feat: support webauthn

[Wellaiyo]

1. webauth 由 authentication 改造为 session，并增加 web 登录页面，更安全
2. 支持 webauthn 的登录方式，可通过配置控制（默认关闭），更高效

---

1. use session instead http authentication on webauth
2. support webauthn, you should set enableWebAuthn: true in the configuration

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

👍 No new dependency issues detected in pull request

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

Ignoring: cbor-extract@2.1.1

Pull request alert summary

Issue	Status
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

📊 Modified Dependency Overview:

➕ Added Package	Capability Access	+/- Transitive Count	Publisher
egg-view-nunjucks@2.3.0	None	+3	atian25
@simplewebauthn/typescript-types@7.0.0	None	+0	iamkale
base64url@3.0.1	None	+0	brianloveswords
@simplewebauthn/server@7.2.0	None	+28	iamkale
ua-parser-js@1.0.34	None	+0	faisalman

[fengmk2]

@elrrrrrrr 也来看看。

[codecov]

Codecov Report

Merging #422 (5f75c7a) into master (300f0e4) will decrease coverage by 0.58%.
The diff coverage is 83.95%.

@@            Coverage Diff             @@
##           master     #422      +/-   ##
==========================================
- Coverage   97.66%   97.08%   -0.58%     
==========================================
  Files         153      156       +3     
  Lines       13632    13981     +349     
  Branches     1755     1783      +28     
==========================================
+ Hits        13314    13574     +260     
- Misses        318      407      +89     

Impacted Files	Coverage Δ
app/port/webauth/WebauthController.ts	84.77% <73.50%> (-15.23%)	⬇️
app/repository/UserRepository.ts	91.81% <80.00%> (-4.44%)	⬇️
app/core/service/UserService.ts	95.13% <85.71%> (-2.22%)	⬇️
app/common/CryptoUtil.ts	100.00% <100.00%> (ø)
app/common/UserUtil.ts	100.00% <100.00%> (ø)
app/common/enum/User.ts	100.00% <100.00%> (ø)
app/core/entity/WebauthnCredential.ts	100.00% <100.00%> (ø)
app/repository/model/WebauthnCredential.ts	100.00% <100.00%> (ø)
config/config.default.ts	88.23% <100.00%> (-7.84%)	⬇️
config/plugin.ts	100.00% <100.00%> (ø)

... and 2 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[Wellaiyo]

兼容性上主要考量Chrome、Safari、Firefox、Edge，在限制只能使用内置认证器的基础上，Chrome和Edge无缝支持，Safari会引导开启iCloud钥匙才能用，macOS下Firefox不支持，且在macOS上不支持跨浏览器认证

[fengmk2]

@Wellaiyo 解决一下冲突，我准备合并了。

[fengmk2]

@Wellaiyo SQL review 修复一下 https://github.com/cnpm/cnpmcore/actions/runs/4510422096/jobs/7941411678?pr=422

[fengmk2]

@Wellaiyo nunjucks 插件需要开启一下

2023-03-25 11:24:44,217 WARN 42604 Following plugins will be enabled implicitly that is disabled by application.
  - view required by [nunjucks]

[fengmk2]

本地跑了一下体验还不错， @Wellaiyo 几个问题修复一下就可以合并发布了。

[fengmk2]

[fengmk2]

有一个问题，如果用户换了浏览器就无法登录了

[fengmk2]

Windows 和 Linux 不支持？

[Wellaiyo]

支持，只是不需要特别标明。目前已知的是仅Mac OS下PC端才不支持跨浏览器

[fengmk2]

+1

[fengmk2]

@SocketSecurity ignore cbor-extract@2.1.1

[github-actions]

🎉 This PR is included in version 3.11.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