토큰에 클라이언트 정보를 함께 저장하도록 변경

2025-12-12 21:08:46 +00:00 · 2024-12-26 17:04:52 +09:00
parent fac8764572
commit 45e214d49f
5 changed files with 57 additions and 23 deletions
--- a/src/lib/server/auth.ts
+++ b/src/lib/server/auth.ts
@@ -1,27 +1,44 @@
 import argon2 from "argon2";
 import jwt from "jsonwebtoken";
+import { getClientByPubKey } from "$lib/server/db/client";
 import { getUserByEmail } from "$lib/server/db/user";
 import env from "$lib/server/loadenv";

+interface TokenData {
+  type: "access" | "refresh";
+  userId: number;
+  clientId?: number;
+}
+
 const verifyPassword = async (hash: string, password: string) => {
  return await argon2.verify(hash, password);
 };

-const issueToken = (id: number, type: "access" | "refresh") => {
-  return jwt.sign({ id, type }, env.jwt.secret, {
-    expiresIn: type === "access" ? env.jwt.accessExp : env.jwt.refreshExp,
-  });
+const issueToken = (type: "access" | "refresh", userId: number, clientId?: number) => {
+  return jwt.sign(
+    {
+      type,
+      userId,
+      clientId,
+    } satisfies TokenData,
+    env.jwt.secret,
+    {
+      expiresIn: type === "access" ? env.jwt.accessExp : env.jwt.refreshExp,
+    },
+  );
 };

-export const login = async (email: string, password: string) => {
+export const login = async (email: string, password: string, pubKey?: string) => {
  const user = await getUserByEmail(email);
  if (!user) return null;

-  const valid = await verifyPassword(user.password, password);
-  if (!valid) return null;
+  const isValid = await verifyPassword(user.password, password);
+  if (!isValid) return null;
+
+  const client = pubKey ? await getClientByPubKey(pubKey) : null;

  return {
-    accessToken: issueToken(user.id, "access"),
-    refreshToken: issueToken(user.id, "refresh"),
+    accessToken: issueToken("access", user.id, client?.id),
+    refreshToken: issueToken("refresh", user.id, client?.id),
  };
 };
--- a/src/lib/server/db/client.ts
+++ b/src/lib/server/db/client.ts
@@ -0,0 +1,17 @@
+import { and, eq } from "drizzle-orm";
+import db from "./drizzle";
+import { client, userClient } from "./schema";
+
+export const getClientByPubKey = async (pubKey: string) => {
+  const clients = await db.select().from(client).where(eq(client.pubKey, pubKey)).execute();
+  return clients[0] ?? null;
+};
+
+export const getUserClient = async (userId: number, clientId: number) => {
+  const userClients = await db
+    .select()
+    .from(userClient)
+    .where(and(eq(userClient.userId, userId), eq(userClient.clientId, clientId)))
+    .execute();
+  return userClients[0] ?? null;
+};
--- a/src/lib/server/db/schema/client.ts
+++ b/src/lib/server/db/schema/client.ts
@@ -1,29 +1,29 @@
 import { sqliteTable, text, integer, primaryKey } from "drizzle-orm/sqlite-core";
 import { user } from "./user";

-export enum UserDeviceState {
+export enum UserClientState {
  PENDING = 0,
  ACTIVE = 1,
 }

-export const device = sqliteTable("device", {
+export const client = sqliteTable("client", {
  id: integer("id").primaryKey(),
-  pubKey: text("pub_key").notNull().unique(),
+  pubKey: text("public_key").notNull().unique(),
 });

-export const userDevice = sqliteTable(
-  "user_device",
+export const userClient = sqliteTable(
+  "user_client",
  {
    userId: integer("user_id")
      .notNull()
      .references(() => user.id),
-    deviceId: integer("device_id")
+    clientId: integer("client_id")
      .notNull()
-      .references(() => device.id),
+      .references(() => client.id),
    state: integer("state").notNull().default(0),
-    encKey: text("enc_key"),
+    encKey: text("encrypted_key"),
  },
  (t) => ({
-    pk: primaryKey({ columns: [t.userId, t.deviceId] }),
+    pk: primaryKey({ columns: [t.userId, t.clientId] }),
  }),
 );
--- a/src/lib/server/db/schema/index.ts
+++ b/src/lib/server/db/schema/index.ts
@@ -1,2 +1,2 @@
-export * from "./device";
+export * from "./client";
 export * from "./user";
--- a/src/routes/api/auth/login/+server.ts
+++ b/src/routes/api/auth/login/+server.ts
@@ -8,15 +8,15 @@ export const POST: RequestHandler = async ({ request }) => {
    .object({
      email: z.string().email().nonempty(),
      password: z.string().nonempty(),
+      pubKey: z.string().nonempty().optional(),
    })
    .safeParse(await request.json());
  if (!zodRes.success) error(400, zodRes.error.message);

-  const { email, password } = zodRes.data;
-  const loginRes = await login(email.trim(), password.trim());
+  const { email, password, pubKey } = zodRes.data;
+  const loginRes = await login(email.trim(), password.trim(), pubKey?.trim());
+  if (!loginRes) error(401, "Invalid email, password, or public key");

-  if (!loginRes) error(401, "Invalid email or password");
  const { accessToken, refreshToken } = loginRes;
-
  return json({ accessToken, refreshToken });
 };