LeoVasanko/passkey-auth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: LeoVasanko:42545c07d20ac463268461f91301503a70b40a09
Branches Tags
LeoVasanko:main
...
compare: LeoVasanko:ba5f2d8bd9361b671e658b125668333014bace88
Branches Tags
LeoVasanko:main

2 Commits
42545c07d2 ... ba5f2d8bd9

Author SHA1 Message Date
Leo Vasanko
ba5f2d8bd9 Error handling cleanup for WS too. 2025-08-06 10:53:13 -06:00
Leo Vasanko
c9ae53ef79 Centralised error handling & convenience. 2025-08-06 10:44:57 -06:00
4 changed files with 192 additions and 228 deletions
Show Stats Expand all files Collapse all files

27
passkey/fastapi/api.py
View File

@ -30,20 +30,15 @@ def register_api_routes(app: FastAPI):
@app.post("/auth/validate") @app.post("/auth/validate")
async def validate_token(response: Response, auth=Cookie(None)): async def validate_token(response: Response, auth=Cookie(None)):
"""Lightweight token validation endpoint.""" """Lightweight token validation endpoint."""
try:
s = await get_session(auth) s = await get_session(auth)
return { return {
"valid": True, "valid": True,
"user_uuid": str(s.user_uuid), "user_uuid": str(s.user_uuid),
} }
except ValueError:
response.status_code = 401
return {"valid": False}
@app.post("/auth/user-info") @app.post("/auth/user-info")
async def api_user_info(response: Response, auth=Cookie(None)): async def api_user_info(response: Response, auth=Cookie(None)):
"""Get full user information for the authenticated user.""" """Get full user information for the authenticated user."""
try:
reset = passphrase.is_well_formed(auth) reset = passphrase.is_well_formed(auth)
s = await (get_reset if reset else get_session)(auth) s = await (get_reset if reset else get_session)(auth)
u = await db.instance.get_user_by_uuid(s.user_uuid) u = await db.instance.get_user_by_uuid(s.user_uuid)
@ -96,12 +91,6 @@ def register_api_routes(app: FastAPI):
"credentials": credentials, "credentials": credentials,
"aaguid_info": aaguid_info, "aaguid_info": aaguid_info,
} }
except ValueError as e:
response.status_code = 400
return {"detail": f"Failed to get user info: {e}"}
except Exception:
response.status_code = 500
return {"detail": "Failed to get user info"}
@app.post("/auth/logout") @app.post("/auth/logout")
async def api_logout(response: Response, auth=Cookie(None)): async def api_logout(response: Response, auth=Cookie(None)):
@ -119,7 +108,6 @@ def register_api_routes(app: FastAPI):
@app.post("/auth/set-session") @app.post("/auth/set-session")
async def api_set_session(response: Response, auth=Depends(bearer_auth)): async def api_set_session(response: Response, auth=Depends(bearer_auth)):
"""Set session cookie from Authorization header. Fetched after login by WebSocket.""" """Set session cookie from Authorization header. Fetched after login by WebSocket."""
try:
user = await get_session(auth.credentials) user = await get_session(auth.credentials)
if not user: if not user:
raise ValueError("Invalid Authorization header.") raise ValueError("Invalid Authorization header.")
@ -130,25 +118,10 @@ def register_api_routes(app: FastAPI):
"user_uuid": str(user.user_uuid), "user_uuid": str(user.user_uuid),
} }
except ValueError as e:
response.status_code = 400
return {"detail": str(e)}
except Exception:
response.status_code = 500
return {"detail": "Failed to set session"}
@app.delete("/auth/credential/{uuid}") @app.delete("/auth/credential/{uuid}")
async def api_delete_credential( async def api_delete_credential(
response: Response, uuid: UUID, auth: str = Cookie(None) response: Response, uuid: UUID, auth: str = Cookie(None)
): ):
"""Delete a specific credential for the current user.""" """Delete a specific credential for the current user."""
try:
await delete_credential(uuid, auth) await delete_credential(uuid, auth)
return {"message": "Credential deleted successfully"} return {"message": "Credential deleted successfully"}
except ValueError as e:
response.status_code = 400
return {"detail": str(e)}
except Exception:
response.status_code = 500
return {"detail": "Failed to delete credential"}

