kmc7468/arkvault
1
0
Fork 0
mirror of https://github.com/kmc7468/arkvault.git synced 2025-12-15 22:38:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

/api/mek/register, /api/mek/share Endpoint 삭제 및 MEK 서명 매커니즘 구현

Browse Source 
2025년 첫 커밋! Happy New Year~
This commit is contained in:
static
2025-01-01 05:24:13 +09:00
parent e8e4022bc2
commit 363f809d02
12 changed files with 112 additions and 259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
src/lib/server/services/mek.ts
View File

@@ -1,14 +1,7 @@
import { error } from "@sveltejs/kit";
import { getAllUserClients, setUserClientStateToActive } from "$lib/server/db/client";
import {
registerInitialMek,
registerActiveMek,
getAllValidMeks,
getNextActiveMekVersion,
registerClientMeks,
getAllValidClientMeks,
} from "$lib/server/db/mek";
import { isInitialMekNeeded } from "$lib/server/modules/mek";
import { setUserClientStateToActive } from "$lib/server/db/client";
import { registerInitialMek, getAllValidClientMeks } from "$lib/server/db/mek";
import { isInitialMekNeeded, verifyClientEncMekSig } from "$lib/server/modules/mek";
export const getClientMekList = async (userId: number, clientId: number) => {
const clientMeks = await getAllValidClientMeks(userId, clientId);
@@ -17,6 +10,7 @@ export const getClientMekList = async (userId: number, clientId: number) => {
version: clientMek.master_encryption_key.version,
state: clientMek.master_encryption_key.state,
mek: clientMek.client_master_encryption_key.encMek,
mekSig: clientMek.client_master_encryption_key.encMekSig,
})),
};
};
@@ -25,53 +19,14 @@ export const registerInitialActiveMek = async (
userId: number,
createdBy: number,
encMek: string,
encMekSig: string,
) => {
if (!(await isInitialMekNeeded(userId))) {
error(409, "Initial MEK already registered");
} else if (!(await verifyClientEncMekSig(userId, createdBy, 1, encMek, encMekSig))) {
error(400, "Invalid signature");
}
await registerInitialMek(userId, createdBy, encMek);
await registerInitialMek(userId, createdBy, encMek, encMekSig);
await setUserClientStateToActive(userId, createdBy);
};
export const registerNewActiveMek = async (
userId: number,
createdBy: number,
clientMeks: {
clientId: number;
encMek: string;
}[],
) => {
const userClients = await getAllUserClients(userId);
const activeUserClients = userClients.filter(({ state }) => state === "active");
if (
clientMeks.length !== activeUserClients.length ||
!clientMeks.every((clientMek) =>
activeUserClients.some((userClient) => userClient.clientId === clientMek.clientId),
)
) {
error(400, "Invalid key list");
}
const newMekVersion = await getNextActiveMekVersion(userId);
await registerActiveMek(userId, newMekVersion, createdBy, clientMeks);
};
export const shareMeksForNewClient = async (
userId: number,
targetClientId: number,
clientMeks: {
version: number;
encMek: string;
}[],
) => {
const meks = await getAllValidMeks(userId);
if (
clientMeks.length !== meks.length ||
!clientMeks.every((clientMek) => meks.some((mek) => mek.version === clientMek.version))
) {
error(400, "Invalid key list");
}
await registerClientMeks(userId, targetClientId, clientMeks);
};