/api/client/[id]/key Endpoint 삭제 및 프론트엔드와의 Zod 스키마 공유 구현

2025-12-16 06:58:46 +00:00 · 2025-01-02 04:44:02 +09:00
parent 45df24b416
commit b07d67b958
27 changed files with 241 additions and 169 deletions
--- a/src/lib/hooks/callAPI.ts
+++ b/src/lib/hooks/callAPI.ts
@@ -1,15 +0,0 @@
-export const refreshToken = async () => {
-  return await fetch("/api/auth/refreshToken", { method: "POST" });
-};
-
-export const callAPI = async (input: RequestInfo, init?: RequestInit) => {
-  let res = await fetch(input, init);
-  if (res.status === 401) {
-    res = await refreshToken();
-    if (!res.ok) {
-      return res;
-    }
-    res = await fetch(input, init);
-  }
-  return res;
-};
--- a/src/lib/hooks/callApi.ts
+++ b/src/lib/hooks/callApi.ts
@@ -0,0 +1,41 @@
+import { signRequest } from "$lib/modules/crypto";
+
+export const refreshToken = async () => {
+  return await fetch("/api/auth/refreshToken", { method: "POST" });
+};
+
+const callApi = async (input: RequestInfo, init?: RequestInit) => {
+  let res = await fetch(input, init);
+  if (res.status === 401) {
+    res = await refreshToken();
+    if (!res.ok) {
+      return res;
+    }
+    res = await fetch(input, init);
+  }
+  return res;
+};
+
+export const callGetApi = async (input: RequestInfo) => {
+  return await callApi(input);
+};
+
+export const callPostApi = async <T>(input: RequestInfo, payload: T) => {
+  return await callApi(input, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+    },
+    body: JSON.stringify(payload),
+  });
+};
+
+export const callSignedPostApi = async <T>(input: RequestInfo, payload: T, signKey: CryptoKey) => {
+  return await callApi(input, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+    },
+    body: await signRequest(payload, signKey),
+  });
+};
--- a/src/lib/hooks/index.ts
+++ b/src/lib/hooks/index.ts
@@ -1,2 +1,2 @@
-export { callAPI } from "./callAPI";
-export { gotoStateful } from "./gotoStateful";
+export * from "./callApi";
+export * from "./gotoStateful";
--- a/src/lib/server/schemas/auth.ts
+++ b/src/lib/server/schemas/auth.ts
@@ -0,0 +1,24 @@
+import { z } from "zod";
+
+export const loginRequest = z.object({
+  email: z.string().email().nonempty(),
+  password: z.string().trim().nonempty(),
+});
+export type LoginRequest = z.infer<typeof loginRequest>;
+
+export const tokenUpgradeRequest = z.object({
+  encPubKey: z.string().base64().nonempty(),
+  sigPubKey: z.string().base64().nonempty(),
+});
+export type TokenUpgradeRequest = z.infer<typeof tokenUpgradeRequest>;
+
+export const tokenUpgradeResponse = z.object({
+  challenge: z.string().base64().nonempty(),
+});
+export type TokenUpgradeResponse = z.infer<typeof tokenUpgradeResponse>;
+
+export const tokenUpgradeVerifyRequest = z.object({
+  answer: z.string().base64().nonempty(),
+  sigAnswer: z.string().base64().nonempty(),
+});
+export type TokenUpgradeVerifyRequest = z.infer<typeof tokenUpgradeVerifyRequest>;
--- a/src/lib/server/schemas/client.ts
+++ b/src/lib/server/schemas/client.ts
@@ -0,0 +1,35 @@
+import { z } from "zod";
+
+export const clientListResponse = z.object({
+  clients: z.array(
+    z.object({
+      id: z.number().int().positive(),
+      state: z.enum(["pending", "active"]),
+    }),
+  ),
+});
+export type ClientListResponse = z.infer<typeof clientListResponse>;
+
+export const clientRegisterRequest = z.object({
+  encPubKey: z.string().base64().nonempty(),
+  sigPubKey: z.string().base64().nonempty(),
+});
+export type ClientRegisterRequest = z.infer<typeof clientRegisterRequest>;
+
+export const clientRegisterResponse = z.object({
+  challenge: z.string().base64().nonempty(),
+});
+export type ClientRegisterResponse = z.infer<typeof clientRegisterResponse>;
+
+export const clientRegisterVerifyRequest = z.object({
+  answer: z.string().base64().nonempty(),
+  sigAnswer: z.string().base64().nonempty(),
+});
+export type ClientRegisterVerifyRequest = z.infer<typeof clientRegisterVerifyRequest>;
+
+export const clientStatusResponse = z.object({
+  id: z.number().int().positive(),
+  state: z.enum(["pending", "active"]),
+  isInitialMekNeeded: z.boolean(),
+});
+export type ClientStatusResponse = z.infer<typeof clientStatusResponse>;
--- a/src/lib/server/schemas/directory.ts
+++ b/src/lib/server/schemas/directory.ts
@@ -0,0 +1,27 @@
+import { z } from "zod";
+
+export const directroyEntriesResponse = z.object({
+  metadata: z
+    .object({
+      createdAt: z.date(),
+      mekVersion: z.number().int().positive(),
+      dek: z.string().base64().nonempty(),
+      dekIv: z.string().base64().nonempty(),
+      name: z.string().base64().nonempty(),
+      nameIv: z.string().base64().nonempty(),
+    })
+    .optional(),
+  subDirectories: z.number().int().positive().array(),
+  files: z.number().int().positive().array(),
+});
+export type DirectroyEntriesResponse = z.infer<typeof directroyEntriesResponse>;
+
+export const directoryCreateRequest = z.object({
+  parentId: z.union([z.enum(["root"]), z.number().int().positive()]),
+  mekVersion: z.number().int().positive(),
+  dek: z.string().base64().nonempty(),
+  dekIv: z.string().base64().nonempty(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+});
+export type DirectoryCreateRequest = z.infer<typeof directoryCreateRequest>;
--- a/src/lib/server/schemas/index.ts
+++ b/src/lib/server/schemas/index.ts
@@ -0,0 +1,4 @@
+export * from "./auth";
+export * from "./client";
+export * from "./directory";
+export * from "./mek";
--- a/src/lib/server/schemas/mek.ts
+++ b/src/lib/server/schemas/mek.ts
@@ -0,0 +1,19 @@
+import { z } from "zod";
+
+export const masterKeyListResponse = z.object({
+  meks: z.array(
+    z.object({
+      version: z.number().int().positive(),
+      state: z.enum(["active", "retired"]),
+      mek: z.string().base64().nonempty(),
+      mekSig: z.string().base64().nonempty(),
+    }),
+  ),
+});
+export type MasterKeyListResponse = z.infer<typeof masterKeyListResponse>;
+
+export const initialMasterKeyRegisterRequest = z.object({
+  mek: z.string().base64().nonempty(),
+  mekSig: z.string().base64().nonempty(),
+});
+export type InitialMasterKeyRegisterRequest = z.infer<typeof initialMasterKeyRegisterRequest>;
--- a/src/lib/server/services/client.ts
+++ b/src/lib/server/services/client.ts
@@ -8,7 +8,6 @@ import {
  createUserClient,
  getAllUserClients,
  getUserClient,
-  getUserClientWithDetails,
  setUserClientStateToPending,
  registerUserClientChallenge,
  getUserClientChallenge,
@@ -18,15 +17,6 @@ import { verifyPubKey, verifySignature, generateChallenge } from "$lib/server/mo
 import { isInitialMekNeeded } from "$lib/server/modules/mek";
 import env from "$lib/server/loadenv";

