kmc7468/arkvault
1
0
Fork 0
mirror of https://github.com/kmc7468/arkvault.git synced 2026-02-04 08:06:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Request Body의 필드마다 서명하지 않고, 데이터 전체에 대해 서명하도록 개선

Browse Source
This commit is contained in:
static
2024-12-31 09:32:37 +09:00
parent 5c535d1191
commit 0d00e2476a
10 changed files with 73 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/routes/api/client/register/verify/+server.ts Normal file
View File

@@ -0,0 +1,24 @@
import { error, text } from "@sveltejs/kit";
import { z } from "zod";
import { authenticate } from "$lib/server/modules/auth";
import { verifyUserClient } from "$lib/server/services/client";
import type { RequestHandler } from "./$types";
export const POST: RequestHandler = async ({ request, cookies, getClientAddress }) => {
const { userId, clientId } = authenticate(cookies);
if (clientId) {
error(403, "Forbidden");
}
const zodRes = z
.object({
answer: z.string().base64().nonempty(),
sigAnswer: z.string().base64().nonempty(),
})
.safeParse(await request.json());
if (!zodRes.success) error(400, "Invalid request body");
const { answer, sigAnswer } = zodRes.data;
await verifyUserClient(userId, getClientAddress(), answer, sigAnswer);
return text("Client verified", { headers: { "Content-Type": "text/plain" } });
};