kmc7468/arkvault
1
0
Fork 0
mirror of https://github.com/kmc7468/arkvault.git synced 2025-12-15 06:18:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

/api/client/[id]/key Endpoint 삭제 및 프론트엔드와의 Zod 스키마 공유 구현

Browse Source
This commit is contained in:
static
2025-01-02 04:44:02 +09:00
parent 45df24b416
commit b07d67b958
27 changed files with 241 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/lib/hooks/callAPI.ts
View File

@@ -1,15 +0,0 @@
export const refreshToken = async () => {
return await fetch("/api/auth/refreshToken", { method: "POST" });
};
export const callAPI = async (input: RequestInfo, init?: RequestInit) => {
let res = await fetch(input, init);
if (res.status === 401) {
res = await refreshToken();
if (!res.ok) {
return res;
}
res = await fetch(input, init);
}
return res;
};

41
src/lib/hooks/callApi.ts Normal file
View File

@@ -0,0 +1,41 @@
import { signRequest } from "$lib/modules/crypto";
export const refreshToken = async () => {
return await fetch("/api/auth/refreshToken", { method: "POST" });
};
const callApi = async (input: RequestInfo, init?: RequestInit) => {
let res = await fetch(input, init);
if (res.status === 401) {
res = await refreshToken();
if (!res.ok) {
return res;
}
res = await fetch(input, init);
}
return res;
};
export const callGetApi = async (input: RequestInfo) => {
return await callApi(input);
};
export const callPostApi = async <T>(input: RequestInfo, payload: T) => {
return await callApi(input, {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify(payload),
});
};
export const callSignedPostApi = async <T>(input: RequestInfo, payload: T, signKey: CryptoKey) => {
return await callApi(input, {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: await signRequest(payload, signKey),
});
};

4
src/lib/hooks/index.ts
View File

@@ -1,2 +1,2 @@
export { callAPI } from "./callAPI"; export * from "./callApi";
export { gotoStateful } from "./gotoStateful"; export * from "./gotoStateful";

24
src/lib/server/schemas/auth.ts Normal file
View File

@@ -0,0 +1,24 @@
import { z } from "zod";
export const loginRequest = z.object({
email: z.string().email().nonempty(),
password: z.string().trim().nonempty(),
});
export type LoginRequest = z.infer<typeof loginRequest>;
export const tokenUpgradeRequest = z.object({
encPubKey: z.string().base64().nonempty(),
sigPubKey: z.string().base64().nonempty(),
});
export type TokenUpgradeRequest = z.infer<typeof tokenUpgradeRequest>;
export const tokenUpgradeResponse = z.object({
challenge: z.string().base64().nonempty(),
});
export type TokenUpgradeResponse = z.infer<typeof tokenUpgradeResponse>;
export const tokenUpgradeVerifyRequest = z.object({
answer: z.string().base64().nonempty(),
sigAnswer: z.string().base64().nonempty(),
});
export type TokenUpgradeVerifyRequest = z.infer<typeof tokenUpgradeVerifyRequest>;

35
src/lib/server/schemas/client.ts Normal file
View File

@@ -0,0 +1,35 @@
import { z } from "zod";
export const clientListResponse = z.object({
clients: z.array(
z.object({
id: z.number().int().positive(),
state: z.enum(["pending", "active"]),
}),
),
});
export type ClientListResponse = z.infer<typeof clientListResponse>;
export const clientRegisterRequest = z.object({
encPubKey: z.string().base64().nonempty(),
sigPubKey: z.string().base64().nonempty(),
});
export type ClientRegisterRequest = z.infer<typeof clientRegisterRequest>;
export const clientRegisterResponse = z.object({
challenge: z.string().base64().nonempty(),
});
export type ClientRegisterResponse = z.infer<typeof clientRegisterResponse>;
export const clientRegisterVerifyRequest = z.object({
answer: z.string().base64().nonempty(),
sigAnswer: z.string().base64().nonempty(),
});
export type ClientRegisterVerifyRequest = z.infer<typeof clientRegisterVerifyRequest>;
export const clientStatusResponse = z.object({
id: z.number().int().positive(),
state: z.enum(["pending", "active"]),
isInitialMekNeeded: z.boolean(),
});
export type ClientStatusResponse = z.infer<typeof clientStatusResponse>;

