added passkey support (closes #6)

handlers/account.go

@@ -672,6 +672,10 @@ func UserInfo(w http.ResponseWriter, r *http.Request) {
 		twoFactorStatus = "setup_pending"
 	}
 	recoveryCodesWarning := user.TwoFactorEnabled && recoveryCodesRemaining <= recoveryCodeWarningThreshold
+	passkeyCount := 0
+	if count, err := storage.CountPasskeyCredentials(user.ID); err == nil {
+		passkeyCount = count
+	}
 
 	w.Header().Set("Content-Type", "application/json")
 	err = json.NewEncoder(w).Encode(map[string]interface{}{
@@ -683,6 +687,8 @@ func UserInfo(w http.ResponseWriter, r *http.Request) {
 		"recovery_codes_remaining":  recoveryCodesRemaining,
 		"recovery_codes_warning":    recoveryCodesWarning,
 		"recovery_codes_warning_at": recoveryCodeWarningThreshold,
+		"passkeys_enabled":          passkeyCount > 0,
+		"passkey_count":             passkeyCount,
 	})
 	if err != nil {
 		log.Println("GET [api/userinfo] " + r.RemoteAddr + ": " + err.Error())
@@ -732,6 +738,11 @@ func issueLoginSessionWithExtra(w http.ResponseWriter, r *http.Request, user mod
 		return
 	}
 
+	passkeyCount := 0
+	if count, err := storage.CountPasskeyCredentials(user.ID); err == nil {
+		passkeyCount = count
+	}
+
 	setAuthCookies(w, accessToken, refreshTokenPlain)
 	response := map[string]interface{}{
 		"access_token":  accessToken,
@@ -741,6 +752,8 @@ func issueLoginSessionWithExtra(w http.ResponseWriter, r *http.Request, user mod
 			"username":           user.Username,
 			"role":               user.Role,
 			"two_factor_enabled": user.TwoFactorEnabled,
+			"passkeys_enabled":   passkeyCount > 0,
+			"passkey_count":      passkeyCount,
 		},
 	}
 	for key, value := range extra {