u2f registration endpoint

apps/login/app/api/u2f/set/route.ts

@@ -1,70 +0,0 @@
-import {
-  SessionCookie,
-  getMostRecentSessionCookie,
-  getSessionCookieById,
-  getSessionCookieByLoginName,
-} from "#/utils/cookies";
-import { setSessionAndUpdateCookie } from "#/utils/session";
-import { Checks } from "@zitadel/server";
-import { NextRequest, NextResponse, userAgent } from "next/server";
-
-export async function POST(request: NextRequest) {
-  const body = await request.json();
-
-  if (body) {
-    const { loginName, sessionId, organization, authRequestId, code, method } =
-      body;
-
-    const recentPromise: Promise<SessionCookie> = sessionId
-      ? getSessionCookieById(sessionId).catch((error) => {
-          return Promise.reject(error);
-        })
-      : loginName
-      ? getSessionCookieByLoginName(loginName, organization).catch((error) => {
-          return Promise.reject(error);
-        })
-      : getMostRecentSessionCookie().catch((error) => {
-          return Promise.reject(error);
-        });
-
-    return recentPromise
-      .then((recent) => {
-        const checks: Checks = {};
-
-        if (method === "time-based") {
-          checks.totp = {
-            code,
-          };
-        } else if (method === "sms") {
-          checks.otpSms = {
-            code,
-          };
-        } else if (method === "email") {
-          checks.otpEmail = {
-            code,
-          };
-        }
-
-        return setSessionAndUpdateCookie(
-          recent,
-          checks,
-          undefined,
-          authRequestId
-        ).then((session) => {
-          return NextResponse.json({
-            sessionId: session.id,
-            factors: session.factors,
-            challenges: session.challenges,
-          });
-        });
-      })
-      .catch((error) => {
-        return NextResponse.json({ details: error }, { status: 500 });
-      });
-  } else {
-    return NextResponse.json(
-      { details: "Request body is missing" },
-      { status: 400 }
-    );
-  }
-}

apps/login/app/api/u2f/verify/route.ts

@@ -0,0 +1,50 @@
+import { getSession, server, verifyU2FRegistration } from "#/lib/zitadel";
+import { getSessionCookieById } from "#/utils/cookies";
+import { VerifyU2FRegistrationRequest } from "@zitadel/server";
+import { NextRequest, NextResponse, userAgent } from "next/server";
+
+export async function POST(request: NextRequest) {
+  const body = await request.json();
+  if (body) {
+    let { passkeyId, passkeyName, publicKeyCredential, sessionId } = body;
+
+    if (!!!passkeyName) {
+      const { browser, device, os } = userAgent(request);
+      passkeyName = `${device.vendor ?? ""} ${device.model ?? ""}${
+        device.vendor || device.model ? ", " : ""
+      }${os.name}${os.name ? ", " : ""}${browser.name}`;
+    }
+    const sessionCookie = await getSessionCookieById(sessionId);
+
+    const session = await getSession(
+      server,
+      sessionCookie.id,
+      sessionCookie.token
+    );
+
+    const userId = session?.session?.factors?.user?.id;
+
+    if (userId) {
+      const req: VerifyU2FRegistrationRequest = {
+        publicKeyCredential,
+        u2fId: passkeyId,
+        userId,
+        tokenName: passkeyName,
+      };
+      return verifyU2FRegistration(req)
+        .then((resp) => {
+          return NextResponse.json(resp);
+        })
+        .catch((error) => {
+          return NextResponse.json(error, { status: 500 });
+        });
+    } else {
+      return NextResponse.json(
+        { details: "could not get session" },
+        { status: 500 }
+      );
+    }
+  } else {
+    return NextResponse.json({}, { status: 400 });
+  }
+}