암호 키 등록 후 Refresh Token 업그레이드 구현

2025-12-15 22:38:47 +00:00 · 2024-12-29 01:55:01 +09:00
parent af51f04b94
commit 516375142d
7 changed files with 77 additions and 4 deletions
--- a/src/lib/server/modules/auth.ts
+++ b/src/lib/server/modules/auth.ts
@@ -41,7 +41,7 @@ export const authenticate = (cookies: Cookies) => {
    error(401, "Access token not found");
  }

-  const tokenPayload = verifyToken(accessToken);
+  const tokenPayload = verifyToken(accessToken.trim());
  if (tokenPayload === TokenError.EXPIRED) {
    error(401, "Access token expired");
  } else if (tokenPayload === TokenError.INVALID || tokenPayload.type !== "access") {
--- a/src/lib/server/services/auth.ts
+++ b/src/lib/server/services/auth.ts
@@ -7,6 +7,7 @@ import {
  getRefreshToken,
  registerRefreshToken,
  rotateRefreshToken,
+  upgradeRefreshToken,
  revokeRefreshToken,
 } from "$lib/server/db/token";
 import { UserClientState } from "$lib/server/db/schema";
@@ -87,3 +88,27 @@ export const refreshTokens = async (refreshToken: string) => {
    refreshToken: issueToken({ type: "refresh", jti: newJti }),
  };
 };
+
+export const upgradeTokens = async (refreshToken: string, pubKey: string) => {
+  const { jti: oldJti, userId, clientId } = await verifyRefreshToken(refreshToken);
+  if (clientId) {
+    error(403, "Forbidden");
+  }
+
+  const client = await getClientByPubKey(pubKey);
+  const userClient = client ? await getUserClient(userId, client.id) : undefined;
+  if (!client) {
+    error(401, "Invalid public key");
+  } else if (client && (!userClient || userClient.state === UserClientState.Challenging)) {
+    error(401, "Unregistered public key");
+  }
+
+  const newJti = uuidv4();
+  if (!(await upgradeRefreshToken(oldJti, newJti, client.id))) {
+    error(500, "Refresh token not found");
+  }
+  return {
+    accessToken: issueAccessToken(userId, client.id),
+    refreshToken: issueToken({ type: "refresh", jti: newJti }),
+  };
+};