Merge pull request #152 from gsainfoteam/151-kdh-passkey

[FEATURE] passkey CRUD

Author: dohyun06

docs/erd.md

@@ -48,6 +48,7 @@ erDiagram
 
   "authenticator" {
     String user_uuid "🗝️"
+    String name 
     String credential_id 
     Bytes public_key 
     Int counter 

prisma/migrations/20250914103918_add_name_in_authenticator/migration.sql

@@ -0,0 +1,11 @@
+/*
+  Warnings:
+
+  - Added the required column `name` to the `authenticator` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- DropIndex
+DROP INDEX "authenticator_credential_id_key";
+
+-- AlterTable
+ALTER TABLE "authenticator" ADD COLUMN     "name" TEXT NOT NULL;

prisma/schema.prisma

@@ -88,7 +88,8 @@ model Consent {
 
 model Authenticator {
   id            String  @id @default(uuid())
-  credentialId  String  @unique @map("credential_id")
+  name          String
+  credentialId  String  @map("credential_id")
   publicKey     Bytes   @map("public_key")
   counter       Int
   userUuid      String  @db.Uuid @map("user_uuid")

src/user/dto/req.dto.ts

@@ -222,18 +222,11 @@ class RegistrationResponseDto {
 
 export class VerifyPasskeyRegistrationDto {
   @ApiProperty({
-    example: '[email protected]',
-    description: '유저의 이메일 주소',
+    example: 'Passkey Name',
+    description: '패스키 이름',
   })
-  @IsEmail()
-  @IsGistEmail()
-  @Transform(({ value }) => {
-    if (typeof value === 'string') {
-      return value.toLowerCase();
-    }
-    throw new BadRequestException('이메일 형식이 올바르지 않습니다.');
-  })
-  email: string;
+  @IsString()
+  name: string;
 
   @ApiProperty({
     description: '유저의 패스키 등록 응답',
@@ -243,3 +236,12 @@ export class VerifyPasskeyRegistrationDto {
   @Type(() => RegistrationResponseDto)
   registrationResponse: RegistrationResponseDto;
 }
+
+export class ChangePasskeyNameDto {
+  @ApiProperty({
+    example: 'Passkey Name',
+    description: '패스키 이름',
+  })
+  @IsString()
+  name: string;
+}

src/user/dto/res.dto.ts

@@ -305,3 +305,17 @@ export class PasskeyRegisterOptionResDto {
   })
   extensions?: AuthenticationExtensionsDto;
 }
+
+export class BasicPasskeyDto {
+  @ApiProperty({
+    example: 'ff0e6d1b-c2a4-44fb-aa0e-c20b6a721741',
+    description: 'Passkey id',
+  })
+  id: string;
+
+  @ApiProperty({
+    example: 'passkey-name',
+    description: 'Passkey name',
+  })
+  name: string;
+}

src/user/user.controller.ts

@@ -5,7 +5,9 @@ import {
   Controller,
   Delete,
   Get,
+  Param,
   ParseIntPipe,
+  ParseUUIDPipe,
   Patch,
   Post,
   Query,
@@ -33,13 +35,15 @@ import { GetUser } from 'src/auth/decorator/getUser.decorator';
 import { UserGuard } from 'src/auth/guard/auth.guard';
 
 import {
+  ChangePasskeyNameDto,
   ChangePasswordDto,
   DeleteUserReqDto,
   IssueUserSecretDto,
   RegisterDto,
   VerifyPasskeyRegistrationDto,
 } from './dto/req.dto';
 import {
+  BasicPasskeyDto,
   PasskeyRegisterOptionResDto,
   UpdateUserPictureResDto,
   UserConsentListResDto,
@@ -187,38 +191,101 @@ export class UserController {
     return this.userService.deleteUserPicture(user.uuid);
   }
 
