kmc7468/arkvault
1
0
Fork 0
mirror of https://github.com/kmc7468/arkvault.git synced 2025-12-14 22:08:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

하나의 공개 키로 여러 계정에 로그인할 수 있도록 구현

Browse Source
This commit is contained in:
static
2024-12-29 01:37:44 +09:00
parent c16abca832
commit af51f04b94
7 changed files with 131 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
src/lib/modules/crypto.ts Normal file
View File

@@ -0,0 +1,50 @@
export type RSAKeyType = "public" | "private";
export const generateRSAKeyPair = async () => {
const keyPair = await window.crypto.subtle.generateKey(
{
name: "RSA-OAEP",
modulusLength: 4096,
publicExponent: new Uint8Array([1, 0, 1]),
hash: "SHA-256",
} satisfies RsaHashedKeyGenParams,
true,
["encrypt", "decrypt"],
);
return keyPair;
};
export const makeRSAKeyNonextractable = async (key: CryptoKey, type: RSAKeyType) => {
const format = type === "public" ? "spki" : "pkcs8";
const keyUsage = type === "public" ? "encrypt" : "decrypt";
return await window.crypto.subtle.importKey(
format,
await window.crypto.subtle.exportKey(format, key),
{
name: "RSA-OAEP",
hash: "SHA-256",
} satisfies RsaHashedImportParams,
false,
[keyUsage],
);
};
export const exportRSAKeyToBase64 = async (key: CryptoKey, type: RSAKeyType) => {
const exportedKey = await window.crypto.subtle.exportKey(
type === "public" ? "spki" : "pkcs8",
key,
);
return btoa(String.fromCharCode(...new Uint8Array(exportedKey)));
};
export const decryptRSACiphertext = async (ciphertext: string, privateKey: CryptoKey) => {
const ciphertextBuffer = Uint8Array.from(atob(ciphertext), (c) => c.charCodeAt(0));
const plaintext = await window.crypto.subtle.decrypt(
{
name: "RSA-OAEP",
} satisfies RsaOaepParams,
privateKey,
ciphertextBuffer,
);
return btoa(String.fromCharCode(...new Uint8Array(plaintext)));
};

4
src/lib/server/db/client.ts
View File

@@ -17,6 +17,10 @@ export const getClientByPubKey = async (pubKey: string) => {
return clients[0] ?? null; return clients[0] ?? null;
}; };
export const createUserClient = async (userId: number, clientId: number) => {
await db.insert(userClient).values({ userId, clientId }).execute();
};
export const getUserClient = async (userId: number, clientId: number) => { export const getUserClient = async (userId: number, clientId: number) => {
const userClients = await db const userClients = await db
.select() .select()

36
src/lib/server/services/key.ts
View File

@@ -5,6 +5,8 @@ import { promisify } from "util";
import { import {
createClient, createClient,
getClientByPubKey, getClientByPubKey,
createUserClient,
getUserClient,
createUserClientChallenge, createUserClientChallenge,
getUserClientChallenge, getUserClientChallenge,
setUserClientStateToPending, setUserClientStateToPending,
@@ -25,20 +27,30 @@ const generateChallenge = async (userId: number, ip: string, clientId: number, p
}; };
export const registerPubKey = async (userId: number, ip: string, pubKey: string) => { export const registerPubKey = async (userId: number, ip: string, pubKey: string) => {
if (await getClientByPubKey(pubKey)) { const client = await getClientByPubKey(pubKey);
error(409, "Public key already registered"); let clientId;
if (client) {
const userClient = await getUserClient(userId, client.id);
if (userClient) {
error(409, "Public key already registered");
}
await createUserClient(userId, client.id);
clientId = client.id;
} else {
const pubKeyPem = `-----BEGIN PUBLIC KEY-----\n${pubKey}\n-----END PUBLIC KEY-----`;
const pubKeyObject = createPublicKey(pubKeyPem);
if (
pubKeyObject.asymmetricKeyType !== "rsa" ||
pubKeyObject.asymmetricKeyDetails?.modulusLength !== 4096
) {
error(400, "Invalid public key");
}
clientId = await createClient(pubKey, userId);
} }
const pubKeyPem = `-----BEGIN PUBLIC KEY-----\n${pubKey}\n-----END PUBLIC KEY-----`;
const pubKeyObject = createPublicKey(pubKeyPem);
if (
pubKeyObject.asymmetricKeyType !== "rsa" ||
pubKeyObject.asymmetricKeyDetails?.modulusLength !== 4096
) {
error(400, "Invalid public key");
}
const clientId = await createClient(pubKey, userId);
return await generateChallenge(userId, ip, clientId, pubKey); return await generateChallenge(userId, ip, clientId, pubKey);
}; };

2
src/routes/(fullscreen)/auth/login/+page.svelte
View File

@@ -14,7 +14,7 @@
const login = async () => { const login = async () => {
// TODO: Validation // TODO: Validation
if (await requestLogin(email, password)) { if (await requestLogin(email, password, $keyPairStore)) {
await goto( await goto(
$keyPairStore $keyPairStore
? data.redirectPath ? data.redirectPath

