kmc7468/arkvault
1
0
Fork 0
mirror of https://github.com/kmc7468/arkvault.git synced 2025-12-15 22:38:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

/api/mek/register, /api/mek/register/initial Endpoint에서 MEK에 대한 서명을 요구하도록 변경

Browse Source
This commit is contained in:
static
2024-12-31 07:48:40 +09:00
parent f30cc697bb
commit 3ee6365ff2
6 changed files with 51 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/lib/server/services/mek.ts
View File

@@ -1,14 +1,20 @@
import { error } from "@sveltejs/kit";
import { getAllUserClients, setUserClientStateToActive } from "$lib/server/db/client";
import { getAllUserClients, getClient, setUserClientStateToActive } from "$lib/server/db/client";
import {
getAllValidClientMeks,
registerInitialMek,
registerActiveMek,
getNextActiveMekVersion,
type ClientMek,
} from "$lib/server/db/mek";
import { verifySignature } from "$lib/server/modules/crypto";
import { isInitialMekNeeded } from "$lib/server/modules/mek";
interface NewClientMek {
clientId: number;
encMek: string;
sigEncMek: string;
}
export const getClientMekList = async (userId: number, clientId: number) => {
const clientMeks = await getAllValidClientMeks(userId, clientId);
return {
@@ -24,9 +30,17 @@ export const registerInitialActiveMek = async (
userId: number,
createdBy: number,
encMek: string,
sigEncMek: string,
) => {
if (!(await isInitialMekNeeded(userId))) {
error(403, "Forbidden");
error(409, "Initial MEK already registered");
}
const client = await getClient(createdBy);
if (!client) {
error(500, "Invalid access token");
} else if (!verifySignature(encMek, sigEncMek, client.sigPubKey)) {
error(400, "Invalid signature");
}
await registerInitialMek(userId, createdBy, encMek);
@@ -36,7 +50,7 @@ export const registerInitialActiveMek = async (
export const registerNewActiveMek = async (
userId: number,
createdBy: number,
clientMeks: ClientMek[],
clientMeks: NewClientMek[],
) => {
const userClients = await getAllUserClients(userId);
const activeUserClients = userClients.filter(({ state }) => state === "active");
@@ -49,6 +63,17 @@ export const registerNewActiveMek = async (
error(400, "Invalid key list");
}
const client = await getClient(createdBy);
if (!client) {
error(500, "Invalid access token");
} else if (
!clientMeks.every(({ encMek, sigEncMek }) =>
verifySignature(encMek, sigEncMek, client.sigPubKey),
)
) {
error(400, "Invalid signature");
}
const newMekVersion = await getNextActiveMekVersion(userId);
await registerActiveMek(userId, newMekVersion, createdBy, clientMeks);
};