diff --git a/server/api/auth/register-passkey.post.js b/server/api/auth/register-passkey.post.js index 26116de..cafbb65 100644 --- a/server/api/auth/register-passkey.post.js +++ b/server/api/auth/register-passkey.post.js @@ -64,6 +64,11 @@ export default defineEventHandler(async (event) => { const decoded = Buffer.from(clientData, 'base64').toString('utf-8') const parsed = JSON.parse(decoded) actualOrigin = parsed.origin + console.log('[DEBUG] Parsed clientDataJSON', { + origin: parsed.origin, + type: parsed.type, + challenge: parsed.challenge ? 'present' : 'missing' + }) } catch (e) { console.warn('[DEBUG] Could not parse clientDataJSON:', e) } @@ -71,42 +76,79 @@ export default defineEventHandler(async (event) => { console.log('[DEBUG] WebAuthn config for verification', { expectedOrigin: origin, + expectedOriginType: typeof origin, + expectedOriginLength: origin?.length, actualOriginFromResponse: actualOrigin, rpId, requireUV, - originMatch: origin === actualOrigin + originMatch: origin === actualOrigin, + webauthnOriginEnv: process.env.WEBAUTHN_ORIGIN, + baseUrlEnv: process.env.NUXT_PUBLIC_BASE_URL }) + + // WICHTIG: Sicherstellen, dass die Origin KEINEN Port hat + if (origin && origin.includes(':3100')) { + console.error('[DEBUG] ERROR: expectedOrigin contains port 3100! This will cause verification to fail.') + console.error('[DEBUG] Fix: Set WEBAUTHN_ORIGIN=https://harheimertc.tsschulz.de (without port) in .env') + throw createError({ + statusCode: 500, + statusMessage: 'WebAuthn-Konfiguration fehlerhaft: Origin enthält Port 3100. Bitte WEBAUTHN_ORIGIN in .env korrigieren.' + }) + } console.log('[DEBUG] Verifying registration response...') - const verifyStart = Date.now() - - const verification = await verifyRegistrationResponse({ - response, - expectedChallenge: challenge, + console.log('[DEBUG] Verification parameters', { expectedOrigin: origin, expectedRPID: rpId, - requireUserVerification: requireUV + hasChallenge: !!challenge, + challengeLength: challenge?.length, + hasResponse: !!response, + responseId: response?.id }) + + const verifyStart = Date.now() + + let verification + try { + verification = await verifyRegistrationResponse({ + response, + expectedChallenge: challenge, + expectedOrigin: origin, + expectedRPID: rpId, + requireUserVerification: requireUV + }) + } catch (verifyError) { + const verifyDuration = Date.now() - verifyStart + console.error(`[DEBUG] Verification error (${verifyDuration}ms):`, { + error: verifyError, + message: verifyError?.message, + cause: verifyError?.cause?.message, + expectedOrigin: origin, + actualOriginFromResponse: actualOrigin, + stack: verifyError?.stack + }) + throw verifyError + } const verifyDuration = Date.now() - verifyStart const { verified, registrationInfo } = verification - - console.log(`[DEBUG] Verification completed (${verifyDuration}ms)`, { - verified, - hasRegistrationInfo: !!registrationInfo, - credentialId: registrationInfo?.credentialID ? 'present' : 'missing', - deviceType: registrationInfo?.credentialDeviceType, - backedUp: registrationInfo?.credentialBackedUp - }) - - if (!verified || !registrationInfo) { - console.error('[DEBUG] Verification failed', { + + console.log(`[DEBUG] Verification completed (${verifyDuration}ms)`, { verified, - hasRegistrationInfo: !!registrationInfo + hasRegistrationInfo: !!registrationInfo, + credentialId: registrationInfo?.credentialID ? 'present' : 'missing', + deviceType: registrationInfo?.credentialDeviceType, + backedUp: registrationInfo?.credentialBackedUp }) - await writeAuditLog('auth.passkey.prereg.failed', { email }) - throw createError({ statusCode: 400, statusMessage: 'Passkey-Registrierung fehlgeschlagen' }) - } + + if (!verified || !registrationInfo) { + console.error('[DEBUG] Verification failed', { + verified, + hasRegistrationInfo: !!registrationInfo + }) + await writeAuditLog('auth.passkey.prereg.failed', { email }) + throw createError({ statusCode: 400, statusMessage: 'Passkey-Registrierung fehlgeschlagen' }) + } const { credentialID,