zitadel/apps/login/src/app/api/u2f/verify/route.ts

import { getSession, verifyU2FRegistration } from "@/lib/zitadel";
import { getSessionCookieById } from "@/utils/cookies";
import { NextRequest, NextResponse, userAgent } from "next/server";
import { VerifyU2FRegistrationRequest } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
import { PlainMessage } from "@zitadel/client";

export async function POST(request: NextRequest) {
  const body = await request.json();
  if (body) {
    let { u2fId, passkeyName, publicKeyCredential, sessionId } = body;

    if (!!!passkeyName) {
      const { browser, device, os } = userAgent(request);
      passkeyName = `${device.vendor ?? ""} ${device.model ?? ""}${
        device.vendor || device.model ? ", " : ""
      }${os.name}${os.name ? ", " : ""}${browser.name}`;
    }
    const sessionCookie = await getSessionCookieById(sessionId);

    const session = await getSession(sessionCookie.id, sessionCookie.token);

    const userId = session?.session?.factors?.user?.id;

    if (userId) {
      const req: PlainMessage<VerifyU2FRegistrationRequest> = {
        publicKeyCredential,
        u2fId,
        userId,
        tokenName: passkeyName,
      };
      return verifyU2FRegistration(req)
        .then((resp) => {
          return NextResponse.json(resp);
        })
        .catch((error) => {
          return NextResponse.json(error, { status: 500 });
        });
    } else {
      return NextResponse.json(
        { details: "could not get session" },
        { status: 500 },
      );
    }
  } else {
    return NextResponse.json({}, { status: 400 });
  }
}
refactor: zitadel server Signed-off-by: Yordis Prieto <yordis.prieto@gmail.com> 2024-04-07 03:56:46 -04:00			`import { getSession, verifyU2FRegistration } from "@/lib/zitadel";`
chore: move app code into src dir 2024-05-13 16:17:12 -04:00			`import { getSessionCookieById } from "@/utils/cookies";`
u2f registration endpoint 2024-05-07 09:52:46 +02:00			`import { NextRequest, NextResponse, userAgent } from "next/server";`
update paths 2024-08-06 09:34:45 +02:00			`import { VerifyU2FRegistrationRequest } from "@zitadel/proto/zitadel/user/v2/user_service_pb";`
fix: remove old zitadel client 2024-07-25 23:16:07 -04:00			`import { PlainMessage } from "@zitadel/client";`
u2f registration endpoint 2024-05-07 09:52:46 +02:00
			`export async function POST(request: NextRequest) {`
			`const body = await request.json();`
			`if (body) {`
u2fId 2024-05-07 10:04:03 +02:00			`let { u2fId, passkeyName, publicKeyCredential, sessionId } = body;`
u2f registration endpoint 2024-05-07 09:52:46 +02:00
			`if (!!!passkeyName) {`
			`const { browser, device, os } = userAgent(request);`
			passkeyName = `${device.vendor ?? ""} ${device.model ?? ""}${
			`device.vendor \|\| device.model ? ", " : ""`
			}${os.name}${os.name ? ", " : ""}${browser.name}`;
			`}`
			`const sessionCookie = await getSessionCookieById(sessionId);`

refactor: zitadel server Signed-off-by: Yordis Prieto <yordis.prieto@gmail.com> 2024-04-07 03:56:46 -04:00			`const session = await getSession(sessionCookie.id, sessionCookie.token);`
u2f registration endpoint 2024-05-07 09:52:46 +02:00
			`const userId = session?.session?.factors?.user?.id;`

			`if (userId) {`
refactor: zitadel server Signed-off-by: Yordis Prieto <yordis.prieto@gmail.com> 2024-04-07 03:56:46 -04:00			`const req: PlainMessage<VerifyU2FRegistrationRequest> = {`
u2f registration endpoint 2024-05-07 09:52:46 +02:00			`publicKeyCredential,`
u2fId 2024-05-07 10:04:03 +02:00			`u2fId,`
u2f registration endpoint 2024-05-07 09:52:46 +02:00			`userId,`
			`tokenName: passkeyName,`
			`};`
			`return verifyU2FRegistration(req)`
			`.then((resp) => {`
			`return NextResponse.json(resp);`
			`})`
			`.catch((error) => {`
			`return NextResponse.json(error, { status: 500 });`
			`});`
			`} else {`
			`return NextResponse.json(`
			`{ details: "could not get session" },`
chore: move app code into src dir 2024-05-13 16:17:12 -04:00			`{ status: 500 },`
u2f registration endpoint 2024-05-07 09:52:46 +02:00			`);`
			`}`
			`} else {`
			`return NextResponse.json({}, { status: 400 });`
			`}`
			`}`