mirror of
https://github.com/kmc7468/arkvault.git
synced 2025-12-16 06:58:46 +00:00
DEK 버전을 프론트엔드에서 명시적으로 관리하도록 변경
This commit is contained in:
static
@@ -9,6 +9,7 @@ export interface NewDirectoryParams {
|
||||
parentId: DirectoryId;
|
||||
mekVersion: number;
|
||||
encDek: string;
|
||||
dekVersion: Date;
|
||||
encName: string;
|
||||
encNameIv: string;
|
||||
}
|
||||
@@ -19,6 +20,7 @@ export interface NewFileParams {
|
||||
userId: number;
|
||||
mekVersion: number;
|
||||
encDek: string;
|
||||
dekVersion: Date;
|
||||
encContentIv: string;
|
||||
encName: string;
|
||||
encNameIv: string;
|
||||
@@ -41,7 +43,7 @@ export const registerNewDirectory = async (params: NewDirectoryParams) => {
|
||||
userId: params.userId,
|
||||
mekVersion: params.mekVersion,
|
||||
encDek: params.encDek,
|
||||
encryptedAt: now,
|
||||
dekVersion: params.dekVersion,
|
||||
encName: { ciphertext: params.encName, iv: params.encNameIv },
|
||||
});
|
||||
});
|
||||
@@ -72,14 +74,22 @@ export const getDirectory = async (userId: number, directoryId: number) => {
|
||||
export const setDirectoryEncName = async (
|
||||
userId: number,
|
||||
directoryId: number,
|
||||
dekVersion: Date,
|
||||
encName: string,
|
||||
encNameIv: string,
|
||||
) => {
|
||||
await db
|
||||
const res = await db
|
||||
.update(directory)
|
||||
.set({ encName: { ciphertext: encName, iv: encNameIv } })
|
||||
.where(and(eq(directory.userId, userId), eq(directory.id, directoryId)))
|
||||
.where(
|
||||
and(
|
||||
eq(directory.userId, userId),
|
||||
eq(directory.id, directoryId),
|
||||
eq(directory.dekVersion, dekVersion),
|
||||
),
|
||||
)
|
||||
.execute();
|
||||
return res.changes > 0;
|
||||
};
|
||||
|
||||
export const unregisterDirectory = async (userId: number, directoryId: number) => {
|
||||
@@ -128,7 +138,7 @@ export const registerNewFile = async (params: NewFileParams) => {
|
||||
userId: params.userId,
|
||||
mekVersion: params.mekVersion,
|
||||
encDek: params.encDek,
|
||||
encryptedAt: now,
|
||||
dekVersion: params.dekVersion,
|
||||
encContentIv: params.encContentIv,
|
||||
encName: { ciphertext: params.encName, iv: params.encNameIv },
|
||||
});
|
||||
@@ -160,14 +170,16 @@ export const getFile = async (userId: number, fileId: number) => {
|
||||
export const setFileEncName = async (
|
||||
userId: number,
|
||||
fileId: number,
|
||||
dekVersion: Date,
|
||||
encName: string,
|
||||
encNameIv: string,
|
||||
) => {
|
||||
await db
|
||||
const res = await db
|
||||
.update(file)
|
||||
.set({ encName: { ciphertext: encName, iv: encNameIv } })
|
||||
.where(and(eq(file.userId, userId), eq(file.id, fileId)))
|
||||
.where(and(eq(file.userId, userId), eq(file.id, fileId), eq(file.dekVersion, dekVersion)))
|
||||
.execute();
|
||||
return res.changes > 0;
|
||||
};
|
||||
|
||||
export const unregisterFile = async (userId: number, fileId: number) => {
|
||||
|
||||
@@ -19,7 +19,7 @@ export const directory = sqliteTable(
|
||||
.references(() => user.id),
|
||||
mekVersion: integer("master_encryption_key_version").notNull(),
|
||||
encDek: text("encrypted_data_encryption_key").notNull().unique(), // Base64
|
||||
