chore: setup core configurations and bootstrap

2026-05-21 16:05:08 +07:00
commit 37b7e783f5
47 changed files with 25106 additions and 0 deletions
@@ -0,0 +1,53 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Relying Party
+    |--------------------------------------------------------------------------
+    |
+    | We will use your application information to inform the device who is the
+    | relying party. While only the name is enough, you can further set the
+    | a custom domain as ID and even an icon image data encoded as BASE64.
+    |
+    */
+
+    'relying_party' => [
+        'name' => env('WEBAUTHN_NAME', config('app.name')),
+        'id' => env('WEBAUTHN_ID'),
+    ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | Origins
+    |--------------------------------------------------------------------------
+    |
+    | By default, only your application domain is used as a valid origin for
+    | all ceremonies. If you are using your app as a backend for an app or
+    | UI you may set additional origins to check against the ceremonies.
+    |
+    | For multiple origins, separate them using comma, like `foo,bar`.
+    */
+
+    'origins' => env('WEBAUTHN_ORIGINS'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Challenge configuration
+    |--------------------------------------------------------------------------
+    |
+    | When making challenges your application needs to push at least 16 bytes
+    | of randomness. Since we need to later check them, we'll also store the
+    | bytes for a small amount of time inside this current request session.
+    |
+    | @see https://www.w3.org/TR/webauthn-2/#sctn-cryptographic-challenges
+    |
+    */
+
+    'challenge' => [
+        'bytes' => 16,
+        'timeout' => 60,
+        'key' => '_webauthn',
+    ],
+];