-
Notifications
You must be signed in to change notification settings - Fork 657
Expand file tree
/
Copy pathpasskey_admin.go
More file actions
75 lines (62 loc) · 2.21 KB
/
passkey_admin.go
File metadata and controls
75 lines (62 loc) · 2.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package api
import (
"net/http"
"github.com/go-chi/chi/v5"
"github.com/gofrs/uuid"
"github.com/supabase/auth/internal/api/apierrors"
"github.com/supabase/auth/internal/models"
"github.com/supabase/auth/internal/storage"
)
// AdminPasskeyList handles GET /admin/users/{user_id}/passkeys.
// Requires admin credentials. Returns all passkeys for the specified user.
func (a *API) AdminPasskeyList(w http.ResponseWriter, r *http.Request) error {
ctx := r.Context()
user := getUser(ctx)
db := a.db.WithContext(ctx)
creds, err := models.FindWebAuthnCredentialsByUserID(db, user.ID)
if err != nil {
return apierrors.NewInternalServerError("Database error loading passkeys").WithInternalError(err)
}
items := make([]PasskeyListItem, len(creds))
for i, cred := range creds {
items[i] = toPasskeyListItem(cred)
}
return sendJSON(w, http.StatusOK, items)
}
// AdminPasskeyDelete handles DELETE /admin/users/{user_id}/passkeys/{passkey_id}.
// Requires admin credentials. Deletes the specified passkey.
func (a *API) AdminPasskeyDelete(w http.ResponseWriter, r *http.Request) error {
ctx := r.Context()
config := a.config
user := getUser(ctx)
adminUser := getAdminUser(ctx)
db := a.db.WithContext(ctx)
passkeyID, err := uuid.FromString(chi.URLParam(r, "passkey_id"))
if err != nil {
return apierrors.NewNotFoundError(apierrors.ErrorCodeValidationFailed, "Passkey not found")
}
cred, err := models.FindWebAuthnCredentialByIDAndUserID(db, passkeyID, user.ID)
if err != nil {
if models.IsNotFoundError(err) {
return apierrors.NewNotFoundError(apierrors.ErrorCodeValidationFailed, "Passkey not found")
}
return apierrors.NewInternalServerError("Database error loading passkey").WithInternalError(err)
}
err = db.Transaction(func(tx *storage.Connection) error {
if terr := cred.Delete(tx); terr != nil {
return terr
}
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, adminUser, models.PasskeyDeletedAction, map[string]any{
"user_id": user.ID,
"passkey_id": cred.ID,
}); terr != nil {
return terr
}
return nil
})
if err != nil {
return apierrors.NewInternalServerError("Database error deleting passkey").WithInternalError(err)
}
w.WriteHeader(http.StatusNoContent)
return nil
}