/api/hsk, /api/mek, /api/user 아래의 Endpoint들을 tRPC로 마이그레이션

src/lib/server/modules/mek.ts

@@ -1,19 +0,0 @@
-import { error } from "@sveltejs/kit";
-import { getUserClientWithDetails } from "$lib/server/db/client";
-import { verifySignature } from "$lib/server/modules/crypto";
-
-export const verifyClientEncMekSig = async (
-  userId: number,
-  clientId: number,
-  version: number,
-  encMek: string,
-  encMekSig: string,
-) => {
-  const userClient = await getUserClientWithDetails(userId, clientId);
-  if (!userClient) {
-    error(500, "Invalid session id");
-  }
-
-  const data = JSON.stringify({ version, key: encMek });
-  return verifySignature(Buffer.from(data), encMekSig, userClient.sigPubKey);
-};

src/lib/server/schemas/hsk.ts

@@ -1,19 +0,0 @@
-import { z } from "zod";
-
-export const hmacSecretListResponse = z.object({
-  hsks: z.array(
-    z.object({
-      version: z.number().int().positive(),
-      state: z.enum(["active"]),
-      mekVersion: z.number().int().positive(),
-      hsk: z.string().base64().nonempty(),
-    }),
-  ),
-});
-export type HmacSecretListResponse = z.output<typeof hmacSecretListResponse>;
-
-export const initialHmacSecretRegisterRequest = z.object({
-  mekVersion: z.number().int().positive(),
-  hsk: z.string().base64().nonempty(),
-});
-export type InitialHmacSecretRegisterRequest = z.input<typeof initialHmacSecretRegisterRequest>;

src/lib/server/schemas/index.ts

@@ -2,6 +2,3 @@ export * from "./auth";
 export * from "./category";
 export * from "./directory";
 export * from "./file";
-export * from "./hsk";
-export * from "./mek";
-export * from "./user";

src/lib/server/schemas/mek.ts

@@ -1,19 +0,0 @@
-import { z } from "zod";
-
-export const masterKeyListResponse = z.object({
-  meks: z.array(
-    z.object({
-      version: z.number().int().positive(),
-      state: z.enum(["active", "retired"]),
-      mek: z.string().base64().nonempty(),
-      mekSig: z.string().base64().nonempty(),
-    }),
-  ),
-});
-export type MasterKeyListResponse = z.output<typeof masterKeyListResponse>;
-
-export const initialMasterKeyRegisterRequest = z.object({
-  mek: z.string().base64().nonempty(),
-  mekSig: z.string().base64().nonempty(),
-});
-export type InitialMasterKeyRegisterRequest = z.input<typeof initialMasterKeyRegisterRequest>;

src/lib/server/schemas/user.ts

@@ -1,12 +0,0 @@
-import { z } from "zod";
-
-export const userInfoResponse = z.object({
-  email: z.string().email(),
-  nickname: z.string().nonempty(),
-});
-export type UserInfoResponse = z.output<typeof userInfoResponse>;
-
-export const nicknameChangeRequest = z.object({
-  newNickname: z.string().trim().min(2).max(8),
-});
-export type NicknameChangeRequest = z.input<typeof nicknameChangeRequest>;

src/lib/server/services/hsk.ts

@@ -1,31 +0,0 @@
-import { error } from "@sveltejs/kit";
-import { IntegrityError } from "$lib/server/db/error";
-import { registerInitialHsk, getAllValidHsks } from "$lib/server/db/hsk";
-
-export const getHskList = async (userId: number) => {
-  const hsks = await getAllValidHsks(userId);
-  return {
-    encHsks: hsks.map(({ version, state, mekVersion, encHsk }) => ({
-      version,
-      state,
-      mekVersion,
-      encHsk,
-    })),
-  };
-};
-
-export const registerInitialActiveHsk = async (
-  userId: number,
-  createdBy: number,
-  mekVersion: number,
-  encHsk: string,
-) => {
-  try {
-    await registerInitialHsk(userId, createdBy, mekVersion, encHsk);
-  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "HSK already registered") {
-      error(409, "Initial HSK already registered");
-    }
-    throw e;
-  }
-};

