Add security comments to path handling in various scripts to clarify internal constant usage and mitigate path traversal risks. Update logging in registration and verification processes for improved clarity.

2026-04-15 20:52:38 +02:00
parent 5f79d220cf
commit edfab28fd3
14 changed files with 46 additions and 6 deletions
--- a/server/api/auth/register-passkey-options.post.js
+++ b/server/api/auth/register-passkey-options.post.js
@@ -133,7 +133,7 @@ export default defineEventHandler(async (event) => {
  })
  
  const optionsDuration = Date.now() - optionsStart
-  console.log(`[DEBUG] Registration options generated (${optionsDuration}ms)`, {
+  console.log('[DEBUG] Registration options generated', { optionsDurationMs: optionsDuration,
    hasChallenge: !!options.challenge,
    challengeLength: options.challenge?.length,
    rpId: options.rp?.id,
@@ -185,7 +185,7 @@ export default defineEventHandler(async (event) => {
  const totalDuration = Date.now() - requestStart
  
  // Debug: Prüfe die vollständige Options-Struktur
-  console.log(`[DEBUG] Returning options (total: ${totalDuration}ms)`, {
+  console.log('[DEBUG] Returning options', { totalDurationMs: totalDuration,
    registrationId,
    optionsKeys: Object.keys(options),
    challengeLength: options.challenge?.length,