fix: add passkey limits

apps/web/src/app/(dashboard)/settings/security/passkeys/create-passkey-dialog.tsx

@@ -11,6 +11,7 @@ import { match } from 'ts-pattern';
 import { UAParser } from 'ua-parser-js';
 import { z } from 'zod';
 
+import { MAXIMUM_PASSKEYS } from '@documenso/lib/constants/auth';
 import { AppError } from '@documenso/lib/errors/app-error';
 import { trpc } from '@documenso/trpc/react';
 import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';
@@ -189,6 +190,11 @@ export const CreatePasskeyDialog = ({ trigger, ...props }: CreatePasskeyDialogPr
                     .with('ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED', () => (
                       <AlertDescription>This passkey has already been registered.</AlertDescription>
                     ))
+                    .with('TOO_MANY_PASSKEYS', () => (
+                      <AlertDescription>
+                        You cannot have more than {MAXIMUM_PASSKEYS} passkeys.
+                      </AlertDescription>
+                    ))
                     .with('InvalidStateError', () => (
                       <>
                         <AlertTitle className="text-sm">

packages/lib/constants/auth.ts

@@ -32,3 +32,8 @@ export const USER_SECURITY_AUDIT_LOG_MAP: { [key in UserSecurityAuditLogType]: s
  * The duration to wait for a passkey to be verified in MS.
  */
 export const PASSKEY_TIMEOUT = 60000;
+
+/**
+ * The maximum number of passkeys are user can have.
+ */
+export const MAXIMUM_PASSKEYS = 50;

packages/lib/server-only/auth/create-passkey.ts

@@ -4,6 +4,7 @@ import type { RegistrationResponseJSON } from '@simplewebauthn/types';
 import { prisma } from '@documenso/prisma';
 import { UserSecurityAuditLogType } from '@documenso/prisma/client';
 
+import { MAXIMUM_PASSKEYS } from '../../constants/auth';
 import { AppError, AppErrorCode } from '../../errors/app-error';
 import type { RequestMetadata } from '../../universal/extract-request-metadata';
 import { getAuthenticatorRegistrationOptions } from '../../utils/authenticator';
@@ -21,12 +22,23 @@ export const createPasskey = async ({
   verificationResponse,
   requestMetadata,
 }: CreatePasskeyOptions) => {
-  await prisma.user.findFirstOrThrow({
+  const { _count } = await prisma.user.findFirstOrThrow({
     where: {
       id: userId,
     },
+    include: {
+      _count: {
+        select: {
+          passkeys: true,
+        },
+      },
+    },
   });
 
+  if (_count.passkeys >= MAXIMUM_PASSKEYS) {
+    throw new AppError('TOO_MANY_PASSKEYS');
+  }
+
   const verificationToken = await prisma.verificationToken.findFirst({
     where: {
       userId,

packages/trpc/server/auth-router/router.ts

@@ -110,10 +110,7 @@ export const authRouter = router({
       } catch (err) {
         console.error(err);
 
-        throw new TRPCError({
+        throw AppError.parseErrorToTRPCError(err);
-          code: 'BAD_REQUEST',
-          message: 'We were unable to create this passkey. Please try again later.',
-        });
       }
     }),