From 6e14b456569991097813a957ec3b3a31307eaf11 Mon Sep 17 00:00:00 2001
From: static <kmc7468@naver.com>
Date: Tue, 8 Jul 2025 19:38:49 +0900
Subject: [PATCH] =?UTF-8?q?=EC=9D=B4=EB=AF=B8=20=ED=81=B4=EB=9D=BC?=
 =?UTF-8?q?=EC=9D=B4=EC=96=B8=ED=8A=B8=EA=B0=80=20=EB=A1=9C=EA=B7=B8?=
 =?UTF-8?q?=EC=9D=B8=EB=90=9C=20=EC=83=81=ED=83=9C=EC=97=90=EC=84=9C=20?=
 =?UTF-8?q?=EC=84=B8=EC=85=98=EC=9D=84=20=EC=97=85=EA=B7=B8=EB=A0=88?=
 =?UTF-8?q?=EC=9D=B4=EB=93=9C=ED=95=98=EB=A0=A4=EB=8A=94=20=EA=B2=BD?=
 =?UTF-8?q?=EC=9A=B0=20=EB=B0=9C=EC=83=9D=ED=95=98=EB=8D=98=20500=20?=
 =?UTF-8?q?=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/lib/server/db/session.ts    | 56 ++++++++++++++++-----------------
 src/lib/server/modules/auth.ts  |  2 +-
 src/lib/server/services/auth.ts | 17 +++++-----
 3 files changed, 35 insertions(+), 40 deletions(-)

diff --git a/src/lib/server/db/session.ts b/src/lib/server/db/session.ts
index 653c20c..a856755 100644
--- a/src/lib/server/db/session.ts
+++ b/src/lib/server/db/session.ts
@@ -5,31 +5,22 @@ import db from "./kysely";
 
 export const createSession = async (
   userId: number,
-  clientId: number | null,
   sessionId: string,
   ip: string | null,
   agent: string | null,
 ) => {
-  try {
-    const now = new Date();
-    await db
-      .insertInto("session")
-      .values({
-        id: sessionId,
-        user_id: userId,
-        client_id: clientId,
-        created_at: now,
-        last_used_at: now,
-        last_used_by_ip: ip || null,
-        last_used_by_agent: agent || null,
-      })
-      .execute();
-  } catch (e) {
-    if (e instanceof pg.DatabaseError && e.code === "23505") {
-      throw new IntegrityError("Session already exists");
-    }
-    throw e;
-  }
+  const now = new Date();
+  await db
+    .insertInto("session")
+    .values({
+      id: sessionId,
+      user_id: userId,
+      created_at: now,
+      last_used_at: now,
+      last_used_by_ip: ip || null,
+      last_used_by_agent: agent || null,
+    })
+    .execute();
 };
 
 export const refreshSession = async (
@@ -56,14 +47,21 @@ export const refreshSession = async (
 };
 
 export const upgradeSession = async (sessionId: string, clientId: number) => {
-  const res = await db
-    .updateTable("session")
-    .set({ client_id: clientId })
-    .where("id", "=", sessionId)
-    .where("client_id", "is", null)
-    .executeTakeFirst();
-  if (res.numUpdatedRows === 0n) {
-    throw new IntegrityError("Session not found");
+  try {
+    const res = await db
+      .updateTable("session")
+      .set({ client_id: clientId })
+      .where("id", "=", sessionId)
+      .where("client_id", "is", null)
+      .executeTakeFirst();
+    if (res.numUpdatedRows === 0n) {
+      throw new IntegrityError("Session not found");
+    }
+  } catch (e) {
+    if (e instanceof pg.DatabaseError && e.code === "23505") {
+      throw new IntegrityError("Session already exists");
+    }
+    throw e;
   }
 };
 
diff --git a/src/lib/server/modules/auth.ts b/src/lib/server/modules/auth.ts
index 4e03783..d25033d 100644
--- a/src/lib/server/modules/auth.ts
+++ b/src/lib/server/modules/auth.ts
@@ -27,7 +27,7 @@ export class AuthenticationError extends Error {
 
 export const startSession = async (userId: number, ip: string, userAgent: string) => {
   const { sessionId, sessionIdSigned } = await issueSessionId(32, env.session.secret);
-  await createSession(userId, null, sessionId, ip, userAgent);
+  await createSession(userId, sessionId, ip, userAgent);
   return sessionIdSigned;
 };
 
diff --git a/src/lib/server/services/auth.ts b/src/lib/server/services/auth.ts
index 2eb496c..96b7675 100644
--- a/src/lib/server/services/auth.ts
+++ b/src/lib/server/services/auth.ts
@@ -51,14 +51,7 @@ export const login = async (email: string, password: string, ip: string, userAge
     error(401, "Invalid email or password");
   }
 
-  try {
-    return { sessionIdSigned: await startSession(user.id, ip, userAgent) };
-  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "Session already exists") {
-      error(403, "Already logged in");
-    }
-    throw e;
-  }
+  return { sessionIdSigned: await startSession(user.id, ip, userAgent) };
 };
 
 export const logout = async (sessionId: string) => {
@@ -115,8 +108,12 @@ export const verifySessionUpgradeChallenge = async (
   try {
     await upgradeSession(sessionId, client.id);
   } catch (e) {
-    if (e instanceof IntegrityError && e.message === "Session not found") {
-      error(500, "Invalid challenge answer");
+    if (e instanceof IntegrityError) {
+      if (e.message === "Session not found") {
+        error(500, "Invalid challenge answer");
+      } else if (e.message === "Session already exists") {
+        error(403, "Already logged in");
+      }
     }
     throw e;
   }