27
src/lib/server/schemas/directory.ts Normal file
View File

@@ -0,0 +1,27 @@
import { z } from "zod";
export const directroyEntriesResponse = z.object({
metadata: z
.object({
createdAt: z.date(),
mekVersion: z.number().int().positive(),
dek: z.string().base64().nonempty(),
dekIv: z.string().base64().nonempty(),
name: z.string().base64().nonempty(),
nameIv: z.string().base64().nonempty(),
})
.optional(),
subDirectories: z.number().int().positive().array(),
files: z.number().int().positive().array(),
});
export type DirectroyEntriesResponse = z.infer<typeof directroyEntriesResponse>;
export const directoryCreateRequest = z.object({
parentId: z.union([z.enum(["root"]), z.number().int().positive()]),
mekVersion: z.number().int().positive(),
dek: z.string().base64().nonempty(),
dekIv: z.string().base64().nonempty(),
name: z.string().base64().nonempty(),
nameIv: z.string().base64().nonempty(),
});
export type DirectoryCreateRequest = z.infer<typeof directoryCreateRequest>;

4
src/lib/server/schemas/index.ts Normal file
View File

@@ -0,0 +1,4 @@
export * from "./auth";
export * from "./client";
export * from "./directory";
export * from "./mek";

19
src/lib/server/schemas/mek.ts Normal file
View File

@@ -0,0 +1,19 @@
import { z } from "zod";
export const masterKeyListResponse = z.object({
meks: z.array(
z.object({
version: z.number().int().positive(),
state: z.enum(["active", "retired"]),
mek: z.string().base64().nonempty(),
mekSig: z.string().base64().nonempty(),
}),
),
});
export type MasterKeyListResponse = z.infer<typeof masterKeyListResponse>;
export const initialMasterKeyRegisterRequest = z.object({
mek: z.string().base64().nonempty(),
mekSig: z.string().base64().nonempty(),
});
export type InitialMasterKeyRegisterRequest = z.infer<typeof initialMasterKeyRegisterRequest>;

10
src/lib/server/services/client.ts
View File

@@ -8,7 +8,6 @@ import {
createUserClient, createUserClient,
getAllUserClients, getAllUserClients,
getUserClient, getUserClient,
getUserClientWithDetails,
setUserClientStateToPending, setUserClientStateToPending,
registerUserClientChallenge, registerUserClientChallenge,
getUserClientChallenge, getUserClientChallenge,
@@ -18,15 +17,6 @@ import { verifyPubKey, verifySignature, generateChallenge } from "$lib/server/mo
import { isInitialMekNeeded } from "$lib/server/modules/mek"; import { isInitialMekNeeded } from "$lib/server/modules/mek";
import env from "$lib/server/loadenv"; import env from "$lib/server/loadenv";
export const getUserClientEncPubKey = async (userId: number, clientId: number) => {
const userClient = await getUserClientWithDetails(userId, clientId);
if (!userClient || userClient.user_client.state === "challenging") {
error(400, "Invalid client ID");
}
return { encPubKey: userClient.client.encPubKey };
};
export const getUserClientList = async (userId: number) => { export const getUserClientList = async (userId: number) => {
const userClients = await getAllUserClients(userId); const userClients = await getAllUserClients(userId);
return { return {

6
src/lib/server/services/mek.ts
View File

@@ -6,11 +6,11 @@ import { isInitialMekNeeded, verifyClientEncMekSig } from "$lib/server/modules/m
export const getClientMekList = async (userId: number, clientId: number) => { export const getClientMekList = async (userId: number, clientId: number) => {
const clientMeks = await getAllValidClientMeks(userId, clientId); const clientMeks = await getAllValidClientMeks(userId, clientId);
return { return {
meks: clientMeks.map((clientMek) => ({ encMeks: clientMeks.map((clientMek) => ({
version: clientMek.master_encryption_key.version, version: clientMek.master_encryption_key.version,
state: clientMek.master_encryption_key.state, state: clientMek.master_encryption_key.state,
mek: clientMek.client_master_encryption_key.encMek, encMek: clientMek.client_master_encryption_key.encMek,
mekSig: clientMek.client_master_encryption_key.encMekSig, encMekSig: clientMek.client_master_encryption_key.encMekSig,
})), })),
}; };
}; };

