Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(wallet): wallet daemon new auth method (#1291)
Description --- I introduced an authentication method configuration and it has the following possible values at the moment: `none` (no authentication as before), `webauthn` (authenticate using `Webauthn` which is a public/private key based authentication when the authenticator decides where to store the private key(USB device, Google Chrome profile or any other methods), for more info: [webauthn.io](https://webauthn.io/) ). This new authentication method allows for the first time to register via Webauthn and later login. Also fixed/updated: - Logic to check periodically when our JWT token has been expired - Handle redirection when we want to access a protected URL - `/access-token` page where we force login as well and returns current JWT token for CLI usage Motivation and Context --- There was no authentication in wallet daemon, so whoever would access the UI even through a local network, then that person could manipulate all the accounts and possibly steal funds. How Has This Been Tested? --- 1. Start a local swarm with the following extra CLI arg: `--wallet-daemon-auth=webauthn` (default is `none`) Example command: ```shell cargo run --bin tari_swarm_daemon --release -- -c data/config.toml start --wallet-daemon-auth=webauthn ``` 2. Open up the wallet daemon UI (important that in the URL, use `localhost` instead of `127.0.0.1` because webauthn must have a domain present instead of an IP address) 3. Press Register button 4. Follow the steps in popup to register a new key 5. Press Login button and do login with your key Demo: https://github.com/user-attachments/assets/c7608bf7-fb82-4a0b-8f6f-fb0ac8fc0af8 What process can a PR reviewer use to test or verify this change? --- Breaking Changes --- - [ ] None - [x] Requires data directory to be deleted - [ ] Other - Please specify <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Introduced robust WebAuthn support for secure user registration and login. - Added dedicated authentication screens with guarded routes and access token display (with copy-to-clipboard) for a smoother wallet experience. - Implemented new methods for handling WebAuthn registration and authentication processes. - Added support for checking if a user is already registered with WebAuthn. - Enhanced authentication mechanisms with new options for WebAuthn and traditional methods. - Integrated new authentication methods and WebAuthn capabilities in the WalletDaemonClient. - Introduced session management for WebAuthn registrations and passkeys in the wallet storage. - **Refactor** - Enhanced session management and backend processes to improve security and performance across wallet services. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Stan Bondi <[email protected]>
- Loading branch information
