Kyle Pope
e8e3f62ff8
New files: - models/passkey_credential.py: PasskeyCredential model with indexed credential_id - alembic 061: Create passkey_credentials table - services/passkey.py: Challenge token management (itsdangerous + nonce replay protection) and py_webauthn wrappers for registration/authentication - routers/passkeys.py: 6 endpoints (register begin/complete, login begin/complete, list, delete) with full security hardening Changes: - config.py: WEBAUTHN_RP_ID, RP_NAME, ORIGIN, CHALLENGE_TTL settings - main.py: Mount passkey router, add CSRF exemptions for login endpoints - auth.py: Add has_passkeys to /auth/status response - nginx.conf: Rate limiting on all passkey endpoints, Permissions-Policy updated for publickey-credentials-get/create - requirements.txt: Add webauthn>=2.1.0 Security: password re-entry for registration (V-02), single-use nonce challenges (V-01), constant-time login/begin (V-03), shared lockout counter, generic 401 errors, audit logging on all events. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
19 lines
350 B
Plaintext
19 lines
350 B
Plaintext
fastapi==0.115.6
|
|
uvicorn[standard]==0.34.0
|
|
sqlalchemy[asyncio]==2.0.36
|
|
asyncpg==0.30.0
|
|
alembic==1.14.1
|
|
pydantic==2.10.4
|
|
pydantic-settings==2.7.1
|
|
bcrypt==4.2.1
|
|
argon2-cffi>=23.1.0
|
|
pyotp>=2.9.0
|
|
qrcode[pil]>=7.4.0
|
|
cryptography>=42.0.0
|
|
python-multipart==0.0.20
|
|
python-dateutil==2.9.0
|
|
itsdangerous==2.2.0
|
|
httpx==0.27.2
|
|
apscheduler==3.10.4
|
|
webauthn>=2.1.0
|