feat(auth)!: migrate WebAuthn to Passkey with cloud sync and enhanced management

- Migrate traditional WebAuthn to Passkey to support cloud synchronization and username-less authentication
- Rename all backend WebAuthn APIs to Passkey for improved standardization
- Enable Passkey by default to align with current industry adoption trends
- Display user device IP and User-Agent (UA) in Passkey management page for better device identification
- Add upgrade flow to migrate legacy WebAuthn credentials to new Passkey format
- Prevent creation of new Passkeys until legacy credentials are upgraded or removed to avoid post-upgrade incompatibility

Author: HappyDIY

.github/ISSUE_TEMPLATE/do-not-submit-any-issue-here.md

@@ -2,9 +2,6 @@
 name: Do not submit any issue here
 about: Please go to the `OpenList` repo if you hava issue to submit.
 title: Do not submit any issue here
-labels: ''
-assignees: ''
-
+labels: ""
+assignees: ""
 ---
-
-

public/static/epub.js/viewer.html

@@ -1,4 +1,4 @@
-<!DOCTYPE html>
+<!doctype html>
 <html>
   <head>
     <meta charset="utf-8" />
@@ -323,7 +323,7 @@
           restore: true,
           reload: true,
           spreads: true,
-        }
+        },
       )
       var rendition = book.renderTo("viewer", {
         width: "100%",
@@ -344,7 +344,7 @@
               : rendition.next()
             e.preventDefault()
           },
-          false
+          false,
         )
 
         var prev = document.getElementById("prev")
@@ -356,7 +356,7 @@
               : rendition.prev()
             e.preventDefault()
           },
-          false
+          false,
         )
 
         var keyListener = function (e) {

public/streamer/mitm.html

@@ -58,7 +58,7 @@
                   sw = swReg.active
                   resolve()
                 }
-              })
+              }),
             )
           })
         )
@@ -89,7 +89,7 @@
 
     // pass along version for possible backwards compatibility in sw.js
     data.streamSaverVersion = new URLSearchParams(location.search).get(
-      "version"
+      "version",
     )
 
     if (data.streamSaverVersion === "1.2.0") {
@@ -99,7 +99,7 @@
     /** @since v2.0.0 */
     if (!data.headers) {
       console.warn(
-        "[StreamSaver] pass `data.headers` that you would like to pass along to the service worker\nit should be a 2D array or a key/val object that fetch's Headers api accepts"
+        "[StreamSaver] pass `data.headers` that you would like to pass along to the service worker\nit should be a 2D array or a key/val object that fetch's Headers api accepts",
       )
     } else {
       // test if it's correct
@@ -110,7 +110,7 @@
     /** @since v2.0.0 */
     if (typeof data.filename === "string") {
       console.warn(
-        "[StreamSaver] You shouldn't send `data.filename` anymore. It should be included in the Content-Disposition header option"
+        "[StreamSaver] You shouldn't send `data.filename` anymore. It should be included in the Content-Disposition header option",
       )
       // Do what File constructor do with fileNames
       data.filename = data.filename.replace(/\//g, ":")
@@ -119,21 +119,21 @@
     /** @since v2.0.0 */
     if (data.size) {
       console.warn(
-        "[StreamSaver] You shouldn't send `data.size` anymore. It should be included in the content-length header option"
+        "[StreamSaver] You shouldn't send `data.size` anymore. It should be included in the content-length header option",
       )
     }
 
     /** @since v2.0.0 */
     if (data.readableStream) {
       console.warn(
-        "[StreamSaver] You should send the readableStream in the messageChannel, not through mitm"
+        "[StreamSaver] You should send the readableStream in the messageChannel, not through mitm",
       )
     }
 
     /** @since v2.0.0 */
     if (!data.pathname) {
       console.warn(
-        "[StreamSaver] Please send `data.pathname` (eg: /pictures/summer.jpg)"
+        "[StreamSaver] Please send `data.pathname` (eg: /pictures/summer.jpg)",
       )
       data.pathname = Math.random().toString().slice(-6) + "/" + data.filename
     }

public/streamer/sw.js

@@ -112,7 +112,7 @@ self.onfetch = (event) => {
   if (headers.has("Content-Disposition")) {
     responseHeaders.set(
       "Content-Disposition",
-      headers.get("Content-Disposition")
+      headers.get("Content-Disposition"),
     )
   }
 
@@ -131,7 +131,7 @@ self.onfetch = (event) => {
       .replace(/\*/g, "%2A")
     responseHeaders.set(
       "Content-Disposition",
-      "attachment; filename*=UTF-8''" + fileName
+      "attachment; filename*=UTF-8''" + fileName,
     )
   }
 

src/lang/en/login.json

@@ -8,6 +8,9 @@
   "forget_url": "https://doc.oplist.org/faq/howto#how-to-get-password-if-i-forget-it",
   "clear": "Clear",
   "login": "Login",
+  "continue_with_passkey": "Continue with passkey",
+  "passkey_input_username": "Enter username for legacy security key",
   "use_guest": "Browse as a guest",
-  "success": "Login successfully"
+  "success": "Login successfully",
+  "passkey_legacy_upgrade_tip": "You are using a legacy security key. After login, please add a new passkey in Profile for passwordless sign-in."
 }

src/lang/en/settings.json

@@ -141,6 +141,5 @@
   "upload_task_threads_num": "Upload task threads num",
   "version": "Version",
   "video_autoplay": "Video autoplay",
-  "video_types": "Video types",
-  "webauthn_login_enabled": "Webauthn login enabled"
+  "video_types": "Video types"
 }

src/lang/en/users.json

@@ -45,10 +45,17 @@
   "sso_login": "Single Sign-On Login",
   "connect_sso": "Connect to Single Sign-On Platform",
   "disconnect_sso": "Disconnect from Single Sign-On Platform",
-  "webauthn": "WebAuthn",
-  "add_webauthn": "Add a WebAuthn credential",
-  "add_webauthn_success": "WebAuthn credential successfully added!",
-  "webauthn_not_supported": "WebAuthn is not supported in your browser or you are in an unsafe origin",
+  "webauthn": "Passkey",
+  "add_webauthn": "Add a passkey",
+  "add_webauthn_success": "Passkey added successfully!",
+  "webauthn_not_supported": "Passkey is not supported in your browser or your origin is not secure",
+  "webauthn_creator_ip": "Creator IP",
+  "webauthn_creator_ua": "Creator User-Agent",
+  "update_to_passkey": "Update to Passkey",
+  "upgrade_to_passkey_success": "Updated to passkey successfully and removed the legacy key.",
+  "upgrade_to_passkey_keep_old": "Passkey updated, but failed to remove the legacy key. The legacy key is kept.",
+  "passkey_add_blocked_by_legacy": "Legacy security key detected. Please upgrade it or delete it before adding a new passkey.",
+  "unknown": "Unknown",
   "ssh_keys": {
     "heading": "SSH keys",
     "add_heading": "Add new SSH key",