-export const getUserClientEncPubKey = async (userId: number, clientId: number) => {
-  const userClient = await getUserClientWithDetails(userId, clientId);
-  if (!userClient || userClient.user_client.state === "challenging") {
-    error(400, "Invalid client ID");
-  }
-
-  return { encPubKey: userClient.client.encPubKey };
-};
-
 export const getUserClientList = async (userId: number) => {
  const userClients = await getAllUserClients(userId);
  return {
--- a/src/lib/server/services/mek.ts
+++ b/src/lib/server/services/mek.ts
@@ -6,11 +6,11 @@ import { isInitialMekNeeded, verifyClientEncMekSig } from "$lib/server/modules/m
 export const getClientMekList = async (userId: number, clientId: number) => {
  const clientMeks = await getAllValidClientMeks(userId, clientId);
  return {
-    meks: clientMeks.map((clientMek) => ({
+    encMeks: clientMeks.map((clientMek) => ({
      version: clientMek.master_encryption_key.version,
      state: clientMek.master_encryption_key.state,
-      mek: clientMek.client_master_encryption_key.encMek,
-      mekSig: clientMek.client_master_encryption_key.encMekSig,
+      encMek: clientMek.client_master_encryption_key.encMek,
+      encMekSig: clientMek.client_master_encryption_key.encMekSig,
    })),
  };
 };
--- a/src/lib/services/auth.ts
+++ b/src/lib/services/auth.ts
@@ -4,6 +4,11 @@ import {
  decryptRSACiphertext,
  signRSAMessage,
 } from "$lib/modules/crypto";
+import type {
+  TokenUpgradeRequest,
+  TokenUpgradeResponse,
+  TokenUpgradeVerifyRequest,
+} from "$lib/server/schemas";

