feat(auth): add WebAuthn/Passkey support across all apps

Implements passwordless authentication via passkeys using @simplewebauthn: Backend (mana-core-auth): - New passkeys table in auth schema (credentialId, publicKey, counter, etc.) - PasskeyService with registration/authentication flows and challenge storage - 7 new API endpoints (register, authenticate, list, delete, rename) - createSessionAndTokens helper for non-password auth flows - Security event types for passkey operations Client (shared-auth): - signInWithPasskey() and registerPasskey() with dynamic @simplewebauthn/browser imports - isPasskeyAvailable() browser capability check - Passkey management methods (list, delete, rename) UI (shared-auth-ui): - Passkey button on LoginPage with key icon, shown when browser supports WebAuthn - Divider between passkey and email/password form App integration: - All 19 web app auth stores have isPasskeyAvailable() and signInWithPasskey() - All 19 web app login pages pass passkeyAvailable and onSignInWithPasskey props - rpID=mana.how in production enables cross-app passkey usage (SSO-compatible) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-14 22:01:09 +02:00 · 2026-03-26 10:30:03 +01:00 · 2026-03-26 10:30:03 +01:00 · 3091da914e
commit 3091da914e
parent 1095202ad9
52 changed files with 1849 additions and 4 deletions
--- a/apps/chat/apps/web/src/lib/stores/auth.svelte.ts
+++ b/apps/chat/apps/web/src/lib/stores/auth.svelte.ts
@ -118,6 +118,43 @@ export const authStore = {
 		}
 	},

+	/**
+	/**
+	 * Check if passkeys are available in this browser
+	 */
+	isPasskeyAvailable(): boolean {
+		const authService = getAuthService();
+		if (!authService) return false;
+		return authService.isPasskeyAvailable();
+	},
+
+	/**
+	 * Sign in with a passkey
+	 */
+	async signInWithPasskey() {
+		const authService = getAuthService();
+		if (!authService) {
+			return { success: false, error: 'Auth not available on server' };
+		}
+
+		try {
+			const result = await authService.signInWithPasskey();
+
+			if (!result.success) {
+				return { success: false, error: result.error || 'Passkey authentication failed' };
+			}
+
+			// Get user data from token
+			const userData = await authService.getUserFromToken();
+			user = userData;
+
+			return { success: true };
+		} catch (error) {
+			const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+			return { success: false, error: errorMessage };
+		}
+	},
+
 	/**
 	 * Sign in with email and password
 	 */
--- a/apps/chat/apps/web/src/routes/(auth)/login/+page.svelte
+++ b/apps/chat/apps/web/src/routes/(auth)/login/+page.svelte
@ -63,6 +63,8 @@
 	primaryColor="#0ea5e9"
 	onSignIn={handleSignIn}
 	onResendVerification={handleResendVerification}
+	passkeyAvailable={authStore.isPasskeyAvailable()}
+	onSignInWithPasskey={() => authStore.signInWithPasskey()}
 	{goto}
 	successRedirect={redirectTo}
 	registerPath="/register"