encryptedAt: integer("encrypted_at", { mode: "timestamp_ms" }).notNull(),
|
||||
dekVersion: integer("data_encryption_key_version", { mode: "timestamp_ms" }).notNull(),
|
||||
encName: ciphertext("encrypted_name").notNull(),
|
||||
},
|
||||
(t) => ({
|
||||
@@ -46,7 +46,7 @@ export const file = sqliteTable(
|
||||
.references(() => user.id),
|
||||
mekVersion: integer("master_encryption_key_version").notNull(),
|
||||
encDek: text("encrypted_data_encryption_key").notNull().unique(), // Base64
|
||||
encryptedAt: integer("encrypted_at", { mode: "timestamp_ms" }).notNull(),
|
||||
dekVersion: integer("data_encryption_key_version", { mode: "timestamp_ms" }).notNull(),
|
||||
encContentIv: text("encrypted_content_iv").notNull(), // Base64
|
||||
encName: ciphertext("encrypted_name").notNull(),
|
||||
},
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { z } from "zod";
|
||||
|
||||
export const directoryRenameRequest = z.object({
|
||||
dekVersion: z.coerce.date(),
|
||||
name: z.string().base64().nonempty(),
|
||||
nameIv: z.string().base64().nonempty(),
|
||||
});
|
||||
@@ -12,6 +13,7 @@ export const directoryInfoResponse = z.object({
|
||||
createdAt: z.date(),
|
||||
mekVersion: z.number().int().positive(),
|
||||
dek: z.string().base64().nonempty(),
|
||||
dekVersion: z.date(),
|
||||
name: z.string().base64().nonempty(),
|
||||
nameIv: z.string().base64().nonempty(),
|
||||
})
|
||||
@@ -25,6 +27,7 @@ export const directoryCreateRequest = z.object({
|
||||
parentId: z.union([z.enum(["root"]), z.number().int().positive()]),
|
||||
mekVersion: z.number().int().positive(),
|
||||
dek: z.string().base64().nonempty(),
|
||||
dekVersion: z.coerce.date(),
|
||||
name: z.string().base64().nonempty(),
|
||||
nameIv: z.string().base64().nonempty(),
|
||||
});
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { z } from "zod";
|
||||
|
||||
export const fileRenameRequest = z.object({
|
||||
dekVersion: z.coerce.date(),
|
||||
name: z.string().base64().nonempty(),
|
||||
nameIv: z.string().base64().nonempty(),
|
||||
});
|
||||
@@ -10,6 +11,7 @@ export const fileInfoResponse = z.object({
|
||||
createdAt: z.date(),
|
||||
mekVersion: z.number().int().positive(),
|
||||
dek: z.string().base64().nonempty(),
|
||||
dekVersion: z.date(),
|
||||
contentIv: z.string().base64().nonempty(),
|
||||
name: z.string().base64().nonempty(),
|
||||
nameIv: z.string().base64().nonempty(),
|
||||
@@ -20,6 +22,7 @@ export const fileUploadRequest = z.object({
|
||||
parentId: z.union([z.enum(["root"]), z.number().int().positive()]),
|
||||
mekVersion: z.number().int().positive(),
|
||||
dek: z.string().base64().nonempty(),
|
||||
dekVersion: z.coerce.date(),
|
||||
contentIv: z.string().base64().nonempty(),
|
||||
name: z.string().base64().nonempty(),
|
||||
nameIv: z.string().base64().nonempty(),
|
||||
|
||||
@@ -24,15 +24,20 @@ export const deleteDirectory = async (userId: number, directoryId: number) => {
|
||||
export const renameDirectory = async (
|
||||
userId: number,
|
||||
directoryId: number,
|
||||
dekVersion: Date,
|
||||
newEncName: string,
|
||||
newEncNameIv: string,
|
||||
) => {
|
||||
const directory = await getDirectory(userId, directoryId);
