From 5c535d119171407e435edf43620a6ba0b4074b36 Mon Sep 17 00:00:00 2001
From: static <kmc7468@naver.com>
Date: Tue, 31 Dec 2024 08:30:41 +0900
Subject: [PATCH] =?UTF-8?q?=EB=B0=B1=EC=97=94=EB=93=9C=EC=97=90=EC=84=9C?=
 =?UTF-8?q?=EC=9D=98=20=EB=B6=88=ED=95=84=EC=9A=94=ED=95=9C=20trim=20?=
 =?UTF-8?q?=EC=82=AC=EC=9A=A9=20=EC=A0=9C=EA=B1=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/lib/server/modules/auth.ts                     | 2 +-
 src/routes/api/auth/login/+server.ts               | 4 ++--
 src/routes/api/auth/logout/+server.ts              | 2 +-
 src/routes/api/auth/refreshToken/+server.ts        | 2 +-
 src/routes/api/auth/upgradeToken/+server.ts        | 6 +++---
 src/routes/api/auth/upgradeToken/verify/+server.ts | 6 +++---
 src/routes/api/client/register/+server.ts          | 7 +------
 src/routes/api/client/verify/+server.ts            | 2 +-
 src/routes/api/mek/register/+server.ts             | 6 +++---
 9 files changed, 16 insertions(+), 21 deletions(-)

diff --git a/src/lib/server/modules/auth.ts b/src/lib/server/modules/auth.ts
index f68df5c..6ddab1e 100644
--- a/src/lib/server/modules/auth.ts
+++ b/src/lib/server/modules/auth.ts
@@ -44,7 +44,7 @@ export const authenticate = (cookies: Cookies) => {
     error(401, "Access token not found");
   }
 
-  const tokenPayload = verifyToken(accessToken.trim());
+  const tokenPayload = verifyToken(accessToken);
   if (tokenPayload === TokenError.EXPIRED) {
     error(401, "Access token expired");
   } else if (tokenPayload === TokenError.INVALID || tokenPayload.type !== "access") {
diff --git a/src/routes/api/auth/login/+server.ts b/src/routes/api/auth/login/+server.ts
index 1e2281f..ec4f254 100644
--- a/src/routes/api/auth/login/+server.ts
+++ b/src/routes/api/auth/login/+server.ts
@@ -9,13 +9,13 @@ export const POST: RequestHandler = async ({ request, cookies }) => {
   const zodRes = z
     .object({
       email: z.string().email().nonempty(),
-      password: z.string().nonempty(),
+      password: z.string().trim().nonempty(),
     })
     .safeParse(await request.json());
   if (!zodRes.success) error(400, "Invalid request body");
   const { email, password } = zodRes.data;
 
-  const { accessToken, refreshToken } = await login(email.trim(), password.trim());
+  const { accessToken, refreshToken } = await login(email, password);
   cookies.set("accessToken", accessToken, {
     path: "/",
     maxAge: Math.floor(ms(env.jwt.accessExp) / 1000),
diff --git a/src/routes/api/auth/logout/+server.ts b/src/routes/api/auth/logout/+server.ts
index ae5dcaf..f9f0ea6 100644
--- a/src/routes/api/auth/logout/+server.ts
+++ b/src/routes/api/auth/logout/+server.ts
@@ -6,7 +6,7 @@ export const POST: RequestHandler = async ({ cookies }) => {
   const token = cookies.get("refreshToken");
   if (!token) error(401, "Refresh token not found");
 
-  await logout(token.trim());
+  await logout(token);
   cookies.delete("accessToken", { path: "/" });
   cookies.delete("refreshToken", { path: "/api/auth" });
 
diff --git a/src/routes/api/auth/refreshToken/+server.ts b/src/routes/api/auth/refreshToken/+server.ts
index 54fcd03..7960348 100644
--- a/src/routes/api/auth/refreshToken/+server.ts
+++ b/src/routes/api/auth/refreshToken/+server.ts
@@ -6,7 +6,7 @@ export const POST: RequestHandler = async ({ cookies }) => {
   const token = cookies.get("refreshToken");
   if (!token) error(401, "Refresh token not found");
 
