백엔드에서의 불필요한 trim 사용 제거

2025-12-12 21:08:46 +00:00 · 2024-12-31 08:30:41 +09:00
parent 3ee6365ff2
commit 5c535d1191
9 changed files with 16 additions and 21 deletions
--- a/src/lib/server/modules/auth.ts
+++ b/src/lib/server/modules/auth.ts
@@ -44,7 +44,7 @@ export const authenticate = (cookies: Cookies) => {
    error(401, "Access token not found");
  }

-  const tokenPayload = verifyToken(accessToken.trim());
+  const tokenPayload = verifyToken(accessToken);
  if (tokenPayload === TokenError.EXPIRED) {
    error(401, "Access token expired");
  } else if (tokenPayload === TokenError.INVALID || tokenPayload.type !== "access") {
--- a/src/routes/api/auth/login/+server.ts
+++ b/src/routes/api/auth/login/+server.ts
@@ -9,13 +9,13 @@ export const POST: RequestHandler = async ({ request, cookies }) => {
  const zodRes = z
    .object({
      email: z.string().email().nonempty(),
-      password: z.string().nonempty(),
+      password: z.string().trim().nonempty(),
    })
    .safeParse(await request.json());
  if (!zodRes.success) error(400, "Invalid request body");
  const { email, password } = zodRes.data;

-  const { accessToken, refreshToken } = await login(email.trim(), password.trim());
+  const { accessToken, refreshToken } = await login(email, password);
  cookies.set("accessToken", accessToken, {
    path: "/",
    maxAge: Math.floor(ms(env.jwt.accessExp) / 1000),
--- a/src/routes/api/auth/logout/+server.ts
+++ b/src/routes/api/auth/logout/+server.ts
@@ -6,7 +6,7 @@ export const POST: RequestHandler = async ({ cookies }) => {
  const token = cookies.get("refreshToken");
  if (!token) error(401, "Refresh token not found");

-  await logout(token.trim());
+  await logout(token);
  cookies.delete("accessToken", { path: "/" });
  cookies.delete("refreshToken", { path: "/api/auth" });

--- a/src/routes/api/auth/refreshToken/+server.ts
+++ b/src/routes/api/auth/refreshToken/+server.ts
@@ -6,7 +6,7 @@ export const POST: RequestHandler = async ({ cookies }) => {
  const token = cookies.get("refreshToken");
  if (!token) error(401, "Refresh token not found");

-  const { accessToken, refreshToken } = await doRefreshToken(token.trim());
+  const { accessToken, refreshToken } = await doRefreshToken(token);
  cookies.set("accessToken", accessToken, {
    path: "/",
    sameSite: "strict",
--- a/src/routes/api/auth/upgradeToken/+server.ts
+++ b/src/routes/api/auth/upgradeToken/+server.ts
@@ -17,10 +17,10 @@ export const POST: RequestHandler = async ({ request, cookies, getClientAddress
  const { encPubKey, sigPubKey } = zodRes.data;

  const { challenge } = await createTokenUpgradeChallenge(
-    token.trim(),
+    token,
    getClientAddress(),
-    encPubKey.trim(),
-    sigPubKey.trim(),
+    encPubKey,
+    sigPubKey,
  );
  return json({ challenge });
 };
--- a/src/routes/api/auth/upgradeToken/verify/+server.ts
+++ b/src/routes/api/auth/upgradeToken/verify/+server.ts
@@ -17,10 +17,10 @@ export const POST: RequestHandler = async ({ request, cookies, getClientAddress
  const { answer, sigAnswer } = zodRes.data;

  const { accessToken, refreshToken } = await upgradeToken(
-    token.trim(),
+    token,
    getClientAddress(),
-    answer.trim(),
-    sigAnswer.trim(),
+    answer,
+    sigAnswer,
  );
  cookies.set("accessToken", accessToken, {
    path: "/",
--- a/src/routes/api/client/register/+server.ts
+++ b/src/routes/api/client/register/+server.ts
@@ -19,11 +19,6 @@ export const POST: RequestHandler = async ({ request, cookies, getClientAddress
  if (!zodRes.success) error(400, "Invalid request body");
  const { encPubKey, sigPubKey } = zodRes.data;

-  const { challenge } = await registerUserClient(
-    userId,
-    getClientAddress(),
-    encPubKey.trim(),
-    sigPubKey.trim(),
-  );
+  const { challenge } = await registerUserClient(userId, getClientAddress(), encPubKey, sigPubKey);
  return json({ challenge });
 };
--- a/src/routes/api/client/verify/+server.ts
+++ b/src/routes/api/client/verify/+server.ts
@@ -19,6 +19,6 @@ export const POST: RequestHandler = async ({ request, cookies, getClientAddress
  if (!zodRes.success) error(400, "Invalid request body");
  const { answer, sigAnswer } = zodRes.data;

-  await verifyUserClient(userId, getClientAddress(), answer.trim(), sigAnswer.trim());
+  await verifyUserClient(userId, getClientAddress(), answer, sigAnswer);
  return text("Client verified", { headers: { "Content-Type": "text/plain" } });
 };
--- a/src/routes/api/mek/register/+server.ts
+++ b/src/routes/api/mek/register/+server.ts
@@ -11,7 +11,7 @@ export const POST: RequestHandler = async ({ request, cookies }) => {
    .object({
      meks: z.array(
        z.object({
-          clientId: z.number(),
+          clientId: z.number().int().positive(),
          mek: z.string().base64().nonempty(),
          sigMek: z.string().base64().nonempty(),
        }),
@@ -26,8 +26,8 @@ export const POST: RequestHandler = async ({ request, cookies }) => {
    clientId,
    meks.map(({ clientId, mek, sigMek }) => ({
      clientId,
-      encMek: mek.trim(),
-      sigEncMek: sigMek.trim(),
+      encMek: mek,
+      sigEncMek: sigMek,
    })),
  );
  return text("MEK registered", { headers: { "Content-Type": "text/plain" } });