Everything works. Minor adjustments on frontend and backend for the new API.

2025-08-02 07:41:42 -06:00
parent a987f47988
commit 30ab73d625
9 changed files with 43 additions and 391 deletions
--- a/passkey/db/init.py
+++ b/passkey/db/init.py
@@ -5,7 +5,7 @@ This module provides dataclasses and database abstractions for managing
 users, credentials, and sessions in a WebAuthn authentication system.
 """

-from dataclasses import dataclass
+from dataclasses import dataclass, field
 from datetime import datetime
 from uuid import UUID

@@ -43,8 +43,8 @@ class Session:
    key: bytes
    user_uuid: UUID
    expires: datetime
+    info: dict
    credential_uuid: UUID | None = None
-    info: dict | None = None


 __all__ = ["User", "Credential", "Session"]
--- a/passkey/fastapi/api.py
+++ b/passkey/fastapi/api.py
@@ -81,6 +81,7 @@ def register_api_routes(app: FastAPI):

            return {
                "status": "success",
+                "session_type": s.info["type"],
                "user": {
                    "user_uuid": str(u.user_uuid),
                    "user_name": u.user_name,
@@ -91,8 +92,10 @@ def register_api_routes(app: FastAPI):
                "credentials": credentials,
                "aaguid_info": aaguid_info,
            }
-        except Exception as e:
-            return {"error": f"Failed to get user info: {str(e)}"}
+        except ValueError as e:
+            return {"error": f"Failed to get user info: {e}"}
+        except Exception:
+            return {"error": "Failed to get user info"}

    @app.post("/auth/logout")
    async def api_logout(response: Response, auth=Cookie(None)):
@@ -123,7 +126,7 @@ def register_api_routes(app: FastAPI):
        except ValueError as e:
            return {"error": str(e)}
        except Exception as e:
-            return {"error": f"Failed to set session: {str(e)}"}
+            return {"error": f"Failed to set session: {e}"}

    @app.delete("/auth/credential/{uuid}")
    async def api_delete_credential(uuid: UUID, auth: str = Cookie(None)):
--- a/passkey/fastapi/main.py
+++ b/passkey/fastapi/main.py
@@ -17,7 +17,6 @@ from pathlib import Path
 from fastapi import Cookie, FastAPI, Request, Response
 from fastapi.responses import (
    FileResponse,
-    JSONResponse,
 )
 from fastapi.staticfiles import StaticFiles

@@ -52,7 +51,12 @@ async def forward_authentication(request: Request, auth=Cookie(None)):
        s = await session.get_session(auth)
        # If authenticated, return a success response
        if s.info and s.info["type"] == "authenticated":
-            return Response(status_code=204, headers={"x-auth-user": str(s.user_uuid)})
+            return Response(
+                status_code=204,
+                headers={
+                    "x-auth-user-uuid": str(s.user_uuid),
+                },
+            )

    # Serve the index.html of the authentication app if not authenticated
    return FileResponse(
@@ -68,21 +72,12 @@ app.mount(
 )


-@app.get("/auth")
+@app.get("/auth/")
 async def redirect_to_index():
    """Serve the main authentication app."""
    return FileResponse(STATIC_DIR / "index.html")


-# Catch-all route for SPA - serve index.html for all non-API routes
-@app.get("/{path:path}")
-async def spa_handler(request: Request, path: str):
-    """Serve the Vue SPA for all routes (except API and static)"""
-    if "text/html" not in request.headers.get("accept", ""):
-        return JSONResponse({"error": "Not Found"}, status_code=404)
-    return FileResponse(STATIC_DIR / "index.html")
-
-
 def main():
    """Entry point for the application"""
    import uvicorn
--- a/passkey/fastapi/ws.py
+++ b/passkey/fastapi/ws.py
@@ -20,7 +20,7 @@ from passkey.fastapi import session

 from ..db import User, sql
 from ..sansio import Passkey
-from ..util.tokens import create_token, reset_key, session_key
+from ..util.tokens import create_token, session_key
 from .session import create_session, infodict

 # Create a FastAPI subapp for WebSocket endpoints
@@ -96,20 +96,13 @@ async def websocket_register_new(


@app.websocket("/add_credential")
-async def websocket_register_add(ws: WebSocket, token: str | None = None):
+async def websocket_register_add(ws: WebSocket, auth=Cookie(None)):
    """Register a new credential for an existing user."""
+    print(auth)
    await ws.accept()
    origin = ws.headers.get("origin")
    try:
-        if not token:
-            await ws.send_json({"error": "Token is required"})
-            return
-        # If a token is provided, use it to look up the session
-        key = reset_key(token)
-        s = await sql.get_session(key)
-        if not s:
-            await ws.send_json({"error": "Invalid or expired token"})
-            return
+        s = await session.get_session(auth, reset_allowed=True)
        user_uuid = s.user_uuid

        # Get user information to get the user_name
@@ -119,7 +112,7 @@ async def websocket_register_add(ws: WebSocket, token: str | None = None):

        # WebAuthn registration
        credential = await register_chat(
-            ws, user_uuid, user_name, challenge_ids, origin=origin
+            ws, user_uuid, user_name, challenge_ids, origin
        )
        # Store the new credential in the database
        await sql.create_credential_for_user(credential)