Add passkey (WebAuthn) authentication support

Enable passwordless login via passkeys as an alternative to password auth. Users register passkeys from Settings; the login page offers both options. WebAuthn is optional — only active when WEBAUTHN_RP_ID and WEBAUTHN_ORIGIN env vars are set. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
author: Peter Stone <thepeterstone@gmail.com> 2026-02-05 15:35:01 -1000
committer: Peter Stone <thepeterstone@gmail.com> 2026-02-05 15:35:01 -1000
commit: 0a1001eb0bd2d1f7c0624ae1ef8ae7ccdb3447d4 (patch)
tree: caf04d4f505bb12751579e2f0f1730ead7a9e2e2 /migrations
parent: 1eab4d59454fa5999675d51b99e77ac6580aba95 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/migrations/014_webauthn_credentials.sql b/migrations/014_webauthn_credentials.sql
new file mode 100644
index 0000000..d1abefc
--- /dev/null
+++ b/migrations/014_webauthn_credentials.sql
@@ -0,0 +1,12 @@
+CREATE TABLE IF NOT EXISTS webauthn_credentials (
+    id TEXT PRIMARY KEY,
+    user_id INTEGER NOT NULL REFERENCES users(id),
+    public_key BLOB NOT NULL,
+    attestation_type TEXT NOT NULL,
+    aaguid BLOB,
+    sign_count INTEGER DEFAULT 0,
+    name TEXT DEFAULT '',
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (user_id) REFERENCES users(id)
+);
+CREATE INDEX IF NOT EXISTS idx_webauthn_user ON webauthn_credentials(user_id);
author	Peter Stone <thepeterstone@gmail.com>	2026-02-05 15:35:01 -1000
committer	Peter Stone <thepeterstone@gmail.com>	2026-02-05 15:35:01 -1000
commit	0a1001eb0bd2d1f7c0624ae1ef8ae7ccdb3447d4 (patch)
tree	caf04d4f505bb12751579e2f0f1730ead7a9e2e2 /migrations
parent	1eab4d59454fa5999675d51b99e77ac6580aba95 (diff)