atash/chronus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

Fixed Origin mismatch for passkeys
All checks were successful
Docker Deploy / build-and-push (push) Successful in 4m9s
Details

Browse Source
This commit is contained in:
Atridad Lahiji
2026-02-13 11:35:06 -07:00
parent 705358d44c
commit e99e042eea
7 changed files with 35 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/pages/api/auth/passkey/login/finish.ts
View File

@@ -3,7 +3,7 @@ import { verifyAuthenticationResponse } from "@simplewebauthn/server";
import { db } from "../../../../../db";
import { users, passkeys, passkeyChallenges } from "../../../../../db/schema";
import { eq, and, gt } from "drizzle-orm";
import { setAuthCookie } from "../../../../../lib/auth";
import { setAuthCookie, getOrigin } from "../../../../../lib/auth";
export const POST: APIRoute = async ({ request, cookies }) => {
const body = await request.json();
@@ -50,11 +50,12 @@ export const POST: APIRoute = async ({ request, cookies }) => {
let verification;
try {
const { origin, hostname } = getOrigin();
verification = await verifyAuthenticationResponse({
response: body,
expectedChallenge: challenge as string,
expectedOrigin: new URL(request.url).origin,
expectedRPID: new URL(request.url).hostname,
expectedOrigin: origin,
expectedRPID: hostname,
credential: {
id: passkey.id,
publicKey: new Uint8Array(Buffer.from(passkey.publicKey, "base64")),