프론트엔드에서 세션 ID 기반 인증 대응 및 DB 마이그레이션 스크립트 재생성

2025-12-16 23:18:48 +00:00 · 2025-01-12 08:31:11 +09:00
parent be8587694e
commit 85ebb529ba
14 changed files with 141 additions and 155 deletions
--- a/src/lib/hooks/callApi.ts
+++ b/src/lib/hooks/callApi.ts
@@ -1,35 +1,11 @@
-export const refreshToken = async (fetchInternal = fetch) => {
-  return await fetchInternal("/api/auth/refreshToken", { method: "POST" });
+export const callGetApi = async (input: RequestInfo, fetchInternal = fetch) => {
+  return await fetchInternal(input);
 };

-const callApi = async (input: RequestInfo, init?: RequestInit, fetchInternal = fetch) => {
-  let res = await fetchInternal(input, init);
-  if (res.status === 401) {
-    res = await refreshToken();
-    if (!res.ok) {
-      return res;
-    }
-    res = await fetchInternal(input, init);
-  }
-  return res;
-};
-
-export const callGetApi = async (input: RequestInfo, fetchInternal?: typeof fetch) => {
-  return await callApi(input, undefined, fetchInternal);
-};
-
-export const callPostApi = async <T>(
-  input: RequestInfo,
-  payload?: T,
-  fetchInternal?: typeof fetch,
-) => {
-  return await callApi(
-    input,
-    {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: payload ? JSON.stringify(payload) : undefined,
-    },
-    fetchInternal,
-  );
+export const callPostApi = async <T>(input: RequestInfo, payload?: T, fetchInternal = fetch) => {
+  return await fetchInternal(input, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: payload ? JSON.stringify(payload) : undefined,
+  });
 };
--- a/src/lib/server/middlewares/authenticate.ts
+++ b/src/lib/server/middlewares/authenticate.ts
@@ -1,11 +1,9 @@
 import { error, redirect, type Handle } from "@sveltejs/kit";
 import { authenticate, AuthenticationError } from "$lib/server/modules/auth";

-const whitelist = ["/auth/login", "/api/auth/login"];
-
 export const authenticateMiddleware: Handle = async ({ event, resolve }) => {
  const { pathname, search } = event.url;
-  if (whitelist.some((path) => pathname.startsWith(path))) {
+  if (pathname === "/api/auth/login") {
    return await resolve(event);
  }

@@ -19,7 +17,9 @@ export const authenticateMiddleware: Handle = async ({ event, resolve }) => {
    event.locals.session = await authenticate(sessionIdSigned, ip, userAgent);
  } catch (e) {
    if (e instanceof AuthenticationError) {
-      if (pathname.startsWith("/api")) {
+      if (pathname === "/auth/login") {
+        return await resolve(event);
+      } else if (pathname.startsWith("/api")) {
        error(e.status, e.message);
      } else {
        redirect(302, "/auth/login?redirect=" + encodeURIComponent(pathname + search));
--- a/src/lib/server/modules/mek.ts
+++ b/src/lib/server/modules/mek.ts
@@ -17,7 +17,7 @@ export const verifyClientEncMekSig = async (
 ) => {
  const userClient = await getUserClientWithDetails(userId, clientId);
  if (!userClient) {
-    error(500, "Invalid access token");
+    error(500, "Invalid session id");
  }

  const data = JSON.stringify({ version, key: encMek });
--- a/src/lib/server/services/client.ts
+++ b/src/lib/server/services/client.ts
@@ -98,7 +98,7 @@ export const verifyUserClient = async (
 export const getUserClientStatus = async (userId: number, clientId: number) => {
  const userClient = await getUserClient(userId, clientId);
  if (!userClient) {
-    error(500, "Invalid access token");
+    error(500, "Invalid session id");
  }

  return {
--- a/src/lib/services/auth.ts
+++ b/src/lib/services/auth.ts
@@ -1,37 +1,30 @@
+import { callPostApi } from "$lib/hooks";
 import { encodeToBase64, decryptChallenge, signMessage } from "$lib/modules/crypto";
 import type {
-  TokenUpgradeRequest,
-  TokenUpgradeResponse,
-  TokenUpgradeVerifyRequest,
+  SessionUpgradeRequest,
+  SessionUpgradeResponse,
+  SessionUpgradeVerifyRequest,
 } from "$lib/server/schemas";

-export const requestTokenUpgrade = async (
+export const requestSessionUpgrade = async (
  encryptKeyBase64: string,
  decryptKey: CryptoKey,
  verifyKeyBase64: string,
  signKey: CryptoKey,
 ) => {
-  let res = await fetch("/api/auth/upgradeToken", {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({
-      encPubKey: encryptKeyBase64,
-      sigPubKey: verifyKeyBase64,
-    } satisfies TokenUpgradeRequest),
+  let res = await callPostApi<SessionUpgradeRequest>("/api/auth/upgradeSession", {
+    encPubKey: encryptKeyBase64,
+    sigPubKey: verifyKeyBase64,
  });
  if (!res.ok) return false;

-  const { challenge }: TokenUpgradeResponse = await res.json();
+  const { challenge }: SessionUpgradeResponse = await res.json();
  const answer = await decryptChallenge(challenge, decryptKey);
  const answerSig = await signMessage(answer, signKey);

-  res = await fetch("/api/auth/upgradeToken/verify", {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({
-      answer: encodeToBase64(answer),
-      answerSig: encodeToBase64(answerSig),
-    } satisfies TokenUpgradeVerifyRequest),
+  res = await callPostApi<SessionUpgradeVerifyRequest>("/api/auth/upgradeSession/verify", {
+    answer: encodeToBase64(answer),
+    answerSig: encodeToBase64(answerSig),
  });
  return res.ok;
 };