DEK 버전을 프론트엔드에서 명시적으로 관리하도록 변경

2025-12-16 15:08:46 +00:00 · 2025-01-06 15:38:50 +09:00
parent 71f12c942b
commit 47850e1421
16 changed files with 78 additions and 26 deletions
--- a/src/routes/(main)/directory/[[id]]/+page.svelte
+++ b/src/routes/(main)/directory/[[id]]/+page.svelte
@@ -109,12 +109,12 @@
  <div class="my-4 pb-[4.5rem]">
    {#if subDirectories}
      {#await subDirectories then subDirectories}
-        {#each subDirectories as { id, dataKey, name }}
+        {#each subDirectories as { id, dataKey, dataKeyVersion, name }}
          <DirectoryEntry
            {name}
            onclick={() => goto(`/directory/${id}`)}
            onOpenMenuClick={() => {
-              selectedEntry = { type: "directory", id, dataKey, name };
+              selectedEntry = { type: "directory", id, dataKey, dataKeyVersion, name };
              isDirectoryEntryMenuBottomSheetOpen = true;
            }}
            type="directory"
@@ -124,12 +124,12 @@
    {/if}
    {#if files}
      {#await files then files}
-        {#each files as { id, dataKey, name }}
+        {#each files as { id, dataKey, dataKeyVersion, name }}
          <DirectoryEntry
            {name}
            onclick={() => goto(`/file/${id}`)}
            onOpenMenuClick={() => {
-              selectedEntry = { type: "file", id, dataKey, name };
+              selectedEntry = { type: "file", id, dataKey, dataKeyVersion, name };
              isDirectoryEntryMenuBottomSheetOpen = true;
            }}
            type="file"
--- a/src/routes/(main)/directory/[[id]]/service.ts
+++ b/src/routes/(main)/directory/[[id]]/service.ts
@@ -23,6 +23,7 @@ export interface SelectedDirectoryEntry {
  type: "directory" | "file";
  id: number;
  dataKey: CryptoKey;
+  dataKeyVersion: Date;
  name: string;
 }

@@ -33,6 +34,7 @@ export const decryptDirectoryMetadata = async (
  const { dataKey } = await unwrapDataKey(metadata.dek, masterKey);
  return {
    dataKey,
+    dataKeyVersion: metadata.dekVersion,
    name: await decryptString(metadata.name, metadata.nameIv, dataKey),
  };
 };
@@ -42,12 +44,13 @@ export const requestDirectoryCreation = async (
  parentId: "root" | number,
  masterKey: MasterKey,
 ) => {
-  const { dataKey } = await generateDataKey();
+  const { dataKey, dataKeyVersion } = await generateDataKey();
  const nameEncrypted = await encryptData(new TextEncoder().encode(name), dataKey);
  return await callPostApi<DirectoryCreateRequest>("/api/directory/create", {
    parentId,
    mekVersion: masterKey.version,
    dek: await wrapDataKey(dataKey, masterKey.key),
+    dekVersion: dataKeyVersion,
    name: encodeToBase64(nameEncrypted.ciphertext),
    nameIv: nameEncrypted.iv,
  });
@@ -58,7 +61,7 @@ export const requestFileUpload = async (
  parentId: "root" | number,
  masterKey: MasterKey,
 ) => {
-  const { dataKey } = await generateDataKey();
+  const { dataKey, dataKeyVersion } = await generateDataKey();
  const fileEncrypted = await encryptData(await file.arrayBuffer(), dataKey);
  const nameEncrypted = await encryptString(file.name, dataKey);

@@ -69,6 +72,7 @@ export const requestFileUpload = async (
      parentId,
      mekVersion: masterKey.version,
      dek: await wrapDataKey(dataKey, masterKey.key),
+      dekVersion: dataKeyVersion,
      contentIv: fileEncrypted.iv,
      name: nameEncrypted.ciphertext,
      nameIv: nameEncrypted.iv,
@@ -90,11 +94,13 @@ export const requestDirectoryEntryRename = async (

