torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refine WebAuthn configuration and enhance debug logging for origin verification

Browse Source 
Update the WebAuthn configuration to ensure HTTPS origins do not include ports, improving compliance with standards. Add detailed debug logging in the passkey registration process to verify the actual origin from the client response, aiding in troubleshooting and enhancing the clarity of the registration flow.
This commit is contained in:
Torsten Schulz (local)
2026-01-07 21:54:02 +01:00
parent c9c01a4db1
commit ea233d7211
2 changed files with 50 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
server/utils/webauthn-config.js
View File

@@ -2,8 +2,15 @@ function deriveFromBaseUrl() {
const base = process.env.NUXT_PUBLIC_BASE_URL || 'http://localhost:3100'
try {
const u = new URL(base)
// Für HTTPS (Port 443) den Port weglassen, da er standardmäßig ist
// Für andere Ports (z.B. Dev auf 3100) den Port beibehalten
const port = u.port && u.port !== '443' && u.port !== '80' ? `:${u.port}` : ''
const origin = u.protocol === 'https:' && !port
? `${u.protocol}//${u.hostname}`
: `${u.protocol}//${u.hostname}${port}`
return {
origin: `${u.protocol}//${u.host}`,
origin,
rpId: u.hostname
}
} catch {
@@ -16,10 +23,33 @@ export function getWebAuthnConfig() {
const rpId = process.env.WEBAUTHN_RP_ID || derived.rpId
const rpName = process.env.WEBAUTHN_RP_NAME || 'Harheimer TC'
const origin = process.env.WEBAUTHN_ORIGIN || derived.origin
// WEBAUTHN_ORIGIN hat Priorität, sonst von BASE_URL ableiten
// WICHTIG: Origin sollte KEINEN Port enthalten für HTTPS (443 ist Standard)
let origin = process.env.WEBAUTHN_ORIGIN || derived.origin
// Sicherstellen, dass HTTPS-Origins keinen Port haben (außer es ist explizit gesetzt)
if (origin.startsWith('https://') && !process.env.WEBAUTHN_ORIGIN) {
try {
const u = new URL(origin)
if (u.port === '443' || (!u.port && u.protocol === 'https:')) {
origin = `https://${u.hostname}`
}
} catch {
// Ignore
}
}
const requireUV = (process.env.WEBAUTHN_REQUIRE_UV || '').toLowerCase() === 'true'
console.log('[DEBUG] WebAuthn Config', {
rpId,
rpName,
origin,
requireUV,
webauthnOriginEnv: process.env.WEBAUTHN_ORIGIN,
baseUrlEnv: process.env.NUXT_PUBLIC_BASE_URL
})
return { rpId, rpName, origin, requireUV }
}