torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(lint): add safe fallbacks for Nitro globals (getMethod/getRequestURL) in passkey and middleware handlers
Some checks failed
Code Analysis and Production Deploy / analyze (push) Failing after 2m50s
Details
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Details
Code Analysis and Production Deploy / deploy-test (push) Has been skipped
Details

Browse Source
This commit is contained in:
Torsten Schulz (local)
2026-05-27 20:02:46 +02:00
parent 512756cb48
commit 9def0fdc32
7 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/api/auth/passkeys/authentication-options.post.js
View File

@@ -14,7 +14,7 @@ export default defineEventHandler(async (event) => {
} }
// Provide a safe fallback for getMethod when linting/runtime doesn't expose it // Provide a safe fallback for getMethod when linting/runtime doesn't expose it
const _getMethod = typeof getMethod === 'function' ? getMethod : (e) => (e?.req?.method || e?.method || 'GET') const _getMethod = typeof globalThis.getMethod === 'function' ? globalThis.getMethod : (e) => (e?.req?.method || e?.method || 'GET')
if (_getMethod(event) === 'OPTIONS') { if (_getMethod(event) === 'OPTIONS') {
return { success: true } return { success: true }
} }

6
server/api/auth/passkeys/login.post.js
View File

@@ -7,6 +7,12 @@ import { getAuthCookieOptions } from '../../../utils/cookies.js'
import { writeAuditLog } from '../../../utils/audit-log.js' import { writeAuditLog } from '../../../utils/audit-log.js'
import { getClientIp } from '../../../utils/rate-limit.js' import { getClientIp } from '../../../utils/rate-limit.js'
// Local fallback for Nitro globals when lint/run env doesn't provide them
const getMethod = globalThis.getMethod ?? ((e) => (e?.req?.method || e?.method || 'GET'))
const getRequestURL = globalThis.getRequestURL ?? ((e) => {
try { return new URL(e?.req?.url, 'http://localhost') } catch { return { href: String(e?.req?.url || ''), pathname: String(e?.req?.url || '').split('?')[0] || '' } }
})
function findUserByCredentialId(users, credentialId) { function findUserByCredentialId(users, credentialId) {
const cid = String(credentialId || '') const cid = String(credentialId || '')
for (const u of users) { for (const u of users) {

3
server/api/auth/passkeys/registration-options.post.js
View File

@@ -1,4 +1,7 @@
import { generateRegistrationOptions } from '@simplewebauthn/server' import { generateRegistrationOptions } from '@simplewebauthn/server'
// Local fallback for Nitro globals when lint/run env doesn't provide them
const getMethod = globalThis.getMethod ?? ((e) => (e?.req?.method || e?.method || 'GET'))
import { getUserFromToken, hasAnyRole } from '../../../utils/auth.js' import { getUserFromToken, hasAnyRole } from '../../../utils/auth.js'
import { getWebAuthnConfig } from '../../../utils/webauthn-config.js' import { getWebAuthnConfig } from '../../../utils/webauthn-config.js'
import { setRegistrationChallenge } from '../../../utils/webauthn-challenges.js' import { setRegistrationChallenge } from '../../../utils/webauthn-challenges.js'

3
server/api/auth/register-passkey-options.post.js
View File

@@ -5,6 +5,9 @@ import { getWebAuthnConfig } from '../../utils/webauthn-config.js'
import { setPreRegistration } from '../../utils/webauthn-challenges.js' import { setPreRegistration } from '../../utils/webauthn-challenges.js'
import { writeAuditLog } from '../../utils/audit-log.js' import { writeAuditLog } from '../../utils/audit-log.js'
// Local fallback for Nitro globals when lint/run env doesn't provide them
const getMethod = globalThis.getMethod ?? ((e) => (e?.req?.method || e?.method || 'GET'))
function isValidEmail(email) { function isValidEmail(email) {
return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(String(email || '')) return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(String(email || ''))
} }

2
server/api/auth/register-passkey-options/[registrationId].get.js
View File

@@ -1,4 +1,6 @@
import { getPreRegistration } from '../../../utils/webauthn-challenges.js' import { getPreRegistration } from '../../../utils/webauthn-challenges.js'
// Local fallback for Nitro globals when lint/run env doesn't provide them
const getMethod = globalThis.getMethod ?? ((e) => (e?.req?.method || e?.method || 'GET'))
import { generateRegistrationOptions } from '@simplewebauthn/server' import { generateRegistrationOptions } from '@simplewebauthn/server'
import { getWebAuthnConfig } from '../../../utils/webauthn-config.js' import { getWebAuthnConfig } from '../../../utils/webauthn-config.js'

6
server/api/auth/register-passkey.post.js
View File

@@ -9,6 +9,12 @@ import { writeAuditLog } from '../../utils/audit-log.js'
import { assertPasswordNotPwned } from '../../utils/hibp.js' import { assertPasswordNotPwned } from '../../utils/hibp.js'
import { getClientIp } from '../../utils/rate-limit.js' import { getClientIp } from '../../utils/rate-limit.js'
// Local fallback for Nitro globals when lint/run env doesn't provide them
const getMethod = globalThis.getMethod ?? ((e) => (e?.req?.method || e?.method || 'GET'))
const getRequestURL = globalThis.getRequestURL ?? ((e) => {
try { return new URL(e?.req?.url, 'http://localhost') } catch { return { href: String(e?.req?.url || ''), pathname: String(e?.req?.url || '').split('?')[0] || '' } }
})
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
const requestStart = Date.now() const requestStart = Date.now()
const requestOrigin = getHeader(event, 'origin') const requestOrigin = getHeader(event, 'origin')

4
server/middleware/log-requests.js
View File

@@ -4,6 +4,10 @@
*/ */
export default defineEventHandler((event) => { export default defineEventHandler((event) => {
const getRequestURL = globalThis.getRequestURL ?? ((e) => {
try { return new URL(e?.req?.url, 'http://localhost') } catch { return { href: String(e?.req?.url || ''), pathname: String(e?.req?.url || '').split('?')[0] || '' } }
})
const getMethod = globalThis.getMethod ?? ((e) => (e?.req?.method || e?.method || 'GET'))
const url = getRequestURL(event) const url = getRequestURL(event)
const method = getMethod(event) const method = getMethod(event)
const path = url.pathname const path = url.pathname