Globals restructured to their own module. Origin and RP definition.
This commit is contained in:
Leo Vasanko
@@ -1,9 +1,13 @@
|
||||
import argparse
|
||||
import asyncio
|
||||
import logging
|
||||
|
||||
import uvicorn
|
||||
|
||||
|
||||
def main():
|
||||
# Configure logging to remove the "ERROR:root:" prefix
|
||||
logging.basicConfig(level=logging.INFO, format="%(message)s", force=True)
|
||||
parser = argparse.ArgumentParser(
|
||||
description="Run the passkey authentication server"
|
||||
)
|
||||
@@ -16,9 +20,25 @@ def main():
|
||||
parser.add_argument(
|
||||
"--dev", action="store_true", help="Enable development mode with auto-reload"
|
||||
)
|
||||
parser.add_argument(
|
||||
"--rp-id", default="localhost", help="Relying Party ID (default: localhost)"
|
||||
)
|
||||
parser.add_argument("--rp-name", help="Relying Party name (default: same as rp-id)")
|
||||
parser.add_argument("--origin", help="Origin URL (default: https://<rp-id>)")
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
# Initialize the application
|
||||
try:
|
||||
from .. import globals
|
||||
|
||||
asyncio.run(
|
||||
globals.init(rp_id=args.rp_id, rp_name=args.rp_name, origin=args.origin)
|
||||
)
|
||||
except ValueError as e:
|
||||
logging.error(f"⚠️ {e}")
|
||||
return
|
||||
|
||||
uvicorn.run(
|
||||
"passkey.fastapi:app",
|
||||
host=args.host,
|
||||
|
||||
@@ -17,7 +17,7 @@ from passkey.util import passphrase
|
||||
|
||||
from .. import aaguid
|
||||
from ..authsession import delete_credential, get_reset, get_session
|
||||
from ..db import db
|
||||
from ..globals import db
|
||||
from ..util.tokens import session_key
|
||||
from . import session
|
||||
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
import contextlib
|
||||
import logging
|
||||
from contextlib import asynccontextmanager
|
||||
from pathlib import Path
|
||||
|
||||
from fastapi import Cookie, FastAPI, Request, Response
|
||||
@@ -8,7 +7,6 @@ from fastapi.responses import FileResponse, JSONResponse
|
||||
from fastapi.staticfiles import StaticFiles
|
||||
|
||||
from ..authsession import get_session
|
||||
from ..db import db
|
||||
from . import ws
|
||||
from .api import register_api_routes
|
||||
from .reset import register_reset_routes
|
||||
@@ -16,25 +14,7 @@ from .reset import register_reset_routes
|
||||
STATIC_DIR = Path(__file__).parent.parent / "frontend-build"
|
||||
|
||||
|
||||
@asynccontextmanager
|
||||
async def lifespan(app: FastAPI):
|
||||
# Test if we have a database already initialized, otherwise use SQL
|
||||
try:
|
||||
db.instance
|
||||
except RuntimeError:
|
||||
from ..db import sql
|
||||
|
||||
await sql.init()
|
||||
|
||||
# Bootstrap system if needed
|
||||
from ..bootstrap import bootstrap_if_needed
|
||||
|
||||
await bootstrap_if_needed()
|
||||
|
||||
yield
|
||||
|
||||
|
||||
app = FastAPI(lifespan=lifespan)
|
||||
app = FastAPI()
|
||||
|
||||
|
||||
# Global exception handlers
|
||||
|
||||
@@ -4,7 +4,7 @@ from fastapi import Cookie, HTTPException, Request, Response
|
||||
from fastapi.responses import RedirectResponse
|
||||
|
||||
from ..authsession import expires, get_session
|
||||
from ..db import db
|
||||
from ..globals import db
|
||||
from ..util import passphrase, tokens
|
||||
from . import session
|
||||
|
||||
|
||||
@@ -8,8 +8,8 @@ from fastapi import Cookie, FastAPI, Query, WebSocket, WebSocketDisconnect
|
||||
from webauthn.helpers.exceptions import InvalidAuthenticationResponse
|
||||
|
||||
from ..authsession import EXPIRES, create_session, get_reset, get_session
|
||||
from ..db import User, db
|
||||
from ..sansio import Passkey
|
||||
from ..db import User
|
||||
from ..globals import db, passkey
|
||||
from ..util import passphrase
|
||||
from ..util.tokens import create_token, session_key
|
||||
from .session import infodict
|
||||
@@ -36,12 +36,6 @@ def websocket_error_handler(func):
|
||||
# Create a FastAPI subapp for WebSocket endpoints
|
||||
app = FastAPI()
|
||||
|
||||
# Initialize the passkey instance
|
||||
passkey = Passkey(
|
||||
rp_id="localhost",
|
||||
rp_name="Passkey Auth",
|
||||
)
|
||||
|
||||
|
||||
async def register_chat(
|
||||
ws: WebSocket,
|
||||
@@ -51,7 +45,7 @@ async def register_chat(
|
||||
origin: str | None = None,
|
||||
):
|
||||
"""Generate registration options and send them to the client."""
|
||||
options, challenge = passkey.reg_generate_options(
|
||||
options, challenge = passkey.instance.reg_generate_options(
|
||||
user_id=user_uuid,
|
||||
user_name=user_name,
|
||||
credential_ids=credential_ids,
|
||||
@@ -59,7 +53,7 @@ async def register_chat(
|
||||
)
|
||||
await ws.send_json(options)
|
||||
response = await ws.receive_json()
|
||||
return passkey.reg_verify(response, challenge, user_uuid, origin=origin)
|
||||
return passkey.instance.reg_verify(response, challenge, user_uuid, origin=origin)
|
||||
|
||||
|
||||
@app.websocket("/register")
|
||||
@@ -139,14 +133,14 @@ async def websocket_register_add(ws: WebSocket, auth=Cookie(None)):
|
||||
@websocket_error_handler
|
||||
async def websocket_authenticate(ws: WebSocket):
|
||||
origin = ws.headers["origin"]
|
||||
options, challenge = passkey.auth_generate_options()
|
||||
options, challenge = passkey.instance.auth_generate_options()
|
||||
await ws.send_json(options)
|
||||
# Wait for the client to use his authenticator to authenticate
|
||||
credential = passkey.auth_parse(await ws.receive_json())
|
||||
credential = passkey.instance.auth_parse(await ws.receive_json())
|
||||
# Fetch from the database by credential ID
|
||||
stored_cred = await db.instance.get_credential_by_id(credential.raw_id)
|
||||
# Verify the credential matches the stored data
|
||||
passkey.auth_verify(credential, challenge, stored_cred, origin=origin)
|
||||
passkey.instance.auth_verify(credential, challenge, stored_cred, origin=origin)
|
||||
# Update both credential and user's last_seen timestamp
|
||||
await db.instance.login(stored_cred.user_uuid, stored_cred)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user