update

packages/backend/src/auth/auth.controller.ts

@@ -139,12 +139,15 @@ export const generatePasskeyAuthenticationOptionsHandler = async (req: Request,
  * 验证 Passkey 凭据并登录用户 (POST /api/v1/auth/passkey/authenticate)
  */
 export const verifyPasskeyAuthenticationHandler = async (req: Request, res: Response): Promise<void> => {
-    const authenticationResponse = req.body; // The whole body is the response from @simplewebauthn/browser
+    // Extract assertionResponse and rememberMe from the request body
+    const { assertionResponse, rememberMe } = req.body;
     const expectedChallenge = req.session.currentChallenge;
-    const { rememberMe } = req.body; // Optional rememberMe flag
 
-    if (!authenticationResponse) {
+    // Rename assertionResponse to authenticationResponseJSON for clarity within this scope
-        res.status(400).json({ message: '认证响应不能为空。' });
+    const authenticationResponseJSON = assertionResponse;
+
+    if (!authenticationResponseJSON) {
+        res.status(400).json({ message: '认证响应 (assertionResponse) 不能为空。' });
         return;
     }
     if (!expectedChallenge) {
@@ -153,8 +156,9 @@ export const verifyPasskeyAuthenticationHandler = async (req: Request, res: Resp
     }
 
     try {
+        // Pass the extracted authenticationResponseJSON to the service
         const verification = await passkeyService.verifyAuthentication(
-            authenticationResponse,
+            authenticationResponseJSON,
             expectedChallenge
         );
 
@@ -198,7 +202,7 @@ export const verifyPasskeyAuthenticationHandler = async (req: Request, res: Resp
             console.warn(`[AuthController] Passkey 认证验证失败:`, verification);
             const clientIp = req.ip || req.socket?.remoteAddress || 'unknown';
             auditLogService.logAction('PASSKEY_AUTH_FAILURE', {
-                credentialId: authenticationResponse.id, 
+                credentialId: authenticationResponseJSON?.id || 'unknown', // Use the extracted object
                 reason: 'Verification failed',
                 ip: clientIp
             });
@@ -208,7 +212,7 @@ export const verifyPasskeyAuthenticationHandler = async (req: Request, res: Resp
         console.error(`[AuthController] 验证 Passkey 认证时出错:`, error.message, error.stack);
         const clientIp = req.ip || req.socket?.remoteAddress || 'unknown';
         auditLogService.logAction('PASSKEY_AUTH_FAILURE', {
-            credentialId: authenticationResponse?.id || 'unknown', 
+            credentialId: authenticationResponseJSON?.id || 'unknown', // Use the extracted object
             reason: error.message,
             ip: clientIp
         });

packages/backend/src/repositories/passkey.repository.ts

@@ -97,6 +97,8 @@ export class PasskeyRepository {
     const db = await getDbInstance();
     const sql = 'SELECT * FROM passkeys WHERE user_id = ? ORDER BY created_at DESC';
     const results = await allDb<any>(db, sql, [userId]);
+    // Log the raw results from the database before mapping
+    console.log(`[PasskeyRepository] Raw passkeys for user ${userId}:`, JSON.stringify(results, null, 2));
     return mapPasskeyResults(results);
   }