18
passkey/fastapi/mainapp.py
View File

@ -1,9 +1,10 @@
import contextlib import contextlib
import logging
from contextlib import asynccontextmanager from contextlib import asynccontextmanager
from pathlib import Path from pathlib import Path
from fastapi import Cookie, FastAPI, Request, Response from fastapi import Cookie, FastAPI, Request, Response
from fastapi.responses import FileResponse from fastapi.responses import FileResponse, JSONResponse
from fastapi.staticfiles import StaticFiles from fastapi.staticfiles import StaticFiles
from ..authsession import get_session from ..authsession import get_session
@ -30,6 +31,21 @@ async def lifespan(app: FastAPI):
app = FastAPI(lifespan=lifespan) app = FastAPI(lifespan=lifespan)
# Global exception handlers
@app.exception_handler(ValueError)
async def value_error_handler(request: Request, exc: ValueError):
"""Handle ValueError exceptions globally with 400 status code."""
return JSONResponse(status_code=400, content={"detail": str(exc)})
@app.exception_handler(Exception)
async def general_exception_handler(request: Request, exc: Exception):
"""Handle all other exceptions globally with 500 status code."""
logging.exception("Internal Server Error")
return JSONResponse(status_code=500, content={"detail": "Internal server error"})
# Mount the WebSocket subapp # Mount the WebSocket subapp
app.mount("/auth/ws", ws.app) app.mount("/auth/ws", ws.app)

8
passkey/fastapi/reset.py
View File

@ -15,7 +15,6 @@ def register_reset_routes(app):
@app.post("/auth/create-link") @app.post("/auth/create-link")
async def api_create_link(request: Request, response: Response, auth=Cookie(None)): async def api_create_link(request: Request, response: Response, auth=Cookie(None)):
"""Create a device addition link for the authenticated user.""" """Create a device addition link for the authenticated user."""
try:
# Require authentication # Require authentication
s = await get_session(auth) s = await get_session(auth)
@ -38,13 +37,6 @@ def register_reset_routes(app):
"expires": expires().isoformat(), "expires": expires().isoformat(),
} }
except ValueError:
response.status_code = 401
return {"detail": "Authentication required"}
except Exception as e:
response.status_code = 500
return {"detail": f"Failed to create registration link: {str(e)}"}
@app.get("/auth/{reset_token}") @app.get("/auth/{reset_token}")
async def reset_authentication( async def reset_authentication(
request: Request, request: Request,