11
src/lib/services/auth.ts
View File

@@ -4,6 +4,11 @@ import {
decryptRSACiphertext, decryptRSACiphertext,
signRSAMessage, signRSAMessage,
} from "$lib/modules/crypto"; } from "$lib/modules/crypto";
import type {
TokenUpgradeRequest,
TokenUpgradeResponse,
TokenUpgradeVerifyRequest,
} from "$lib/server/schemas";
export const requestTokenUpgrade = async ( export const requestTokenUpgrade = async (
encryptKeyBase64: string, encryptKeyBase64: string,
@@ -19,11 +24,11 @@ export const requestTokenUpgrade = async (
body: JSON.stringify({ body: JSON.stringify({
encPubKey: encryptKeyBase64, encPubKey: encryptKeyBase64,
sigPubKey: verifyKeyBase64, sigPubKey: verifyKeyBase64,
}), } satisfies TokenUpgradeRequest),
}); });
if (!res.ok) return false; if (!res.ok) return false;
const { challenge } = await res.json(); const { challenge }: TokenUpgradeResponse = await res.json();
const answer = await decryptRSACiphertext(decodeFromBase64(challenge), decryptKey); const answer = await decryptRSACiphertext(decodeFromBase64(challenge), decryptKey);
const sigAnswer = await signRSAMessage(answer, signKey); const sigAnswer = await signRSAMessage(answer, signKey);
@@ -35,7 +40,7 @@ export const requestTokenUpgrade = async (
body: JSON.stringify({ body: JSON.stringify({
answer: encodeToBase64(answer), answer: encodeToBase64(answer),
sigAnswer: encodeToBase64(sigAnswer), sigAnswer: encodeToBase64(sigAnswer),
}), } satisfies TokenUpgradeVerifyRequest),
}); });
return res.ok; return res.ok;
}; };

47
src/lib/services/key.ts
View File

@@ -1,4 +1,4 @@
import { callAPI } from "$lib/hooks"; import { callGetApi, callPostApi } from "$lib/hooks";
import { storeMasterKeys } from "$lib/indexedDB"; import { storeMasterKeys } from "$lib/indexedDB";
import { import {
encodeToBase64, encodeToBase64,
@@ -9,6 +9,12 @@ import {
unwrapAESKeyUsingRSA, unwrapAESKeyUsingRSA,
verifyMasterKeyWrappedSig, verifyMasterKeyWrappedSig,
} from "$lib/modules/crypto"; } from "$lib/modules/crypto";
import type {
ClientRegisterRequest,
ClientRegisterResponse,
ClientRegisterVerifyRequest,
MasterKeyListResponse,
} from "$lib/server/schemas";
import { masterKeyStore } from "$lib/stores"; import { masterKeyStore } from "$lib/stores";
export const requestClientRegistration = async ( export const requestClientRegistration = async (
@@ -17,49 +23,28 @@ export const requestClientRegistration = async (
verifyKeyBase64: string, verifyKeyBase64: string,
signKey: CryptoKey, signKey: CryptoKey,
) => { ) => {
let res = await callAPI("/api/client/register", { let res = await callPostApi<ClientRegisterRequest>("/api/client/register", {
method: "POST", encPubKey: encryptKeyBase64,
headers: { sigPubKey: verifyKeyBase64,
"Content-Type": "application/json",
},
body: JSON.stringify({
encPubKey: encryptKeyBase64,
sigPubKey: verifyKeyBase64,
}),
}); });
if (!res.ok) return false; if (!res.ok) return false;
const { challenge } = await res.json(); const { challenge }: ClientRegisterResponse = await res.json();
const answer = await decryptRSACiphertext(decodeFromBase64(challenge), decryptKey); const answer = await decryptRSACiphertext(decodeFromBase64(challenge), decryptKey);
const sigAnswer = await signRSAMessage(answer, signKey); const sigAnswer = await signRSAMessage(answer, signKey);
res = await callAPI("/api/client/register/verify", { res = await callPostApi<ClientRegisterVerifyRequest>("/api/client/register/verify", {
method: "POST", answer: encodeToBase64(answer),
headers: { sigAnswer: encodeToBase64(sigAnswer),
"Content-Type": "application/json",
},
body: JSON.stringify({
answer: encodeToBase64(answer),
sigAnswer: encodeToBase64(sigAnswer),
}),
}); });
return res.ok; return res.ok;
}; };
export const requestMasterKeyDownload = async (decryptKey: CryptoKey, verfiyKey: CryptoKey) => { export const requestMasterKeyDownload = async (decryptKey: CryptoKey, verfiyKey: CryptoKey) => {
const res = await callAPI("/api/mek/list", { method: "GET" }); const res = await callGetApi("/api/mek/list");
if (!res.ok) return false; if (!res.ok) return false;
const data = await res.json(); const { meks: masterKeysWrapped }: MasterKeyListResponse = await res.json();
const { meks: masterKeysWrapped } = data as {
meks: {
version: number;
state: "active" | "retired";
mek: string;
mekSig: string;
}[];
};
const masterKeys = await Promise.all( const masterKeys = await Promise.all(
masterKeysWrapped.map( masterKeysWrapped.map(
async ({ version, state, mek: masterKeyWrapped, mekSig: masterKeyWrappedSig }) => ({ async ({ version, state, mek: masterKeyWrapped, mekSig: masterKeyWrappedSig }) => ({

