diff options
| -rw-r--r-- | example/fido-conformance.ts | 4 | ||||
| -rw-r--r-- | packages/server/package.json | 2 | ||||
| -rw-r--r-- | packages/server/src/helpers/logging.ts | 21 | ||||
| -rw-r--r-- | packages/server/src/services/metadataService.ts | 44 |
4 files changed, 47 insertions, 24 deletions
diff --git a/example/fido-conformance.ts b/example/fido-conformance.ts index eca4704..5f3052e 100644 --- a/example/fido-conformance.ts +++ b/example/fido-conformance.ts @@ -74,10 +74,6 @@ fetch('https://mds3.certinfra.fidoalliance.org/getEndpoints', { }) .catch(console.error) .finally(() => { - if (statements.length) { - console.log(`âšī¸ Initializing metadata service with ${statements.length} local statements`); - } - console.log('đ FIDO Conformance routes ready'); }); diff --git a/packages/server/package.json b/packages/server/package.json index c8e0a9f..2400948 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -52,6 +52,7 @@ "@simplewebauthn/typescript-types": "file:../typescript-types", "base64url": "^3.0.1", "cbor": "^5.1.0", + "debug": "^4.3.2", "elliptic": "^6.5.3", "jsrsasign": "^10.4.0", "jwk-to-pem": "^2.0.4", @@ -61,6 +62,7 @@ "gitHead": "33ccf8c6c9add811c87d3089e24156c2342b3498", "devDependencies": { "@types/cbor": "^5.0.1", + "@types/debug": "^4.1.7", "@types/elliptic": "^6.4.13", "@types/jsrsasign": "^8.0.13", "@types/jwk-to-pem": "^2.0.1", diff --git a/packages/server/src/helpers/logging.ts b/packages/server/src/helpers/logging.ts new file mode 100644 index 0000000..2a8b67e --- /dev/null +++ b/packages/server/src/helpers/logging.ts @@ -0,0 +1,21 @@ +import debug, { Debugger } from 'debug'; + +const defaultLogger = debug('SimpleWebAuthn'); + +/** + * Generate an instance of a `debug` logger that extends off of the "simplewebauthn" namespace for + * consistent naming. + * + * See https://www.npmjs.com/package/debug for information on how to control logging output when + * using @simplewebauthn/server + * + * Example: + * + * ``` + * const log = getLogger('mds'); + * log('hello'); // simplewebauthn:mds hello +0ms + * ``` + */ +export function getLogger(name: string): Debugger { + return defaultLogger.extend(name); +} diff --git a/packages/server/src/services/metadataService.ts b/packages/server/src/services/metadataService.ts index 3eac8a1..41fb39e 100644 --- a/packages/server/src/services/metadataService.ts +++ b/packages/server/src/services/metadataService.ts @@ -11,8 +11,7 @@ import type { MetadataBLOBPayloadEntry, } from '../metadata/mdsTypes'; import SettingsService from '../services/settingsService'; -// TODO: Re-enable this once we figure out logging -// import { log } from '../helpers/logging'; +import { getLogger } from '../helpers/logging'; import parseJWT from '../metadata/parseJWT'; @@ -40,6 +39,8 @@ enum SERVICE_STATE { // registered AAGUIDs ("strict"). Currently primarily impacts how `getStatement()` operates type VerificationMode = 'permissive' | 'strict'; +const log = getLogger('MetadataService'); + /** * A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB * download and parsing, and on-demand requesting and caching of individual metadata statements. @@ -82,6 +83,8 @@ export class BaseMetadataService { // If metadata statements are provided, load them into the cache first if (statements?.length) { + let statementsAdded = 0; + statements.forEach(statement => { // Only cache statements that are for FIDO2-compatible authenticators if (statement.aaguid) { @@ -93,15 +96,19 @@ export class BaseMetadataService { }, url: '', }; + + statementsAdded += 1; } }); + + log(`Cached ${statementsAdded} local statements`); } // If MDS servers are provided, then process them and add their statements to the cache if (mdsServers?.length) { - // TODO: Re-enable this once we figure out logging - // const currentCacheCount = Object.keys(this.statementCache).length; - // let numServers = mdsServers.length; + // Get a current count so we know how many new statements we've added from MDS servers + const currentCacheCount = Object.keys(this.statementCache).length; + let numServers = mdsServers.length; for (const url of mdsServers) { try { @@ -112,16 +119,15 @@ export class BaseMetadataService { }); } catch (err) { // Notify of the error and move on - // TODO: Re-enable this once we figure out logging - // log('warning', `Could not download BLOB from ${url}:`, err); - // numServers -= 1; + log(`Could not download BLOB from ${url}:`, err); + numServers -= 1; } } - // TODO: Re-enable this once we figure out logging - // const newCacheCount = Object.keys(this.statementCache).length; - // const cacheDiff = newCacheCount - currentCacheCount; - // log('info', `Downloaded ${cacheDiff} statements from ${numServers} metadata servers`); + // Calculate the difference to get the total number of new statements we successfully added + const newCacheCount = Object.keys(this.statementCache).length; + const cacheDiff = newCacheCount - currentCacheCount; + log(`Cached ${cacheDiff} statements from ${numServers} metadata server(s)`); } if (verificationMode) { @@ -223,10 +229,11 @@ export class BaseMetadataService { // Validate the certificate chain const rootCerts = SettingsService.getRootCertificates({ identifier: 'mds' }); await validateCertificatePath(headerCertsPEM, rootCerts); - } catch (err) { + } catch (error) { + const _error: Error = error as Error; // From FIDO MDS docs: "ignore the file if the chain cannot be verified or if one of the // chain certificates is revoked" - throw new Error(`BLOB certificate path could not be validated: ${err.message}`); + throw new Error(`BLOB certificate path could not be validated: ${_error.message}`); } // Verify the BLOB JWT signature @@ -306,14 +313,11 @@ export class BaseMetadataService { this.state = newState; if (newState === SERVICE_STATE.DISABLED) { - // TODO: Re-enable this once we figure out logging - // log('MetadataService is DISABLED'); + log('MetadataService is DISABLED'); } else if (newState === SERVICE_STATE.REFRESHING) { - // TODO: Re-enable this once we figure out logging - // log('MetadataService is REFRESHING'); + log('MetadataService is REFRESHING'); } else if (newState === SERVICE_STATE.READY) { - // TODO: Re-enable this once we figure out logging - // log('MetadataService is READY'); + log('MetadataService is READY'); } } } |