67
passkey/fastapi/ws.py
View File

@ -1,15 +1,6 @@
"""
WebSocket handlers for passkey authentication operations.
This module contains all WebSocket endpoints for:
- User registration
- Adding credentials to existing users
- Device credential addition via token
- Authentication
"""
import logging import logging
from datetime import datetime from datetime import datetime
from functools import wraps
from uuid import UUID from uuid import UUID
import uuid7 import uuid7
@ -23,6 +14,25 @@ from ..util import passphrase
from ..util.tokens import create_token, session_key from ..util.tokens import create_token, session_key
from .session import infodict from .session import infodict
# WebSocket error handling decorator
def websocket_error_handler(func):
@wraps(func)
async def wrapper(ws: WebSocket, *args, **kwargs):
try:
await ws.accept()
return await func(ws, *args, **kwargs)
except WebSocketDisconnect:
pass
except (ValueError, InvalidAuthenticationResponse) as e:
await ws.send_json({"detail": str(e)})
except Exception:
logging.exception("Internal Server Error")
await ws.send_json({"detail": "Internal Server Error"})
return wrapper
# Create a FastAPI subapp for WebSocket endpoints # Create a FastAPI subapp for WebSocket endpoints
app = FastAPI() app = FastAPI()
@ -53,13 +63,12 @@ async def register_chat(
@app.websocket("/register") @app.websocket("/register")
@websocket_error_handler
async def websocket_register_new( async def websocket_register_new(
ws: WebSocket, user_name: str = Query(""), auth=Cookie(None) ws: WebSocket, user_name: str = Query(""), auth=Cookie(None)
): ):
"""Register a new user and with a new passkey credential.""" """Register a new user and with a new passkey credential."""
await ws.accept() origin = ws.headers["origin"]
origin = ws.headers.get("origin")
try:
user_uuid = uuid7.create() user_uuid = uuid7.create()
# WebAuthn registration # WebAuthn registration
credential = await register_chat(ws, user_uuid, user_name, origin=origin) credential = await register_chat(ws, user_uuid, user_name, origin=origin)
@ -85,21 +94,13 @@ async def websocket_register_new(
"session_token": token, "session_token": token,
} }
) )
except ValueError as e:
await ws.send_json({"detail": str(e)})
except WebSocketDisconnect:
pass
except Exception:
logging.exception("Internal Server Error")
await ws.send_json({"detail": "Internal Server Error"})
@app.websocket("/add_credential") @app.websocket("/add_credential")
@websocket_error_handler
async def websocket_register_add(ws: WebSocket, auth=Cookie(None)): async def websocket_register_add(ws: WebSocket, auth=Cookie(None)):
"""Register a new credential for an existing user.""" """Register a new credential for an existing user."""
await ws.accept()
origin = ws.headers["origin"] origin = ws.headers["origin"]
try:
# Try to get either a regular session or a reset session # Try to get either a regular session or a reset session
reset = passphrase.is_well_formed(auth) reset = passphrase.is_well_formed(auth)
s = await (get_reset if reset else get_session)(auth) s = await (get_reset if reset else get_session)(auth)
@ -111,9 +112,7 @@ async def websocket_register_add(ws: WebSocket, auth=Cookie(None)):
challenge_ids = await db.instance.get_credentials_by_user_uuid(user_uuid) challenge_ids = await db.instance.get_credentials_by_user_uuid(user_uuid)
# WebAuthn registration # WebAuthn registration
credential = await register_chat( credential = await register_chat(ws, user_uuid, user_name, challenge_ids, origin)
ws, user_uuid, user_name, challenge_ids, origin
)
if reset: if reset:
# Replace reset session with a new session # Replace reset session with a new session
await db.instance.delete_session(s.key) await db.instance.delete_session(s.key)
@ -134,20 +133,12 @@ async def websocket_register_add(ws: WebSocket, auth=Cookie(None)):
"message": "New credential added successfully", "message": "New credential added successfully",
} }
) )
except ValueError as e:
await ws.send_json({"detail": str(e)})
except WebSocketDisconnect:
pass
except Exception:
logging.exception("Internal Server Error")
await ws.send_json({"detail": "Internal Server Error"})
@app.websocket("/authenticate") @app.websocket("/authenticate")
@websocket_error_handler
async def websocket_authenticate(ws: WebSocket): async def websocket_authenticate(ws: WebSocket):
await ws.accept()
origin = ws.headers["origin"] origin = ws.headers["origin"]
try:
options, challenge = passkey.auth_generate_options() options, challenge = passkey.auth_generate_options()
await ws.send_json(options) await ws.send_json(options)
# Wait for the client to use his authenticator to authenticate # Wait for the client to use his authenticator to authenticate
@ -173,11 +164,3 @@ async def websocket_authenticate(ws: WebSocket):
"session_token": token, "session_token": token,
} }
) )
except (ValueError, InvalidAuthenticationResponse) as e:
logging.exception("ValueError")
await ws.send_json({"detail": str(e)})
except WebSocketDisconnect:
pass
except Exception:
logging.exception("Internal Server Error")
await ws.send_json({"detail": "Internal Server Error"})