Implement passkey recovery feature, including email link requests and registration options. Update login and registration pages to support passkey authentication, with UI enhancements for user experience. Add server-side handling for passkey registration and login, including account activation checks. Update environment configuration for passkey recovery TTL settings.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 48s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 48s
This commit is contained in:
Torsten Schulz (local)
21
server/utils/passkey-recovery.js
Normal file
21
server/utils/passkey-recovery.js
Normal file
@@ -0,0 +1,21 @@
|
||||
import crypto from 'crypto'
|
||||
|
||||
export function hashRecoveryToken(token) {
|
||||
return crypto.createHash('sha256').update(String(token), 'utf8').digest('hex')
|
||||
}
|
||||
|
||||
export function generateRecoveryToken() {
|
||||
// URL-safe (hex)
|
||||
return crypto.randomBytes(32).toString('hex')
|
||||
}
|
||||
|
||||
export function pruneRecoveryTokens(user, maxTokens = 10) {
|
||||
const list = Array.isArray(user.passkeyRecoveryTokens) ? user.passkeyRecoveryTokens : []
|
||||
const now = Date.now()
|
||||
const filtered = list.filter(t => t && t.tokenHash && t.expiresAt && new Date(t.expiresAt).getTime() > now)
|
||||
// keep newest first
|
||||
filtered.sort((a, b) => new Date(b.createdAt || 0) - new Date(a.createdAt || 0))
|
||||
user.passkeyRecoveryTokens = filtered.slice(0, maxTokens)
|
||||
return user.passkeyRecoveryTokens
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user