forked from jsnbuchanan/crowd-funder-for-time-pwa
cache the passkey JWANT access token for multiple signatures
This commit is contained in:
@@ -5,9 +5,10 @@ import * as R from "ramda";
|
||||
import { DEFAULT_IMAGE_API_SERVER } from "@/constants/app";
|
||||
import { Contact } from "@/db/tables/contacts";
|
||||
import { accessToken } from "@/libs/crypto";
|
||||
import { NonsensitiveDexie } from "@/db/index";
|
||||
import { getAccount } from "@/libs/util";
|
||||
import { db, NonsensitiveDexie } from "@/db/index";
|
||||
import { getAccount, getPasskeyExpirationSeconds } from "@/libs/util";
|
||||
import { createEndorserJwtForKey, KeyMeta } from "@/libs/crypto/vc";
|
||||
import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
|
||||
|
||||
export const SCHEMA_ORG_CONTEXT = "https://schema.org";
|
||||
// the object in RegisterAction claims
|
||||
@@ -447,12 +448,57 @@ export function didInfo(
|
||||
return didInfoForContact(did, activeDid, contact, allMyDids).displayName;
|
||||
}
|
||||
|
||||
let passkeyAccessToken: string = "";
|
||||
let passkeyTokenExpirationEpochSeconds: number = 0;
|
||||
|
||||
export function clearPasskeyToken() {
|
||||
passkeyAccessToken = "";
|
||||
passkeyTokenExpirationEpochSeconds = 0;
|
||||
}
|
||||
|
||||
export function tokenExpiryTimeDescription() {
|
||||
if (
|
||||
!passkeyAccessToken ||
|
||||
passkeyTokenExpirationEpochSeconds < new Date().getTime() / 1000
|
||||
) {
|
||||
return "Token has expired";
|
||||
} else {
|
||||
return (
|
||||
"Token expires at " +
|
||||
new Date(passkeyTokenExpirationEpochSeconds * 1000).toLocaleString()
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the headers for a request, potentially including Authorization
|
||||
*/
|
||||
export async function getHeaders(did?: string) {
|
||||
const headers: { "Content-Type": string; Authorization?: string } = {
|
||||
"Content-Type": "application/json",
|
||||
};
|
||||
if (did) {
|
||||
const token = await accessToken(did);
|
||||
let token;
|
||||
const account = await getAccount(did);
|
||||
if (account?.passkeyCredIdHex) {
|
||||
if (
|
||||
passkeyAccessToken &&
|
||||
passkeyTokenExpirationEpochSeconds > Date.now() / 1000
|
||||
) {
|
||||
// there's an active current passkey token
|
||||
token = passkeyAccessToken;
|
||||
} else {
|
||||
// there's no current passkey token or it's expired
|
||||
token = await accessToken(did);
|
||||
|
||||
passkeyAccessToken = token;
|
||||
const passkeyExpirationSeconds = await getPasskeyExpirationSeconds();
|
||||
passkeyTokenExpirationEpochSeconds =
|
||||
Date.now() / 1000 + passkeyExpirationSeconds;
|
||||
}
|
||||
} else {
|
||||
token = await accessToken(did);
|
||||
}
|
||||
headers["Authorization"] = "Bearer " + token;
|
||||
} else {
|
||||
// it's often OK to request without auth; we assume necessary checks are done earlier
|
||||
|
||||
Reference in New Issue
Block a user