This cleans up the "session" handling, as explained in issue #38:
The database gets a new auth_tokens table, which records which user is logged in with authentication tokens. The tokens are set as a client cookie when authentication succeeds, which is then subsequently checked against the database for any operations requiring authentication
This has the main effect for the demo that restarting the server won't log out every user.
A new module PendingOps is introduced, which implements an efficient way to store the options (including the challenge) of pending webauthn operations (registering and login) temporarily in memory until they are completed or expire.
In order to make this efficient, the expiration time is stored in the challenge directly
This has the effect that no memory is leaked anymore, and it simplified things
A refactoring was done to both speed up login operations (removing a linear-time find) and remove the need to store the user handle in memory for a pending login operation.
This makes pending operations for registering and login work exactly the same, allowing more code reuse
Writing this new PendingOps module for the server also made it clear that this could also be provided by the library directly, since it's a very reusable part.
This cleans up the "session" handling, as explained in issue #38:
auth_tokens
table, which records which user is logged in with authentication tokens. The tokens are set as a client cookie when authentication succeeds, which is then subsequently checked against the database for any operations requiring authenticationPendingOps
is introduced, which implements an efficient way to store the options (including the challenge) of pending webauthn operations (registering and login) temporarily in memory until they are completed or expire.find
) and remove the need to store the user handle in memory for a pending login operation.Writing this new
PendingOps
module for the server also made it clear that this could also be provided by the library directly, since it's a very reusable part.