elpatron/kapteins-daagbok
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

fix: WebAuthn PRF salt length and server logbook key storage

Browse Source
This commit is contained in:
elpatron
2026-05-29 08:46:50 +02:00
parent abfaf3e99c
commit 128dd17863
2 changed files with 21 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
client/src/services/auth.ts
+16 -9
View File
@@ -45,7 +45,7 @@ export function setActiveMasterKey(key: ArrayBuffer | null) {
}
// Convert string salt to 32-byte Uint8Array
const PRF_SALT = new TextEncoder().encode("KapteinsDaagboxPRFSaltForE2EKey")
const PRF_SALT = new TextEncoder().encode("KapteinsDaagboxPRFSaltForE2EKey_")
export interface RegistrationResult {
verified: boolean
@@ -88,7 +88,11 @@ export async function registerUser(username: string): Promise<RegistrationResult
let encryptedMasterKeyPrfIv = null
let encryptedMasterKeyPrfTag = null
const prfResults = (credentialResponse as any).clientExtensionResults?.prf
console.log('Registration credential response:', credentialResponse)
const clientExtensionResults = credentialResponse.clientExtensionResults || {}
console.log('Registration client extension results:', clientExtensionResults)
const prfResults = (clientExtensionResults as any).prf
console.log('Registration PRF extension result:', prfResults)
if (prfResults?.enabled && prfResults.results?.first) {
const prfKey = await deriveKeyFromPrf(prfResults.results.first)
@@ -152,13 +156,16 @@ export interface LoginResult {
}
export async function loginUser(username?: string): Promise<LoginResult> {
// Log browser supported extensions to diagnose PRF availability
console.log(
'Browser supported WebAuthn extensions:',
window.PublicKeyCredential && (window.PublicKeyCredential as any).getClientExtensionResults
? (window.PublicKeyCredential as any).getClientExtensionResults()
: 'none'
)
// Log browser WebAuthn capabilities to diagnose PRF availability
if (window.PublicKeyCredential && (window.PublicKeyCredential as any).getClientCapabilities) {
(window.PublicKeyCredential as any).getClientCapabilities().then((caps: any) => {
console.log('Browser WebAuthn client capabilities:', caps)
}).catch((err: any) => {
console.warn('Error reading WebAuthn client capabilities:', err)
})
} else {
console.log('window.PublicKeyCredential.getClientCapabilities is not supported.')
}
// 1. Get authentication options
const optionsRes = await fetch(`${API_BASE}/login-options`, {
server/src/routes/logbooks.ts
+5 -2
View File
@@ -46,7 +46,7 @@ router.get('/', async (req: any, res) => {
// 2. Create a new logbook
router.post('/', async (req: any, res) => {
try {
const { id, encryptedTitle } = req.body
const { id, encryptedTitle, encryptedKey, iv, tag } = req.body
if (!encryptedTitle) {
return res.status(400).json({ error: 'encryptedTitle is required' })
}
@@ -55,7 +55,10 @@ router.post('/', async (req: any, res) => {
data: {
id: id || undefined,
userId: req.userId,
encryptedTitle
encryptedTitle,
encryptedKey,
iv,
tag
}
})