챌린지 Reply Attack 방어 구현

2025-12-15 22:38:47 +00:00 · 2024-12-31 03:05:14 +09:00
parent b84d6fd5ad
commit a64e85848c
6 changed files with 24 additions and 3 deletions
--- a/src/lib/server/services/auth.ts
+++ b/src/lib/server/services/auth.ts
@@ -13,6 +13,7 @@ import {
  revokeRefreshToken,
  registerTokenUpgradeChallenge,
  getTokenUpgradeChallenge,
+  markTokenUpgradeChallengeAsUsed,
 } from "$lib/server/db/token";
 import { issueToken, verifyToken, TokenError } from "$lib/server/modules/auth";
 import { verifySignature, generateChallenge } from "$lib/server/modules/crypto";
@@ -152,7 +153,7 @@ export const upgradeToken = async (
    error(401, "Invalid challenge answer signature");
  }

-  // TODO: Replay attack prevention
+  await markTokenUpgradeChallengeAsUsed(challenge.id);

  const newJti = uuidv4();
  if (!(await upgradeRefreshToken(oldJti, newJti, client.id))) {