webauthn-php/examples/functions.php at main · Firehed/webauthn-php · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
<?php

declare(strict_types=1);

use Firehed\WebAuthn\{
    ChallengeManagerInterface,
    Codecs,
    CredentialContainer,
    RelyingPartyInterface,
    SessionChallengeManager,
    SingleOriginRelyingParty,
};

/**
 * @return array{id:string,name:string}
 */
function createUser(PDO $pdo, string $username): array
{
    $existingUser = getUserByName($pdo, $username);
    if ($existingUser !== null) {
        $response = $existingUser;
    } else {
        $stmt = $pdo->prepare('INSERT INTO users (id, name) VALUES (?, ?)');
        $id = uuidv4();
        $stmt->execute([$id, $username]);
        $response = [
            'id' => $id,
            'name' => $username,
        ];
    }
    return $response;
}

function getChallengeManager(): ChallengeManagerInterface
{
    return new SessionChallengeManager();
}

function getCredentialsForUserId(PDO $pdo, string $userId): CredentialContainer
{
    $stmt = $pdo->prepare('SELECT * FROM user_credentials WHERE user_id = ?');
    $stmt->execute([$userId]);
    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    $codec = new Codecs\Credential();
    $credentials = array_map(function ($row) use ($codec) {
        return $codec->decode($row['credential']);
    }, $rows);
    return new CredentialContainer($credentials);
}

function getDatabaseConnection(): PDO
{
    $dbFile = __DIR__ . '/app.sqlite3';

    $create = !file_exists($dbFile);

    $pdo = new PDO(sprintf('sqlite:%s', $dbFile));

    if ($create) {
        $pdo->exec(<<<SQL
        CREATE TABLE users (
            id text PRIMARY KEY,
            name text UNIQUE
        );
        SQL);
        $pdo->exec(<<<SQL
        CREATE TABLE user_credentials (
            id text PRIMARY KEY,
            user_id text,
            credential text,
            FOREIGN KEY (user_id) REFERENCES users(id)
        );
        SQL);
    }

    return $pdo;
}

function getRelyingParty(): RelyingPartyInterface
{
    // Note: in Dockerized environments, HOST will sometimes be set or
    // overridden. If running one and you want to configure your RP from an
    // envvar, selecting a different name is recommended.
    $rp = getenv('HOST');
    if ($rp === false) {
        throw new RuntimeException('HOST is not defined');
    }
    // This would be configured by a env var or something
    return new SingleOriginRelyingParty($rp);
}

/**
 * @return array{id:string, name: string}|null
 */
function getUserByName(PDO $pdo, string $name): ?array
{
    $stmt = $pdo->prepare('SELECT * FROM users WHERE name = ?');
    $stmt->execute([$name]);
    $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
    if ($result !== []) {
        return $result[0];
    } else {
        return null;
    }
}

function uuidv4(): string
{
    $bytes = random_bytes(16);
    $hex = bin2hex($bytes);
    $chunks = str_split($hex, 4);
    $chunks[3][0] = '4';
    return sprintf('%s%s-%s-%s-%s-%s%s%s', ...$chunks);
}