New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Hanko passkeys support #14741
base: main
Are you sure you want to change the base?
feat: Hanko passkeys support #14741
Changes from 1 commit
eddbd4e
df7482e
e1b850a
04253c6
a39e63e
1cf9d57
d673f69
e4123ad
a9bb2d8
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
import { WithLayout } from "app/layoutHOC"; | ||
|
||
import { getLayout } from "@calcom/features/settings/layouts/SettingsLayoutAppDir"; | ||
|
||
export default WithLayout({ getLayout }); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
import Page from "@pages/settings/security/passkeys"; | ||
import { _generateMetadata } from "app/_utils"; | ||
|
||
export const generateMetadata = async () => | ||
await _generateMetadata( | ||
(t) => t("passkeys"), | ||
(t) => t("passkeys_description") | ||
); | ||
|
||
export default Page; |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -41,6 +41,7 @@ | |
"@daily-co/daily-js": "^0.59.0", | ||
"@daily-co/daily-react": "^0.17.2", | ||
"@formkit/auto-animate": "1.0.0-beta.5", | ||
"@github/webauthn-json": "^2.1.1", | ||
"@glidejs/glide": "^3.5.2", | ||
"@hookform/error-message": "^2.0.0", | ||
"@hookform/resolvers": "^2.9.7", | ||
|
@@ -62,6 +63,7 @@ | |
"@stripe/react-stripe-js": "^1.10.0", | ||
"@stripe/stripe-js": "^1.35.0", | ||
"@tanstack/react-query": "^5.17.15", | ||
"@teamhanko/passkeys-next-auth-provider": "^0.2.7", | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I wish Node had a better way to make optional dependencies 🤷♂️ There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm not sure since when npm has this, but there is optionalDependencies https://docs.npmjs.com/cli/v10/configuring-npm/package-json#optionaldependencies Was supported in yarn v1 so I assume v2+ has it too There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Opted not to do this for now because optionalDependencies isn't in use for any other packages atm. Also I'm unsure if a build without installing optional deps would be successful, especially because of Do you want me to test this? What other not-strictly-needed dependencies are there that could be moved to |
||
"@tremor/react": "^2.0.0", | ||
"@types/turndown": "^5.0.1", | ||
"@unkey/ratelimit": "^0.1.1", | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
import { tenant } from "@teamhanko/passkeys-next-auth-provider"; | ||
import type { NextApiRequest, NextApiResponse } from "next"; | ||
|
||
import { ErrorCode } from "@calcom/features/auth/lib/ErrorCode"; | ||
import { getServerSession } from "@calcom/features/auth/lib/getServerSession"; | ||
import prisma from "@calcom/prisma"; | ||
|
||
const tenantId = process.env.NEXT_PUBLIC_HANKO_PASSKEYS_TENANT_ID ?? ""; | ||
const apiKey = process.env.HANKO_PASSKEYS_API_KEY ?? ""; | ||
|
||
const passkeyApi = tenant({ tenantId, apiKey }); | ||
|
||
export default async function handler(req: NextApiRequest, res: NextApiResponse) { | ||
if (!tenantId || !apiKey) { | ||
return res.status(503).json({ message: "Passkey API not configured" }); | ||
} | ||
|
||
if (req.method !== "GET") { | ||
return res.status(405).json({ message: "Method not allowed" }); | ||
} | ||
|
||
const session = await getServerSession({ req, res }); | ||
if (!session) { | ||
return res.status(401).json({ message: "Not authenticated" }); | ||
} | ||
|
||
if (!session.user?.id) { | ||
console.error("Session is missing a user id."); | ||
return res.status(500).json({ error: ErrorCode.InternalServerError }); | ||
} | ||
|
||
const user = await prisma.user.findUnique({ where: { id: session.user.id } }); | ||
if (!user) { | ||
console.error(`Session references user that no longer exists.`); | ||
return res.status(401).json({ message: "Not authenticated" }); | ||
} | ||
|
||
const credentials = await passkeyApi.user(user.id.toString()).credentials(); | ||
|
||
return res.status(200).json({ | ||
credentials: credentials.map((c) => ({ | ||
id: c.id, | ||
name: c.name, | ||
createdAt: c.created_at, | ||
lastUsedAt: c.last_used_at, | ||
})), | ||
}); | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
import { tenant } from "@teamhanko/passkeys-next-auth-provider"; | ||
import type { NextApiRequest, NextApiResponse } from "next"; | ||
|
||
import { ErrorCode } from "@calcom/features/auth/lib/ErrorCode"; | ||
import { getServerSession } from "@calcom/features/auth/lib/getServerSession"; | ||
import prisma from "@calcom/prisma"; | ||
|
||
const tenantId = process.env.NEXT_PUBLIC_HANKO_PASSKEYS_TENANT_ID ?? ""; | ||
const apiKey = process.env.HANKO_PASSKEYS_API_KEY ?? ""; | ||
|
||
const passkeyApi = tenant({ tenantId, apiKey }); | ||
|
||
export default async function handler(req: NextApiRequest, res: NextApiResponse) { | ||
if (!tenantId || !apiKey) { | ||
return res.status(503).json({ message: "Passkey API not configured" }); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is 503 the best status code to use here? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Other routes use 403: https://github.com/calcom/cal.com/blob/main/apps/web/pages/api/auth/signup.ts#L23 However, MDN says
