summaryrefslogtreecommitdiffhomepage
path: root/example/index.js
blob: 3aa081252f2dc1ac73e4f45da2e55da138b55ef1 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

const https = require('https');
const fs = require('fs');

const express = require('express');

const {
  // Registration ("Attestation")
  generateAttestationOptions,
  verifyAttestationResponse,
  // Login ("Assertion")
  generateAssertionOptions,
  verifyAssertionResponse,
} = require('@webauthntine/server');

const app = express();
const host = '0.0.0.0';
const port = 443;

app.use(express.static('./public/'));
app.use(express.json());

// Domain where the WebAuthn interactions are expected to occur
const origin = 'dev.dontneeda.pw';
// GENERATE A NEW VALUE FOR THIS EVERY TIME! The server needs to temporarily remember this value,
// so don't lose it until after you verify
const randomChallenge = 'totallyUniqueValueEveryTime';
// Your internal, _unique_ ID for the user (uuid, etc...). Avoid using identifying information here,
// like an email address
const userId = 'webauthntineInternalUserId';
// A username for the user
const username = 'user@webauthntine.foo';

const inMemoryUserDeviceDB = {
  [userId]: [
    {
      base64PublicKey: undefined,
      base64CredentialID: undefined,
      counter: -1,
    }
],
};

app.get('/generate-attestation-options', (req, res) => {
  res.send(generateAttestationOptions(
    'WebAuthntine Example',
    origin,
    randomChallenge,
    userId,
    username,
  ));
});

app.post('/verify-attestation', (req, res) => {
  const { body } = req;

  const verification = verifyAttestationResponse(body, `https://${origin}`);

  console.log('verification:', verification);

  const { verified, authenticatorInfo } = verification;

  if (verified) {
    const { base64PublicKey, base64CredentialID, counter } = authenticatorInfo;
    const user = inMemoryUserDeviceDB[userId];
    const existingDevice = user.find((device) => device.base64CredentialID === base64CredentialID);

    if (existingDevice) {
      console.log('device already exists, skipping insertion');
      console.debug(existingDevice);
    } else {
      console.log(`storing public key, credential ID, and counter for ${userId}`);

      inMemoryUserDeviceDB[userId].push({
        base64PublicKey,
        base64CredentialID,
        counter,
      });
    }
  }

  res.send({ verified });
});

app.post('/verify-registration', (req, res) => {
  const { body } = req;
});

https.createServer({
  key: fs.readFileSync('./dev.dontneeda.pw.key'),
  cert: fs.readFileSync('./dev.dontneeda.pw.crt'),
}, app).listen(port, host, () => {
  console.log(`🚀 Server ready at https://${host}:${port}`);
});
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-22 12:02:37 +0000