diff --git a/packages/backend/src/auth/auth.controller.ts b/packages/backend/src/auth/auth.controller.ts index 43d73fc..b992f98 100644 --- a/packages/backend/src/auth/auth.controller.ts +++ b/packages/backend/src/auth/auth.controller.ts @@ -5,6 +5,7 @@ import { getDbInstance, runDb, getDb, allDb } from '../database/connection'; import speakeasy from 'speakeasy'; import qrcode from 'qrcode'; import { PasskeyService } from '../services/passkey.service'; +import type { RegistrationResponseJSON } from '@simplewebauthn/server'; // 添加类型导入 import { NotificationService } from '../services/notification.service'; import { AuditLogService } from '../services/audit.service'; import { ipBlacklistService } from '../services/ip-blacklist.service'; @@ -450,6 +451,7 @@ export const verifyPasskeyRegistration = async (req: Request, res: Response): Pr const expectedChallenge = req.session.currentChallenge; // 将 name 提取出来,其余部分作为 registrationData 对象 const { name, ...registrationData } = req.body; + console.log(`[AuthController VerifyReg] Received request body: name=${name}, registrationData=${JSON.stringify(registrationData)}`); // Log received data if (!userId || req.session.requiresTwoFactor) { res.status(401).json({ message: '用户未认证或认证未完成。' }); @@ -485,16 +487,17 @@ export const verifyPasskeyRegistration = async (req: Request, res: Response): Pr // 这个检查理论上在函数开头已经做过,但为了类型安全和明确性再次检查 throw new Error('无法获取用户 ID,无法验证 Passkey。'); } + console.log(`[AuthController VerifyReg] Calling passkeyService.verifyRegistration with: userId=${userId}, expectedChallenge=${expectedChallenge}, hostname=${hostname}, origin=${origin}, name=${name}`); // Log parameters before calling service const verification = await passkeyService.verifyRegistration( - userId, // <-- 传递 userId 作为第一个参数 - registrationData as any, // 将收集到的字段作为 registrationResponse 传递,可能需要类型断言 + userId, + registrationData as RegistrationResponseJSON, // 将收集到的字段重新构造成符合类型的对象 expectedChallenge, hostname, origin, name ); - + console.log(`[AuthController VerifyReg] Received verification result from service: verified=${verification.verified}`); // Log service result if (verification.verified && verification.registrationInfo) { const clientIp = req.ip || req.socket?.remoteAddress || 'unknown'; diff --git a/packages/backend/src/services/passkey.service.ts b/packages/backend/src/services/passkey.service.ts index 640a4cf..a69bafc 100644 --- a/packages/backend/src/services/passkey.service.ts +++ b/packages/backend/src/services/passkey.service.ts @@ -88,6 +88,9 @@ export class PasskeyService { passkeyName?: string ): Promise { + console.log(`[PasskeyService VerifyReg] Received parameters: userId=${userId}, expectedChallenge=${expectedChallenge}, hostname=${hostname}, origin=${origin}, name=${passkeyName}`); // Log received parameters + console.log(`[PasskeyService VerifyReg] Received registrationResponse: ${JSON.stringify(registrationResponse)}`); // Log the raw registrationResponse + const expectedRPID = hostname; const expectedOrigin = origin; @@ -98,10 +101,13 @@ export class PasskeyService { expectedRPID: expectedRPID, requireUserVerification: true, // 强制要求用户验证, simplewebauthn defaults this to true now }; + console.log(`[PasskeyService VerifyReg] Constructed verificationOptions: ${JSON.stringify(verificationOptions)}`); // Log options before verification let verification: VerifiedRegistrationResponse; try { - verification = await verifyRegistrationResponse(verificationOptions); + console.log('[PasskeyService VerifyReg] Calling @simplewebauthn/server verifyRegistrationResponse...'); + verification = await verifyRegistrationResponse(verificationOptions); + console.log(`[PasskeyService VerifyReg] verifyRegistrationResponse returned: verified=${verification.verified}, registrationInfo exists=${!!verification.registrationInfo}`); // Log verification result } catch (error: any) { console.error('Passkey 注册验证时发生异常:', error); // Provide more context in the error @@ -115,19 +121,17 @@ export class PasskeyService { // --- 结束日志记录 --- if (verification.verified && verification.registrationInfo) { - const registrationInfo = verification.registrationInfo as any; - // --- 移除日志记录 --- - // console.log('[PasskeyService] Extracted registrationInfo:', JSON.stringify(registrationInfo, null, 2)); - // console.log('[PasskeyService] credentialPublicKey type:', typeof registrationInfo.credentialPublicKey, 'value:', registrationInfo.credentialPublicKey); - // console.log('[PasskeyService] credentialID type:', typeof registrationInfo.credentialID, 'value:', registrationInfo.credentialID); - // --- 结束日志记录 --- - // const { credentialPublicKey, credentialID, counter } = registrationInfo; // <-- 移除错误的解构 + const registrationInfo = verification.registrationInfo as any; // Keep type assertion for now + console.log(`[PasskeyService VerifyReg] Verification successful. Extracted registrationInfo: ${JSON.stringify(registrationInfo)}`); // Log extracted info + + // Log the critical fields BEFORE using them + console.log(`[PasskeyService VerifyReg] BEFORE Buffer.from(credentialID): Type=${typeof registrationInfo.credentialID}, Value=${registrationInfo.credentialID}`); + console.log(`[PasskeyService VerifyReg] BEFORE Buffer.from(credentialPublicKey): Type=${typeof registrationInfo.credentialPublicKey}, Value=${registrationInfo.credentialPublicKey}`); + const counter = registrationInfo.counter; // 直接获取 counter // --- 直接使用 registrationInfo 的属性 --- - // console.log('[PasskeyService] BEFORE Buffer.from(credentialID): Type=', typeof registrationInfo.credentialID, 'Value=', registrationInfo.credentialID); // <-- 移除日志 const credentialIdBase64Url = Buffer.from(registrationInfo.credentialID).toString('base64url'); - // console.log('[PasskeyService] BEFORE Buffer.from(credentialPublicKey): Type=', typeof registrationInfo.credentialPublicKey, 'Value=', registrationInfo.credentialPublicKey); // <-- 移除日志 const publicKeyBase64Url = Buffer.from(registrationInfo.credentialPublicKey).toString('base64url'); // 获取 transports 信息