}
challenges.delete(challengeKey);
const rpID = getRpId(req);
const origin = getOrigin(req);
const rpID = resolveRpId(req);
const origin = resolveOrigin(req);
let verification;
try {
@ -178,7 +169,7 @@ export async function registerVerify(req: Request): Promise<Response> {
}
export async function loginOptions(req: Request): Promise<Response> {
const rpID = getRpId(req);
const rpID = resolveRpId(req);
const options = await generateAuthenticationOptions({
rpID,
@ -221,8 +212,8 @@ export async function loginVerify(req: Request): Promise<Response> {
return Response.json({ error: "Unknown credential" }, { status: 400 });
}
const rpID = getRpId(req);
const origin = getOrigin(req);
const rpID = resolveRpId(req);
const origin = resolveOrigin(req);
let verification;
try {