Add passkey (WebAuthn) authentication support

Enable passwordless login via passkeys as an alternative to password auth. Users register passkeys from Settings; the login page offers both options. WebAuthn is optional — only active when WEBAUTHN_RP_ID and WEBAUTHN_ORIGIN env vars are set. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
author: Peter Stone <thepeterstone@gmail.com> 2026-02-05 15:35:01 -1000
committer: Peter Stone <thepeterstone@gmail.com> 2026-02-05 15:35:01 -1000
commit: 0a1001eb0bd2d1f7c0624ae1ef8ae7ccdb3447d4 (patch)
tree: caf04d4f505bb12751579e2f0f1730ead7a9e2e2 /internal/config
parent: 1eab4d59454fa5999675d51b99e77ac6580aba95 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/internal/config/config.go b/internal/config/config.go
index 2d77025..86d0d5b 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -35,6 +35,10 @@ type Config struct {
 
 	// Display
 	Timezone string // IANA timezone name (e.g., "Pacific/Honolulu")
+
+	// WebAuthn
+	WebAuthnRPID   string // Relying Party ID (domain, e.g., "doot.terst.org")
+	WebAuthnOrigin string // Expected origin (e.g., "https://doot.terst.org")
 }
 
 // Load reads configuration from environment variables
@@ -67,6 +71,10 @@ func Load() (*Config, error) {
 
 		// Display
 		Timezone: getEnvWithDefault("TIMEZONE", "Pacific/Honolulu"),
+
+		// WebAuthn
+		WebAuthnRPID:   os.Getenv("WEBAUTHN_RP_ID"),
+		WebAuthnOrigin: os.Getenv("WEBAUTHN_ORIGIN"),
 	}
 
 	// Validate required fields
author	Peter Stone <thepeterstone@gmail.com>	2026-02-05 15:35:01 -1000
committer	Peter Stone <thepeterstone@gmail.com>	2026-02-05 15:35:01 -1000
commit	0a1001eb0bd2d1f7c0624ae1ef8ae7ccdb3447d4 (patch)
tree	caf04d4f505bb12751579e2f0f1730ead7a9e2e2 /internal/config
parent	1eab4d59454fa5999675d51b99e77ac6580aba95 (diff)