perf: 优化passkey

packages/ui/certd-client/src/views/certd/mine/user-profile.vue

@@ -278,20 +278,24 @@ async function doRegisterPasskey(deviceName: string) {
     //   type: "public-key",
     // }));
 
+    console.log("passkey register options:", options, JSON.stringify(options));
     const publicKey = {
       challenge: Uint8Array.from(atob(options.challenge.replace(/-/g, "+").replace(/_/g, "/")), c => c.charCodeAt(0)),
       rp: options.rp,
       pubKeyCredParams: options.pubKeyCredParams,
       timeout: options.timeout || 60000,
-      attestation: options.attestation,
+      // attestation: options.attestation,
       // excludeCredentials: excludeCredentials,
+      // extensions: options.extensions,
+      // authenticatorSelection: options.authenticatorSelection,
+      // hints: options.hints,
       user: {
         id: new TextEncoder().encode(options.userId + ""),
-        name: userInfo.value.username,
+        name: userInfo.value.username + "@" + deviceName,
         displayName: deviceName,
       },
     };
-    console.log("passkey register publicKey:", publicKey);
+    console.log("passkey register publicKey:", publicKey, JSON.stringify(publicKey));
     const credential = await (navigator.credentials as any).create({
       publicKey,
     });
@@ -312,6 +316,7 @@ async function doRegisterPasskey(deviceName: string) {
     console.log("credential", credential, response);
 
     const verifyRes: any = await api.verifyPasskeyRegistration(response, options.challenge, deviceName);
+    console.log("verifyRes:", verifyRes, JSON.stringify(verifyRes));
     await loadPasskeys();
   } catch (e: any) {
     console.error("Passkey注册失败:", e);

packages/ui/certd-client/src/views/framework/login/index.vue

@@ -219,15 +219,22 @@ const handlePasskeyLogin = async () => {
     });
     const options = optionsResponse;
 
+    console.log("passkey authentication options:", options, JSON.stringify(options));
     const credential = await (navigator.credentials as any).get({
       publicKey: {
         challenge: Uint8Array.from(atob(options.challenge.replace(/-/g, "+").replace(/_/g, "/")), c => c.charCodeAt(0)),
         rpId: options.rpId,
         allowCredentials: options.allowCredentials || [],
         timeout: options.timeout || 60000,
+        // attestation: options.attestation,
+        // excludeCredentials: excludeCredentials,
+        // extensions: options.extensions,
+        // authenticatorSelection: options.authenticatorSelection,
+        // hints: options.hints,
       },
     });
 
+    console.log("passkey authentication credential:", credential, JSON.stringify(credential));
     if (!credential) {
       throw new Error("Passkey认证失败");
     }

packages/ui/certd-client/src/views/framework/oauth/oauth-footer.vue

@@ -3,7 +3,7 @@
     <div class="oauth-title">
       <div class="oauth-title-text">{{ computedTitle }}</div>
     </div>
-    <div class="flex justify-center items-center gap-4">
+    <div class="flex justify-center items-center gap-4 flex-wrap md:flex-nowrap">
       <template v-for="item in oauthProviderList" :key="item.type">
         <div v-if="item.addonId" class="oauth-icon-button pointer" @click="goOauthLogin(item.name)">
           <div><fs-icon :icon="item.icon" class="text-blue-600 text-40" /></div>

packages/ui/certd-client/vite.config.ts

@@ -88,10 +88,6 @@ export default (req: any) => {
       host: "0.0.0.0",
       port: 3008,
       fs: devServerFs,
-      https: {
-        key: fs.readFileSync("./keys/localhost+1-key.pem"),
-        cert: fs.readFileSync("./keys/localhost+1.pem"),
-      },
       allowedHosts: ["localhost", "127.0.0.1", "yfy.docmirror.cn", "docmirror.top", "*", "local.dev"],
       proxy: {
         // with options

packages/ui/certd-server/src/controller/basic/login/login-controller.ts

@@ -95,9 +95,7 @@ export class LoginController extends BaseController {
       this.ctx
     );
 
-    return this.ok({
-      ...options,
-    });
+    return this.ok(options);
   }
 
   @Post('/loginByPasskey', { description: Constants.per.guest })

packages/ui/certd-server/src/controller/user/mine/passkey-controller.ts

@@ -37,7 +37,6 @@ export class MinePasskeyController extends BaseController {
 
     return this.ok({
       ...options,
-      userId
     });
   }
 

packages/ui/certd-server/src/modules/auto/auto-a-init-site.ts

@@ -51,8 +51,6 @@ export class AutoAInitSite {
     //加载一次密钥
     await this.sysSettingsService.getSecret();
 
-    //加载设置
-    await this.sysSettingsService.reloadSettings();
 
     // 授权许可
     try {
@@ -60,6 +58,9 @@ export class AutoAInitSite {
     } catch (e) {
       logger.error('授权许可验证失败', e);
     }
+    
+    //加载设置
+    await this.sysSettingsService.reloadSettings();
 
     //加载站点隐藏配置
     await this.safeService.reloadHiddenStatus(true)

packages/ui/certd-server/src/modules/login/service/passkey-service.ts

@@ -60,6 +60,13 @@ export class PasskeyService extends BaseService<PasskeyEntity> {
       timeout: 60000,
       attestationType: "none",
       excludeCredentials: [],
+      preferredAuthenticatorType: 'localDevice',
+      authenticatorSelection: {
+        authenticatorAttachment: "cross-platform", 
+        userVerification: "preferred",      
+        residentKey: "preferred",
+        requireResidentKey: false
+      },
     });
     logger.info('[passkey] 注册选项:', JSON.stringify(options));
     cache.set(`passkey:registration:${options.challenge}`, userId, {
@@ -121,6 +128,7 @@ export class PasskeyService extends BaseService<PasskeyEntity> {
       rpID: rpId,
       timeout: 60000,
       allowCredentials: [],
+      userVerification: 'preferred' //'required' | 'preferred' | 'discouraged';
     });
 
     // cache.set(`passkey:authentication:${options.challenge}`, userId, {