이미 클라이언트가 로그인된 상태에서 세션을 업그레이드하려는 경우 발생하던 500 오류 수정

2025-12-12 21:08:46 +00:00 · 2025-07-08 19:38:49 +09:00
parent 983cb2cc57
commit 6e14b45656
3 changed files with 35 additions and 40 deletions
--- a/src/lib/server/db/session.ts
+++ b/src/lib/server/db/session.ts
@@ -5,31 +5,22 @@ import db from "./kysely";

 export const createSession = async (
  userId: number,
-  clientId: number | null,
  sessionId: string,
  ip: string | null,
  agent: string | null,
 ) => {
-  try {
-    const now = new Date();
-    await db
-      .insertInto("session")
-      .values({
-        id: sessionId,
-        user_id: userId,
-        client_id: clientId,
-        created_at: now,
-        last_used_at: now,
-        last_used_by_ip: ip || null,
-        last_used_by_agent: agent || null,
-      })
-      .execute();
-  } catch (e) {
-    if (e instanceof pg.DatabaseError && e.code === "23505") {
-      throw new IntegrityError("Session already exists");
-    }
-    throw e;
-  }
+  const now = new Date();
+  await db
+    .insertInto("session")
+    .values({
+      id: sessionId,
+      user_id: userId,
+      created_at: now,
+      last_used_at: now,
+      last_used_by_ip: ip || null,
+      last_used_by_agent: agent || null,
+    })
+    .execute();
 };

 export const refreshSession = async (
@@ -56,14 +47,21 @@ export const refreshSession = async (
 };

 export const upgradeSession = async (sessionId: string, clientId: number) => {
-  const res = await db
-    .updateTable("session")
-    .set({ client_id: clientId })
-    .where("id", "=", sessionId)
-    .where("client_id", "is", null)
-    .executeTakeFirst();
-  if (res.numUpdatedRows === 0n) {
-    throw new IntegrityError("Session not found");
+  try {
+    const res = await db
+      .updateTable("session")
+      .set({ client_id: clientId })
+      .where("id", "=", sessionId)
+      .where("client_id", "is", null)
+      .executeTakeFirst();
+    if (res.numUpdatedRows === 0n) {
+      throw new IntegrityError("Session not found");
+    }
+  } catch (e) {
+    if (e instanceof pg.DatabaseError && e.code === "23505") {
+      throw new IntegrityError("Session already exists");
+    }
+    throw e;
  }
 };

--- a/src/lib/server/modules/auth.ts
+++ b/src/lib/server/modules/auth.ts
@@ -27,7 +27,7 @@ export class AuthenticationError extends Error {

 export const startSession = async (userId: number, ip: string, userAgent: string) => {
  const { sessionId, sessionIdSigned } = await issueSessionId(32, env.session.secret);
-  await createSession(userId, null, sessionId, ip, userAgent);
+  await createSession(userId, sessionId, ip, userAgent);
  return sessionIdSigned;
 };

--- a/src/lib/server/services/auth.ts
+++ b/src/lib/server/services/auth.ts
@@ -51,14 +51,7 @@ export const login = async (email: string, password: string, ip: string, userAge
    error(401, "Invalid email or password");
  }

-  try {
-    return { sessionIdSigned: await startSession(user.id, ip, userAgent) };
-  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "Session already exists") {
-      error(403, "Already logged in");
-    }
-    throw e;
-  }
+  return { sessionIdSigned: await startSession(user.id, ip, userAgent) };
 };

 export const logout = async (sessionId: string) => {
@@ -115,8 +108,12 @@ export const verifySessionUpgradeChallenge = async (
  try {
    await upgradeSession(sessionId, client.id);
  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "Session not found") {
-      error(500, "Invalid challenge answer");
+    if (e instanceof IntegrityError) {
+      if (e.message === "Session not found") {
+        error(500, "Invalid challenge answer");
+      } else if (e.message === "Session already exists") {
+        error(403, "Already logged in");
+      }
    }
    throw e;
  }