암호 키 등록 후 Refresh Token 업그레이드 구현

src/routes/(fullscreen)/key/export/+page.svelte

@@ -9,6 +9,7 @@
   import {
     createBlobFromKeyPairBase64,
     requestPubKeyRegistration,
+    requestTokenUpgrade,
     storeKeyPairPersistently,
   } from "./service";
 
@@ -40,7 +41,12 @@
 
     if (await requestPubKeyRegistration(data.pubKeyBase64, $keyPairStore.privateKey)) {
       await storeKeyPairPersistently($keyPairStore);
-      await goto(data.redirectPath);
+
+      if (await requestTokenUpgrade(data.pubKeyBase64)) {
+        await goto(data.redirectPath);
+      } else {
+        // TODO: Error handling
+      }
     } else {
       // TODO: Error handling
     }

src/routes/(fullscreen)/key/export/service.ts

@@ -38,6 +38,17 @@ export const requestPubKeyRegistration = async (pubKeyBase64: string, privateKey
   return res.ok;
 };
 
+export const requestTokenUpgrade = async (pubKeyBase64: string) => {
+  const res = await fetch("/api/auth/upgradeToken", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+    },
+    body: JSON.stringify({ pubKey: pubKeyBase64 }),
+  });
+  return res.ok;
+};
+
 export const storeKeyPairPersistently = async (keyPair: CryptoKeyPair) => {
   await storeKeyPairIntoIndexedDB(keyPair.publicKey, keyPair.privateKey);
 };

src/routes/api/auth/upgradeToken/+server.ts

@@ -0,0 +1,29 @@
+import { error, text } from "@sveltejs/kit";
+import { z } from "zod";
+import { upgradeTokens } from "$lib/server/services/auth";
+import type { RequestHandler } from "./$types";
+
+export const POST: RequestHandler = async ({ request, cookies }) => {
+  const token = cookies.get("refreshToken");
+  if (!token) error(401, "Refresh token not found");
+
+  const zodRes = z
+    .object({
+      pubKey: z.string().base64().nonempty(),
+    })
+    .safeParse(await request.json());
+  if (!zodRes.success) error(400, "Invalid request body");
+
+  const { pubKey } = zodRes.data;
+  const { accessToken, refreshToken } = await upgradeTokens(token.trim(), pubKey.trim());
+
+  cookies.set("accessToken", accessToken, {
+    path: "/",
+    sameSite: "strict",
+  });
+  cookies.set("refreshToken", refreshToken, {
+    path: "/api/auth",
+    sameSite: "strict",
+  });
+  return text("Token upgraded", { headers: { "Content-Type": "text/plain" } });
+};

src/routes/api/key/register/+server.ts

@@ -17,6 +17,7 @@ export const POST: RequestHandler = async ({ request, cookies, getClientAddress
     error(403, "Forbidden");
   }
 
-  const challenge = await registerPubKey(userId, getClientAddress(), zodRes.data.pubKey);
+  const { pubKey } = zodRes.data;
+  const challenge = await registerPubKey(userId, getClientAddress(), pubKey.trim());
   return json({ challenge });
 };

src/routes/api/key/verify/+server.ts

@@ -17,6 +17,7 @@ export const POST: RequestHandler = async ({ request, cookies, getClientAddress
     error(403, "Forbidden");
   }
 
-  await verifyPubKey(userId, getClientAddress(), zodRes.data.answer);
+  const { answer } = zodRes.data;
+  await verifyPubKey(userId, getClientAddress(), answer.trim());
   return text("Key verified", { headers: { "Content-Type": "text/plain" } });
 };