update deps (MisskeyIO#610)

packages/backend/package.json

@@ -66,8 +66,8 @@
 	},
 	"dependencies": {
 		"@authenio/samlify-node-xmllint": "2.0.0",
-		"@aws-sdk/client-s3": "3.540.0",
-		"@aws-sdk/lib-storage": "3.540.0",
+		"@aws-sdk/client-s3": "3.554.0",
+		"@aws-sdk/lib-storage": "3.554.0",
 		"@bull-board/api": "5.15.3",
 		"@bull-board/fastify": "5.15.3",
 		"@bull-board/ui": "5.15.3",
@@ -79,7 +79,7 @@
 		"@fastify/formbody": "7.4.0",
 		"@fastify/http-proxy": "9.5.0",
 		"@fastify/multipart": "8.2.0",
-		"@fastify/static": "7.0.2",
+		"@fastify/static": "7.0.3",
 		"@fastify/view": "9.0.0",
 		"@misskey-dev/sharp-read-bmp": "1.2.0",
 		"@misskey-dev/summaly": "5.1.0",
@@ -87,12 +87,12 @@
 		"@nestjs/core": "10.3.7",
 		"@nestjs/testing": "10.3.7",
 		"@peertube/http-signature": "1.7.0",
-		"@simplewebauthn/server": "9.0.3",
+		"@simplewebauthn/server": "10.0.0",
 		"@sinonjs/fake-timers": "11.2.2",
 		"@smithy/node-http-handler": "2.5.0",
 		"@swc/cli": "0.1.65",
 		"@swc/core": "1.3.107",
-		"@twemoji/parser": "15.1.0",
+		"@twemoji/parser": "15.1.1",
 		"accepts": "1.3.8",
 		"ajv": "8.12.0",
 		"archiver": "6.0.1",
@@ -100,7 +100,7 @@
 		"bcryptjs": "2.4.3",
 		"blurhash": "2.0.5",
 		"body-parser": "1.20.2",
-		"bullmq": "5.4.6",
+		"bullmq": "5.7.1",
 		"cacheable-lookup": "7.0.0",
 		"cbor": "9.0.2",
 		"chalk": "5.3.0",
@@ -112,7 +112,7 @@
 		"date-fns": "3.6.0",
 		"deep-email-validator": "0.1.21",
 		"fastify": "4.26.2",
-		"fastify-http-errors-enhanced": "5.0.3",
+		"fastify-http-errors-enhanced": "5.0.4",
 		"fastify-raw-body": "4.3.0",
 		"feed": "4.2.2",
 		"file-type": "19.0.0",
@@ -127,7 +127,7 @@
 		"ip-cidr": "3.1.0",
 		"ipaddr.js": "2.1.0",
 		"is-svg": "5.0.0",
-		"jose": "5.2.3",
+		"jose": "5.2.4",
 		"js-yaml": "4.1.0",
 		"jsdom": "23.2.0",
 		"json5": "2.2.3",
@@ -140,7 +140,7 @@
 		"misskey-js": "workspace:*",
 		"misskey-reversi": "workspace:*",
 		"ms": "3.0.0-canary.1",
-		"nanoid": "5.0.6",
+		"nanoid": "5.0.7",
 		"nested-property": "4.0.0",
 		"node-fetch": "3.3.2",
 		"node-forge": "1.3.1",
@@ -150,10 +150,10 @@
 		"oauth2orize": "1.12.0",
 		"oauth2orize-pkce": "0.1.2",
 		"os-utils": "0.0.14",
-		"otpauth": "9.2.2",
+		"otpauth": "9.2.3",
 		"parse5": "7.1.2",
-		"pg": "8.11.3",
-		"pino": "8.19.0",
+		"pg": "8.11.5",
+		"pino": "8.20.0",
 		"pino-pretty": "11.0.0",
 		"pkce-challenge": "4.1.0",
 		"probe-image-size": "7.2.3",
@@ -177,13 +177,13 @@
 		"slacc": "0.0.10",
 		"strict-event-emitter-types": "2.0.0",
 		"stringz": "2.1.0",
-		"systeminformation": "5.22.6",
+		"systeminformation": "5.22.7",
 		"tinycolor2": "1.6.0",
 		"tmp": "0.2.3",
 		"tsc-alias": "1.8.8",
 		"tsconfig-paths": "4.2.0",
 		"typeorm": "0.3.20",
-		"typescript": "5.4.3",
+		"typescript": "5.4.5",
 		"ulid": "2.3.0",
 		"vary": "1.1.2",
 		"web-push": "3.6.7",
@@ -195,7 +195,7 @@
 		"@jest/globals": "29.7.0",
 		"@misskey-dev/eslint-plugin": "1.0.0",
 		"@nestjs/platform-express": "10.3.7",
-		"@simplewebauthn/types": "9.0.1",
+		"@simplewebauthn/types": "10.0.0",
 		"@swc/jest": "0.2.36",
 		"@types/accepts": "1.3.7",
 		"@types/archiver": "6.0.2",
@@ -213,13 +213,13 @@
 		"@types/jsrsasign": "10.5.13",
 		"@types/mime-types": "2.1.4",
 		"@types/ms": "0.7.34",
-		"@types/node": "20.12.2",
+		"@types/node": "20.12.7",
 		"@types/node-forge": "1.3.11",
 		"@types/nodemailer": "6.4.14",
 		"@types/oauth": "0.9.4",
 		"@types/oauth2orize": "1.11.5",
 		"@types/oauth2orize-pkce": "0.1.2",
-		"@types/pg": "8.11.4",
+		"@types/pg": "8.11.5",
 		"@types/pug": "2.0.10",
 		"@types/punycode": "2.1.4",
 		"@types/qrcode": "1.5.5",
@@ -235,8 +235,8 @@
 		"@types/vary": "1.1.3",
 		"@types/web-push": "3.6.3",
 		"@types/ws": "8.5.10",
-		"@typescript-eslint/eslint-plugin": "7.4.0",
-		"@typescript-eslint/parser": "7.4.0",
+		"@typescript-eslint/eslint-plugin": "7.6.0",
+		"@typescript-eslint/parser": "7.6.0",
 		"aws-sdk-client-mock": "4.0.0",
 		"cross-env": "7.0.3",
 		"eslint": "8.57.0",

