kmc7468/arkvault
1
0
Fork 0
mirror of https://github.com/kmc7468/arkvault.git synced 2025-12-14 22:08:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

카테고리 관련 DB 스키마/코드를 Kysely 기반으로 마이그레이션

Browse Source
This commit is contained in:
static
2025-01-21 10:57:32 +09:00
parent 698d2455ff
commit 2a2d01b50e
8 changed files with 281 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

189
src/lib/server/db/category.ts
View File

@@ -1,111 +1,144 @@
import { and, eq, isNull } from "drizzle-orm";
import db from "./drizzle";
import { IntegrityError } from "./error"; import { IntegrityError } from "./error";
import { category, categoryLog, mek } from "./schema"; import db from "./kysely";
import type { Ciphertext } from "./schema";
type CategoryId = "root" | number; type CategoryId = "root" | number;
export interface NewCategoryParams { interface Category {
parentId: "root" | number; id: number;
parentId: CategoryId;
userId: number; userId: number;
mekVersion: number; mekVersion: number;
encDek: string; encDek: string;
dekVersion: Date; dekVersion: Date;
encName: string; encName: Ciphertext;
encNameIv: string;
} }
export const registerCategory = async (params: NewCategoryParams) => { export type NewCategory = Omit<Category, "id">;
await db.transaction(
async (tx) => {
const meks = await tx
.select({ version: mek.version })
.from(mek)
.where(and(eq(mek.userId, params.userId), eq(mek.state, "active")))
.limit(1);
if (meks[0]?.version !== params.mekVersion) {
throw new IntegrityError("Inactive MEK version");
}
const newCategories = await tx export const registerCategory = async (params: NewCategory) => {
.insert(category) await db.transaction().execute(async (trx) => {
.values({ const mek = await trx
parentId: params.parentId === "root" ? null : params.parentId, .selectFrom("master_encryption_key")
userId: params.userId, .select("version")
mekVersion: params.mekVersion, .where("user_id", "=", params.userId)
encDek: params.encDek, .where("state", "=", "active")
dekVersion: params.dekVersion, .limit(1)
encName: { ciphertext: params.encName, iv: params.encNameIv }, .forUpdate()
}) .executeTakeFirst();
.returning({ id: category.id }); if (mek?.version !== params.mekVersion) {
const { id: categoryId } = newCategories[0]!; throw new IntegrityError("Inactive MEK version");
await tx.insert(categoryLog).values({ }
categoryId,
const { categoryId } = await trx
.insertInto("category")
.values({
parent_id: params.parentId !== "root" ? params.parentId : null,
user_id: params.userId,
master_encryption_key_version: params.mekVersion,
encrypted_data_encryption_key: params.encDek,
data_encryption_key_version: params.dekVersion,
encrypted_name: params.encName,
})
.returning("id as categoryId")
.executeTakeFirstOrThrow();
await trx
.insertInto("category_log")
.values({
category_id: categoryId,
timestamp: new Date(), timestamp: new Date(),
action: "create", action: "create",
newName: { ciphertext: params.encName, iv: params.encNameIv }, new_name: params.encName,
}); })
}, .execute();
{ behavior: "exclusive" }, });
);
}; };
export const getAllCategoriesByParent = async (userId: number, parentId: CategoryId) => { export const getAllCategoriesByParent = async (userId: number, parentId: CategoryId) => {
return await db let query = db.selectFrom("category").selectAll().where("user_id", "=", userId);
.select() query =
.from(category) parentId === "root"
.where( ? query.where("parent_id", "is", null)
and( : query.where("parent_id", "=", parentId);
eq(category.userId, userId), const categories = await query.execute();
parentId === "root" ? isNull(category.parentId) : eq(category.parentId, parentId), return categories.map(
), (category) =>
); ({
id: category.id,
parentId: category.parent_id ?? "root",
userId: category.user_id,
mekVersion: category.master_encryption_key_version,
encDek: category.encrypted_data_encryption_key,
dekVersion: category.data_encryption_key_version,
encName: category.encrypted_name,
}) satisfies Category,
);
}; };
export const getCategory = async (userId: number, categoryId: number) => { export const getCategory = async (userId: number, categoryId: number) => {
const res = await db const category = await db
.select() .selectFrom("category")
.from(category) .selectAll()
.where(and(eq(category.userId, userId), eq(category.id, categoryId))) .where("id", "=", categoryId)
.limit(1); .where("user_id", "=", userId)
return res[0] ?? null; .limit(1)
.executeTakeFirst();
return category
? ({
id: category.id,
parentId: category.parent_id ?? "root",
userId: category.user_id,
mekVersion: category.master_encryption_key_version,
encDek: category.encrypted_data_encryption_key,
dekVersion: category.data_encryption_key_version,
encName: category.encrypted_name,
} satisfies Category)
: null;
}; };
export const setCategoryEncName = async ( export const setCategoryEncName = async (
userId: number, userId: number,
categoryId: number, categoryId: number,
dekVersion: Date, dekVersion: Date,
encName: string, encName: Ciphertext,
encNameIv: string,
) => { ) => {
await db.transaction( await db.transaction().execute(async (trx) => {
async (tx) => { const category = await trx
const categories = await tx .selectFrom("category")
.select({ version: category.dekVersion }) .select("data_encryption_key_version")
.from(category) .where("id", "=", categoryId)
.where(and(eq(category.userId, userId), eq(category.id, categoryId))) .where("user_id", "=", userId)
.limit(1); .limit(1)
if (!categories[0]) { .forUpdate()
throw new IntegrityError("Category not found"); .executeTakeFirst();
} else if (categories[0].version.getTime() !== dekVersion.getTime()) { if (!category) {
throw new IntegrityError("Invalid DEK version"); throw new IntegrityError("Category not found");
} } else if (category.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
throw new IntegrityError("Invalid DEK version");
}
await tx await trx
.update(category) .updateTable("category")
.set({ encName: { ciphertext: encName, iv: encNameIv } }) .set({ encrypted_name: encName })
.where(and(eq(category.userId, userId), eq(category.id, categoryId))); .where("id", "=", categoryId)
await tx.insert(categoryLog).values({ .where("user_id", "=", userId)
categoryId, .execute();
await trx
.insertInto("category_log")
.values({
category_id: categoryId,
timestamp: new Date(), timestamp: new Date(),
action: "rename", action: "rename",
newName: { ciphertext: encName, iv: encNameIv }, new_name: encName,
}); })
}, .execute();
{ behavior: "exclusive" }, });
);
}; };
export const unregisterCategory = async (userId: number, categoryId: number) => { export const unregisterCategory = async (userId: number, categoryId: number) => {
await db.delete(category).where(and(eq(category.userId, userId), eq(category.id, categoryId))); await db
.deleteFrom("category")
.where("id", "=", categoryId)
.where("user_id", "=", userId)
.execute();
}; };