-  const { accessToken, refreshToken } = await doRefreshToken(token.trim());
+  const { accessToken, refreshToken } = await doRefreshToken(token);
   cookies.set("accessToken", accessToken, {
     path: "/",
     sameSite: "strict",
diff --git a/src/routes/api/auth/upgradeToken/+server.ts b/src/routes/api/auth/upgradeToken/+server.ts
index 46fc5ca..90c5e60 100644
--- a/src/routes/api/auth/upgradeToken/+server.ts
+++ b/src/routes/api/auth/upgradeToken/+server.ts
@@ -17,10 +17,10 @@ export const POST: RequestHandler = async ({ request, cookies, getClientAddress
   const { encPubKey, sigPubKey } = zodRes.data;
 
   const { challenge } = await createTokenUpgradeChallenge(
-    token.trim(),
+    token,
     getClientAddress(),
-    encPubKey.trim(),
-    sigPubKey.trim(),
+    encPubKey,
+    sigPubKey,
   );
   return json({ challenge });
 };
diff --git a/src/routes/api/auth/upgradeToken/verify/+server.ts b/src/routes/api/auth/upgradeToken/verify/+server.ts
index f4e291f..ca72695 100644
--- a/src/routes/api/auth/upgradeToken/verify/+server.ts
+++ b/src/routes/api/auth/upgradeToken/verify/+server.ts
@@ -17,10 +17,10 @@ export const POST: RequestHandler = async ({ request, cookies, getClientAddress
   const { answer, sigAnswer } = zodRes.data;
 
   const { accessToken, refreshToken } = await upgradeToken(
-    token.trim(),
+    token,
     getClientAddress(),
-    answer.trim(),
-    sigAnswer.trim(),
+    answer,
+    sigAnswer,
   );
   cookies.set("accessToken", accessToken, {
     path: "/",
diff --git a/src/routes/api/client/register/+server.ts b/src/routes/api/client/register/+server.ts
index d6c81b0..361f38f 100644
--- a/src/routes/api/client/register/+server.ts
+++ b/src/routes/api/client/register/+server.ts
@@ -19,11 +19,6 @@ export const POST: RequestHandler = async ({ request, cookies, getClientAddress
   if (!zodRes.success) error(400, "Invalid request body");
   const { encPubKey, sigPubKey } = zodRes.data;
 
-  const { challenge } = await registerUserClient(
-    userId,
-    getClientAddress(),
-    encPubKey.trim(),
-    sigPubKey.trim(),
-  );
+  const { challenge } = await registerUserClient(userId, getClientAddress(), encPubKey, sigPubKey);
   return json({ challenge });
 };
diff --git a/src/routes/api/client/verify/+server.ts b/src/routes/api/client/verify/+server.ts
index 2573cb7..9a34558 100644
--- a/src/routes/api/client/verify/+server.ts
+++ b/src/routes/api/client/verify/+server.ts
@@ -19,6 +19,6 @@ export const POST: RequestHandler = async ({ request, cookies, getClientAddress
   if (!zodRes.success) error(400, "Invalid request body");
   const { answer, sigAnswer } = zodRes.data;
 
-  await verifyUserClient(userId, getClientAddress(), answer.trim(), sigAnswer.trim());
+  await verifyUserClient(userId, getClientAddress(), answer, sigAnswer);
   return text("Client verified", { headers: { "Content-Type": "text/plain" } });
 };
diff --git a/src/routes/api/mek/register/+server.ts b/src/routes/api/mek/register/+server.ts
index 56f1d53..dfab18e 100644
--- a/src/routes/api/mek/register/+server.ts
+++ b/src/routes/api/mek/register/+server.ts
@@ -11,7 +11,7 @@ export const POST: RequestHandler = async ({ request, cookies }) => {
     .object({
       meks: z.array(
         z.object({
-          clientId: z.number(),
+          clientId: z.number().int().positive(),
           mek: z.string().base64().nonempty(),
           sigMek: z.string().base64().nonempty(),
         }),
@@ -26,8 +26,8 @@ export const POST: RequestHandler = async ({ request, cookies }) => {
     clientId,
     meks.map(({ clientId, mek, sigMek }) => ({
       clientId,
-      encMek: mek.trim(),
-      sigEncMek: sigMek.trim(),
+      encMek: mek,
+      sigEncMek: sigMek,
     })),
   );
   return text("MEK registered", { headers: { "Content-Type": "text/plain" } });