공개 키 등록시 인증 절차 추가

2025-12-16 15:08:46 +00:00 · 2024-12-29 00:32:24 +09:00
parent 928cb799d3
commit 75ab5f5859
11 changed files with 183 additions and 22 deletions
--- a/src/lib/server/db/client.ts
+++ b/src/lib/server/db/client.ts
@@ -1,14 +1,14 @@
-import { and, eq } from "drizzle-orm";
+import { and, eq, gt, lte } from "drizzle-orm";
 import db from "./drizzle";
-import { client, userClient } from "./schema";
+import { client, userClient, userClientChallenge, UserClientState } from "./schema";

 export const createClient = async (pubKey: string, userId: number) => {
-  await db.transaction(async (tx) => {
+  return await db.transaction(async (tx) => {
    const insertRes = await tx.insert(client).values({ pubKey }).returning({ id: client.id });
-    await tx.insert(userClient).values({
-      userId,
-      clientId: insertRes[0]!.id,
-    });
+    const { id: clientId } = insertRes[0]!;
+    await tx.insert(userClient).values({ userId, clientId });
+
+    return clientId;
  });
 };

@@ -25,3 +25,58 @@ export const getUserClient = async (userId: number, clientId: number) => {
    .execute();
  return userClients[0] ?? null;
 };
+
+export const setUserClientStateToPending = async (userId: number, clientId: number) => {
+  await db
+    .update(userClient)
+    .set({ state: UserClientState.Pending })
+    .where(
+      and(
+        eq(userClient.userId, userId),
+        eq(userClient.clientId, clientId),
+        eq(userClient.state, UserClientState.Challenging),
+      ),
+    )
+    .execute();
+};
+
+export const createUserClientChallenge = async (
+  userId: number,
+  clientId: number,
+  challenge: string,
+  allowedIp: string,
+  expiresAt: number,
+) => {
+  await db
+    .insert(userClientChallenge)
+    .values({
+      userId,
+      clientId,
+      challenge,
+      allowedIp,
+      expiresAt,
+    })
+    .execute();
+};
+
+export const getUserClientChallenge = async (challenge: string, ip: string) => {
+  const challenges = await db
+    .select()
+    .from(userClientChallenge)
+    .where(
+      and(
+        eq(userClientChallenge.challenge, challenge),
+        eq(userClientChallenge.allowedIp, ip),
+        gt(userClientChallenge.expiresAt, Date.now()),
+      ),
+    )
+    .execute();
+  return challenges[0] ?? null;
+};
+
+export const cleanupExpiredUserClientChallenges = async () => {
+  await db
+    .delete(userClientChallenge)
+    .where(lte(userClientChallenge.expiresAt, Date.now()))
+    .execute();
+};
--- a/src/lib/server/db/schema/client.ts
+++ b/src/lib/server/db/schema/client.ts
@@ -2,8 +2,9 @@ import { sqliteTable, text, integer, primaryKey } from "drizzle-orm/sqlite-core"
 import { user } from "./user";

 export enum UserClientState {
-  PENDING = 0,
-  ACTIVE = 1,
+  Challenging = 0,
+  Pending = 1,
+  Active = 2,
 }

 export const client = sqliteTable("client", {
@@ -20,10 +21,23 @@ export const userClient = sqliteTable(
    clientId: integer("client_id")
      .notNull()
      .references(() => client.id),
-    state: integer("state").notNull().default(0),
+    state: integer("state").notNull().default(UserClientState.Challenging),
    encKey: text("encrypted_key"),
  },
  (t) => ({
    pk: primaryKey({ columns: [t.userId, t.clientId] }),
  }),
 );
+
+export const userClientChallenge = sqliteTable("user_client_challenge", {
+  id: integer("id").primaryKey(),
+  userId: integer("user_id")
+    .notNull()
+    .references(() => user.id),
+  clientId: integer("client_id")
+    .notNull()
+    .references(() => client.id),
+  challenge: text("challenge").notNull().unique(),
+  allowedIp: text("allowed_ip").notNull(),
+  expiresAt: integer("expires_at").notNull(),
+});