백엔드에서 JWT가 아닌 세션 ID 기반으로 인증하도록 변경

src/routes/api/auth/upgradeSession/verify/+server.ts

@@ -0,0 +1,16 @@
+import { error, text } from "@sveltejs/kit";
+import { authorize } from "$lib/server/modules/auth";
+import { sessionUpgradeVerifyRequest } from "$lib/server/schemas";
+import { verifySessionUpgradeChallenge } from "$lib/server/services/auth";
+import type { RequestHandler } from "./$types";
+
+export const POST: RequestHandler = async ({ locals, request }) => {
+  const { sessionId } = await authorize(locals, "notClient");
+
+  const zodRes = sessionUpgradeVerifyRequest.safeParse(await request.json());
+  if (!zodRes.success) error(400, "Invalid request body");
+  const { answer, answerSig } = zodRes.data;
+
+  await verifySessionUpgradeChallenge(sessionId, locals.ip, answer, answerSig);
+  return text("Session upgraded", { headers: { "Content-Type": "text/plain" } });
+};