암호 키가 등록된 클라이언트에서 로그인을 수행하는 방식을 변경된 API에 맞게 변경

우선 이메일과 비밀번호를 이용해 로그인을 수행한 후, Token Upgrade를 수행하도록 변경했습니다.
2025-12-16 23:18:48 +00:00 · 2024-12-31 04:41:34 +09:00
parent 0ef252913a
commit 08a23b61b2
8 changed files with 142 additions and 123 deletions
--- a/src/routes/(fullscreen)/key/export/service.ts
+++ b/src/routes/(fullscreen)/key/export/service.ts
@@ -1,12 +1,9 @@
 import { callAPI } from "$lib/hooks";
 import { storeRSAKey } from "$lib/indexedDB";
-import {
-  encodeToBase64,
-  decodeFromBase64,
-  encryptRSAPlaintext,
-  decryptRSACiphertext,
-  signRSAMessage,
-} from "$lib/modules/crypto";
+import { encodeToBase64, encryptRSAPlaintext } from "$lib/modules/crypto";
+
+export { requestTokenUpgrade } from "$lib/services/auth";
+export { requestClientRegistration } from "$lib/services/key";

 type ExportedKeyPairs = {
  generator: "ArkVault";
@@ -36,41 +33,6 @@ export const makeKeyPairsSaveable = (
  } satisfies ExportedKeyPairs;
 };

-export const requestClientRegistration = async (
-  encPubKeyBase64: string,
-  encPrivKey: CryptoKey,
-  sigPubKeyBase64: string,
-  sigPrivKey: CryptoKey,
-) => {
-  let res = await callAPI("/api/client/register", {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify({
-      encPubKey: encPubKeyBase64,
-      sigPubKey: sigPubKeyBase64,
-    }),
-  });
-  if (!res.ok) return false;
-
-  const { challenge } = await res.json();
-  const answer = await decryptRSACiphertext(decodeFromBase64(challenge), encPrivKey);
-  const sigAnswer = await signRSAMessage(answer, sigPrivKey);
-
-  res = await callAPI("/api/client/verify", {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify({
-      answer: encodeToBase64(answer),
-      sigAnswer: encodeToBase64(sigAnswer),
-    }),
-  });
-  return res.ok;
-};
-
 export const storeKeyPairsPersistently = async (
  encKeyPair: CryptoKeyPair,
  sigKeyPair: CryptoKeyPair,
@@ -81,41 +43,6 @@ export const storeKeyPairsPersistently = async (
  await storeRSAKey(sigKeyPair.privateKey, "sign");
 };

-export const requestTokenUpgrade = async (
-  encPubKeyBase64: string,
-  encPrivKey: CryptoKey,
-  sigPubKeyBase64: string,
-  sigPrivKey: CryptoKey,
-) => {
-  let res = await fetch("/api/auth/upgradeToken", {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify({
-      encPubKey: encPubKeyBase64,
-      sigPubKey: sigPubKeyBase64,
-    }),
-  });
-  if (!res.ok) return false;
-
-  const { challenge } = await res.json();
-  const answer = await decryptRSACiphertext(decodeFromBase64(challenge), encPrivKey);
-  const sigAnswer = await signRSAMessage(answer, sigPrivKey);
-
-  res = await fetch("/api/auth/upgradeToken/verify", {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify({
-      answer: encodeToBase64(answer),
-      sigAnswer: encodeToBase64(sigAnswer),
-    }),
-  });
-  return res.ok;
-};
-
 export const requestInitialMekRegistration = async (
  mekDraft: ArrayBuffer,
  publicKey: CryptoKey,
--- a/src/routes/(fullscreen)/key/generate/service.ts
+++ b/src/routes/(fullscreen)/key/generate/service.ts
@@ -1,19 +1,14 @@
 import {
-  encodeToBase64,
  generateRSAEncKeyPair,
  generateRSASigKeyPair,
  makeRSAKeyNonextractable,
-  exportRSAKey,
+  exportRSAKeyToBase64,
  generateAESKey,
  makeAESKeyNonextractable,
  exportAESKey,
 } from "$lib/modules/crypto";
 import { keyPairsStore, mekStore } from "$lib/stores";

-const exportRSAKeyToBase64 = async (key: CryptoKey, type: "public" | "private") => {
-  return encodeToBase64((await exportRSAKey(key, type)).key);
-};
-
 export const generateKeyPairs = async () => {
  const encKeyPair = await generateRSAEncKeyPair();
  const sigKeyPair = await generateRSASigKeyPair();