wip passkey registration
This commit is contained in:
@@ -121,6 +121,16 @@ builder.Services.AddAuthentication(options =>
|
||||
|
||||
|
||||
builder.Services.AddAoba();
|
||||
builder.Services.AddFido2(opts =>
|
||||
{
|
||||
opts.ServerName = "Aoba";
|
||||
opts.ServerDomain = "aoba.app";
|
||||
#if DEBUG
|
||||
opts.Origins = new HashSet<string> { "http://localhost:8081", "http://127.0.0.1:8080" };
|
||||
#else
|
||||
opts.Origins = new HashSet<string> { "https://aoba.app" };
|
||||
#endif
|
||||
});
|
||||
#if DEBUG
|
||||
builder.Services.AddHostedService<DebugService>();
|
||||
#endif
|
||||
|
||||
@@ -7,7 +7,7 @@ import "google/protobuf/empty.proto";
|
||||
import "Proto/Types.proto";
|
||||
|
||||
service AccountRpc {
|
||||
rpc RegisterPasskey(google.protobuf.Empty) returns (PasskeyRegistrationCreds);
|
||||
rpc CompletePasskeyRegistration(PasskeyPublicKey) returns (google.protobuf.Empty);
|
||||
rpc RegisterPasskey(google.protobuf.Empty) returns (PasskeyCredentialCreateOptions);
|
||||
rpc CompletePasskeyRegistration(PasskeyRegistrationCredentials) returns (google.protobuf.Empty);
|
||||
}
|
||||
|
||||
|
||||
@@ -121,9 +121,19 @@ message PasskeyPayload {
|
||||
|
||||
}
|
||||
|
||||
message PasskeyRegistrationCreds{
|
||||
|
||||
message PasskeyCredentialCreateOptions{
|
||||
string challenge = 1;
|
||||
string userId = 2;
|
||||
}
|
||||
message PasskeyRegistrationCredentials{
|
||||
string id = 1;
|
||||
string rawId = 2;
|
||||
string type = 3;
|
||||
CredentialsClientResponse response = 4;
|
||||
}
|
||||
message PasskeyPublicKey{
|
||||
|
||||
message CredentialsClientResponse{
|
||||
string clientDataJSON = 1;
|
||||
string attestationObject = 2;
|
||||
string authenticatorData = 3;
|
||||
}
|
||||
@@ -1,20 +1,47 @@
|
||||
using Aoba.RPC;
|
||||
using Aoba.RPC.Account;
|
||||
|
||||
using AobaCore.Services;
|
||||
|
||||
using AobaServer.Utils;
|
||||
|
||||
using Fido2NetLib;
|
||||
|
||||
using Google.Protobuf.WellKnownTypes;
|
||||
|
||||
using Grpc.Core;
|
||||
|
||||
using Isopoh.Cryptography.Argon2;
|
||||
|
||||
namespace AobaServer.Services;
|
||||
|
||||
public class AccountRpcService : AccountRpc.AccountRpcBase
|
||||
public class AccountRpcService(IFido2 fido2, AccountsService accounts) : AccountRpc.AccountRpcBase
|
||||
{
|
||||
public override Task<PasskeyRegistrationCreds> RegisterPasskey(Empty request, ServerCallContext context)
|
||||
public override async Task<PasskeyCredentialCreateOptions> RegisterPasskey(Empty request, ServerCallContext context)
|
||||
{
|
||||
return base.RegisterPasskey(request, context);
|
||||
var curUser = await accounts.GetUserAsync(context.GetUserId(), context.CancellationToken);
|
||||
if (curUser == null)
|
||||
throw new Exception($"Logged in user does not exist somehow. Id: {context.GetUserId()}");
|
||||
var user = new Fido2User
|
||||
{
|
||||
DisplayName = curUser.Username,
|
||||
Id = curUser.Id.ToByteArray(),
|
||||
Name = curUser.Username
|
||||
};
|
||||
|
||||
var credOptions = fido2.RequestNewCredential(new RequestNewCredentialParams
|
||||
{
|
||||
User = user,
|
||||
ExcludeCredentials = curUser.CredentialDescriptors
|
||||
});
|
||||
return new PasskeyCredentialCreateOptions
|
||||
{
|
||||
Challenge = credOptions.Challenge.ToB64String().Replace('+', '-').Replace('/', '_'),
|
||||
UserId = credOptions.User.Id.ToB64String().Replace('+', '-').Replace('/', '_')
|
||||
};
|
||||
}
|
||||
|
||||
public override Task<Empty> CompletePasskeyRegistration(PasskeyPublicKey request, ServerCallContext context)
|
||||
public override Task<Empty> CompletePasskeyRegistration(PasskeyRegistrationCredentials request, ServerCallContext context)
|
||||
{
|
||||
return base.CompletePasskeyRegistration(request, context);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user