2
src/routes/(fullscreen)/auth/login/+page.svelte
View File

@@ -4,7 +4,7 @@
import { Button, TextButton } from "$lib/components/buttons"; import { Button, TextButton } from "$lib/components/buttons";
import { TitleDiv, BottomDiv } from "$lib/components/divs"; import { TitleDiv, BottomDiv } from "$lib/components/divs";
import { TextInput } from "$lib/components/inputs"; import { TextInput } from "$lib/components/inputs";
import { refreshToken } from "$lib/hooks/callAPI"; import { refreshToken } from "$lib/hooks/callApi";
import { clientKeyStore, masterKeyStore } from "$lib/stores"; import { clientKeyStore, masterKeyStore } from "$lib/stores";
import { requestLogin, requestTokenUpgrade, requestMasterKeyDownload } from "./service"; import { requestLogin, requestTokenUpgrade, requestMasterKeyDownload } from "./service";

3
src/routes/(fullscreen)/auth/login/service.ts
View File

@@ -1,4 +1,5 @@
import { exportRSAKeyToBase64 } from "$lib/modules/crypto"; import { exportRSAKeyToBase64 } from "$lib/modules/crypto";
import type { LoginRequest } from "$lib/server/schemas";
import { requestTokenUpgrade as requestTokenUpgradeInternal } from "$lib/services/auth"; import { requestTokenUpgrade as requestTokenUpgradeInternal } from "$lib/services/auth";
import { requestClientRegistration } from "$lib/services/key"; import { requestClientRegistration } from "$lib/services/key";
import type { ClientKeys } from "$lib/stores"; import type { ClientKeys } from "$lib/stores";
@@ -11,7 +12,7 @@ export const requestLogin = async (email: string, password: string) => {
headers: { headers: {
"Content-Type": "application/json", "Content-Type": "application/json",
}, },
body: JSON.stringify({ email, password }), body: JSON.stringify({ email, password } satisfies LoginRequest),
}); });
return res.ok; return res.ok;
}; };

24
src/routes/(fullscreen)/key/export/service.ts
View File

@@ -1,6 +1,7 @@
import { callAPI } from "$lib/hooks"; import { callSignedPostApi } from "$lib/hooks";
import { storeClientKey } from "$lib/indexedDB"; import { storeClientKey } from "$lib/indexedDB";
import { encodeToBase64, signRequest, signMasterKeyWrapped } from "$lib/modules/crypto"; import { encodeToBase64, signMasterKeyWrapped } from "$lib/modules/crypto";
import type { InitialMasterKeyRegisterRequest } from "$lib/server/schemas";
import type { ClientKeys } from "$lib/stores"; import type { ClientKeys } from "$lib/stores";
export { requestTokenUpgrade } from "$lib/services/auth"; export { requestTokenUpgrade } from "$lib/services/auth";
@@ -45,18 +46,13 @@ export const requestInitialMasterKeyRegistration = async (
masterKeyWrapped: ArrayBuffer, masterKeyWrapped: ArrayBuffer,
signKey: CryptoKey, signKey: CryptoKey,
) => { ) => {
const res = await callAPI("/api/mek/register/initial", { const res = await callSignedPostApi<InitialMasterKeyRegisterRequest>(
method: "POST", "/api/mek/register/initial",
headers: { {
"Content-Type": "application/json", mek: encodeToBase64(masterKeyWrapped),
mekSig: await signMasterKeyWrapped(1, masterKeyWrapped, signKey),
}, },
body: await signRequest( signKey,
{ );
mek: encodeToBase64(masterKeyWrapped),
mekSig: await signMasterKeyWrapped(1, masterKeyWrapped, signKey),
},
signKey,
),
});
return res.ok || res.status === 409; return res.ok || res.status === 409;
}; };