  if (entry.type === "directory") {
    await callPostApi<DirectoryRenameRequest>(`/api/directory/${entry.id}/rename`, {
+      dekVersion: entry.dataKeyVersion,
      name: newNameEncrypted.ciphertext,
      nameIv: newNameEncrypted.iv,
    });
  } else {
    await callPostApi<FileRenameRequest>(`/api/file/${entry.id}/rename`, {
+      dekVersion: entry.dataKeyVersion,
      name: newNameEncrypted.ciphertext,
      nameIv: newNameEncrypted.iv,
    });
--- a/src/routes/api/directory/[id]/+server.ts
+++ b/src/routes/api/directory/[id]/+server.ts
@@ -23,6 +23,7 @@ export const GET: RequestHandler = async ({ cookies, params }) => {
        createdAt: metadata.createdAt,
        mekVersion: metadata.mekVersion,
        dek: metadata.encDek,
+        dekVersion: metadata.dekVersion,
        name: metadata.encName.ciphertext,
        nameIv: metadata.encName.iv,
      },
--- a/src/routes/api/directory/[id]/rename/+server.ts
+++ b/src/routes/api/directory/[id]/rename/+server.ts
@@ -18,8 +18,8 @@ export const POST: RequestHandler = async ({ request, cookies, params }) => {

  const bodyZodRes = directoryRenameRequest.safeParse(await request.json());
  if (!bodyZodRes.success) error(400, "Invalid request body");
-  const { name, nameIv } = bodyZodRes.data;
+  const { dekVersion, name, nameIv } = bodyZodRes.data;

-  await renameDirectory(userId, id, name, nameIv);
+  await renameDirectory(userId, id, dekVersion, name, nameIv);
  return text("Directory renamed", { headers: { "Content-Type": "text/plain" } });
 };
--- a/src/routes/api/directory/create/+server.ts
+++ b/src/routes/api/directory/create/+server.ts
@@ -9,13 +9,14 @@ export const POST: RequestHandler = async ({ request, cookies }) => {

  const zodRes = directoryCreateRequest.safeParse(await request.json());
  if (!zodRes.success) error(400, "Invalid request body");
-  const { parentId, mekVersion, dek, name, nameIv } = zodRes.data;
+  const { parentId, mekVersion, dek, dekVersion, name, nameIv } = zodRes.data;

  await createDirectory({
    userId,
    parentId,
    mekVersion,
    encDek: dek,
+    dekVersion,
    encName: name,
    encNameIv: nameIv,
  });
--- a/src/routes/api/file/[id]/+server.ts
+++ b/src/routes/api/file/[id]/+server.ts
@@ -16,15 +16,14 @@ export const GET: RequestHandler = async ({ cookies, params }) => {
  if (!zodRes.success) error(400, "Invalid path parameters");
  const { id } = zodRes.data;

-  const { createdAt, mekVersion, encDek, encContentIv, encName } = await getFileInformation(
-    userId,
-    id,
-  );
+  const { createdAt, mekVersion, encDek, dekVersion, encContentIv, encName } =
+    await getFileInformation(userId, id);
  return json(
    fileInfoResponse.parse({
      createdAt,
      mekVersion,
      dek: encDek,
+      dekVersion,
      contentIv: encContentIv,
      name: encName.ciphertext,
      nameIv: encName.iv,
--- a/src/routes/api/file/[id]/rename/+server.ts
+++ b/src/routes/api/file/[id]/rename/+server.ts
@@ -18,8 +18,8 @@ export const POST: RequestHandler = async ({ request, cookies, params }) => {

  const bodyZodRes = fileRenameRequest.safeParse(await request.json());
  if (!bodyZodRes.success) error(400, "Invalid request body");
-  const { name, nameIv } = bodyZodRes.data;
+  const { dekVersion, name, nameIv } = bodyZodRes.data;

-  await renameFile(userId, id, name, nameIv);
+  await renameFile(userId, id, dekVersion, name, nameIv);
  return text("File renamed", { headers: { "Content-Type": "text/plain" } });
 };
--- a/src/routes/api/file/upload/+server.ts
+++ b/src/routes/api/file/upload/+server.ts
@@ -16,7 +16,7 @@ export const POST: RequestHandler = async ({ request, cookies }) => {

  const zodRes = fileUploadRequest.safeParse(JSON.parse(metadata));
  if (!zodRes.success) error(400, "Invalid request body");
-  const { parentId, mekVersion, dek, contentIv, name, nameIv } = zodRes.data;
+  const { parentId, mekVersion, dek, dekVersion, contentIv, name, nameIv } = zodRes.data;

  await uploadFile(
    {
@@ -24,6 +24,7 @@ export const POST: RequestHandler = async ({ request, cookies }) => {
      parentId,
      mekVersion,
      encDek: dek,
+      dekVersion,
      encContentIv: contentIv,
      encName: name,
      encNameIv: nameIv,