diff --git a/src/lib/modules/crypto.ts b/src/lib/modules/crypto.ts index a5ed99b..b188ca8 100644 --- a/src/lib/modules/crypto.ts +++ b/src/lib/modules/crypto.ts @@ -36,7 +36,7 @@ export const generateRSASigKeyPair = async () => { return keyPair; }; -export const makeRSAKeyNonextractable = async (key: CryptoKey, type: RSAKeyType) => { +export const makeRSAEncKeyNonextractable = async (key: CryptoKey, type: RSAKeyType) => { const { format, key: exportedKey } = await exportRSAKey(key, type); return await window.crypto.subtle.importKey( format, @@ -50,6 +50,20 @@ export const makeRSAKeyNonextractable = async (key: CryptoKey, type: RSAKeyType) ); }; +export const makeRSASigKeyNonextractable = async (key: CryptoKey, type: RSAKeyType) => { + const { format, key: exportedKey } = await exportRSAKey(key, type); + return await window.crypto.subtle.importKey( + format, + exportedKey, + { + name: "RSA-PSS", + hash: "SHA-256", + } satisfies RsaHashedImportParams, + false, + [type === "public" ? "verify" : "sign"], + ); +}; + const exportRSAKey = async (key: CryptoKey, type: RSAKeyType) => { const format = type === "public" ? ("spki" as const) : ("pkcs8" as const); return { diff --git a/src/lib/server/db/token.ts b/src/lib/server/db/token.ts index d93527f..61545e4 100644 --- a/src/lib/server/db/token.ts +++ b/src/lib/server/db/token.ts @@ -38,15 +38,20 @@ export const getRefreshToken = async (tokenId: string) => { }; export const rotateRefreshToken = async (oldTokenId: string, newTokenId: string) => { - const res = await db - .update(refreshToken) - .set({ - id: newTokenId, - expiresAt: expiresAt(), - }) - .where(eq(refreshToken.id, oldTokenId)) - .execute(); - return res.changes > 0; + return await db.transaction(async (tx) => { + await tx + .delete(tokenUpgradeChallenge) + .where(eq(tokenUpgradeChallenge.refreshTokenId, oldTokenId)); + const res = await db + .update(refreshToken) + .set({ + id: newTokenId, + expiresAt: expiresAt(), + }) + .where(eq(refreshToken.id, oldTokenId)) + .execute(); + return res.changes > 0; + }); }; export const upgradeRefreshToken = async ( @@ -54,16 +59,21 @@ export const upgradeRefreshToken = async ( newTokenId: string, clientId: number, ) => { - const res = await db - .update(refreshToken) - .set({ - id: newTokenId, - clientId, - expiresAt: expiresAt(), - }) - .where(eq(refreshToken.id, oldTokenId)) - .execute(); - return res.changes > 0; + return await db.transaction(async (tx) => { + await tx + .delete(tokenUpgradeChallenge) + .where(eq(tokenUpgradeChallenge.refreshTokenId, oldTokenId)); + const res = await tx + .update(refreshToken) + .set({ + id: newTokenId, + clientId, + expiresAt: expiresAt(), + }) + .where(eq(refreshToken.id, oldTokenId)) + .execute(); + return res.changes > 0; + }); }; export const revokeRefreshToken = async (tokenId: string) => { diff --git a/src/routes/(fullscreen)/key/generate/service.ts b/src/routes/(fullscreen)/key/generate/service.ts index c5aacf7..438a861 100644 --- a/src/routes/(fullscreen)/key/generate/service.ts +++ b/src/routes/(fullscreen)/key/generate/service.ts @@ -1,7 +1,8 @@ import { generateRSAEncKeyPair, generateRSASigKeyPair, - makeRSAKeyNonextractable, + makeRSAEncKeyNonextractable, + makeRSASigKeyNonextractable, exportRSAKeyToBase64, generateAESKey, makeAESKeyNonextractable, @@ -16,11 +17,11 @@ export const generateKeyPairs = async () => { keyPairsStore.set({ encKeyPair: { publicKey: encKeyPair.publicKey, - privateKey: await makeRSAKeyNonextractable(encKeyPair.privateKey, "private"), + privateKey: await makeRSAEncKeyNonextractable(encKeyPair.privateKey, "private"), }, sigKeyPair: { publicKey: sigKeyPair.publicKey, - privateKey: await makeRSAKeyNonextractable(sigKeyPair.privateKey, "private"), + privateKey: await makeRSASigKeyNonextractable(sigKeyPair.privateKey, "private"), }, });