9
src/routes/api/auth/login/+server.ts
View File

@@ -1,17 +1,12 @@
import { error, text } from "@sveltejs/kit"; import { error, text } from "@sveltejs/kit";
import ms from "ms"; import ms from "ms";
import { z } from "zod";
import env from "$lib/server/loadenv"; import env from "$lib/server/loadenv";
import { loginRequest } from "$lib/server/schemas/auth";
import { login } from "$lib/server/services/auth"; import { login } from "$lib/server/services/auth";
import type { RequestHandler } from "./$types"; import type { RequestHandler } from "./$types";
export const POST: RequestHandler = async ({ request, cookies }) => { export const POST: RequestHandler = async ({ request, cookies }) => {
const zodRes = z const zodRes = loginRequest.safeParse(await request.json());
.object({
email: z.string().email().nonempty(),
password: z.string().trim().nonempty(),
})
.safeParse(await request.json());
if (!zodRes.success) error(400, "Invalid request body"); if (!zodRes.success) error(400, "Invalid request body");
const { email, password } = zodRes.data; const { email, password } = zodRes.data;

11
src/routes/api/auth/upgradeToken/+server.ts
View File

@@ -1,5 +1,5 @@
import { error, json } from "@sveltejs/kit"; import { error, json } from "@sveltejs/kit";
import { z } from "zod"; import { tokenUpgradeRequest, tokenUpgradeResponse } from "$lib/server/schemas/auth";
import { createTokenUpgradeChallenge } from "$lib/server/services/auth"; import { createTokenUpgradeChallenge } from "$lib/server/services/auth";
import type { RequestHandler } from "./$types"; import type { RequestHandler } from "./$types";
@@ -7,12 +7,7 @@ export const POST: RequestHandler = async ({ request, cookies, getClientAddress
const token = cookies.get("refreshToken"); const token = cookies.get("refreshToken");
if (!token) error(401, "Refresh token not found"); if (!token) error(401, "Refresh token not found");
const zodRes = z const zodRes = tokenUpgradeRequest.safeParse(await request.json());
.object({
encPubKey: z.string().base64().nonempty(),
sigPubKey: z.string().base64().nonempty(),
})
.safeParse(await request.json());
if (!zodRes.success) error(400, "Invalid request body"); if (!zodRes.success) error(400, "Invalid request body");
const { encPubKey, sigPubKey } = zodRes.data; const { encPubKey, sigPubKey } = zodRes.data;
@@ -22,5 +17,5 @@ export const POST: RequestHandler = async ({ request, cookies, getClientAddress
encPubKey, encPubKey,
sigPubKey, sigPubKey,
); );
return json({ challenge }); return json(tokenUpgradeResponse.parse({ challenge }));
}; };

9
src/routes/api/auth/upgradeToken/verify/+server.ts
View File

@@ -1,5 +1,5 @@
import { error, text } from "@sveltejs/kit"; import { error, text } from "@sveltejs/kit";
import { z } from "zod"; import { tokenUpgradeVerifyRequest } from "$lib/server/schemas/auth";
import { upgradeToken } from "$lib/server/services/auth"; import { upgradeToken } from "$lib/server/services/auth";
import type { RequestHandler } from "./$types"; import type { RequestHandler } from "./$types";
@@ -7,12 +7,7 @@ export const POST: RequestHandler = async ({ request, cookies, getClientAddress
const token = cookies.get("refreshToken"); const token = cookies.get("refreshToken");
if (!token) error(401, "Refresh token not found"); if (!token) error(401, "Refresh token not found");
const zodRes = z const zodRes = tokenUpgradeVerifyRequest.safeParse(await request.json());
.object({
answer: z.string().base64().nonempty(),
sigAnswer: z.string().base64().nonempty(),
})
.safeParse(await request.json());
if (!zodRes.success) error(400, "Invalid request body"); if (!zodRes.success) error(400, "Invalid request body");
const { answer, sigAnswer } = zodRes.data; const { answer, sigAnswer } = zodRes.data;

20
src/routes/api/client/[id]/key/+server.ts
View File

@@ -1,20 +0,0 @@
import { error, json } from "@sveltejs/kit";
import { z } from "zod";
import { authorize } from "$lib/server/modules/auth";
import { getUserClientEncPubKey } from "$lib/server/services/client";
import type { RequestHandler } from "./$types";
export const GET: RequestHandler = async ({ cookies, params }) => {
const { userId } = await authorize(cookies, "activeClient");
const zodRes = z
.object({
id: z.coerce.number().int().positive(),
})
.safeParse(params);
if (!zodRes.success) error(400, "Invalid path parameters");
const { id } = zodRes.data;
const { encPubKey } = await getUserClientEncPubKey(userId, id);
return json({ encPubKey });
};