+  @ApiOperation({
+    summary: 'get the passkey list of user',
+    description: '사용자의 패스키 목록을 불러옵니다',
+  })
+  @ApiBearerAuth('user:jwt')
+  @ApiOkResponse({
+    description: 'success',
+    type: [BasicPasskeyDto],
+  })
+  @ApiUnauthorizedResponse({ description: 'token not valid' })
+  @ApiInternalServerErrorResponse({ description: 'server error' })
+  @UseGuards(UserGuard)
+  @Get('passkey')
+  async getPasskeyList(@GetUser() user: User): Promise<BasicPasskeyDto[]> {
+    return await this.userService.getPasskeyList(user.uuid);
+  }
+
   @ApiOperation({
     summary: 'register the passkey',
     description: '패스키를 등록을 위한 challenge를 발급합니다.',
   })
+  @ApiBearerAuth('user:jwt')
   @ApiOkResponse({
     description: 'success',
     type: PasskeyRegisterOptionResDto,
   })
+  @ApiUnauthorizedResponse({ description: 'token not valid' })
   @ApiNotFoundResponse({ description: 'Email is not found' })
   @ApiInternalServerErrorResponse({ description: 'server error' })
+  @UseGuards(UserGuard)
   @Post('passkey')
   async registerOptions(
-    @Body() { email }: IssueUserSecretDto,
+    @GetUser() user: User,
   ): Promise<PasskeyRegisterOptionResDto> {
-    return await this.userService.registerOptions(email);
+    return await this.userService.registerOptions(user.email);
   }
 
   @ApiOperation({
     summary: 'verify the registration options',
     description: '패스키 등록합니다.',
   })
+  @ApiBearerAuth('user:jwt')
   @ApiOkResponse({ description: 'success', type: Boolean })
-  @ApiUnauthorizedResponse({ description: 'Response is invalid' })
+  @ApiUnauthorizedResponse({ description: 'token not valid' })
   @ApiNotFoundResponse({ description: 'Email is not found' })
   @ApiInternalServerErrorResponse({ description: 'server error' })
+  @UseGuards(UserGuard)
   @Post('passkey/verify')
   async verifyRegistration(
-    @Body() { email, registrationResponse }: VerifyPasskeyRegistrationDto,
+    @GetUser() user: User,
+    @Body() { name, registrationResponse }: VerifyPasskeyRegistrationDto,
   ): Promise<boolean> {
     return await this.userService.verifyRegistration(
-      email,
+      user.email,
+      name,
       registrationResponse,
     );
   }
+
+  @ApiOperation({
+    summary: 'update name of passkey',
+    description: '패스키의 이름을 수정합니다.',
+  })
+  @ApiBearerAuth('user:jwt')
+  @ApiOkResponse({ description: 'success', type: BasicPasskeyDto })
+  @ApiUnauthorizedResponse({ description: 'token not valid' })
+  @ApiForbiddenResponse({ description: 'Invalid user or token' })
+  @ApiNotFoundResponse({ description: 'Id is not found' })
+  @ApiInternalServerErrorResponse({ description: 'server error' })
+  @UseGuards(UserGuard)
+  @Patch('passkey/:id')
+  async updatePasskey(
+    @GetUser() user: User,
+    @Param('id', ParseUUIDPipe) id: string,
+    @Body() { name }: ChangePasskeyNameDto,
+  ): Promise<BasicPasskeyDto> {
+    return await this.userService.updatePasskey(id, name, user.uuid);
+  }
+
+  @ApiOperation({
+    summary: 'delete passkey',
+    description: '패스키를 삭제합니다.',
+  })
+  @ApiBearerAuth('user:jwt')
+  @ApiOkResponse({ description: 'success' })
+  @ApiUnauthorizedResponse({ description: 'token not valid' })
+  @ApiForbiddenResponse({ description: 'Invalid user or token' })
+  @ApiNotFoundResponse({ description: 'Id is not found' })
+  @ApiInternalServerErrorResponse({ description: 'server error' })
+  @UseGuards(UserGuard)
+  @Delete('passkey/:id')
+  async deletePasskey(
+    @GetUser() user: User,
+    @Param('id', ParseUUIDPipe) id: string,
+  ): Promise<void> {
+    return await this.userService.deletePasskey(id, user.uuid);
+  }
 }

src/user/user.repository.ts

@@ -10,6 +10,7 @@ import {
 import { Authenticator, User } from '@prisma/client';
 import { PrismaClientKnownRequestError } from '@prisma/client/runtime/library';
 
+import { BasicPasskeyDto } from './dto/res.dto';
 import { UserConsentType } from './types/userConsent.type';
 import { UserWithAuthenticators } from './types/userWithAuthenticators';
 
