torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6e00a1b829b64dcce7272f18cdc4baf8b890abd4
harheimertc/server/api/auth/register-passkey.options.js
Torsten Schulz (local) 083244bc83
Some checks failed
Code Analysis and Production Deploy / deploy-production (push) Has been cancelled
Details
Code Analysis and Production Deploy / deploy-test (push) Has been cancelled
Details
Code Analysis and Production Deploy / analyze (push) Has been cancelled
Details
chore(lint): run eslint --fix; add safe global fallbacks and fix empty catches
2026-05-27 20:33:08 +02:00

51 lines
2.3 KiB
JavaScript
Raw Blame History

import { getWebAuthnConfig } from '../../utils/webauthn-config.js'
// Falls Nitro/H3-Globals fehlen: sichere Fallbacks auf globalThis setzen (vermeidet ESLint "no-redeclare")
if (typeof globalThis.getHeader === 'undefined') {
globalThis.getHeader = (e, name) => (e?.req?.headers?.[String(name).toLowerCase()] ?? null)
}
if (typeof globalThis.setHeader === 'undefined') {
globalThis.setHeader = (e, name, value) => { try { if (e?.res?.setHeader) e.res.setHeader(name, value); else if (e?.node?.res?.setHeader) e.node.res.setHeader(name, value) } catch (err) { void 0 } }
}
if (typeof globalThis.setResponseStatus === 'undefined') {
globalThis.setResponseStatus = (e, status) => { try { if (e?.res) e.res.statusCode = status; else if (e?.node?.res) e.node.res.statusCode = status } catch (err) { void 0 } }
}
export default defineEventHandler(async (event) => {
const requestOrigin = getHeader(event, 'origin')
const { origin: webauthnOrigin } = getWebAuthnConfig()
const userAgent = getHeader(event, 'user-agent')
const ip = getHeader(event, 'x-forwarded-for') || getHeader(event, 'x-real-ip') || 'unknown'
console.log('[DEBUG] ===== OPTIONS preflight for /api/auth/register-passkey =====')
console.log('[DEBUG] OPTIONS Request Details:', {
origin: requestOrigin || 'none',
webauthnOrigin,
userAgent: userAgent?.substring(0, 100) || 'none',
ip,
timestamp: new Date().toISOString(),
note: 'OPTIONS Preflight für Cross-Device Passkey - Wenn dieser Request vom Smartphone kommt, sollte der User-Agent Mobile/Android/iPhone enthalten'
})
// CORS-Header für Cross-Device Authentication
const allowedOrigin = requestOrigin || webauthnOrigin
if (allowedOrigin) {
setHeader(event, 'Access-Control-Allow-Origin', allowedOrigin)
setHeader(event, 'Access-Control-Allow-Credentials', 'true')
setHeader(event, 'Access-Control-Allow-Methods', 'POST, OPTIONS')
setHeader(event, 'Access-Control-Allow-Headers', 'Content-Type, Authorization, Origin, X-Requested-With')
setHeader(event, 'Access-Control-Max-Age', '86400') // 24 Stunden Cache für Preflight
console.log('[DEBUG] CORS headers set for OPTIONS', {
origin: allowedOrigin,
requestOrigin,
webauthnOrigin
})
}
// OPTIONS Preflight-Request: 204 No Content
globalThis.setResponseStatus(event, 204)
return null
})
Reference in New Issue View Git Blame Copy Permalink