Register Biometric Credentials with WebAuthn [wallet - service]

[salazarsebas]

🔑 Register Biometric Credentials with WebAuthn 🛠️

📝 Description

Implement an API endpoint to register biometric credentials (e.g., fingerprint or Face ID) using WebAuthn for the Stellar wallet service. This endpoint will allow users to create and store public key credentials securely, associating them with a user ID for authentication in subsequent requests. The registration process will leverage the WebAuthn configuration set up previously to ensure secure and seamless biometric authentication.

🎯 Objective

Create a POST /auth/register endpoint in services/stellar-wallet/src/routes/auth-register.js to handle WebAuthn credential registration and store credentials in the SQLite database, with a unit test to verify functionality.

🗂 Structure

• Directory: services/stellar-wallet
• Files:
  • src/routes/auth-register.js
  • tests/routes/auth-register.test.js
  • src/db/kyc.js (updated)
• Expected structure:

  services/stellar-wallet
  ├── src
  │   ├── index.js
  │   ├── stellar
  │   │   ├── client.js
  │   │   ├── keys.js
  │   │   └── fund.js
  │   ├── db
  │   │   └── kyc.js
  │   ├── routes
  │   │   ├── kyc.js
  │   │   ├── kyc-verify.js
  │   │   ├── kyc-status.js
  │   │   └── auth-register.js
  │   ├── kyc
  │   │   └── validate.js
  │   ├── soroban
  │   │   ├── client.js
  │   │   ├── kyc-contract.rs
  │   │   └── deploy.js
  │   └── auth
  │       └── webauthn.js
  ├── config
  │   └── db.sqlite
  ├── tests
  │   ├── stellar
  │   │   ├── client.test.js
  │   │   ├── keys.test.js
  │   │   └── fund.test.js
  │   ├── db
  │   │   └── kyc.test.js
  │   ├── routes
  │   │   ├── kyc.test.js
  │   │   ├── kyc-verify.test.js
  │   │   ├── kyc-status.test.js
  │   │   └── auth-register.test.js
  │   ├── kyc
  │   │   └── validate.test.js
  │   └── soroban
  │       ├── client.test.js
  │       └── deploy.test.js
  ├── package.json
  ├── .env.example
  ├── .eslintrc.json
  ├── .eslintignore
  ├── .prettierrc.json
  ├── .prettierignore
  ├── .gitignore
  

✅ Requirements

• Create a branch named feat/webauthn-register for this task.
• Update src/db/kyc.js to add a table credentials with columns id (primary key, auto-increment), user_id (string, linked to kyc_id), credential_id (string), and public_key (string) for storing WebAuthn credentials.
• Create src/routes/auth-register.js to define a POST /auth/register endpoint using Express.
• Configure the endpoint to accept JSON input with user_id (string, matching a kyc_id from the SQLite database).
• Validate that user_id exists in the kyc table; return HTTP 400 with a JSON error message (e.g., { error: "Invalid user ID" }) if not found.
• Use generateRegistrationOptions from src/auth/webauthn.js (Issue 16) to create WebAuthn registration options for the client.
• Accept the client’s WebAuthn response, verify it using @simplewebauthn/server, and store the credential_id and public_key in the credentials table, associated with user_id.
• Return a JSON response with HTTP status 201 and details (e.g., { user_id, credential_id }).
• Handle errors (e.g., invalid WebAuthn response) with HTTP 400 or 500 and a JSON error message (e.g., { error: "Failed to register credentials" }).
• Create a unit test in tests/routes/auth-register.test.js to verify:
  • Successful registration stores credentials and returns HTTP 201.
  • Invalid user_id or WebAuthn response returns HTTP 400.
• Mock the WebAuthn server and SQLite database in the unit test to avoid external dependencies.
• Update src/index.js to mount the authentication routes at /auth/register.
• Ensure the code adheres to ESLint and Prettier rules (from Issue 3).
• Commit changes to the feat/webauthn-register branch with a message like feat: register webauthn credentials.
• Verify that the CI pipeline (from Issue 1) passes, with linting and test jobs succeeding.

🏆 Expected Outcomes

• src/db/kyc.js includes a credentials table for storing WebAuthn credentials.
• src/routes/auth-register.js defines a POST /auth/register endpoint that handles WebAuthn credential registration.
• Valid registrations store credential_id and public_key in the credentials table, linked to user_id.
• Successful registrations return HTTP 201 with a JSON response containing user_id and credential_id.
• Invalid inputs or errors return appropriate HTTP status codes and JSON error messages.
• Unit test in tests/routes/auth-register.test.js confirms correct behavior for valid and invalid inputs.
• Express server mounts authentication routes correctly.
• Code passes ESLint and Prettier checks.
• Changes are committed to the feat/webauthn-register branch with a descriptive lowercase commit message.
• CI pipeline runs successfully, with linting passing for src/routes/auth-register.js, tests/routes/auth-register.test.js, and updated src/db/kyc.js, and the unit test passing.

🔗 References

• SimpleWebAuthn Server
• WebAuthn Registration
• SQLite3 Node.js Package
• Jest Mocking
• ESLint Node.js Rules

📋 Notes

• The user_id should correspond to a kyc_id in the kyc table.
• Mocking the WebAuthn server and SQLite database in tests ensures reliable CI execution.
• Ensure credentials are stored securely, avoiding exposure of sensitive data.
• The credentials table should be created with IF NOT EXISTS to ensure idempotency.
• Commit messages must be in lowercase and start with feat, change, fix, chore, or refactor.
• The CI pipeline should validate the new code, ensuring ESLint passes and the unit test executes successfully.

[sotoJ24]

Hello team, I'm Josue Soto, a backend software engineer and open source contributor on OnlyDust fellowship program.
I have skills in problem solving, database schema management, Cairo, Rust, SQL.

How I plan to solve it

1. Update Database Schema in the following file: src/db/kyc.js
2. Create Registration Route
3. Update Main Server File
4. Create Unit Tests
5. Update Package Dependencies
6. Validation and Testing
7. Commit Changes

[sotoJ24]

Submitting PR soon