feat(profile): Wiederherstellungsschlüssel rotieren

Neuer Recovery-Code über Profilseite mit Passkey-Reauth, Anzeige der 12 Wörter und API-Endpoint rotate-recovery; Plausible-Event dokumentiert. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-31 09:58:21 +02:00
parent 12c02f6392
commit ad7e036ab7
8 changed files with 181 additions and 4 deletions
@@ -997,6 +997,27 @@ html.scheme-dark .themed-select-option.is-selected {
  font-size: 12px;
 }
 .profile-recovery-actions {
  margin-top: 16px;
  justify-content: flex-start;
 }
 .profile-recovery-actions .btn {
  width: auto;
 }
 .profile-recovery-card .phrase-grid {
  margin-bottom: 24px;
 }
 .profile-recovery-warning {
  margin: 0 0 20px;
  font-size: 13px;
  line-height: 1.5;
  color: #fbbf24;
  text-align: left;
 }
 .profile-device-status {
  display: inline-flex;
  align-items: center;
@@ -40,6 +40,7 @@ import {
  removeLocalPin,
  removePasskey,
  renamePasskey,
  rotateRecoveryPhrase,
  setLocalPin,
  type UserProfile
 } from '../services/auth.js'
@@ -122,6 +123,9 @@ export default function UserProfilePage({ onBack, onLogout }: UserProfilePagePro
  const [isKnownDevice, setIsKnownDevice] = useState(() =>
    getKnownUsernames().some((u) => u.toLowerCase() === username.toLowerCase())
  )
  const [recoveryBusy, setRecoveryBusy] = useState(false)
  const [pendingRecoveryPhrase, setPendingRecoveryPhrase] = useState<string | null>(null)
  const [recoveryCopied, setRecoveryCopied] = useState(false)
  const pendingSyncCount = useLiveQuery(() => db.syncQueue.count()) ?? 0
@@ -327,6 +331,53 @@ export default function UserProfilePage({ onBack, onLogout }: UserProfilePagePro
    trackPlausibleEvent(PlausibleEvents.LOCAL_PIN_REMOVED)
  }
  const handleRotateRecovery = async () => {
    const confirmed = await showConfirm(
      t('profile.recovery_rotate_confirm_desc'),
      t('profile.recovery_rotate_confirm_title'),
      t('profile.recovery_rotate_confirm_yes'),
      t('profile.remove_passkey_confirm_no')
    )
    if (!confirmed) return
    if (!getActiveMasterKey()) {
      setError(t('profile.recovery_rotate_no_session'))
      return
    }
    setRecoveryBusy(true)
    setError(null)
    try {
      const phrase = await rotateRecoveryPhrase()
      setPendingRecoveryPhrase(phrase)
      trackPlausibleEvent(PlausibleEvents.RECOVERY_ROTATED)
    } catch (err: unknown) {
      if (err instanceof Error && err.message === 'NO_ACTIVE_MASTER_KEY') {
        setError(t('profile.recovery_rotate_no_session'))
      } else {
        setError(err instanceof Error ? err.message : t('profile.recovery_rotate_failed'))
      }
    } finally {
      setRecoveryBusy(false)
    }
  }
  const handleCopyRecoveryPhrase = async () => {
    if (!pendingRecoveryPhrase) return
    try {
      await navigator.clipboard.writeText(pendingRecoveryPhrase)
      setRecoveryCopied(true)
      window.setTimeout(() => setRecoveryCopied(false), 2000)
    } catch {
      showAlert(t('profile.copy_failed'))
    }
  }
  const handleConfirmRecoverySaved = () => {
    setPendingRecoveryPhrase(null)
    setRecoveryCopied(false)
  }
  return (
    <div className="dashboard-container">
      <header className="dashboard-header dashboard-header--profile">
@@ -359,6 +410,30 @@ export default function UserProfilePage({ onBack, onLogout }: UserProfilePagePro
            <User className="header-logo spin" size={48} />
            <p>{t('profile.loading')}</p>
          </div>
        ) : pendingRecoveryPhrase ? (
          <section className="form-card profile-recovery-card">
            <div className="form-header">
              <KeyRound size={24} className="form-icon" />
              <h2>{t('auth.recovery_title')}</h2>
            </div>
            <p className="profile-recovery-warning">{t('profile.recovery_rotate_new_warning')}</p>
            <div className="phrase-grid">
              {pendingRecoveryPhrase.split(' ').map((word, idx) => (
                <div key={idx} className="phrase-word">
                  <span className="word-num">{idx + 1}</span>
