feat(core,schemas): add webauthn related origins to account center (#7422)

Author: wangsijie

packages/core/src/routes/account-center/index.openapi.json

@@ -31,6 +31,9 @@
                   },
                   "fields": {
                     "description": "The fields settings for the account API."
+                  },
+                  "webauthnRelatedOrigins": {
+                    "description": "The allowed domains for webauthn."
                   }
                 }
               }

packages/core/src/routes/account-center/index.ts

@@ -1,4 +1,9 @@
-import { AccountCenters, accountCenterFieldControlGuard } from '@logto/schemas';
+import {
+  AccountCenters,
+  accountCenterFieldControlGuard,
+  webauthnRelatedOriginsGuard,
+} from '@logto/schemas';
+import { deduplicate } from '@silverhand/essentials';
 import { z } from 'zod';
 
 import koaGuard from '#src/middleware/koa-guard.js';
@@ -29,18 +34,23 @@ export default function accountCentersRoutes<T extends ManagementApiRouter>(
       body: z.object({
         enabled: z.boolean().optional(),
         fields: accountCenterFieldControlGuard.optional(),
+        webauthnRelatedOrigins: webauthnRelatedOriginsGuard.optional(),
       }),
       response: AccountCenters.guard,
       status: [200],
     }),
 
     async (ctx, next) => {
-      const { enabled, fields } = ctx.guard.body;
+      const { enabled, fields, webauthnRelatedOrigins } = ctx.guard.body;
+
       // Make sure the account center exists
       await findDefaultAccountCenter();
       const updatedAccountCenter = await updateDefaultAccountCenter({
         enabled,
         fields,
+        webauthnRelatedOrigins: webauthnRelatedOrigins
+          ? deduplicate(webauthnRelatedOrigins)
+          : undefined,
       });
 
       ctx.body = updatedAccountCenter;

packages/integration-tests/src/tests/api/account-center.test.ts

@@ -23,6 +23,7 @@ describe('account center', () => {
       fields: {
         username: AccountCenterControlValue.Edit,
       },
+      webauthnRelatedOrigins: ['https://example.com'],
     };
 
     const updatedAccountCenter = await updateAccountCenter(accountCenter);

packages/schemas/alterations/next-1748832174-add-webauthn-related-origins.ts

@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table account_centers
+        add column webauthn_related_origins jsonb not null default '[]'::jsonb;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table account_centers
+        drop column webauthn_related_origins;
+    `);
+  },
+};
+
+export default alteration;

packages/schemas/src/foundations/jsonb-types/account-centers.ts

@@ -27,3 +27,7 @@ export const accountCenterFieldControlGuard = z
   .partial();
 
 export type AccountCenterFieldControl = z.infer<typeof accountCenterFieldControlGuard>;
+
+export const webauthnRelatedOriginsGuard = z.array(z.string());
+
+export type WebauthnRelatedOrigins = z.infer<typeof webauthnRelatedOriginsGuard>;

packages/schemas/tables/account_centers.sql

@@ -6,5 +6,6 @@ create table account_centers (
   enabled boolean not null default false,
   /** Control each fields */
   fields jsonb /* @use AccountCenterFieldControl */ not null default '{}'::jsonb,
+  webauthn_related_origins jsonb /* @use WebauthnRelatedOrigins */ not null default '[]'::jsonb,
   primary key (tenant_id, id)
 );