Add controllers and packages for security keys

2022-10-24 09:44:16 -06:00 · 2022-10-24 09:44:16 -06:00 · 06f692e649
commit 06f692e649
parent f8ec8b4d5a
29 changed files with 2398 additions and 383 deletions
--- a/resources/scripts/api/account/security-keys.ts
+++ b/resources/scripts/api/account/security-keys.ts
@ -0,0 +1,85 @@
+import useSWR, { ConfigInterface } from 'swr';
+import { useStoreState } from '@/state/hooks';
+import http, { FractalResponseList } from '@/api/http';
+import { SecurityKey, Transformers } from '@definitions/user';
+import { AxiosError } from 'axios';
+import { decodeBase64 } from '@/lib/base64';
+import { decodeBuffer, encodeBuffer } from '@/lib/buffer';
+import { LoginResponse } from '@/api/auth/login';
+import { useUserSWRKey } from '@/plugins/useSWRKey';
+
+function decodeSecurityKeyCredentials(credentials: PublicKeyCredentialDescriptor[]) {
+    return credentials.map(c => ({
+        id: decodeBuffer(decodeBase64(c.id.toString())),
+        type: c.type,
+        transports: c.transports,
+    }));
+}
+
+function useSecurityKeys(config?: ConfigInterface<SecurityKey[], AxiosError>) {
+    const uuid = useStoreState(state => state.user.data!.uuid);
+    const key = useUserSWRKey(['account', 'security-keys']);
+
+    return useSWR<SecurityKey[], AxiosError>(
+        key,
+        async (): Promise<SecurityKey[]> => {
+            const { data } = await http.get('/api/client/account/security-keys');
+
+            return (data as FractalResponseList).data.map((datum) => Transformers.toSecurityKey(datum.attributes));
+        },
+        { revalidateOnMount: false, ...(config || {}) },
+    );
+}
+
+async function deleteSecurityKey(uuid: string): Promise<void> {
+    await http.delete(`/api/client/account/security-keys/${uuid}`);
+}
+
+async function registerCredentialForAccount(name: string, tokenId: string, credential: PublicKeyCredential): Promise<SecurityKey> {
+    const { data } = await http.post('/api/client/account/security-keys/register', {
+        name,
+        token_id: tokenId,
+        registration: {
+            id: credential.id,
+            type: credential.type,
+            rawId: encodeBuffer(credential.rawId),
+            response: {
+                attestationObject: encodeBuffer((credential.response as AuthenticatorAttestationResponse).attestationObject),
+                clientDataJSON: encodeBuffer(credential.response.clientDataJSON),
+            },
+        },
+    });
+
+    return Transformers.toSecurityKey(data.attributes);
+}
+
+async function registerSecurityKey(name: string): Promise<SecurityKey> {
+    const { data } = await http.get('/api/client/account/security-keys/register');
+
+    const publicKey = data.data.credentials;
+    publicKey.challenge = decodeBuffer(decodeBase64(publicKey.challenge));
+    publicKey.user.id = decodeBuffer(publicKey.user.id);
+
+    if (publicKey.excludeCredentials) {
+        publicKey.excludeCredentials = decodeSecurityKeyCredentials(publicKey.excludeCredentials);
+    }
+
+    const credentials = await navigator.credentials.create({ publicKey });
+    if (!credentials || credentials.type !== 'public-key') {
+        throw new Error(`Unexpected type returned by navigator.credentials.create(): expected "public-key", got "${credentials?.type}"`);
+    }
+
+    return await registerCredentialForAccount(name, data.data.token_id, credentials as PublicKeyCredential);
+}
+
+// eslint-disable-next-line camelcase
+async function authenticateSecurityKey(data: { confirmation_token: string; data: string }): Promise<LoginResponse> {
+    const response = await http.post('/auth/login/checkpoint/key', data);
+
+    return {
+        complete: response.data.complete,
+        intended: response.data.data?.intended || null,
+    };
+}
+
+export { useSecurityKeys, deleteSecurityKey, registerSecurityKey, authenticateSecurityKey };