-
Notifications
You must be signed in to change notification settings - Fork 107
/
Copy pathregister.post.ts
57 lines (55 loc) · 1.74 KB
/
register.post.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
import { z } from 'zod'
export default defineWebAuthnRegisterEventHandler({
async validateUser(userBody, event) {
const session = await getUserSession(event)
if (session.user?.email && session.user.email !== userBody.userName) {
throw createError({ statusCode: 400, message: 'Email not matching curent session' })
}
return z.object({
userName: z.string().email().trim(),
displayName: z.string().trim().optional(),
company: z.string().trim().optional(),
}).parse(userBody)
},
async onSuccess(event, { credential, user }) {
const db = useDatabase()
try {
await db.sql`BEGIN TRANSACTION`
let { rows: [dbUser] } = await db.sql`SELECT * FROM users WHERE email = ${user.userName}`
if (!dbUser) {
await db.sql`INSERT INTO users (email) VALUES (${user.userName})`
dbUser = (await db.sql`SELECT * FROM users WHERE email = ${user.userName}`).rows?.[0]
}
await db.sql`
INSERT INTO credentials (
userId,
id,
publicKey,
counter,
backedUp,
transports
) VALUES (
${dbUser.id},
${credential.id},
${credential.publicKey},
${credential.counter},
${credential.backedUp ? 1 : 0},
${JSON.stringify(credential.transports ?? [])}
)`
await db.sql`COMMIT`
await setUserSession(event, {
user: {
webauthn: dbUser.email,
},
loggedInAt: Date.now(),
})
}
catch (err) {
await db.sql`ROLLBACK`
throw createError({
statusCode: 500,
message: err.message.includes('UNIQUE constraint failed') ? 'User already registered' : 'Failed to store credential',
})
}
},
})