Add WebAuthn / Passkey integration

This is a rebase of #1618 in which @dave-atx added WebAuthn support. Closes #1618
2025-08-26 18:21:01 +00:00 · 2023-11-06 04:27:35 +10:30 · 2023-11-06 04:27:35 +10:30 · 62ef8ed57a
commit 62ef8ed57a
parent 62188b49f0
42 changed files with 1357 additions and 33 deletions
--- a/internal/model/app_session.go
+++ b/internal/model/app_session.go
@ -12,19 +12,20 @@ import (

 // SessionData represents the data attached to the session.
 type SessionData struct {
-	CSRF               string `json:"csrf"`
-	OAuth2State        string `json:"oauth2_state"`
-	OAuth2CodeVerifier string `json:"oauth2_code_verifier"`
-	FlashMessage       string `json:"flash_message"`
-	FlashErrorMessage  string `json:"flash_error_message"`
-	Language           string `json:"language"`
-	Theme              string `json:"theme"`
-	PocketRequestToken string `json:"pocket_request_token"`
-	LastForceRefresh   string `json:"last_force_refresh"`
+	CSRF                string          `json:"csrf"`
+	OAuth2State         string          `json:"oauth2_state"`
+	OAuth2CodeVerifier  string          `json:"oauth2_code_verifier"`
+	FlashMessage        string          `json:"flash_message"`
+	FlashErrorMessage   string          `json:"flash_error_message"`
+	Language            string          `json:"language"`
+	Theme               string          `json:"theme"`
+	PocketRequestToken  string          `json:"pocket_request_token"`
+	LastForceRefresh    string          `json:"last_force_refresh"`
+	WebAuthnSessionData WebAuthnSession `json:"webauthn_session_data"`
 }

 func (s SessionData) String() string {
-	return fmt.Sprintf(`CSRF=%q, OAuth2State=%q, OAuth2CodeVerifier=%q, FlashMsg=%q, FlashErrMsg=%q, Lang=%q, Theme=%q, PocketTkn=%q, LastForceRefresh=%s`,
+	return fmt.Sprintf(`CSRF=%q, OAuth2State=%q, OAuth2CodeVerifier=%q, FlashMsg=%q, FlashErrMsg=%q, Lang=%q, Theme=%q, PocketTkn=%q, LastForceRefresh=%s, WebAuthnSession=%q`,
 		s.CSRF,
 		s.OAuth2State,
 		s.OAuth2CodeVerifier,
@ -34,6 +35,7 @@ func (s SessionData) String() string {
 		s.Theme,
 		s.PocketRequestToken,
 		s.LastForceRefresh,
+		s.WebAuthnSessionData,
 	)
 }

--- a/internal/model/webauthn.go
+++ b/internal/model/webauthn.go
@ -0,0 +1,52 @@
+// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package model // import "miniflux.app/v2/internal/model"
+
+import (
+	"database/sql/driver"
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/go-webauthn/webauthn/webauthn"
+)
+
+// handle marshalling / unmarshalling session data
+type WebAuthnSession struct {
+	*webauthn.SessionData
+}
+
+func (s WebAuthnSession) Value() (driver.Value, error) {
+	return json.Marshal(s)
+}
+
+func (s *WebAuthnSession) Scan(value interface{}) error {
+	b, ok := value.([]byte)
+	if !ok {
+		return errors.New("type assertion to []byte failed")
+	}
+
+	return json.Unmarshal(b, &s)
+}
+
+func (s WebAuthnSession) String() string {
+	if s.SessionData == nil {
+		return "{}"
+	}
+	return fmt.Sprintf("{Challenge: %s, UserID: %x}", s.SessionData.Challenge, s.SessionData.UserID)
+}
+
+type WebAuthnCredential struct {
+	Credential webauthn.Credential
+	Name       string
+	AddedOn    *time.Time
+	LastSeenOn *time.Time
+	Handle     []byte
+}
+
+func (s WebAuthnCredential) HandleEncoded() string {
+	return hex.EncodeToString(s.Handle)
+}