Spacebar/server
1
0
Fork 0
mirror of https://github.com/spacebarchat/server.git synced 2024-11-22 10:22:39 +01:00
Code Issues Releases Activity

Merge branch 'master' of github.com:fosscord/fosscord-server

Browse Source
This commit is contained in:
Madeline 2023-02-03 16:28:12 +11:00
commit 9bbe5b733f
No known key found for this signature in database
GPG Key ID: 1958E017C36F2E47
3 changed files with 21 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/api/routes/auth/mfa/webauthn.ts
View File

@ -64,20 +64,23 @@ router.post(
await User.update({ id: user.id }, { totp_last_ticket: "" }); await User.update({ id: user.id }, { totp_last_ticket: "" });
const clientAttestationResponse = JSON.parse(code); const clientAttestationResponse = JSON.parse(code);
const securityKey = await SecurityKey.findOneOrFail({
where: {
user_id: req.user_id,
key_id: clientAttestationResponse.rawId,
},
});
if (!clientAttestationResponse.rawId) if (!clientAttestationResponse.rawId)
throw new HTTPError("Missing rawId", 400); throw new HTTPError("Missing rawId", 400);
clientAttestationResponse.rawId = toArrayBuffer( clientAttestationResponse.rawId = toArrayBuffer(
Buffer.from(clientAttestationResponse.rawId, "base64"), Buffer.from(clientAttestationResponse.rawId, "base64url"),
); );
const securityKey = await SecurityKey.findOneOrFail({
where: {
key_id: Buffer.from(
clientAttestationResponse.rawId,
"base64url",
).toString("base64"),
},
});
const assertionExpectations: ExpectedAssertionResult = JSON.parse( const assertionExpectations: ExpectedAssertionResult = JSON.parse(
Buffer.from( Buffer.from(
clientAttestationResponse.response.clientDataJSON, clientAttestationResponse.response.clientDataJSON,

8
src/api/routes/users/@me/mfa/webauthn/credentials/#key_id/index.ts
View File

@ -17,7 +17,7 @@
*/ */
import { route } from "@fosscord/api"; import { route } from "@fosscord/api";
import { SecurityKey } from "@fosscord/util"; import { SecurityKey, User } from "@fosscord/util";
import { Request, Response, Router } from "express"; import { Request, Response, Router } from "express";
const router = Router(); const router = Router();
@ -29,6 +29,12 @@ router.delete("/", route({}), async (req: Request, res: Response) => {
user_id: req.user_id, user_id: req.user_id,
}); });
const keys = await SecurityKey.count({ where: { user_id: req.user_id } });
// disable webauthn if there are no keys left
if (keys === 0)
await User.update({ id: req.user_id }, { webauthn_enabled: false });
res.sendStatus(204); res.sendStatus(204);
}); });

5
src/api/routes/users/@me/mfa/webauthn/credentials/index.ts
View File

@ -181,7 +181,10 @@ router.post(
key_id: keyId, key_id: keyId,
}); });
await securityKey.save(); await Promise.all([
securityKey.save(),
User.update({ id: req.user_id }, { webauthn_enabled: true }),
]);
return res.json({ return res.json({
name, name,