104
src/lib/server/db/file.ts
View File

@@ -1,3 +1,4 @@
import pg from "pg";
import { IntegrityError } from "./error"; import { IntegrityError } from "./error";
import db from "./kysely"; import db from "./kysely";
import type { Ciphertext } from "./schema"; import type { Ciphertext } from "./schema";
@@ -290,11 +291,33 @@ export const getAllFilesByParent = async (userId: number, parentId: DirectoryId)
}; };
export const getAllFilesByCategory = async (userId: number, categoryId: number) => { export const getAllFilesByCategory = async (userId: number, categoryId: number) => {
return await db const files = await db
.select() .selectFrom("file")
.from(file) .innerJoin("file_category", "file.id", "file_category.file_id")
.innerJoin(fileCategory, eq(file.id, fileCategory.fileId)) .selectAll("file")
.where(and(eq(file.userId, userId), eq(fileCategory.categoryId, categoryId))); .where("user_id", "=", userId)
.where("category_id", "=", categoryId)
.execute();
return files.map(
(file) =>
({
id: file.id,
parentId: file.parent_id ?? "root",
userId: file.user_id,
path: file.path,
mekVersion: file.master_encryption_key_version,
encDek: file.encrypted_data_encryption_key,
dekVersion: file.data_encryption_key_version,
hskVersion: file.hmac_secret_key_version,
contentHmac: file.content_hmac,
contentType: file.content_type,
encContentIv: file.encrypted_content_iv,
encContentHash: file.encrypted_content_hash,
encName: file.encrypted_name,
encCreatedAt: file.encrypted_created_at,
encLastModifiedAt: file.encrypted_last_modified_at,
}) satisfies File,
);
}; };
export const getAllFileIdsByContentHmac = async ( export const getAllFileIdsByContentHmac = async (
@@ -394,44 +417,49 @@ export const unregisterFile = async (userId: number, fileId: number) => {
}; };
export const addFileToCategory = async (fileId: number, categoryId: number) => { export const addFileToCategory = async (fileId: number, categoryId: number) => {
await db.transaction( await db.transaction().execute(async (trx) => {
async (tx) => { try {
try { await trx
await tx.insert(fileCategory).values({ fileId, categoryId }); .insertInto("file_category")
await tx.insert(fileLog).values({ .values({ file_id: fileId, category_id: categoryId })
fileId, .execute();
await trx
.insertInto("file_log")
.values({
file_id: fileId,
timestamp: new Date(), timestamp: new Date(),
action: "addToCategory", action: "add-to-category",
categoryId, category_id: categoryId,
}); })
} catch (e) { .execute();
if (e instanceof SqliteError && e.code === "SQLITE_CONSTRAINT_PRIMARYKEY") { } catch (e) {
throw new IntegrityError("File already added to category"); if (e instanceof pg.DatabaseError && e.code === "23505") {
} throw new IntegrityError("File already added to category");
throw e;
} }
}, throw e;
{ behavior: "exclusive" }, }
); });
}; };
export const removeFileFromCategory = async (fileId: number, categoryId: number) => { export const removeFileFromCategory = async (fileId: number, categoryId: number) => {
await db.transaction( await db.transaction().execute(async (trx) => {
async (tx) => { const res = await trx
const res = await tx .deleteFrom("file_category")
.delete(fileCategory) .where("file_id", "=", fileId)
.where(and(eq(fileCategory.fileId, fileId), eq(fileCategory.categoryId, categoryId))); .where("category_id", "=", categoryId)
if (res.changes === 0) { .executeTakeFirst();
throw new IntegrityError("File not found in category"); if (res.numDeletedRows === 0n) {
} throw new IntegrityError("File not found in category");
}
await tx.insert(fileLog).values({ await trx
fileId, .insertInto("file_log")
.values({
file_id: fileId,
timestamp: new Date(), timestamp: new Date(),
action: "removeFromCategory", action: "remove-from-category",
categoryId, category_id: categoryId,
}); })
}, .execute();
{ behavior: "exclusive" }, });
);
}; };

