fix(backend): use atomic command to improve security

This commit is contained in:
syuilo 2024-11-23 04:44:33 +09:00
parent 0e90589290
commit 04b221409c

View file

@ -189,14 +189,12 @@ export class WebAuthnService {
*/ */
@bindThis @bindThis
public async verifySignInWithPasskeyAuthentication(context: string, response: AuthenticationResponseJSON): Promise<MiUser['id'] | null> { public async verifySignInWithPasskeyAuthentication(context: string, response: AuthenticationResponseJSON): Promise<MiUser['id'] | null> {
const challenge = await this.redisClient.get(`webauthn:challenge:${context}`); const challenge = await this.redisClient.getdel(`webauthn:challenge:${context}`);
if (!challenge) { if (!challenge) {
throw new IdentifiableError('2d16e51c-007b-4edd-afd2-f7dd02c947f6', `challenge '${context}' not found`); throw new IdentifiableError('2d16e51c-007b-4edd-afd2-f7dd02c947f6', `challenge '${context}' not found`);
} }
await this.redisClient.del(`webauthn:challenge:${context}`);
const key = await this.userSecurityKeysRepository.findOneBy({ const key = await this.userSecurityKeysRepository.findOneBy({
id: response.id, id: response.id,
}); });