/api/file/upload, /api/file/[id], /api/file/[id]/download Endpoint 구현

2025-12-16 06:58:46 +00:00 · 2025-01-04 21:44:41 +09:00
parent 034593804f
commit a62d44038a
21 changed files with 298 additions and 11 deletions
--- a/src/lib/server/db/file.ts
+++ b/src/lib/server/db/file.ts
@@ -13,6 +13,17 @@ export interface NewDirectroyParams {
  encNameIv: string;
 }

+export interface NewFileParams {
+  path: string;
+  parentId: DirectroyId;
+  userId: number;
+  mekVersion: number;
+  encDek: string;
+  encContentIv: string;
+  encName: string;
+  encNameIv: string;
+}
+
 export const registerNewDirectory = async (params: NewDirectroyParams) => {
  return await db.transaction(async (tx) => {
    const meks = await tx
@@ -58,6 +69,31 @@ export const getDirectory = async (userId: number, directoryId: number) => {
  return res[0] ?? null;
 };

+export const registerNewFile = async (params: NewFileParams) => {
+  await db.transaction(async (tx) => {
+    const meks = await tx
+      .select()
+      .from(mek)
+      .where(and(eq(mek.userId, params.userId), eq(mek.state, "active")));
+    if (meks[0]?.version !== params.mekVersion) {
+      throw new Error("Invalid MEK version");
+    }
+
+    const now = new Date();
+    await tx.insert(file).values({
+      path: params.path,
+      parentId: params.parentId === "root" ? null : params.parentId,
+      createdAt: now,
+      userId: params.userId,
+      mekVersion: params.mekVersion,
+      encDek: params.encDek,
+      encryptedAt: now,
+      encContentIv: params.encContentIv,
+      encName: { ciphertext: params.encName, iv: params.encNameIv },
+    });
+  });
+};
+
 export const getAllFilesByParent = async (userId: number, parentId: DirectroyId) => {
  return await db
    .select()
@@ -70,3 +106,12 @@ export const getAllFilesByParent = async (userId: number, parentId: DirectroyId)
    )
    .execute();
 };
+
+export const getFile = async (userId: number, fileId: number) => {
+  const res = await db
+    .select()
+    .from(file)
+    .where(and(eq(file.userId, userId), eq(file.id, fileId)))
+    .execute();
+  return res[0] ?? null;
+};
--- a/src/lib/server/db/schema/file.ts
+++ b/src/lib/server/db/schema/file.ts
@@ -47,6 +47,7 @@ export const file = sqliteTable(
    mekVersion: integer("master_encryption_key_version").notNull(),
    encDek: text("encrypted_data_encryption_key").notNull().unique(), // Base64
    encryptedAt: integer("encrypted_at", { mode: "timestamp_ms" }).notNull(),
+    encContentIv: text("encrypted_content_iv").notNull(), // Base64
    encName: ciphertext("encrypted_name").notNull(),
  },
  (t) => ({
--- a/src/lib/server/loadenv.ts
+++ b/src/lib/server/loadenv.ts
@@ -16,4 +16,5 @@ export default {
    userClientExp: env.USER_CLIENT_CHALLENGE_EXPIRES || "5m",
    tokenUpgradeExp: env.TOKEN_UPGRADE_CHALLENGE_EXPIRES || "5m",
  },
+  libraryPath: env.LIBRARY_PATH || "library",
 };
--- a/src/lib/server/schemas/file.ts
+++ b/src/lib/server/schemas/file.ts
@@ -0,0 +1,22 @@
+import { z } from "zod";
+
+export const fileInfoResponse = z.object({
+  createdAt: z.date(),
+  mekVersion: z.number().int().positive(),
+  dek: z.string().base64().nonempty(),
+  contentIv: z.string().base64().nonempty(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+});
+export type FileInfoResponse = z.infer<typeof fileInfoResponse>;
+
+export const fileUploadRequest = z.object({
+  parentId: z.union([z.enum(["root"]), z.number().int().positive()]),
+  mekVersion: z.number().int().positive(),
+  dek: z.string().base64().nonempty(),
+  contentHash: z.string().base64().nonempty(),
+  contentIv: z.string().base64().nonempty(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+});
+export type FileUploadRequest = z.infer<typeof fileUploadRequest>;
--- a/src/lib/server/schemas/index.ts
+++ b/src/lib/server/schemas/index.ts
@@ -1,4 +1,5 @@
 export * from "./auth";
 export * from "./client";
 export * from "./directory";
+export * from "./file";
 export * from "./mek";
--- a/src/lib/server/services/file.ts
+++ b/src/lib/server/services/file.ts
@@ -1,12 +1,21 @@
 import { error } from "@sveltejs/kit";
+import { createHash } from "crypto";
+import { createReadStream, createWriteStream, ReadStream, WriteStream } from "fs";
+import { mkdir, stat, unlink } from "fs/promises";
+import { dirname } from "path";
+import { v4 as uuidv4 } from "uuid";
 import {
  getAllDirectoriesByParent,
  registerNewDirectory,
  getDirectory,
+  registerNewFile,
  getAllFilesByParent,
+  getFile,
  type NewDirectroyParams,
+  type NewFileParams,
 } from "$lib/server/db/file";
 import { getActiveMekVersion } from "$lib/server/db/mek";
+import env from "$lib/server/loadenv";

