add passkey

ivictbor · ivictbor · commit bf124da833f4 · 2025-10-13T10:46:50.000Z
diff --git a/dev-demo/index.ts b/dev-demo/index.ts
@@ -18,6 +18,8 @@ import apiKeysResource from './resources/api_keys.js';
 import CompletionAdapterOpenAIChatGPT from '../adapters/adminforth-completion-adapter-open-ai-chat-gpt/index.js';
 import pkg from 'pg';
 import I18nPlugin from '../plugins/adminforth-i18n/index.js';
+import passkeysResource from './resources/passkeys.js';
+
 const { Client } = pkg;
 
 
@@ -215,6 +217,7 @@ export const admin = new AdminForth({
     },
   ],
   resources: [
+    passkeysResource,
     clicksResource,
     auditLogResource,
     apartmentsResource,
diff --git a/dev-demo/migrations/20251013081239_add_passkeys/migration.sql b/dev-demo/migrations/20251013081239_add_passkeys/migration.sql
@@ -0,0 +1,13 @@
+-- CreateTable
+CREATE TABLE "passkeys" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "credential_id" TEXT NOT NULL,
+    "user_id" TEXT NOT NULL,
+    "meta" TEXT NOT NULL
+);
+
+-- CreateIndex
+CREATE INDEX "passkeys_user_id_idx" ON "passkeys"("user_id");
+
+-- CreateIndex
+CREATE INDEX "passkeys_credential_id_idx" ON "passkeys"("credential_id");
diff --git a/dev-demo/resources/passkeys.ts b/dev-demo/resources/passkeys.ts
@@ -0,0 +1,33 @@
+import { AdminForthDataTypes, AdminForthResourceInput } from "../../adminforth";
+  import { randomUUID } from "crypto";
+
+  export default {
+    dataSource: 'maindb',
+    table: 'passkeys',
+    resourceId: 'passkeys',
+    label: 'Passkeys',
+    columns: [
+      {
+        name: 'id',
+        label: 'ID',
+        primaryKey: true,
+        showIn: { all: false},
+        fillOnCreate: () => randomUUID(),
+      },
+      {
+        name: 'credential_id',
+        label: 'Credential ID',
+      },
+      {
+        name: 'user_id',
+        label: 'User ID',
+      },
+      {
+        name: "meta",
+        type: AdminForthDataTypes.JSON,
+        label: "Meta",
+      }
+    ],
+    plugins: [],
+    options: {},
+  } as AdminForthResourceInput;
diff --git a/dev-demo/resources/users.ts b/dev-demo/resources/users.ts
@@ -74,17 +74,47 @@ export default {
       twoFaSecretFieldName: "secret2fa",
       timeStepWindow: 1, // optional time step window for 2FA
       // optional callback to define which users should be enforced to use 2FA
-      usersFilterToApply: (adminUser: AdminUser) => {
-        if (process.env.NODE_ENV === "development") {
-          return false;
-        }
-        // return true if user should be enforced to use 2FA,
-        // return true;
-        return adminUser.dbUser.email !== "adminforth";
-      },
-      usersFilterToAllowSkipSetup: (adminUser: AdminUser) => {
-        return adminUser.dbUser.email === "adminforth";
-      },
+      // usersFilterToApply: (adminUser: AdminUser) => {
+      //   if (process.env.NODE_ENV === "development") {
+      //     return false;
+      //   }
+      //   // return true if user should be enforced to use 2FA,
+      //   // return true;
+      //   return adminUser.dbUser.email !== "adminforth";
+      // },
+      // usersFilterToAllowSkipSetup: (adminUser: AdminUser) => {
+      //   return adminUser.dbUser.email === "adminforth";
+      // },
+      passkeys: {
+        credentialResourceID: "passkeys",
+        credentialIdFieldName: "credential_id",
+        credentialMetaFieldName: "meta",
+        credentialUserIdFieldName: "user_id",
+        settings: {
+          expectedOrigin: "http://localhost:3000",   // important, set it to your backoffice origin (starts from scheme, no slash at the end)
+          // relying party config
+          rp: {
+              name: "New Reality",
+              
+              // optionaly you can set expected id explicitly if you need to:
+              // id: "localhost",
+            },
+            user: {
+                nameField: "email",
+                displayNameField: "email",
+            },
+            authenticatorSelection: {
+              // impacts a way how passkey will be created
+              // - platform - using browser internal authenticator (e.g. Google Chrome passkey / Google Password Manager )
+              // - cross-platform - using external authenticator (e.g. Yubikey, Google Titan etc)
+              // - both - plging will show both options to the user
+              // Can be "platform", "cross-platform" or "both"
+                authenticatorAttachment: "both",
+                requireResidentKey: true,
+                userVerification: "required",
+            },
+        },
+      } 
     }),
     ...(process.env.AWS_ACCESS_KEY_ID
       ? [
diff --git a/dev-demo/schema.prisma b/dev-demo/schema.prisma
@@ -125,4 +125,13 @@ model api_keys {
     name        String
     owner       String?
     owner_id    String?
+}
+
+model passkeys {
+    id                      String @id
+    credential_id           String  
+    user_id                 String
+    meta                    String
+    @@index([user_id])
+    @@index([credential_id])
 }
