-
Notifications
You must be signed in to change notification settings - Fork 3
/
passkey.go
139 lines (109 loc) Β· 2.73 KB
/
passkey.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
package passkey
import (
"errors"
"fmt"
"net/http"
"time"
"github.com/go-webauthn/webauthn/webauthn"
)
const (
pathRegisterBegin = "/passkey/registerBegin"
pathRegisterFinish = "/passkey/registerFinish"
pathLoginBegin = "/passkey/loginBegin"
pathLoginFinish = "/passkey/loginFinish"
defaultSessionCookieName = "sid"
defaultCookieMaxAge = 60 * time.Minute
)
type Config struct {
WebauthnConfig *webauthn.Config
UserStore
SessionStore
SessionMaxAge time.Duration
}
type CookieSettings struct {
Name string
Path string
MaxAge time.Duration
Secure bool
HttpOnly bool //nolint:stylecheck // naming from http.Cookie
SameSite http.SameSite
}
type Passkey struct {
cfg Config
webAuthn *webauthn.WebAuthn
userStore UserStore
sessionStore SessionStore
mux *http.ServeMux
staticMux *http.ServeMux
l Logger
cookieSettings CookieSettings
}
// New creates new Passkey instance
func New(cfg Config, opts ...Option) (*Passkey, error) {
p := &Passkey{
cfg: cfg,
userStore: cfg.UserStore,
sessionStore: cfg.SessionStore,
mux: http.NewServeMux(),
staticMux: http.NewServeMux(),
cookieSettings: CookieSettings{
Path: "/",
Secure: true,
HttpOnly: true,
SameSite: http.SameSiteLaxMode,
},
}
p.setupOptions(opts)
p.setupRoutes()
err := p.setupWebAuthn()
if err != nil {
return nil, errors.New("can't create webauthn: " + err.Error())
}
p.raiseWarnings()
return p, nil
}
func (p *Passkey) setupOptions(opts []Option) {
setupDefaultOptions(p)
for _, opts := range opts {
opts(p)
}
}
func setupDefaultOptions(p *Passkey) {
defaultOpts := []Option{
WithLogger(&NullLogger{}),
WithSessionCookieName(defaultSessionCookieName),
WithCookieMaxAge(defaultCookieMaxAge),
}
for _, opt := range defaultOpts {
opt(p)
}
}
func (p *Passkey) raiseWarnings() {
if p.cfg.SessionMaxAge == 0 {
p.l.Warnf("session max age is not set")
}
if !p.cookieSettings.Secure {
p.l.Warnf("cookie is not secure!")
}
}
func (p *Passkey) setupWebAuthn() error {
webAuthn, err := webauthn.New(p.cfg.WebauthnConfig)
if err != nil {
fmt.Printf("[FATA] %s", err.Error())
p.l.Errorf("can't create webauthn: %s", err.Error())
return err
}
p.webAuthn = webAuthn
return nil
}
func (p *Passkey) setupRoutes() {
p.mux.HandleFunc(pathRegisterBegin, p.beginRegistration)
p.mux.HandleFunc(pathRegisterFinish, p.finishRegistration)
p.mux.HandleFunc(pathLoginBegin, p.beginLogin)
p.mux.HandleFunc(pathLoginFinish, p.finishLogin)
p.staticMux.Handle("/", http.FileServer(http.Dir("./static")))
}
// MountRoutes mounts passkey routes to mux
func (p *Passkey) MountRoutes(mux *http.ServeMux, path string) {
mux.Handle(path, http.StripPrefix(path[:len(path)-1], p.mux))
}