docs: update documentation about webauthn passkey

0xJacky · Sep 17, 2024 · 4504831 · 4504831
1 parent 2f51b56
commit 4504831
Show file tree

Hide file tree

Showing 11 changed files with 734 additions and 299 deletions.
diff --git a/docs/.vitepress/config/en.ts b/docs/.vitepress/config/en.ts
@@ -41,7 +41,8 @@ export const enConfig: LocaleSpecificConfig<DefaultTheme.Config> = {
             {text: 'Logrotate', link: '/guide/config-logrotate'},
             {text: 'Cluster', link: '/guide/config-cluster'},
             {text: 'Auth', link: '/guide/config-auth'},
-            {text: 'Crypto', link: '/guide/config-crypto'}
+            {text: 'Crypto', link: '/guide/config-crypto'},
+            {text: 'Webauthn', link: '/guide/config-webauthn'}
           ]
         },
         {

diff --git a/docs/.vitepress/config/zh_CN.ts b/docs/.vitepress/config/zh_CN.ts
@@ -46,7 +46,8 @@ export const zhCNConfig: LocaleSpecificConfig<DefaultTheme.Config> = {
             {text: 'Logrotate', link: '/zh_CN/guide/config-logrotate'},
             {text: '集群', link: '/zh_CN/guide/config-cluster'},
             {text: '认证', link: '/zh_CN/guide/config-auth'},
-            {text: '加密', link: '/zh_CN/guide/config-crypto'}
+            {text: '加密', link: '/zh_CN/guide/config-crypto'},
+            {text: 'Webauthn', link: '/zh_CN/guide/config-webauthn'},
           ]
         },
         {

diff --git a/docs/.vitepress/config/zh_TW.ts b/docs/.vitepress/config/zh_TW.ts
@@ -45,7 +45,8 @@ export const zhTWConfig: LocaleSpecificConfig<DefaultTheme.Config> = {
             {text: 'Logrotate', link: '/zh_TW/guide/config-logrotate'},
             {text: '集群', link: '/zh_TW/guide/config-cluster'},
             {text: '認證', link: '/zh_TW/guide/config-auth'},
-            {text: '加密', link: '/zh_TW/guide/config-crypto'}
+            {text: '加密', link: '/zh_TW/guide/config-crypto'},
+            {text: 'Webauthn', link: '/zh_TW/guide/config-webauthn'},
           ]
         },
         {

diff --git a/docs/guide/config-webauthn.md b/docs/guide/config-webauthn.md
@@ -0,0 +1,41 @@
+# Webauthn
+Webauthn is a web standard for secure authentication. It allows users to log in to websites using biometrics, mobile devices, and FIDO security keys. 
+Webauthn is a passwordless authentication method that provides a secure and easy-to-use alternative to passwords.
+
+Since `v2.0.0-beta.34`, Nginx UI has supported Webauthn passkey as a login and 2FA method.
+
+## Passkey
+Passkeys are webauthn credentials that validate your identity using touch, facial recognition, a device password, or a PIN. They can be used as a password replacement or as a 2FA method.
+
+## Configurations
+To ensure security, Webauthn configuration cannot be added through the UI.
+
+Please manually configure the following in the app.ini configuration file and restart Nginx UI.
+
+### RPDisplayName
+- Type: `string`
+
+This option is used to set the display name of the relying party (RP) when registering a new credential.
+
+### RPID
+- Type: `string`
+
+This option is used to set the ID of the relying party (RP) when registering a new credential.
+
+### RPOrigins
+- Type: `[]string`
+
+This option is used to set the origins of the relying party (RP) when registering a new credential.
+
+
+Afterward, refresh this page and click add passkey again.
+
+Due to the security policies of some browsers, you cannot use passkeys on non-HTTPS websites, except when running on `localhost`.
+
+## Detail
+1. **Automatic 2FA with Passkey:**
+   When you log in using a passkey, all subsequent actions requiring 2FA will automatically use the passkey. This means you won’t need to manually click “Authenticate with a passkey” in the 2FA dialog box.
+2. **Passkey Deletion:**
+   If you log in using a passkey and then navigate to Settings > Authentication and delete the current passkey, the passkey will no longer be used for subsequent 2FA challenges during the current session. If Time-based One-Time Password (TOTP) is configured, it will be used instead; if not, 2FA will not be triggered.
+3. **Adding a New Passkey:**
+   If you log in without using a passkey and then add a new passkey via Settings > Authentication, the newly added passkey will be prioritized for all subsequent 2FA actions during the current session.
diff --git a/docs/guide/env.md b/docs/guide/env.md
@@ -1,4 +1,5 @@
 # Environment Variables
+
 Applicable for version v2.0.0-beta.23 and above.
 
