백엔드에서 JWT가 아닌 세션 ID 기반으로 인증하도록 변경

src/routes/api/auth/upgradeSession/+server.ts

@@ -0,0 +1,26 @@
+import { error, json } from "@sveltejs/kit";
+import { authorize } from "$lib/server/modules/auth";
+import {
+  sessionUpgradeRequest,
+  sessionUpgradeResponse,
+  type SessionUpgradeResponse,
+} from "$lib/server/schemas";
+import { createSessionUpgradeChallenge } from "$lib/server/services/auth";
+import type { RequestHandler } from "./$types";
+
+export const POST: RequestHandler = async ({ locals, request }) => {
+  const { sessionId, userId } = await authorize(locals, "notClient");
+
+  const zodRes = sessionUpgradeRequest.safeParse(await request.json());
+  if (!zodRes.success) error(400, "Invalid request body");
+  const { encPubKey, sigPubKey } = zodRes.data;
+
+  const { challenge } = await createSessionUpgradeChallenge(
+    sessionId,
+    userId,
+    locals.ip,
+    encPubKey,
+    sigPubKey,
+  );
+  return json(sessionUpgradeResponse.parse({ challenge } satisfies SessionUpgradeResponse));
+};