 export const requestTokenUpgrade = async (
  encryptKeyBase64: string,
@@ -19,11 +24,11 @@ export const requestTokenUpgrade = async (
    body: JSON.stringify({
      encPubKey: encryptKeyBase64,
      sigPubKey: verifyKeyBase64,
-    }),
+    } satisfies TokenUpgradeRequest),
  });
  if (!res.ok) return false;

-  const { challenge } = await res.json();
+  const { challenge }: TokenUpgradeResponse = await res.json();
  const answer = await decryptRSACiphertext(decodeFromBase64(challenge), decryptKey);
  const sigAnswer = await signRSAMessage(answer, signKey);

@@ -35,7 +40,7 @@ export const requestTokenUpgrade = async (
    body: JSON.stringify({
      answer: encodeToBase64(answer),
      sigAnswer: encodeToBase64(sigAnswer),
-    }),
+    } satisfies TokenUpgradeVerifyRequest),
  });
  return res.ok;
 };
--- a/src/lib/services/key.ts
+++ b/src/lib/services/key.ts
@@ -1,4 +1,4 @@
-import { callAPI } from "$lib/hooks";
+import { callGetApi, callPostApi } from "$lib/hooks";
 import { storeMasterKeys } from "$lib/indexedDB";
 import {
  encodeToBase64,
@@ -9,6 +9,12 @@ import {
  unwrapAESKeyUsingRSA,
  verifyMasterKeyWrappedSig,
 } from "$lib/modules/crypto";
+import type {
+  ClientRegisterRequest,
+  ClientRegisterResponse,
+  ClientRegisterVerifyRequest,
+  MasterKeyListResponse,
+} from "$lib/server/schemas";
 import { masterKeyStore } from "$lib/stores";

 export const requestClientRegistration = async (
@@ -17,49 +23,28 @@ export const requestClientRegistration = async (
  verifyKeyBase64: string,
  signKey: CryptoKey,
 ) => {
-  let res = await callAPI("/api/client/register", {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify({
-      encPubKey: encryptKeyBase64,
-      sigPubKey: verifyKeyBase64,
-    }),
+  let res = await callPostApi<ClientRegisterRequest>("/api/client/register", {
+    encPubKey: encryptKeyBase64,
+    sigPubKey: verifyKeyBase64,
  });
  if (!res.ok) return false;

-  const { challenge } = await res.json();
+  const { challenge }: ClientRegisterResponse = await res.json();
  const answer = await decryptRSACiphertext(decodeFromBase64(challenge), decryptKey);
  const sigAnswer = await signRSAMessage(answer, signKey);

-  res = await callAPI("/api/client/register/verify", {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify({
-      answer: encodeToBase64(answer),
-      sigAnswer: encodeToBase64(sigAnswer),
-    }),
+  res = await callPostApi<ClientRegisterVerifyRequest>("/api/client/register/verify", {
+    answer: encodeToBase64(answer),
+    sigAnswer: encodeToBase64(sigAnswer),
  });
  return res.ok;
 };

 export const requestMasterKeyDownload = async (decryptKey: CryptoKey, verfiyKey: CryptoKey) => {
-  const res = await callAPI("/api/mek/list", { method: "GET" });
+  const res = await callGetApi("/api/mek/list");
  if (!res.ok) return false;

-  const data = await res.json();
-  const { meks: masterKeysWrapped } = data as {
-    meks: {
-      version: number;
-      state: "active" | "retired";
-      mek: string;
-      mekSig: string;
-    }[];
-  };
-
+  const { meks: masterKeysWrapped }: MasterKeyListResponse = await res.json();
  const masterKeys = await Promise.all(
    masterKeysWrapped.map(
      async ({ version, state, mek: masterKeyWrapped, mekSig: masterKeyWrappedSig }) => ({