tone/tonePage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 后端修复passkey注册时challenge不匹配

Browse Source
This commit is contained in:
tone
2025-12-18 21:51:22 +08:00
parent 055dc3972f
commit 1e2d269ec1
2 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/backend/src/auth/dto/passkey-register.dto.ts
View File

@@ -1,7 +1,9 @@
import { IsString } from "class-validator"; import { IsObject, IsString } from "class-validator";
export class PasskeyRegisterDto { export class PasskeyRegisterDto {
@IsObject()
credentialResponse: any; credentialResponse: any;
@IsString({ message: '通行证名称只能是字符串' }) @IsString({ message: '通行证名称只能是字符串' })
name: string; name: string;
} }

15
apps/backend/src/auth/service/passkey.service.ts
View File

@@ -3,7 +3,7 @@ import { InjectRepository } from "@nestjs/typeorm";
import { PasskeyCredential } from "../entity/passkey-credential.entity"; import { PasskeyCredential } from "../entity/passkey-credential.entity";
import { Repository } from "typeorm"; import { Repository } from "typeorm";
import { User } from "src/user/entities/user.entity"; import { User } from "src/user/entities/user.entity";
import crypto from 'crypto'; import { randomBytes } from 'crypto';
import { generateAuthenticationOptions, GenerateAuthenticationOptionsOpts, generateRegistrationOptions, GenerateRegistrationOptionsOpts, VerifiedAuthenticationResponse, VerifiedRegistrationResponse, verifyAuthenticationResponse, verifyRegistrationResponse } from "@simplewebauthn/server"; import { generateAuthenticationOptions, GenerateAuthenticationOptionsOpts, generateRegistrationOptions, GenerateRegistrationOptionsOpts, VerifiedAuthenticationResponse, VerifiedRegistrationResponse, verifyAuthenticationResponse, verifyRegistrationResponse } from "@simplewebauthn/server";
@@ -91,14 +91,17 @@ export class PasskeyService implements OnModuleDestroy {
authenticationChallenges.stopCleanup(); authenticationChallenges.stopCleanup();
} }
private generateChallenge(length: number = 32): string {
return randomBytes(length).toString('base64');
}
async getRegistrationOptions(userId: string) { async getRegistrationOptions(userId: string) {
const user = await this.userRepository.findOneBy({ userId }); const user = await this.userRepository.findOneBy({ userId });
if (!user) { if (!user) {
throw new NotFoundException('用户不存在'); throw new NotFoundException('用户不存在');
} }
const challenge = crypto.randomBytes(32).toString('base64url'); const challenge = this.generateChallenge();
registrationChallenges.set(userId, challenge);
const opts: GenerateRegistrationOptionsOpts = { const opts: GenerateRegistrationOptionsOpts = {
rpName: this.rpName, rpName: this.rpName,
@@ -115,7 +118,9 @@ export class PasskeyService implements OnModuleDestroy {
timeout: 60000, timeout: 60000,
}; };
return generateRegistrationOptions(opts); const options = await generateRegistrationOptions(opts);
registrationChallenges.set(userId, options.challenge)
return options;
} }
async register(userId: string, credentialResponse: any, name: string): Promise<PasskeyCredential> { async register(userId: string, credentialResponse: any, name: string): Promise<PasskeyCredential> {
@@ -163,7 +168,7 @@ export class PasskeyService implements OnModuleDestroy {
} }
async getAuthenticationOptions(sessionId: string) { async getAuthenticationOptions(sessionId: string) {
const challenge = crypto.randomBytes(32).toString('base64url'); const challenge = this.generateChallenge();
authenticationChallenges.set(sessionId, challenge); authenticationChallenges.set(sessionId, challenge);
const opts: GenerateAuthenticationOptionsOpts = { const opts: GenerateAuthenticationOptionsOpts = {