add webauthn (passkey) support

internal/app/users/user_manager.go

@@ -25,6 +25,8 @@ type UserDatabaseRepo interface {
 	GetUser(ctx context.Context, id domain.UserIdentifier) (*domain.User, error)
 	// GetUserByEmail returns the user with the given email address.
 	GetUserByEmail(ctx context.Context, email string) (*domain.User, error)
+	// GetUserByWebAuthnCredential returns the user for the given WebAuthn credential ID.
+	GetUserByWebAuthnCredential(ctx context.Context, credentialIdBase64 string) (*domain.User, error)
 	// GetAllUsers returns all users.
 	GetAllUsers(ctx context.Context) ([]domain.User, error)
 	// FindUsers returns all users matching the search string.
@@ -129,6 +131,25 @@ func (m Manager) GetUserByEmail(ctx context.Context, email string) (*domain.User
 	return user, nil
 }
 
+// GetUserByWebAuthnCredential returns the user for the given WebAuthn credential.
+func (m Manager) GetUserByWebAuthnCredential(ctx context.Context, credentialIdBase64 string) (*domain.User, error) {
+
+	user, err := m.users.GetUserByWebAuthnCredential(ctx, credentialIdBase64)
+	if err != nil {
+		return nil, fmt.Errorf("unable to load user for webauthn credential %s: %w", credentialIdBase64, err)
+	}
+
+	if err := domain.ValidateUserAccessRights(ctx, user.Identifier); err != nil {
+		return nil, err
+	}
+
+	peers, _ := m.peers.GetUserPeers(ctx, user.Identifier) // ignore error, list will be empty in error case
+
+	user.LinkedPeerCount = len(peers)
+
+	return user, nil
+}
+
 // GetAllUsers returns all users.
 func (m Manager) GetAllUsers(ctx context.Context) ([]domain.User, error) {
 	if err := domain.ValidateAdminAccessRights(ctx); err != nil {