@@ -231,14 +232,87 @@ export class UserRepository {
       });
   }
 
-  async saveAuthenticator(authenticator: {
-    credentialId: string;
-    publicKey: Uint8Array;
-    counter: number;
-    userUuid: string;
-  }): Promise<Authenticator> {
+  async getPasskeyList(userUuid: string): Promise<BasicPasskeyDto[]> {
+    return await this.prismaService.authenticator.findMany({
+      where: { userUuid },
+      select: {
+        id: true,
+        name: true,
+      },
+    });
+  }
+
+  async getAuthenticator(id: string): Promise<Authenticator> {
+    return await this.prismaService.authenticator
+      .findUniqueOrThrow({
+        where: { id },
+      })
+      .catch((error) => {
+        if (
+          error instanceof PrismaClientKnownRequestError &&
+          error.code === 'P2025'
+        ) {
+          this.logger.debug(`passkey not found with uuid: ${id}`);
+          throw new ForbiddenException('user not found');
+        }
+        this.logger.error(`find passkey by uuid error: ${error}`);
+        throw new InternalServerErrorException();
+      });
+  }
+
+  async saveAuthenticator(
+    name: string,
+    authenticator: {
+      credentialId: string;
+      publicKey: Uint8Array;
+      counter: number;
+      userUuid: string;
+    },
+  ): Promise<Authenticator> {
     return this.prismaService.authenticator.create({
-      data: authenticator,
+      data: { ...authenticator, name },
     });
   }
+
+  async updatePasskey(id: string, name: string): Promise<BasicPasskeyDto> {
+    return await this.prismaService.authenticator
+      .update({
+        where: { id },
+        data: { name },
+        select: {
+          id: true,
+          name: true,
+        },
+      })
+      .catch((error) => {
+        if (error instanceof PrismaClientKnownRequestError) {
+          if (error.code === 'P2025' || error.code === 'P2002') {
+            this.logger.debug(`passkey not found with uuid: ${id}`);
+            throw new ForbiddenException('passkey not found');
+          }
+          this.logger.debug(`prisma error occurred: ${error.code}`);
+          throw new InternalServerErrorException();
+        }
+        this.logger.error(`update passkey name error: ${error}`);
+        throw new InternalServerErrorException();
+      });
+  }
+
+  async deletePasskey(id: string): Promise<void> {
+    await this.prismaService.authenticator
+      .delete({
+        where: { id },
+      })
+      .catch((error) => {
+        if (
+          error instanceof PrismaClientKnownRequestError &&
+          error.code === 'P2025'
+        ) {
+          this.logger.debug(`passkey not found with uuid: ${id}`);
+          throw new ForbiddenException('passkey not found');
+        }
+        this.logger.error(`delete passkey error: ${error}`);
+        throw new InternalServerErrorException();
+      });
+  }
 }

src/user/user.service.ts

@@ -33,7 +33,7 @@ import {
   IssueUserSecretDto,
   RegisterDto,
 } from './dto/req.dto';
-import { UpdateUserPictureResDto } from './dto/res.dto';
+import { BasicPasskeyDto, UpdateUserPictureResDto } from './dto/res.dto';
 import { UserConsentType } from './types/userConsent.type';
 import { UserRepository } from './user.repository';
 
@@ -223,6 +223,10 @@ export class UserService {
     await this.objectService.deleteObject(`user/${userUuid}/profile.webp`);
   }
 
+  async getPasskeyList(userUuid: string): Promise<BasicPasskeyDto[]> {
+    return await this.userRepository.getPasskeyList(userUuid);
+  }
+
   async registerOptions(
     email: string,
   ): Promise<PublicKeyCredentialCreationOptionsJSON> {
@@ -249,6 +253,7 @@ export class UserService {
 
   async verifyRegistration(
     email: string,
+    name: string,
     response: RegistrationResponseJSON,
   ): Promise<boolean> {
     const user = await this.userRepository.findUserByEmail(email);
@@ -274,7 +279,7 @@ export class UserService {
 
     const { id, publicKey, counter } = registrationInfo.credential;
 
-    await this.userRepository.saveAuthenticator({
+    await this.userRepository.saveAuthenticator(name, {
       credentialId: id,
       publicKey,
       counter,
@@ -283,4 +288,24 @@ export class UserService {
 
     return true;
   }
+
+  async updatePasskey(
+    id: string,
+    name: string,
+    userUuid: string,
+  ): Promise<BasicPasskeyDto> {
+    const auth = await this.userRepository.getAuthenticator(id);
+
+    if (auth.userUuid !== userUuid) throw new ForbiddenException();
+
+    return await this.userRepository.updatePasskey(id, name);
+  }
+
+  async deletePasskey(id: string, userUuid: string): Promise<void> {
+    const auth = await this.userRepository.getAuthenticator(id);
+
+    if (auth.userUuid !== userUuid) throw new ForbiddenException();
+
+    return await this.userRepository.deletePasskey(id);
+  }
 }