DEK 버전을 프론트엔드에서 명시적으로 관리하도록 변경

2025-12-16 06:58:46 +00:00 · 2025-01-06 15:38:50 +09:00
parent 71f12c942b
commit 47850e1421
16 changed files with 78 additions and 26 deletions
--- a/src/routes/(main)/directory/[[id]]/+page.svelte
+++ b/src/routes/(main)/directory/[[id]]/+page.svelte
@@ -109,12 +109,12 @@
  <div class="my-4 pb-[4.5rem]">
    {#if subDirectories}
      {#await subDirectories then subDirectories}
-        {#each subDirectories as { id, dataKey, name }}
+        {#each subDirectories as { id, dataKey, dataKeyVersion, name }}
          <DirectoryEntry
            {name}
            onclick={() => goto(`/directory/${id}`)}
            onOpenMenuClick={() => {
-              selectedEntry = { type: "directory", id, dataKey, name };
+              selectedEntry = { type: "directory", id, dataKey, dataKeyVersion, name };
              isDirectoryEntryMenuBottomSheetOpen = true;
            }}
            type="directory"
@@ -124,12 +124,12 @@
    {/if}
    {#if files}
      {#await files then files}
-        {#each files as { id, dataKey, name }}
+        {#each files as { id, dataKey, dataKeyVersion, name }}
          <DirectoryEntry
            {name}
            onclick={() => goto(`/file/${id}`)}
            onOpenMenuClick={() => {
-              selectedEntry = { type: "file", id, dataKey, name };
+              selectedEntry = { type: "file", id, dataKey, dataKeyVersion, name };
              isDirectoryEntryMenuBottomSheetOpen = true;
            }}
            type="file"
--- a/src/routes/(main)/directory/[[id]]/service.ts
+++ b/src/routes/(main)/directory/[[id]]/service.ts
@@ -23,6 +23,7 @@ export interface SelectedDirectoryEntry {
  type: "directory" | "file";
  id: number;
  dataKey: CryptoKey;
+  dataKeyVersion: Date;
  name: string;
 }

@@ -33,6 +34,7 @@ export const decryptDirectoryMetadata = async (
  const { dataKey } = await unwrapDataKey(metadata.dek, masterKey);
  return {
    dataKey,
+    dataKeyVersion: metadata.dekVersion,
    name: await decryptString(metadata.name, metadata.nameIv, dataKey),
  };
 };
@@ -42,12 +44,13 @@ export const requestDirectoryCreation = async (
  parentId: "root" | number,
  masterKey: MasterKey,
 ) => {
-  const { dataKey } = await generateDataKey();
+  const { dataKey, dataKeyVersion } = await generateDataKey();
  const nameEncrypted = await encryptData(new TextEncoder().encode(name), dataKey);
  return await callPostApi<DirectoryCreateRequest>("/api/directory/create", {
    parentId,
    mekVersion: masterKey.version,
    dek: await wrapDataKey(dataKey, masterKey.key),
+    dekVersion: dataKeyVersion,
    name: encodeToBase64(nameEncrypted.ciphertext),
    nameIv: nameEncrypted.iv,
  });
@@ -58,7 +61,7 @@ export const requestFileUpload = async (
  parentId: "root" | number,
  masterKey: MasterKey,
 ) => {
-  const { dataKey } = await generateDataKey();
+  const { dataKey, dataKeyVersion } = await generateDataKey();
  const fileEncrypted = await encryptData(await file.arrayBuffer(), dataKey);
  const nameEncrypted = await encryptString(file.name, dataKey);

@@ -69,6 +72,7 @@ export const requestFileUpload = async (
      parentId,
      mekVersion: masterKey.version,
      dek: await wrapDataKey(dataKey, masterKey.key),
+      dekVersion: dataKeyVersion,
      contentIv: fileEncrypted.iv,
      name: nameEncrypted.ciphertext,
      nameIv: nameEncrypted.iv,
@@ -90,11 +94,13 @@ export const requestDirectoryEntryRename = async (

  if (entry.type === "directory") {
    await callPostApi<DirectoryRenameRequest>(`/api/directory/${entry.id}/rename`, {
+      dekVersion: entry.dataKeyVersion,
      name: newNameEncrypted.ciphertext,
      nameIv: newNameEncrypted.iv,
    });
  } else {
    await callPostApi<FileRenameRequest>(`/api/file/${entry.id}/rename`, {
+      dekVersion: entry.dataKeyVersion,
      name: newNameEncrypted.ciphertext,
      nameIv: newNameEncrypted.iv,
    });