feat(auth): add WebAuthn/Passkey support across all apps

Implements passwordless authentication via passkeys using @simplewebauthn: Backend (mana-core-auth): - New passkeys table in auth schema (credentialId, publicKey, counter, etc.) - PasskeyService with registration/authentication flows and challenge storage - 7 new API endpoints (register, authenticate, list, delete, rename) - createSessionAndTokens helper for non-password auth flows - Security event types for passkey operations Client (shared-auth): - signInWithPasskey() and registerPasskey() with dynamic @simplewebauthn/browser imports - isPasskeyAvailable() browser capability check - Passkey management methods (list, delete, rename) UI (shared-auth-ui): - Passkey button on LoginPage with key icon, shown when browser supports WebAuthn - Divider between passkey and email/password form App integration: - All 19 web app auth stores have isPasskeyAvailable() and signInWithPasskey() - All 19 web app login pages pass passkeyAvailable and onSignInWithPasskey props - rpID=mana.how in production enables cross-app passkey usage (SSO-compatible) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-14 19:01:08 +02:00 · 2026-03-26 10:30:03 +01:00 · 2026-03-26 10:30:03 +01:00 · 3091da914e
commit 3091da914e
parent 1095202ad9
52 changed files with 1849 additions and 4 deletions
--- a/apps/mukke/apps/web/src/lib/stores/auth.svelte.ts
+++ b/apps/mukke/apps/web/src/lib/stores/auth.svelte.ts
@ -107,6 +107,35 @@ export const authStore = {
 		}
 	},

+	isPasskeyAvailable(): boolean {
+		const authService = getAuthService();
+		if (!authService) return false;
+		return authService.isPasskeyAvailable();
+	},
+
+	async signInWithPasskey() {
+		const authService = getAuthService();
+		if (!authService) {
+			return { success: false, error: 'Auth not available on server' };
+		}
+
+		try {
+			const result = await authService.signInWithPasskey();
+
+			if (!result.success) {
+				return { success: false, error: result.error || 'Passkey authentication failed' };
+			}
+
+			const userData = await authService.getUserFromToken();
+			user = userData;
+
+			return { success: true };
+		} catch (error) {
+			const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+			return { success: false, error: errorMessage };
+		}
+	},
+
 	async signIn(email: string, password: string) {
 		const authService = getAuthService();
 		if (!authService) {
--- a/apps/mukke/apps/web/src/routes/(auth)/login/+page.svelte
+++ b/apps/mukke/apps/web/src/routes/(auth)/login/+page.svelte
@ -50,6 +50,8 @@
 	primaryColor="#f97316"
 	onSignIn={handleSignIn}
 	onResendVerification={handleResendVerification}
+	passkeyAvailable={authStore.isPasskeyAvailable()}
+	onSignInWithPasskey={() => authStore.signInWithPasskey()}
 	{goto}
 	successRedirect={redirectTo}
 	registerPath="/register"