MEK 등록시 로그를 남기도록 변경

2025-12-15 22:38:47 +00:00 · 2025-01-12 19:22:21 +09:00
parent f8115f4f2e
commit 004e41b0cf
2 changed files with 28 additions and 7 deletions
--- a/src/lib/server/db/mek.ts
+++ b/src/lib/server/db/mek.ts
@@ -2,7 +2,7 @@ import { SqliteError } from "better-sqlite3";
 import { and, or, eq } from "drizzle-orm";
 import db from "./drizzle";
 import { IntegrityError } from "./error";
-import { mek, clientMek } from "./schema";
+import { mek, mekLog, clientMek } from "./schema";

 export const registerInitialMek = async (
  userId: number,
@@ -16,8 +16,6 @@ export const registerInitialMek = async (
        await tx.insert(mek).values({
          userId,
          version: 1,
-          createdBy,
-          createdAt: new Date(),
          state: "active",
        });
        await tx.insert(clientMek).values({
@@ -27,6 +25,13 @@ export const registerInitialMek = async (
          encMek,
          encMekSig,
        });
+        await tx.insert(mekLog).values({
+          userId,
+          mekVersion: 1,
+          timestamp: new Date(),
+          action: "create",
+          actionBy: createdBy,
+        });
      } catch (e) {
        if (e instanceof SqliteError && e.code === "SQLITE_CONSTRAINT_PRIMARYKEY") {
          throw new IntegrityError("MEK already registered");
--- a/src/lib/server/db/schema/mek.ts
+++ b/src/lib/server/db/schema/mek.ts
@@ -9,10 +9,6 @@ export const mek = sqliteTable(
      .notNull()
      .references(() => user.id),
    version: integer("version").notNull(),
-    createdBy: integer("created_by")
-      .notNull()
-      .references(() => client.id),
-    createdAt: integer("created_at", { mode: "timestamp_ms" }).notNull(),
    state: text("state", { enum: ["active", "retired", "dead"] }).notNull(),
    retiredAt: integer("retired_at", { mode: "timestamp_ms" }),
  },
@@ -21,6 +17,26 @@ export const mek = sqliteTable(
  }),
 );

+export const mekLog = sqliteTable(
+  "master_encryption_key_log",
+  {
+    id: integer("id").primaryKey({ autoIncrement: true }),
+    userId: integer("user_id")
+      .notNull()
+      .references(() => user.id),
+    mekVersion: integer("master_encryption_key_version").notNull(),
+    timestamp: integer("timestamp", { mode: "timestamp_ms" }).notNull(),
+    action: text("action", { enum: ["create"] }).notNull(),
+    actionBy: integer("action_by").references(() => client.id),
+  },
+  (t) => ({
+    ref: foreignKey({
+      columns: [t.userId, t.mekVersion],
+      foreignColumns: [mek.userId, mek.version],
+    }),
+  }),
+);
+
 export const clientMek = sqliteTable(
  "client_master_encryption_key",
  {