Request Body의 필드마다 서명하지 않고, 데이터 전체에 대해 서명하도록 개선

2025-12-15 22:38:47 +00:00 · 2024-12-31 09:32:37 +09:00
parent 5c535d1191
commit 0d00e2476a
10 changed files with 73 additions and 55 deletions
--- a/src/lib/server/services/auth.ts
+++ b/src/lib/server/services/auth.ts
@@ -149,7 +149,7 @@ export const upgradeToken = async (
  const client = await getClient(challenge.clientId);
  if (!client) {
    error(500, "Invalid challenge answer");
-  } else if (!verifySignature(answer, sigAnswer, client.sigPubKey)) {
+  } else if (!verifySignature(Buffer.from(answer, "base64"), sigAnswer, client.sigPubKey)) {
    error(401, "Invalid challenge answer signature");
  }