|
||||
if (!directory) {
|
||||
error(404, "Invalid directory id");
|
||||
} else if (directory.dekVersion.getTime() !== dekVersion.getTime()) {
|
||||
error(400, "Invalid DEK version");
|
||||
}
|
||||
|
||||
await setDirectoryEncName(userId, directoryId, newEncName, newEncNameIv);
|
||||
if (!(await setDirectoryEncName(userId, directoryId, dekVersion, newEncName, newEncNameIv))) {
|
||||
error(500, "Invalid directory id or DEK version");
|
||||
}
|
||||
};
|
||||
|
||||
export const getDirectoryInformation = async (userId: number, directoryId: "root" | number) => {
|
||||
@@ -49,6 +54,7 @@ export const getDirectoryInformation = async (userId: number, directoryId: "root
|
||||
createdAt: directory.createdAt,
|
||||
mekVersion: directory.mekVersion,
|
||||
encDek: directory.encDek,
|
||||
dekVersion: directory.dekVersion,
|
||||
encName: directory.encName,
|
||||
},
|
||||
directories: directories.map(({ id }) => id),
|
||||
@@ -64,5 +70,11 @@ export const createDirectory = async (params: NewDirectoryParams) => {
|
||||
error(400, "Invalid MEK version");
|
||||
}
|
||||
|
||||
const oneMinuteAgo = new Date(Date.now() - 60 * 1000);
|
||||
const oneMinuteLater = new Date(Date.now() + 60 * 1000);
|
||||
if (params.dekVersion <= oneMinuteAgo || params.dekVersion >= oneMinuteLater) {
|
||||
error(400, "Invalid DEK version");
|
||||
}
|
||||
|
||||
await registerNewDirectory(params);
|
||||
};
|
||||
|
||||
@@ -56,15 +56,20 @@ export const getFileStream = async (userId: number, fileId: number) => {
|
||||
export const renameFile = async (
|
||||
userId: number,
|
||||
fileId: number,
|
||||
dekVersion: Date,
|
||||
newEncName: string,
|
||||
newEncNameIv: string,
|
||||
) => {
|
||||
const file = await getFile(userId, fileId);
|
||||
if (!file) {
|
||||
error(404, "Invalid file id");
|
||||
} else if (file.dekVersion.getTime() !== dekVersion.getTime()) {
|
||||
error(400, "Invalid DEK version");
|
||||
}
|
||||
|
||||
await setFileEncName(userId, fileId, newEncName, newEncNameIv);
|
||||
if (!(await setFileEncName(userId, fileId, dekVersion, newEncName, newEncNameIv))) {
|
||||
error(500, "Invalid file id or DEK version");
|
||||
}
|
||||
};
|
||||
|
||||
export const getFileInformation = async (userId: number, fileId: number) => {
|
||||
@@ -77,6 +82,7 @@ export const getFileInformation = async (userId: number, fileId: number) => {
|
||||
createdAt: file.createdAt,
|
||||
mekVersion: file.mekVersion,
|
||||
encDek: file.encDek,
|
||||
dekVersion: file.dekVersion,
|
||||
encContentIv: file.encContentIv,
|
||||
encName: file.encName,
|
||||
};
|
||||
@@ -113,6 +119,12 @@ export const uploadFile = async (
|
||||
error(400, "Invalid MEK version");
|
||||
}
|
||||
|
||||
const oneMinuteAgo = new Date(Date.now() - 60 * 1000);
|
||||
const oneMinuteLater = new Date(Date.now() + 60 * 1000);
|
||||
if (params.dekVersion <= oneMinuteAgo || params.dekVersion >= oneMinuteLater) {
|
||||
error(400, "Invalid DEK version");
|
||||
}
|
||||
|
||||
const path = `${env.libraryPath}/${params.userId}/${uuidv4()}`;
|
||||
await mkdir(dirname(path), { recursive: true });
|
||||
|
||||
|
||||
Reference in New Issue
Block a user