src/lib/server/services/mek.ts

@@ -1,38 +0,0 @@
-import { error } from "@sveltejs/kit";
-import { setUserClientStateToActive } from "$lib/server/db/client";
-import { IntegrityError } from "$lib/server/db/error";
-import { registerInitialMek, getAllValidClientMeks } from "$lib/server/db/mek";
-import { verifyClientEncMekSig } from "$lib/server/modules/mek";
-
-export const getClientMekList = async (userId: number, clientId: number) => {
-  const clientMeks = await getAllValidClientMeks(userId, clientId);
-  return {
-    encMeks: clientMeks.map(({ version, state, encMek, encMekSig }) => ({
-      version,
-      state,
-      encMek,
-      encMekSig,
-    })),
-  };
-};
-
-export const registerInitialActiveMek = async (
-  userId: number,
-  createdBy: number,
-  encMek: string,
-  encMekSig: string,
-) => {
-  if (!(await verifyClientEncMekSig(userId, createdBy, 1, encMek, encMekSig))) {
-    error(400, "Invalid signature");
-  }
-
-  try {
-    await registerInitialMek(userId, createdBy, encMek, encMekSig);
-    await setUserClientStateToActive(userId, createdBy);
-  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "MEK already registered") {
-      error(409, "Initial MEK already registered");
-    }
-    throw e;
-  }
-};

src/lib/server/services/user.ts

@@ -1,15 +0,0 @@
-import { error } from "@sveltejs/kit";
-import { getUser, setUserNickname } from "$lib/server/db/user";
-
-export const getUserInformation = async (userId: number) => {
-  const user = await getUser(userId);
-  if (!user) {
-    error(500, "Invalid session id");
-  }
-
-  return { email: user.email, nickname: user.nickname };
-};
-
-export const changeNickname = async (userId: number, nickname: string) => {
-  await setUserNickname(userId, nickname);
-};

src/lib/services/key.ts

@@ -1,4 +1,4 @@
-import { callGetApi, callPostApi } from "$lib/hooks";
+import { TRPCClientError } from "@trpc/client";
 import { storeMasterKeys } from "$lib/indexedDB";
 import {
   encodeToBase64,
@@ -9,11 +9,6 @@ import {
   signMasterKeyWrapped,
   verifyMasterKeyWrapped,
 } from "$lib/modules/crypto";
-import type {
-  InitialHmacSecretRegisterRequest,
-  MasterKeyListResponse,
-  InitialMasterKeyRegisterRequest,
-} from "$lib/server/schemas";
 import { requestSessionUpgrade } from "$lib/services/auth";
 import { masterKeyStore, type ClientKeys } from "$lib/stores";
 import { useTRPC } from "$trpc/client";
@@ -74,10 +69,16 @@ export const requestClientRegistrationAndSessionUpgrade = async (
 };
 
 export const requestMasterKeyDownload = async (decryptKey: CryptoKey, verifyKey: CryptoKey) => {
-  const res = await callGetApi("/api/mek/list");
-  if (!res.ok) return false;
+  const trpc = useTRPC();
+
+  let masterKeysWrapped;
+  try {
+    masterKeysWrapped = await trpc.mek.list.query();
+  } catch {
+    // TODO: Error Handling
+    return false;
+  }
 
-  const { meks: masterKeysWrapped }: MasterKeyListResponse = await res.json();
   const masterKeys = await Promise.all(
     masterKeysWrapped.map(
       async ({ version, state, mek: masterKeyWrapped, mekSig: masterKeyWrappedSig }) => {
@@ -109,17 +110,32 @@ export const requestInitialMasterKeyAndHmacSecretRegistration = async (
   hmacSecretWrapped: string,
   signKey: CryptoKey,
 ) => {
-  let res = await callPostApi<InitialMasterKeyRegisterRequest>("/api/mek/register/initial", {
-    mek: masterKeyWrapped,
-    mekSig: await signMasterKeyWrapped(masterKeyWrapped, 1, signKey),
-  });
-  if (!res.ok) {
-    return res.status === 403 || res.status === 409;
+  const trpc = useTRPC();
+
+  try {
+    await trpc.mek.registerInitial.mutate({
+      mek: masterKeyWrapped,
+      mekSig: await signMasterKeyWrapped(masterKeyWrapped, 1, signKey),
+    });
+  } catch (e) {
+    if (
+      e instanceof TRPCClientError &&
+      (e.data?.code === "FORBIDDEN" || e.data?.code === "CONFLICT")
+    ) {
+      return true;
+    }
+    // TODO: Error Handling
+    return false;
   }
 
-  res = await callPostApi<InitialHmacSecretRegisterRequest>("/api/hsk/register/initial", {
-    mekVersion: 1,
-    hsk: hmacSecretWrapped,
-  });
-  return res.ok;
+  try {
+    await trpc.hsk.registerInitial.mutate({
+      mekVersion: 1,
+      hsk: hmacSecretWrapped,
+    });
+    return true;
+  } catch {
+    // TODO: Error Handling
+    return false;
+  }
 };