                  {word}
                </div>
              ))}
            </div>
            <div className="form-actions profile-recovery-actions">
              <button type="button" className="btn secondary" onClick={() => void handleCopyRecoveryPhrase()}>
                {recoveryCopied ? t('auth.copied') : t('auth.copy_phrase')}
              </button>
              <button type="button" className="btn primary" onClick={handleConfirmRecoverySaved}>
                {t('auth.confirm_recovery')}
              </button>
            </div>
          </section>
        ) : profile ? (
          <>
            <section className="form-card">
@@ -431,6 +506,16 @@ export default function UserProfilePage({ onBack, onLogout }: UserProfilePagePro
                <SecurityCheckItem ok label={t('profile.security_recovery_ok')} />
              </ul>
              <p className="profile-section-desc profile-recovery-hint">{t('profile.security_recovery_hint')}</p>
              <div className="form-actions profile-recovery-actions">
                <button
                  type="button"
                  className="btn secondary"
                  onClick={() => void handleRotateRecovery()}
                  disabled={recoveryBusy || passkeyBusy || pinBusy}
                >
                  {recoveryBusy ? t('profile.processing') : t('profile.recovery_rotate_btn')}
                </button>
              </div>
            </section>
            <section className="member-editor-card glass">
@@ -329,7 +329,14 @@
      "security_pin_ok": "Lokaler PIN auf diesem Gerät",
      "security_pin_missing": "Kein lokaler PIN",
      "security_recovery_ok": "Wiederherstellungsschlüssel eingerichtet",
-      "security_recovery_hint": "Die 12 Wörter wurden bei der Registrierung angezeigt. Bewahre sie offline und getrennt vom Gerät auf — sie können nicht erneut angezeigt werden.",
+      "security_recovery_hint": "Die 12 Wörter wurden bei der Registrierung angezeigt. Bewahre sie offline und getrennt vom Gerät auf. Du kannst unten einen neuen Schlüssel erstellen — der alte wird dann ungültig.",
      "recovery_rotate_btn": "Neuen Wiederherstellungsschlüssel erstellen",
      "recovery_rotate_confirm_title": "Neuen Wiederherstellungsschlüssel erstellen?",
      "recovery_rotate_confirm_desc": "Der bisherige 12-Wörter-Schlüssel wird sofort ungültig. Stelle sicher, dass du den neuen Schlüssel sicher aufbewahrst, bevor du fortfährst.",
      "recovery_rotate_confirm_yes": "Neuen Schlüssel erstellen",
      "recovery_rotate_new_warning": "WICHTIG: Schreib diese 12 Wörter auf und bewahre sie offline auf. Der bisherige Wiederherstellungsschlüssel ist ab sofort ungültig.",
      "recovery_rotate_failed": "Wiederherstellungsschlüssel konnte nicht erstellt werden.",
      "recovery_rotate_no_session": "Verschlüsselungssitzung abgelaufen — bitte abmelden und erneut anmelden, dann erneut versuchen.",
      "device_title": "Dieses Gerät",
      "device_desc": "Lokaler Cache, Sync-Status und Schnell-Login auf diesem Browser.",
      "device_sync_pending": "{{count}} ausstehende Sync-Einträge",
@@ -329,7 +329,14 @@
      "security_pin_ok": "Local PIN on this device",
      "security_pin_missing": "No local PIN",
      "security_recovery_ok": "Recovery phrase configured",
-      "security_recovery_hint": "The 12 words were shown at registration. Store them offline and separately from this device — they cannot be shown again.",
+      "security_recovery_hint": "The 12 words were shown at registration. Store them offline and separately from this device. You can create a new phrase below — the old one will then be invalidated.",
      "recovery_rotate_btn": "Create new recovery phrase",
      "recovery_rotate_confirm_title": "Create new recovery phrase?",
      "recovery_rotate_confirm_desc": "Your previous 12-word phrase will be invalidated immediately. Make sure you can store the new phrase securely before continuing.",
      "recovery_rotate_confirm_yes": "Create new phrase",