47
src/routes/(fullscreen)/auth/login/service.ts
View File

@@ -1,10 +1,49 @@
export const requestLogin = async (email: string, password: string) => { import { exportRSAKeyToBase64 } from "$lib/modules/crypto";
const res = await fetch("/api/auth/login", { import { requestPubKeyRegistration } from "../../key/export/service";
const callLoginAPI = async (email: string, password: string, pubKeyBase64?: string) => {
return await fetch("/api/auth/login", {
method: "POST", method: "POST",
headers: { headers: {
"Content-Type": "application/json", "Content-Type": "application/json",
}, },
body: JSON.stringify({ email, password }), body: JSON.stringify({
email,
password,
pubKey: pubKeyBase64,
}),
}); });
return res.ok; };
export const requestLogin = async (
email: string,
password: string,
keyPair: CryptoKeyPair | null,
registerPubKey = true,
): Promise<boolean> => {
const pubKeyBase64 = keyPair
? await exportRSAKeyToBase64(keyPair.publicKey, "public")
: undefined;
let loginRes = await callLoginAPI(email, password, pubKeyBase64);
if (loginRes.ok) {
return true;
} else if (loginRes.status !== 401 || !keyPair || !registerPubKey) {
return false;
}
const { message } = await loginRes.json();
if (message !== "Unregistered public key") {
return false;
}
loginRes = await callLoginAPI(email, password);
if (!loginRes.ok) {
return false;
}
if (await requestPubKeyRegistration(pubKeyBase64!, keyPair.privateKey)) {
return requestLogin(email, password, keyPair, false);
} else {
return false;
}
}; };

15
src/routes/(fullscreen)/key/export/service.ts
View File

@@ -1,5 +1,6 @@
import { callAPI } from "$lib/hooks"; import { callAPI } from "$lib/hooks";
import { storeKeyPairIntoIndexedDB } from "$lib/indexedDB"; import { storeKeyPairIntoIndexedDB } from "$lib/indexedDB";
import { decryptRSACiphertext } from "$lib/modules/crypto";
export const createBlobFromKeyPairBase64 = (pubKeyBase64: string, privKeyBase64: string) => { export const createBlobFromKeyPairBase64 = (pubKeyBase64: string, privKeyBase64: string) => {
const pubKeyFormatted = pubKeyBase64.match(/.{1,64}/g)?.join("\n"); const pubKeyFormatted = pubKeyBase64.match(/.{1,64}/g)?.join("\n");
@@ -13,18 +14,6 @@ export const createBlobFromKeyPairBase64 = (pubKeyBase64: string, privKeyBase64:
return new Blob([`${pubKeyPem}\n${privKeyPem}\n`], { type: "text/plain" }); return new Blob([`${pubKeyPem}\n${privKeyPem}\n`], { type: "text/plain" });
}; };
const decryptChallenge = async (challenge: string, privateKey: CryptoKey) => {
const challengeBuffer = Uint8Array.from(atob(challenge), (c) => c.charCodeAt(0));
const answer = await window.crypto.subtle.decrypt(
{
name: "RSA-OAEP",
} satisfies RsaOaepParams,
privateKey,
challengeBuffer,
);
return btoa(String.fromCharCode(...new Uint8Array(answer)));
};
export const requestPubKeyRegistration = async (pubKeyBase64: string, privateKey: CryptoKey) => { export const requestPubKeyRegistration = async (pubKeyBase64: string, privateKey: CryptoKey) => {
let res = await callAPI("/api/key/register", { let res = await callAPI("/api/key/register", {
method: "POST", method: "POST",
@@ -37,7 +26,7 @@ export const requestPubKeyRegistration = async (pubKeyBase64: string, privateKey
const data = await res.json(); const data = await res.json();
const challenge = data.challenge as string; const challenge = data.challenge as string;
const answer = await decryptChallenge(challenge, privateKey); const answer = await decryptRSACiphertext(challenge, privateKey);
res = await callAPI("/api/key/verify", { res = await callAPI("/api/key/verify", {
method: "POST", method: "POST",

48
src/routes/(fullscreen)/key/generate/service.ts
View File

@@ -1,44 +1,10 @@
import {
generateRSAKeyPair,
makeRSAKeyNonextractable,
exportRSAKeyToBase64,
} from "$lib/modules/crypto";
import { keyPairStore } from "$lib/stores"; import { keyPairStore } from "$lib/stores";
type KeyType = "public" | "private";
const generateRSAKeyPair = async () => {
const keyPair = await window.crypto.subtle.generateKey(
{
name: "RSA-OAEP",
modulusLength: 4096,
publicExponent: new Uint8Array([1, 0, 1]),
hash: "SHA-256",
} satisfies RsaHashedKeyGenParams,
true,
["encrypt", "decrypt"],
);
return keyPair;
};
const makeRSAKeyNonextractable = async (key: CryptoKey, type: KeyType) => {
const format = type === "public" ? "spki" : "pkcs8";
const keyUsage = type === "public" ? "encrypt" : "decrypt";
return await window.crypto.subtle.importKey(
format,
await window.crypto.subtle.exportKey(format, key),
{
name: "RSA-OAEP",
hash: "SHA-256",
} satisfies RsaHashedImportParams,
false,
[keyUsage],
);
};
const exportKeyToBase64 = async (key: CryptoKey, type: KeyType) => {
const exportedKey = await window.crypto.subtle.exportKey(
type === "public" ? "spki" : "pkcs8",
key,
);
return btoa(String.fromCharCode(...new Uint8Array(exportedKey)));
};
export const generateKeyPair = async () => { export const generateKeyPair = async () => {
const keyPair = await generateRSAKeyPair(); const keyPair = await generateRSAKeyPair();
const privKeySecured = await makeRSAKeyNonextractable(keyPair.privateKey, "private"); const privKeySecured = await makeRSAKeyNonextractable(keyPair.privateKey, "private");
@@ -49,7 +15,7 @@ export const generateKeyPair = async () => {
}); });
return { return {
pubKeyBase64: await exportKeyToBase64(keyPair.publicKey, "public"), pubKeyBase64: await exportRSAKeyToBase64(keyPair.publicKey, "public"),
privKeyBase64: await exportKeyToBase64(keyPair.privateKey, "private"), privKeyBase64: await exportRSAKeyToBase64(keyPair.privateKey, "private"),
}; };
}; };