Refactored a bunch of shit

2026-02-09 01:49:19 -07:00
parent c39865031a
commit 12d59bb42f
40 changed files with 844 additions and 678 deletions
--- a/src/pages/api/auth/passkey/login/finish.ts
+++ b/src/pages/api/auth/passkey/login/finish.ts
@@ -65,7 +65,8 @@ export const POST: APIRoute = async ({ request, cookies }) => {
      },
    });
  } catch (error) {
-    return new Response(JSON.stringify({ error: (error as Error).message }), {
+    console.error("Passkey authentication verification failed:", error);
+    return new Response(JSON.stringify({ error: "Verification failed" }), {
      status: 400,
    });
  }
--- a/src/pages/api/auth/passkey/login/start.ts
+++ b/src/pages/api/auth/passkey/login/start.ts
@@ -2,8 +2,13 @@ import type { APIRoute } from "astro";
 import { generateAuthenticationOptions } from "@simplewebauthn/server";
 import { db } from "../../../../../db";
 import { passkeyChallenges } from "../../../../../db/schema";
+import { lte } from "drizzle-orm";

 export const GET: APIRoute = async ({ request }) => {
+  await db
+    .delete(passkeyChallenges)
+    .where(lte(passkeyChallenges.expiresAt, new Date()));
+
  const options = await generateAuthenticationOptions({
    rpID: new URL(request.url).hostname,
    userVerification: "preferred",
--- a/src/pages/api/auth/passkey/register/finish.ts
+++ b/src/pages/api/auth/passkey/register/finish.ts
@@ -48,7 +48,8 @@ export const POST: APIRoute = async ({ request, locals }) => {
      expectedRPID: new URL(request.url).hostname,
    });
  } catch (error) {
-    return new Response(JSON.stringify({ error: (error as Error).message }), {
+    console.error("Passkey registration verification failed:", error);
+    return new Response(JSON.stringify({ error: "Verification failed" }), {
      status: 400,
    });
  }
--- a/src/pages/api/auth/passkey/register/start.ts
+++ b/src/pages/api/auth/passkey/register/start.ts
@@ -2,7 +2,7 @@ import type { APIRoute } from "astro";
 import { generateRegistrationOptions } from "@simplewebauthn/server";
 import { db } from "../../../../../db";
 import { passkeys, passkeyChallenges } from "../../../../../db/schema";
-import { eq } from "drizzle-orm";
+import { eq, lte } from "drizzle-orm";

 export const GET: APIRoute = async ({ request, locals }) => {
  const user = locals.user;
@@ -13,6 +13,10 @@ export const GET: APIRoute = async ({ request, locals }) => {
    });
  }

+  await db
+    .delete(passkeyChallenges)
+    .where(lte(passkeyChallenges.expiresAt, new Date()));
+
  const userPasskeys = await db.query.passkeys.findMany({
    where: eq(passkeys.userId, user.id),
  });