Implement Webauthn 🎉 (#5088)

* Implement Webauthn :tada:

* Share hexifyAB

* Move hr inside template and add AttestationChallenges janitor daemon

* Apply suggestions from code review

Co-Authored-By: Acid Chicken (硫酸鶏) <root@acid-chicken.com>

* Add newline at the end of file

* Fix stray newline in promise chain

* Ignore var in try{}catch(){} block

Co-Authored-By: Acid Chicken (硫酸鶏) <root@acid-chicken.com>

* Add missing comma

* Add missing semicolon

* Support more attestation formats

* add support for more key types and linter pass

* Refactor

* Refactor

* credentialId --> id

* Fix

* Improve readability

* Add indexes

* fixes for credentialId->id

* Avoid changing store state

* Fix syntax error and code style

* Remove unused import

* Refactor of getkey API

* Create 1561706992953-webauthn.ts

* Update ja-JP.yml

* Add type annotations

* Fix code style

* Specify depedency version

* Fix code style

* Fix janitor daemon and login requesting 2FA regardless of status

3 files changed, 99 insertions, 0 deletions

diff --git a/src/models/entities/attestation-challenge.ts b/src/models/entities/attestation-challenge.ts
new file mode 100644
index 0000000000..942747c02f
--- /dev/null
+++ b/src/models/entities/attestation-challenge.ts
@@ -0,0 +1,46 @@
+import { PrimaryColumn, Entity, JoinColumn, Column, ManyToOne, Index } from 'typeorm';
+import { User } from './user';
+import { id } from '../id';
+
+@Entity()
+export class AttestationChallenge {
+	@PrimaryColumn(id())
+	public id: string;
+
+	@Index()
+	@PrimaryColumn(id())
+	public userId: User['id'];
+
+	@ManyToOne(type => User, {
+		onDelete: 'CASCADE'
+	})
+	@JoinColumn()
+	public user: User | null;
+
+	@Index()
+	@Column('varchar', {
+		length: 64,
+		comment: 'Hex-encoded sha256 hash of the challenge.'
+	})
+	public challenge: string;
+
+	@Column('timestamp with time zone', {
+		comment: 'The date challenge was created for expiry purposes.'
+	})
+	public createdAt: Date;
+
+	@Column('boolean', {
+		comment:
+			'Indicates that the challenge is only for registration purposes if true to prevent the challenge for being used as authentication.',
+		default: false
+	})
+	public registrationChallenge: boolean;
+
+	constructor(data: Partial<AttestationChallenge>) {
+		if (data == null) return;
+
+		for (const [k, v] of Object.entries(data)) {
+			(this as any)[k] = v;
+		}
+	}
+}
diff --git a/src/models/entities/user-profile.ts b/src/models/entities/user-profile.ts
index 7d990b961f..6f960f1b7b 100644
--- a/src/models/entities/user-profile.ts
+++ b/src/models/entities/user-profile.ts
@@ -76,6 +76,11 @@ export class UserProfile {
 	})
 	public twoFactorEnabled: boolean;
 
+	@Column('boolean', {
+		default: false,
+	})
+	public securityKeysAvailable: boolean;
+
 	@Column('varchar', {
 		length: 128, nullable: true,
 		comment: 'The password hash of the User. It will be null if the origin of the user is local.'
diff --git a/src/models/entities/user-security-key.ts b/src/models/entities/user-security-key.ts
new file mode 100644
index 0000000000..d54c728e53
--- /dev/null
+++ b/src/models/entities/user-security-key.ts
@@ -0,0 +1,48 @@
+import { PrimaryColumn, Entity, JoinColumn, Column, ManyToOne, Index } from 'typeorm';
+import { User } from './user';
+import { id } from '../id';
+
+@Entity()
+export class UserSecurityKey {
+	@PrimaryColumn('varchar', {
+		comment: 'Variable-length id given to navigator.credentials.get()'
+	})
+	public id: string;
+
+	@Index()
+	@Column(id())
+	public userId: User['id'];
+
+	@ManyToOne(type => User, {
+		onDelete: 'CASCADE'
+	})
+	@JoinColumn()
+	public user: User | null;
+
+	@Index()
+	@Column('varchar', {
+		comment:
+			'Variable-length public key used to verify attestations (hex-encoded).'
+	})
+	public publicKey: string;
+
+	@Column('timestamp with time zone', {
+		comment:
+			'The date of the last time the UserSecurityKey was successfully validated.'
+	})
+	public lastUsed: Date;
+
+	@Column('varchar', {
+		comment: 'User-defined name for this key',
+		length: 30
+	})
+	public name: string;
+
+	constructor(data: Partial<UserSecurityKey>) {
+		if (data == null) return;
+
+		for (const [k, v] of Object.entries(data)) {
+			(this as any)[k] = v;
+		}
+	}
+}