packages/backend/src/core/WebAuthnService.ts

@@ -11,7 +11,11 @@ import {
 	verifyAuthenticationResponse,
 	verifyRegistrationResponse,
 } from '@simplewebauthn/server';
-import { AttestationFormat, isoCBOR } from '@simplewebauthn/server/helpers';
+import {
+	AttestationFormat,
+	isoCBOR,
+	isoUint8Array,
+} from '@simplewebauthn/server/helpers';
 import { DI } from '@/di-symbols.js';
 import type { UserSecurityKeysRepository } from '@/models/_.js';
 import type { Config } from '@/config.js';
@@ -26,7 +30,6 @@ import type {
 	AuthenticatorTransportFuture,
 	CredentialDeviceType,
 	PublicKeyCredentialCreationOptionsJSON,
-	PublicKeyCredentialDescriptorFuture,
 	PublicKeyCredentialRequestOptionsJSON,
 	RegistrationResponseJSON,
 } from '@simplewebauthn/types';
@@ -56,7 +59,7 @@ export class WebAuthnService {
 		const instance = await this.metaService.fetch();
 		return {
 			origin: this.config.url,
-			rpId: this.config.host,
+			rpId: this.config.hostname,
 			rpName: instance.name ?? this.config.host,
 			rpIcon: instance.iconUrl ?? undefined,
 		};
@@ -72,13 +75,12 @@ export class WebAuthnService {
 		const registrationOptions = await generateRegistrationOptions({
 			rpName: relyingParty.rpName,
 			rpID: relyingParty.rpId,
-			userID: userId,
+			userID: isoUint8Array.fromUTF8String(userId),
 			userName: userName,
 			userDisplayName: userDisplayName,
 			attestationType: 'indirect',
-			excludeCredentials: keys.map(key => (<PublicKeyCredentialDescriptorFuture>{
-				id: Buffer.from(key.id, 'base64url'),
-				type: 'public-key',
+			excludeCredentials: keys.map(key => (<{ id: string; transports?: AuthenticatorTransportFuture[]; }>{
+				id: key.id,
 				transports: key.transports ?? undefined,
 			})),
 			authenticatorSelection: {
@@ -94,7 +96,7 @@ export class WebAuthnService {
 
 	@bindThis
 	public async verifyRegistration(userId: MiUser['id'], response: RegistrationResponseJSON): Promise<{
-		credentialID: Uint8Array;
+		credentialID: string;
 		credentialPublicKey: Uint8Array;
 		attestationObject: Uint8Array;
 		fmt: AttestationFormat;
@@ -151,6 +153,7 @@ export class WebAuthnService {
 
 	@bindThis
 	public async initiateAuthentication(userId: MiUser['id']): Promise<PublicKeyCredentialRequestOptionsJSON> {
+		const relyingParty = await this.getRelyingParty();
 		const keys = await this.userSecurityKeysRepository.findBy({
 			userId: userId,
 		});
@@ -160,9 +163,9 @@ export class WebAuthnService {
 		}
 
 		const authenticationOptions = await generateAuthenticationOptions({
-			allowCredentials: keys.map(key => (<PublicKeyCredentialDescriptorFuture>{
-				id: Buffer.from(key.id, 'base64url'),
-				type: 'public-key',
+			rpID: relyingParty.rpId,
+			allowCredentials: keys.map(key => (<{ id: string; transports?: AuthenticatorTransportFuture[]; }>{
+				id: key.id,
 				transports: key.transports ?? undefined,
 			})),
 			userVerification: 'preferred',
@@ -226,7 +229,7 @@ export class WebAuthnService {
 				expectedOrigin: relyingParty.origin,
 				expectedRPID: relyingParty.rpId,
 				authenticator: {
-					credentialID: Buffer.from(key.id, 'base64url'),
+					credentialID: key.id,
 					credentialPublicKey: Buffer.from(key.publicKey, 'base64url'),
 					counter: key.counter,
 					transports: key.transports ? key.transports as AuthenticatorTransportFuture[] : undefined,

packages/backend/src/server/api/endpoints/i/2fa/key-done.ts

@@ -97,9 +97,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 
 			const keyInfo = await this.webAuthnService.verifyRegistration(me.id, ps.credential);
 
-			const credentialId = Buffer.from(keyInfo.credentialID).toString('base64url');
 			await this.userSecurityKeysRepository.insert({
-				id: credentialId,
+				id: keyInfo.credentialID,
 				userId: me.id,
 				name: ps.name,
 				publicKey: Buffer.from(keyInfo.credentialPublicKey).toString('base64url'),
@@ -116,7 +115,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 			}));
 
 			return {
-				id: credentialId,
+				id: keyInfo.credentialID,
 				name: ps.name,
 			};
 		});