Merge branch 'feat/passkey' into feat/document-passkey-test

2025-11-17 10:11:35 +10:00 · 2024-03-17 15:14:32 +08:00
parent cb020cc7d0 87b79451d5
commit d45bed6930
4 changed files with 26 additions and 6 deletions
--- a/packages/lib/constants/auth.ts
+++ b/packages/lib/constants/auth.ts
@ -32,3 +32,8 @@ export const USER_SECURITY_AUDIT_LOG_MAP: { [key in UserSecurityAuditLogType]: s
 * The duration to wait for a passkey to be verified in MS.
 */
 export const PASSKEY_TIMEOUT = 60000;
+
+/**
+ * The maximum number of passkeys are user can have.
+ */
+export const MAXIMUM_PASSKEYS = 50;
--- a/packages/lib/server-only/auth/create-passkey.ts
+++ b/packages/lib/server-only/auth/create-passkey.ts
@ -4,6 +4,7 @@ import type { RegistrationResponseJSON } from '@simplewebauthn/types';
 import { prisma } from '@documenso/prisma';
 import { UserSecurityAuditLogType } from '@documenso/prisma/client';

+import { MAXIMUM_PASSKEYS } from '../../constants/auth';
 import { AppError, AppErrorCode } from '../../errors/app-error';
 import type { RequestMetadata } from '../../universal/extract-request-metadata';
 import { getAuthenticatorRegistrationOptions } from '../../utils/authenticator';
@ -21,12 +22,23 @@ export const createPasskey = async ({
  verificationResponse,
  requestMetadata,
 }: CreatePasskeyOptions) => {
-  await prisma.user.findFirstOrThrow({
+  const { _count } = await prisma.user.findFirstOrThrow({
    where: {
      id: userId,
    },
+    include: {
+      _count: {
+        select: {
+          passkeys: true,
+        },
+      },
+    },
  });

+  if (_count.passkeys >= MAXIMUM_PASSKEYS) {
+    throw new AppError('TOO_MANY_PASSKEYS');
+  }
+
  const verificationToken = await prisma.verificationToken.findFirst({
    where: {
      userId,