While in my mind 403 has always been more for insufficient permissions etc What do you think? Maybe 403 for consistency's sake? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'd prefer 403 Forbidden, 503 implies a server issue but most of the time this'll be a client issue (don't access the route) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Don't think a 403 is correct here though because that leads the client to believe they are lacking permissions when in reality the functionality isn't supported at all due to a lack of server configuration. Would consider 501 Not Implemented or 405 Method Not Allowed instead. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If everyone is fine with it, will go with 501 - seems like the most appropriate IMO |
||
} | ||
|
||
if (req.method !== "POST") { | ||
return res.status(405).json({ message: "Method not allowed" }); | ||
} | ||
|
||
const session = await getServerSession({ req, res }); | ||
if (!session) { | ||
return res.status(401).json({ message: "Not authenticated" }); | ||
} | ||
|
||
if (!session.user?.id) { | ||
console.error("Session is missing a user id."); | ||
return res.status(500).json({ error: ErrorCode.InternalServerError }); | ||
} | ||
|
||
const user = await prisma.user.findUnique({ where: { id: session.user.id } }); | ||
if (!user) { | ||
console.error(`Session references user that no longer exists.`); | ||
return res.status(401).json({ message: "Not authenticated" }); | ||
} | ||
|
||
await passkeyApi.registration.finalize(req.body); | ||
|
||
return res.status(200).json({ message: "Passkey registered" }); | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
import { tenant } from "@teamhanko/passkeys-next-auth-provider"; | ||
import type { NextApiRequest, NextApiResponse } from "next"; | ||
|
||
import { ErrorCode } from "@calcom/features/auth/lib/ErrorCode"; | ||
import { getServerSession } from "@calcom/features/auth/lib/getServerSession"; | ||
import prisma from "@calcom/prisma"; | ||
|
||
const tenantId = process.env.NEXT_PUBLIC_HANKO_PASSKEYS_TENANT_ID ?? ""; | ||
const apiKey = process.env.HANKO_PASSKEYS_API_KEY ?? ""; | ||
|
||
const passkeyApi = tenant({ tenantId, apiKey }); | ||
|
||
export default async function handler(req: NextApiRequest, res: NextApiResponse) { | ||
if (!tenantId || !apiKey) { | ||
return res.status(503).json({ message: "Passkey API not configured" }); | ||
} | ||
|
||
if (req.method !== "POST") { | ||
return res.status(405).json({ message: "Method not allowed" }); | ||
} | ||
|
||
const session = await getServerSession({ req, res }); | ||
if (!session) { | ||
return res.status(401).json({ message: "Not authenticated" }); | ||
} | ||
|
||
if (!session.user?.id) { | ||
console.error("Session is missing a user id."); | ||
return res.status(500).json({ error: ErrorCode.InternalServerError }); | ||
} | ||
|
||
const user = await prisma.user.findUnique({ where: { id: session.user.id } }); | ||
if (!user) { | ||
console.error(`Session references user that no longer exists.`); | ||
return res.status(401).json({ message: "Not authenticated" }); | ||
} | ||
|
||
const createOptions = await passkeyApi.registration.initialize({ | ||
userId: session.user.id.toString(), | ||
username: session.user.username ?? "", | ||
}); | ||
|
||
return res.status(200).json(createOptions); | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
import { tenant } from "@teamhanko/passkeys-next-auth-provider"; | ||
import type { NextApiRequest, NextApiResponse } from "next"; | ||
|
||
import { ErrorCode } from "@calcom/features/auth/lib/ErrorCode"; | ||
import { getServerSession } from "@calcom/features/auth/lib/getServerSession"; | ||
import prisma from "@calcom/prisma"; | ||
|
||
const tenantId = process.env.NEXT_PUBLIC_HANKO_PASSKEYS_TENANT_ID ?? ""; | ||
const apiKey = process.env.HANKO_PASSKEYS_API_KEY ?? ""; | ||
|
||
const passkeyApi = tenant({ tenantId, apiKey }); | ||
|
||
export default async function handler(req: NextApiRequest, res: NextApiResponse) { | ||
if (!tenantId || !apiKey) { | ||
return res.status(503).json({ message: "Passkey API not configured" }); | ||
} | ||
|
||
if (req.method !== "DELETE") { | ||
return res.status(405).json({ message: "Method not allowed" }); | ||
} | ||
|
||
const credentialId = req.body?.credentialId; | ||
if (!credentialId) { | ||
return res.status(400).json({ message: "Missing credential id" }); | ||
} | ||
|
||
const session = await getServerSession({ req, res }); | ||
if (!session) { | ||
return res.status(401).json({ message: "Not authenticated" }); | ||
} | ||
|
||
if (!session.user?.id) { | ||
console.error("Session is missing a user id."); | ||
return res.status(500).json({ error: ErrorCode.InternalServerError }); | ||
} | ||
|
||
const user = await prisma.user.findUnique({ where: { id: session.user.id } }); | ||
if (!user) { | ||
console.error(`Session references user that no longer exists.`); | ||
return res.status(401).json({ message: "Not authenticated" }); | ||
} | ||
|
||
await passkeyApi.credential(credentialId).remove(); | ||
|
||
return res.status(200).json({}); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lets mention this lower in the file
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah was unsure about that. wanted to place it below google auth stuff since i did that everywhere else, but agreed, for the env file its a little too high up