1 files changed, 36 insertions, 0 deletions

diff --git a/packages/server/src/helpers/parseBackupFlags.ts b/packages/server/src/helpers/parseBackupFlags.ts
new file mode 100644
index 0000000..c0a1e99
--- /dev/null
+++ b/packages/server/src/helpers/parseBackupFlags.ts
@@ -0,0 +1,36 @@
+import { CredentialDeviceType } from '@simplewebauthn/typescript-types';
+
+/**
+ * Make sense of Bits 3 and 4 in authenticator indicating:
+ *
+ * - Whether the credential can be used on multiple devices
+ * - Whether the credential is backed up or not
+ *
+ * Invalid configurations will raise an `Error`
+ */
+export function parseBackupFlags({ be, bs }: { be: boolean, bs: boolean }): {
+  credentialDeviceType: CredentialDeviceType,
+  credentialBackedUp: boolean,
+} {
+  const credentialBackedUp = bs;
+  let credentialDeviceType: CredentialDeviceType = 'singleDevice';
+
+  if (be) {
+    credentialDeviceType = 'multiDevice';
+  }
+
+  if (credentialDeviceType === 'singleDevice' && credentialBackedUp) {
+    throw new InvalidBackupFlags(
+      'Single-device credential indicated that it was backed up, which should be impossible.'
+    )
+  }
+
+  return { credentialDeviceType, credentialBackedUp };
+}
+
+class InvalidBackupFlags extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'InvalidBackupFlags';
+  }
+}