0be354a920
Single-commit clean baseline after security scrub of niche-tells, project codenames, internal jargon, and contributor-email leaks. Contents: - 100 Rust crates (_primitives/_rust/) - 37 agent manifests (_manifests/) + generated specs (_generated/) - 67 user-invocable skills (skills/) - 33 hooks (hooks/) - Composition blocks (_blocks/) - Documentation (docs/, README.md) - TS adapter packages (_ts_packages/) - Assembler (_assembler/) - Roles (_roles/) - Templates (_templates/) - Forgejo CI (.forgejo/) Author: Denis Parfionovich <info@greendragon.info> License: see LICENSE.
28 lines
1.3 KiB
Rust
28 lines
1.3 KiB
Rust
// SPDX-License-Identifier: Apache-2.0
|
|
// Copyright 2026 <author org>
|
|
//!
|
|
//! [`build_webauthn`] — thin wrapper around `webauthn_rs::WebauthnBuilder`.
|
|
//!
|
|
//! Centralises relying-party (RP) configuration so [`crate::WebauthnProvider`]
|
|
//! constructors stay short. No logic of our own — defaults come from
|
|
//! webauthn-rs upstream (FIDO MDS optional, ResidentKey by default).
|
|
|
|
use crate::error::{Error, Result};
|
|
use url::Url;
|
|
use webauthn_rs::prelude::{Webauthn, WebauthnBuilder};
|
|
|
|
/// Build a [`Webauthn`] instance for a given relying party.
|
|
///
|
|
/// - `rp_id` — registrable domain suffix (e.g. `"example.com"`). Must
|
|
/// match the `rp_origin` host (or be a parent suffix of it).
|
|
/// - `rp_origin` — full origin URL, scheme + host + optional port (e.g.
|
|
/// `"https://example.com"` or `"http://localhost:8080"`).
|
|
/// - `rp_name` — human-readable RP name shown in authenticator UI.
|
|
///
|
|
/// Returns [`Error::Url`] if `rp_origin` does not parse, or
|
|
/// [`Error::WebauthnRs`] if webauthn-rs rejects the (rp_id, rp_origin) pair.
|
|
pub fn build_webauthn(rp_id: &str, rp_origin: &str, rp_name: &str) -> Result<Webauthn> {
|
|
let origin = Url::parse(rp_origin).map_err(Error::Url)?;
|
|
let builder = WebauthnBuilder::new(rp_id, &origin)?.rp_name(rp_name);
|
|
Ok(builder.build()?)
|
|
}
|