      "recovery_rotate_new_warning": "IMPORTANT: Write down these 12 words and store them offline. Your previous recovery phrase is no longer valid.",
      "recovery_rotate_failed": "Could not create a new recovery phrase.",
      "recovery_rotate_no_session": "Encryption session expired — please sign out and sign in again, then retry.",
      "device_title": "This device",
      "device_desc": "Local cache, sync status, and quick login on this browser.",
      "device_sync_pending": "{{count}} pending sync items",
@@ -33,7 +33,8 @@ export const PlausibleEvents = {
  LAST_PASSKEY_REMOVE_HINTED: 'Last Passkey Remove Hinted',
  LOCAL_PIN_SET: 'Local PIN Set',
  LOCAL_PIN_REMOVED: 'Local PIN Removed',
-  DEVICE_FORGOTTEN: 'Device Forgotten'
+  DEVICE_FORGOTTEN: 'Device Forgotten',
  RECOVERY_ROTATED: 'Recovery Rotated'
 } as const
 export type PlausibleEventName = (typeof PlausibleEvents)[keyof typeof PlausibleEvents]
@@ -651,3 +651,27 @@ export async function renamePasskey(credentialDbId: string, label: string): Prom
    body: JSON.stringify({ label })
  })
 }
 export async function rotateRecoveryPhrase(): Promise<string> {
  const masterKey = getActiveMasterKey()
  if (!masterKey) {
    throw new Error('NO_ACTIVE_MASTER_KEY')
  }
  await reauthWithPasskey()
  const recoveryPhrase = generateRecoveryPhrase()
  const recoveryKey = await deriveKeyFromPhrase(recoveryPhrase)
  const encryptedRecovery = await encryptBuffer(masterKey, recoveryKey)
  await apiJson(`${API_BASE}/rotate-recovery`, {
    method: 'POST',
    body: JSON.stringify({
      encryptedMasterKeyRec: encryptedRecovery.ciphertext,
      encryptedMasterKeyRecIv: encryptedRecovery.iv,
      encryptedMasterKeyRecTag: encryptedRecovery.tag
    })
  })
  return recoveryPhrase
 }
@@ -48,6 +48,7 @@ Kapteins Daagbok nutzt [Plausible Analytics](https://plausible.io/) mit dem Scri
 | Local PIN Set | Lokaler PIN gesetzt oder geändert (`UserProfilePage.tsx`) | `action`: `set` \| `change` |
 | Local PIN Removed | Lokaler PIN entfernt (`UserProfilePage.tsx`) | — |
 | Device Forgotten | Account aus Schnell-Login-Liste dieses Geräts entfernt (`UserProfilePage.tsx`) | — |
 | Recovery Rotated | Neuer 12-Wörter-Wiederherstellungsschlüssel erstellt (`UserProfilePage.tsx`) | — |
 ## Bewusst nicht getrackt
@@ -67,7 +68,7 @@ Empfohlene Goal-Ketten für Auswertung:
 4. **Öffentliche Freigabe:** Logbook Shared → Public Link Opened
 5. **Export:** Travel Day Saved → PDF Exported / CSV Exported
 6. **Datensicherung:** Backup Exported → Backup Restored
-7. **Kontosicherheit:** Profile Opened → Passkey Added / Local PIN Set; Last Passkey Remove Hinted → Account Deleted (selten, aber aussagekräftig)
+7. **Kontosicherheit:** Profile Opened → Passkey Added / Local PIN Set / Recovery Rotated; Last Passkey Remove Hinted → Account Deleted (selten, aber aussagekräftig)
 ## Entwicklung
@@ -395,6 +395,37 @@ router.post('/enroll-prf', requireReauth, async (req: any, res) => {
  }
 })
 router.post('/rotate-recovery', requireReauth, async (req: any, res) => {
  try {
    const { encryptedMasterKeyRec, encryptedMasterKeyRecIv, encryptedMasterKeyRecTag } = req.body
    if (!encryptedMasterKeyRec || !encryptedMasterKeyRecIv || !encryptedMasterKeyRecTag) {
      return res.status(400).json({ error: 'Missing required recovery key fields' })
    }
    if (
      typeof encryptedMasterKeyRec !== 'string' ||
      typeof encryptedMasterKeyRecIv !== 'string' ||
      typeof encryptedMasterKeyRecTag !== 'string'
    ) {
      return res.status(400).json({ error: 'Invalid recovery key fields format' })
    }
    await prisma.user.update({
      where: { id: req.userId },
      data: {
        encryptedMasterKeyRec,
        encryptedMasterKeyRecIv,
        encryptedMasterKeyRecTag
      }
    })
    return res.json({ success: true })
  } catch (error: any) {
    console.error('Error rotating recovery key:', error)
    return res.status(500).json({ error: error.message || 'Internal server error' })
  }
 })
 router.get('/profile', requireUser, async (req: any, res) => {
  try {
    const user = await prisma.user.findUnique({