 export const getDirectroyInformation = async (userId: number, directroyId: "root" | number) => {
  const directory = directroyId !== "root" ? await getDirectory(userId, directroyId) : undefined;
@@ -39,3 +48,113 @@ export const createDirectory = async (params: NewDirectroyParams) => {

  await registerNewDirectory(params);
 };
+
+const convertToReadableStream = (readStream: ReadStream) => {
+  return new ReadableStream<Uint8Array>({
+    start: (controller) => {
+      readStream.on("data", (chunk) => controller.enqueue(new Uint8Array(chunk as Buffer)));
+      readStream.on("end", () => controller.close());
+      readStream.on("error", (e) => controller.error(e));
+    },
+    cancel: () => {
+      readStream.destroy();
+    },
+  });
+};
+
+export const getFileStream = async (userId: number, fileId: number) => {
+  const file = await getFile(userId, fileId);
+  if (!file) {
+    error(404, "Invalid file id");
+  }
+
+  const { size } = await stat(file.path);
+  return {
+    encContentStream: convertToReadableStream(createReadStream(file.path)),
+    encContentSize: size,
+  };
+};
+
+export const getFileInformation = async (userId: number, fileId: number) => {
+  const file = await getFile(userId, fileId);
+  if (!file) {
+    error(404, "Invalid file id");
+  }
+
+  return {
+    createdAt: file.createdAt,
+    mekVersion: file.mekVersion,
+    encDek: file.encDek,
+    encContentIv: file.encContentIv,
+    encName: file.encName,
+  };
+};
+
+const convertToWritableStream = (writeStream: WriteStream) => {
+  return new WritableStream<Uint8Array>({
+    write: (chunk) =>
+      new Promise((resolve, reject) => {
+        writeStream.write(chunk, (e) => {
+          if (e) {
+            reject(e);
+          } else {
+            resolve();
+          }
+        });
+      }),
+    close: () => new Promise((resolve) => writeStream.end(resolve)),
+  });
+};
+
+const safeUnlink = async (path: string) => {
+  await unlink(path).catch(console.error);
+};
+
+export const uploadFile = async (
+  params: Omit<NewFileParams, "path">,
+  encContentStream: ReadableStream<Uint8Array>,
+  encContentHash: string,
+) => {
+  const activeMekVersion = await getActiveMekVersion(params.userId);
+  if (activeMekVersion === null) {
+    error(500, "Invalid MEK version");
+  } else if (activeMekVersion !== params.mekVersion) {
+    error(400, "Invalid MEK version");
+  }
+
+  const path = `${env.libraryPath}/${params.userId}/${uuidv4()}`;
+  const hash = createHash("sha256");
+
+  await mkdir(dirname(path), { recursive: true });
+
+  try {
+    const hashStream = new TransformStream<Uint8Array, Uint8Array>({
+      transform: (chunk, controller) => {
+        hash.update(chunk);
+        controller.enqueue(chunk);
+      },
+    });
+    const fileStream = convertToWritableStream(
+      createWriteStream(path, { flags: "wx", mode: 0o600 }),
+    );
+    await encContentStream.pipeThrough(hashStream).pipeTo(fileStream);
+  } catch (e) {
+    await safeUnlink(path);
+    throw e;
+  }
+
+  if (hash.digest("base64") !== encContentHash) {
+    await safeUnlink(path);
+    error(400, "Invalid content hash");
+  }
+
+  try {
+    await registerNewFile({
+      ...params,
+      path,
+    });
+  } catch (e) {
+    await safeUnlink(path);
+    throw e;
+  }
+};