/api/hsk, /api/mek, /api/user 아래의 Endpoint들을 tRPC로 마이그레이션

2026-02-04 08:06:56 +00:00 · 2025-12-25 20:00:15 +09:00
parent aa4a1a74ea
commit 208252f6b2
22 changed files with 192 additions and 288 deletions
--- a/src/trpc/router.server.ts
+++ b/src/trpc/router.server.ts
@@ -1,10 +1,13 @@
 import type { RequestEvent } from "@sveltejs/kit";
 import type { inferRouterInputs, inferRouterOutputs } from "@trpc/server";
 import { createContext, router } from "./init.server";
-import { clientRouter } from "./routers";
+import { clientRouter, hskRouter, mekRouter, userRouter } from "./routers";

 export const appRouter = router({
  client: clientRouter,
+  hsk: hskRouter,
+  mek: mekRouter,
+  user: userRouter,
 });

 export const createCaller = (event: RequestEvent) => appRouter.createCaller(createContext(event));
--- a/src/trpc/routers/hsk.ts
+++ b/src/trpc/routers/hsk.ts
@@ -0,0 +1,41 @@
+import { TRPCError } from "@trpc/server";
+import { z } from "zod";
+import { HskRepo, IntegrityError } from "$lib/server/db";
+import { router, roleProcedure } from "../init.server";
+
+const hskRouter = router({
+  list: roleProcedure["activeClient"].query(async ({ ctx }) => {
+    const hsks = await HskRepo.getAllValidHsks(ctx.session.userId);
+    return hsks.map(({ version, state, mekVersion, encHsk }) => ({
+      version,
+      state,
+      mekVersion,
+      hsk: encHsk,
+    }));
+  }),
+
+  registerInitial: roleProcedure["activeClient"]
+    .input(
+      z.object({
+        mekVersion: z.number().int().positive(),
+        hsk: z.string().base64().nonempty(),
+      }),
+    )
+    .mutation(async ({ ctx, input }) => {
+      try {
+        await HskRepo.registerInitialHsk(
+          ctx.session.userId,
+          ctx.session.clientId,
+          input.mekVersion,
+          input.hsk,
+        );
+      } catch (e) {
+        if (e instanceof IntegrityError && e.message === "HSK already registered") {
+          throw new TRPCError({ code: "CONFLICT", message: "Initial HSK already registered" });
+        }
+        throw e;
+      }
+    }),
+});
+
+export default hskRouter;
--- a/src/trpc/routers/index.ts
+++ b/src/trpc/routers/index.ts
@@ -1 +1,4 @@
 export { default as clientRouter } from "./client";
+export { default as hskRouter } from "./hsk";
+export { default as mekRouter } from "./mek";
+export { default as userRouter } from "./user";
--- a/src/trpc/routers/mek.ts
+++ b/src/trpc/routers/mek.ts
@@ -0,0 +1,63 @@
+import { TRPCError } from "@trpc/server";
+import { z } from "zod";
+import { ClientRepo, MekRepo, IntegrityError } from "$lib/server/db";
+import { verifySignature } from "$lib/server/modules/crypto";
+import { router, roleProcedure } from "../init.server";
+
+const verifyClientEncMekSig = async (
+  userId: number,
+  clientId: number,
+  version: number,
+  encMek: string,
+  encMekSig: string,
+) => {
+  const userClient = await ClientRepo.getUserClientWithDetails(userId, clientId);
+  if (!userClient) {
+    throw new TRPCError({ code: "INTERNAL_SERVER_ERROR", message: "Invalid session id" });
+  }
+
+  const data = JSON.stringify({ version, key: encMek });
+  return verifySignature(Buffer.from(data), encMekSig, userClient.sigPubKey);
+};
+
+const mekRouter = router({
+  list: roleProcedure["activeClient"].query(async ({ ctx }) => {
+    const clientMeks = await MekRepo.getAllValidClientMeks(
+      ctx.session.userId,
+      ctx.session.clientId,
+    );
+    return clientMeks.map(({ version, state, encMek, encMekSig }) => ({
+      version,
+      state,
+      mek: encMek,
+      mekSig: encMekSig,
+    }));
+  }),
+
+  registerInitial: roleProcedure["pendingClient"]
+    .input(
+      z.object({
+        mek: z.string().base64().nonempty(),
+        mekSig: z.string().base64().nonempty(),
+      }),
+    )
+    .mutation(async ({ ctx, input }) => {
+      const { userId, clientId } = ctx.session;
+      const { mek, mekSig } = input;
+      if (!(await verifyClientEncMekSig(userId, clientId, 1, mek, mekSig))) {
+        throw new TRPCError({ code: "BAD_REQUEST", message: "Invalid signature" });
+      }
+
+      try {
+        await MekRepo.registerInitialMek(userId, clientId, mek, mekSig);
+        await ClientRepo.setUserClientStateToActive(userId, clientId);
+      } catch (e) {
+        if (e instanceof IntegrityError && e.message === "MEK already registered") {
+          throw new TRPCError({ code: "CONFLICT", message: "Initial MEK already registered" });
+        }
+        throw e;
+      }
+    }),
+});
+
+export default mekRouter;
--- a/src/trpc/routers/user.ts
+++ b/src/trpc/routers/user.ts
@@ -0,0 +1,27 @@
+import { TRPCError } from "@trpc/server";
+import { z } from "zod";
+import { UserRepo } from "$lib/server/db";
+import { router, roleProcedure } from "../init.server";
+
+const userRouter = router({
+  info: roleProcedure.any.query(async ({ ctx }) => {
+    const user = await UserRepo.getUser(ctx.session.userId);
+    if (!user) {
+      throw new TRPCError({ code: "INTERNAL_SERVER_ERROR", message: "Invalid session id" });
+    }
+
+    return { email: user.email, nickname: user.nickname };
+  }),
+
+  changeNickname: roleProcedure.any
+    .input(
+      z.object({
+        newNickname: z.string().trim().min(2).max(8),
+      }),
+    )
+    .mutation(async ({ ctx, input }) => {
+      await UserRepo.setUserNickname(ctx.session.userId, input.newNickname);
+    }),
+});
+
+export default userRouter;