65
src/lib/server/db/migrations/1737422340-AddFileCategory.ts Normal file
View File

@@ -0,0 +1,65 @@
import { Kysely } from "kysely";
// eslint-disable-next-line @typescript-eslint/no-explicit-any
export const up = async (db: Kysely<any>) => {
// category.ts
await db.schema
.createTable("category")
.addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
.addColumn("parent_id", "integer", (col) => col.references("category.id").onDelete("cascade"))
.addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
.addColumn("master_encryption_key_version", "integer", (col) => col.notNull())
.addColumn("encrypted_data_encryption_key", "text", (col) => col.unique().notNull())
.addColumn("data_encryption_key_version", "timestamp(3)", (col) => col.notNull())
.addColumn("encrypted_name", "json", (col) => col.notNull())
.addForeignKeyConstraint(
"category_fk01",
["user_id", "master_encryption_key_version"],
"master_encryption_key",
["user_id", "version"],
)
.execute();
await db.schema
.createTable("category_log")
.addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
.addColumn("category_id", "integer", (col) =>
col.references("category.id").onDelete("cascade").notNull(),
)
.addColumn("timestamp", "timestamp(3)", (col) => col.notNull())
.addColumn("action", "text", (col) => col.notNull())
.addColumn("new_name", "json")
.execute();
// file.ts
await db.schema
.alterTable("file_log")
.addColumn("category_id", "integer", (col) =>
col.references("category.id").onDelete("set null"),
)
.execute();
await db.schema
.createTable("file_category")
.addColumn("file_id", "integer", (col) =>
col.references("file.id").onDelete("cascade").notNull(),
)
.addColumn("category_id", "integer", (col) =>
col.references("category.id").onDelete("cascade").notNull(),
)
.addPrimaryKeyConstraint("file_category_pk", ["file_id", "category_id"])
.execute();
};
// eslint-disable-next-line @typescript-eslint/no-explicit-any
export const down = async (db: Kysely<any>) => {
await db
.deleteFrom("file_log")
.where((eb) =>
eb.or([eb("action", "=", "add-to-category"), eb("action", "=", "remove-from-category")]),
)
.execute();
await db.schema.dropTable("file_category").execute();
await db.schema.alterTable("file_log").dropColumn("category_id").execute();
await db.schema.dropTable("category_log").execute();
await db.schema.dropTable("category").execute();
};

2
src/lib/server/db/migrations/index.ts
View File

@@ -1,5 +1,7 @@
import * as Initial1737357000 from "./1737357000-Initial"; import * as Initial1737357000 from "./1737357000-Initial";
import * as AddFileCategory1737422340 from "./1737422340-AddFileCategory";
export default { export default {
"1737357000-Initial": Initial1737357000, "1737357000-Initial": Initial1737357000,
"1737422340-AddFileCategory": AddFileCategory1737422340,
}; };