 ## Server
@@ -25,50 +26,58 @@ Applicable for version v2.0.0-beta.23 and above.
 
 ## Nginx
 
-| Configuration Setting         | Environment Variable                  |
-| ----------------------------- | ------------------------------------- |
-| AccessLogPath                 | NGINX_UI_NGINX_ACCESS_LOG_PATH        |
-| ErrorLogPath                  | NGINX_UI_NGINX_ERROR_LOG_PATH         |
-| ConfigDir                     | NGINX_UI_NGINX_CONFIG_DIR             |
-| PIDPath                       | NGINX_UI_NGINX_PID_PATH               |
-| TestConfigCmd                 | NGINX_UI_NGINX_TEST_CONFIG_CMD        |
-| ReloadCmd                     | NGINX_UI_NGINX_RELOAD_CMD             |
-| RestartCmd                    | NGINX_UI_NGINX_RESTART_CMD            |
+| Configuration Setting | Environment Variable           |
+|-----------------------|--------------------------------|
+| AccessLogPath         | NGINX_UI_NGINX_ACCESS_LOG_PATH |
+| ErrorLogPath          | NGINX_UI_NGINX_ERROR_LOG_PATH  |
+| ConfigDir             | NGINX_UI_NGINX_CONFIG_DIR      |
+| PIDPath               | NGINX_UI_NGINX_PID_PATH        |
+| TestConfigCmd         | NGINX_UI_NGINX_TEST_CONFIG_CMD |
+| ReloadCmd             | NGINX_UI_NGINX_RELOAD_CMD      |
+| RestartCmd            | NGINX_UI_NGINX_RESTART_CMD     |
 
 ## OpenAI
 
-| Configuration Setting         | Environment Variable                  |
-| ----------------------------- | ------------------------------------- |
-| Model                         | NGINX_UI_OPENAI_MODEL                 |
-| BaseUrl                       | NGINX_UI_OPENAI_BASE_URL              |
-| Proxy                         | NGINX_UI_OPENAI_PROXY                 |
-| Token                         | NGINX_UI_OPENAI_TOKEN                 |
+| Configuration Setting | Environment Variable     |
+|-----------------------|--------------------------|
+| Model                 | NGINX_UI_OPENAI_MODEL    |
+| BaseUrl               | NGINX_UI_OPENAI_BASE_URL |
+| Proxy                 | NGINX_UI_OPENAI_PROXY    |
+| Token                 | NGINX_UI_OPENAI_TOKEN    |
 
 ## Casdoor
 
-| Configuration Setting         | Environment Variable                  |
-| ----------------------------- | ------------------------------------- |
-| Endpoint                      | NGINX_UI_CASDOOR_ENDPOINT             |
-| ClientId                      | NGINX_UI_CASDOOR_CLIENT_ID            |
-| ClientSecret                  | NGINX_UI_CASDOOR_CLIENT_SECRET        |
-| Certificate                   | NGINX_UI_CASDOOR_CERTIFICATE          |
-| Organization                  | NGINX_UI_CASDOOR_ORGANIZATION         |
-| Application                   | NGINX_UI_CASDOOR_APPLICATION          |
-| RedirectUri                   | NGINX_UI_CASDOOR_REDIRECT_URI         |
+| Configuration Setting | Environment Variable           |
+|-----------------------|--------------------------------|
+| Endpoint              | NGINX_UI_CASDOOR_ENDPOINT      |
+| ClientId              | NGINX_UI_CASDOOR_CLIENT_ID     |
+| ClientSecret          | NGINX_UI_CASDOOR_CLIENT_SECRET |
+| Certificate           | NGINX_UI_CASDOOR_CERTIFICATE   |
+| Organization          | NGINX_UI_CASDOOR_ORGANIZATION  |
+| Application           | NGINX_UI_CASDOOR_APPLICATION   |
+| RedirectUri           | NGINX_UI_CASDOOR_REDIRECT_URI  |
 
 ## Logrotate
 
-| Configuration Setting         | Environment Variable                  |
-| ----------------------------- | ------------------------------------- |
-| Enabled                       | NGINX_UI_LOGROTATE_ENABLED            |
-| CMD                           | NGINX_UI_LOGROTATE_CMD                |
-| Interval                      | NGINX_UI_LOGROTATE_INTERVAL           |
+| Configuration Setting | Environment Variable        |
+|-----------------------|-----------------------------|
+| Enabled               | NGINX_UI_LOGROTATE_ENABLED  |
+| CMD                   | NGINX_UI_LOGROTATE_CMD      |
+| Interval              | NGINX_UI_LOGROTATE_INTERVAL |
 
 ## Auth
 
-| Configuration Setting | Environment Variable        |
-|-----------------------|-----------------------------|
-| IPWhiteList           | NGINX_UI_AUTH_IPWhiteList   |
+| Configuration Setting | Environment Variable      |
+|-----------------------|---------------------------|
+| IPWhiteList           | NGINX_UI_AUTH_IPWhiteList |
+
+## Webauthn
+
+| Configuration Setting | Environment Variable              |
+|-----------------------|-----------------------------------|
+| RPDisplayName         | NGINX_UI_WEBAUTHN_RP_DISPLAY_NAME |
+| RPID                  | NGINX_UI_WEBAUTHN_RPID            |
+| RPOrigins             | NGINX_UI_WEBAUTHN_RP_ORIGINS      |
 
 ## Predefined User
 

diff --git a/docs/package.json b/docs/package.json
@@ -7,11 +7,11 @@
     "docs:preview": "vitepress preview"
   },
   "dependencies": {
-    "vitepress": "^1.3.1",
-    "vue": "^3.4.33"
+    "vitepress": "^1.3.4",
+    "vue": "^3.5.6"
   },
   "devDependencies": {
-    "@types/node": "^20.14.11",
+    "@types/node": "^20.16.5",
     "less": "^4.2.0"
   },
   "license": "AGPL-3.0",