WIP 🔐 feat: PassKey (#5606)

* added PassKey authentication.

* fixed issue with test :)

* Delete client/src/components/Auth/AuthLayout.tsx

* fix: conflicted issue

api/server/index.js

@@ -21,6 +21,8 @@ const AppService = require('./services/AppService');
 const staticCache = require('./utils/staticCache');
 const noIndex = require('./middleware/noIndex');
 const routes = require('./routes');
+const { WebAuthnStrategy } = require('passport-simple-webauthn2');
+const { mongoUserStore, mongoChallengeStore } = require('~/cache');
 
 const { PORT, HOST, ALLOW_SOCIAL_LOGIN, DISABLE_COMPRESSION } = process.env ?? {};
 
@@ -77,11 +79,29 @@ const startServer = async () => {
     passport.use(ldapLogin);
   }
 
+  /* Passkey (WebAuthn) Strategy */
+  if (process.env.PASSKEY_ENABLED) {
+
+    const userStore = new mongoUserStore();
+    const challengeStore = new mongoChallengeStore();
+
+    passport.use(
+      new WebAuthnStrategy({
+        rpID: process.env.RP_ID || 'localhost',
+        rpName: process.env.APP_TITLE || 'LibreChat',
+        userStore,
+        challengeStore,
+        debug: true,
+      }),
+    );
+  }
+
   if (isEnabled(ALLOW_SOCIAL_LOGIN)) {
     configureSocialLogins(app);
   }
 
   app.use('/oauth', routes.oauth);
+  app.use('/webauthn', routes.authWebAuthn);
   /* API Endpoints */
   app.use('/api/auth', routes.auth);
   app.use('/api/actions', routes.actions);

api/server/routes/authWebAuthn.js

@@ -0,0 +1,44 @@
+const express = require('express');
+const passport = require('passport');
+const { setAuthTokens } = require('~/server/services/AuthService');
+const router = express.Router();
+
+router.get(
+  '/register',
+  passport.authenticate('webauthn', { session: false }),
+  (req, res) => {
+    res.json(req.user);
+  },
+);
+
+router.post(
+  '/register',
+  passport.authenticate('webauthn', { session: false, failureRedirect: '/login' }),
+  (req, res) => {
+    res.json({ user: req.user });
+  },
+);
+
+router.get(
+  '/login',
+  passport.authenticate('webauthn', { session: false }),
+  (req, res) => {
+    res.json(req.user);
+  },
+);
+
+router.post(
+  '/login',
+  passport.authenticate('webauthn', { session: false, failureRedirect: '/login' }),
+  async (req, res) => {
+    try {
+      const token = await setAuthTokens(req.user.id, res);
+      res.status(200).json({ token, user: req.user });
+    } catch (err) {
+      console.error('[WebAuthn Login Callback]', err);
+      res.status(500).json({ message: 'Something went wrong during login' });
+    }
+  },
+);
+
+module.exports = router;

api/server/routes/config.js

@@ -51,6 +51,7 @@ router.get('/', async function (req, res) {
           !!process.env.APPLE_TEAM_ID &&
           !!process.env.APPLE_KEY_ID &&
           !!process.env.APPLE_PRIVATE_KEY_PATH,
+      passkeyLoginEnabled : !!process.env.PASSKEY_ENABLED && !!process.env.RP_ID,
       openidLoginEnabled:
         !!process.env.OPENID_CLIENT_ID &&
         !!process.env.OPENID_CLIENT_SECRET &&

api/server/routes/index.js

@@ -1,3 +1,4 @@
+const authWebAuthn = require('./authWebAuthn');
 const assistants = require('./assistants');
 const categories = require('./categories');
 const tokenizer = require('./tokenizer');
@@ -55,5 +56,6 @@ module.exports = {
   assistants,
   categories,
   staticRoute,
+  authWebAuthn,
   banner,
 };