73
src/lib/server/db/schema/category.ts
View File

@@ -1,52 +1,27 @@
import { import type { Generated } from "kysely";
sqliteTable, import type { Ciphertext } from "./util";
text,
integer,
foreignKey,
type AnySQLiteColumn,
} from "drizzle-orm/sqlite-core";
import { mek } from "./mek";
import { user } from "./user";
const ciphertext = (name: string) => interface CategoryTable {
text(name, { mode: "json" }).$type<{ id: Generated<number>;
ciphertext: string; // Base64 parent_id: number | null;
iv: string; // Base64 user_id: number;
}>(); master_encryption_key_version: number;
encrypted_data_encryption_key: string; // Base64
data_encryption_key_version: Date;
encrypted_name: Ciphertext;
}
export const category = sqliteTable( interface CategoryLogTable {
"category", id: Generated<number>;
{ category_id: number;
id: integer("id").primaryKey({ autoIncrement: true }), timestamp: Date;
parentId: integer("parent_id").references((): AnySQLiteColumn => category.id, { action: "create" | "rename";
onDelete: "cascade", new_name: Ciphertext | null;
}), }
userId: integer("user_id")
.notNull()
.references(() => user.id),
mekVersion: integer("master_encryption_key_version").notNull(),
encDek: text("encrypted_data_encryption_key").notNull().unique(), // Base64
dekVersion: integer("data_encryption_key_version", { mode: "timestamp_ms" }).notNull(),
encName: ciphertext("encrypted_name").notNull(),
},
(t) => ({
ref1: foreignKey({
columns: [t.parentId],
foreignColumns: [t.id],
}),
ref2: foreignKey({
columns: [t.userId, t.mekVersion],
foreignColumns: [mek.userId, mek.version],
}),
}),
);
export const categoryLog = sqliteTable("category_log", { declare module "./index" {
id: integer("id").primaryKey({ autoIncrement: true }), interface Database {
categoryId: integer("category_id") category: CategoryTable;
.notNull() category_log: CategoryLogTable;
.references(() => category.id, { onDelete: "cascade" }), }
timestamp: integer("timestamp", { mode: "timestamp_ms" }).notNull(), }
action: text("action", { enum: ["create", "rename"] }).notNull(),
newName: ciphertext("new_name"),
});

30
src/lib/server/db/schema/file.ts
View File

@@ -1,9 +1,5 @@
import type { ColumnType, Generated } from "kysely"; import type { ColumnType, Generated } from "kysely";
import type { Ciphertext } from "./util";
export type Ciphertext = {
ciphertext: string; // Base64
iv: string; // Base64
};
interface DirectoryTable { interface DirectoryTable {
id: Generated<number>; id: Generated<number>;
@@ -45,26 +41,15 @@ interface FileLogTable {
id: Generated<number>; id: Generated<number>;
file_id: number; file_id: number;
timestamp: ColumnType<Date, Date, never>; timestamp: ColumnType<Date, Date, never>;
action: "create" | "rename"; action: "create" | "rename" | "add-to-category" | "remove-from-category";
new_name: Ciphertext | null; new_name: Ciphertext | null;
category_id: number | null;
} }
export const fileCategory = sqliteTable( interface FileCategoryTable {
"file_category", file_id: number;
{ category_id: number;
fileId: integer("file_id") }
.notNull()
.references(() => file.id, { onDelete: "cascade" }),
categoryId: integer("category_id")
.notNull()
.references(() => category.id, { onDelete: "cascade" }),
},
(t) => ({
pk: primaryKey({
columns: [t.fileId, t.categoryId],
}),
}),
);
declare module "./index" { declare module "./index" {
interface Database { interface Database {
@@ -72,5 +57,6 @@ declare module "./index" {
directory_log: DirectoryLogTable; directory_log: DirectoryLogTable;
file: FileTable; file: FileTable;
file_log: FileLogTable; file_log: FileLogTable;
file_category: FileCategoryTable;
} }
} }

1
src/lib/server/db/schema/index.ts
View File

@@ -5,6 +5,7 @@ export * from "./hsk";
export * from "./mek"; export * from "./mek";
export * from "./session"; export * from "./session";
export * from "./user"; export * from "./user";
export * from "./util";
// eslint-disable-next-line @typescript-eslint/no-empty-object-type // eslint-disable-next-line @typescript-eslint/no-empty-object-type
export interface Database {} export interface Database {}

4
src/lib/server/db/schema/util.ts Normal file
View File

@@ -0,0 +1,4 @@
export type Ciphertext = {
ciphertext: string; // Base64
iv: string; // Base64
};