3
src/routes/api/client/list/+server.ts
View File

@@ -1,10 +1,11 @@
import { json } from "@sveltejs/kit"; import { json } from "@sveltejs/kit";
import { authenticate } from "$lib/server/modules/auth"; import { authenticate } from "$lib/server/modules/auth";
import { clientListResponse } from "$lib/server/schemas/client";
import { getUserClientList } from "$lib/server/services/client"; import { getUserClientList } from "$lib/server/services/client";
import type { RequestHandler } from "@sveltejs/kit"; import type { RequestHandler } from "@sveltejs/kit";
export const GET: RequestHandler = async ({ cookies }) => { export const GET: RequestHandler = async ({ cookies }) => {
const { userId } = authenticate(cookies); const { userId } = authenticate(cookies);
const { userClients } = await getUserClientList(userId); const { userClients } = await getUserClientList(userId);
return json({ clients: userClients }); return json(clientListResponse.parse({ clients: userClients }));
}; };

11
src/routes/api/client/register/+server.ts
View File

@@ -1,6 +1,6 @@
import { error, json } from "@sveltejs/kit"; import { error, json } from "@sveltejs/kit";
import { z } from "zod";
import { authenticate } from "$lib/server/modules/auth"; import { authenticate } from "$lib/server/modules/auth";
import { clientRegisterRequest, clientRegisterResponse } from "$lib/server/schemas/client";
import { registerUserClient } from "$lib/server/services/client"; import { registerUserClient } from "$lib/server/services/client";
import type { RequestHandler } from "./$types"; import type { RequestHandler } from "./$types";
@@ -10,15 +10,10 @@ export const POST: RequestHandler = async ({ request, cookies, getClientAddress
error(403, "Forbidden"); error(403, "Forbidden");
} }
const zodRes = z const zodRes = clientRegisterRequest.safeParse(await request.json());
.object({
encPubKey: z.string().base64().nonempty(),
sigPubKey: z.string().base64().nonempty(),
})
.safeParse(await request.json());
if (!zodRes.success) error(400, "Invalid request body"); if (!zodRes.success) error(400, "Invalid request body");
const { encPubKey, sigPubKey } = zodRes.data; const { encPubKey, sigPubKey } = zodRes.data;
const { challenge } = await registerUserClient(userId, getClientAddress(), encPubKey, sigPubKey); const { challenge } = await registerUserClient(userId, getClientAddress(), encPubKey, sigPubKey);
return json({ challenge }); return json(clientRegisterResponse.parse({ challenge }));
}; };

9
src/routes/api/client/register/verify/+server.ts
View File

@@ -1,6 +1,6 @@
import { error, text } from "@sveltejs/kit"; import { error, text } from "@sveltejs/kit";
import { z } from "zod";
import { authenticate } from "$lib/server/modules/auth"; import { authenticate } from "$lib/server/modules/auth";
import { clientRegisterVerifyRequest } from "$lib/server/schemas/client";
import { verifyUserClient } from "$lib/server/services/client"; import { verifyUserClient } from "$lib/server/services/client";
import type { RequestHandler } from "./$types"; import type { RequestHandler } from "./$types";
@@ -10,12 +10,7 @@ export const POST: RequestHandler = async ({ request, cookies, getClientAddress
error(403, "Forbidden"); error(403, "Forbidden");
} }
const zodRes = z const zodRes = clientRegisterVerifyRequest.safeParse(await request.json());
.object({
answer: z.string().base64().nonempty(),
sigAnswer: z.string().base64().nonempty(),
})
.safeParse(await request.json());
if (!zodRes.success) error(400, "Invalid request body"); if (!zodRes.success) error(400, "Invalid request body");
const { answer, sigAnswer } = zodRes.data; const { answer, sigAnswer } = zodRes.data;

3
src/routes/api/client/status/+server.ts
View File

@@ -1,5 +1,6 @@
import { error, json } from "@sveltejs/kit"; import { error, json } from "@sveltejs/kit";
import { authenticate } from "$lib/server/modules/auth"; import { authenticate } from "$lib/server/modules/auth";
import { clientStatusResponse } from "$lib/server/schemas/client";
import { getUserClientStatus } from "$lib/server/services/client"; import { getUserClientStatus } from "$lib/server/services/client";
import type { RequestHandler } from "@sveltejs/kit"; import type { RequestHandler } from "@sveltejs/kit";
@@ -10,5 +11,5 @@ export const GET: RequestHandler = async ({ cookies }) => {
} }
const { state, isInitialMekNeeded } = await getUserClientStatus(userId, clientId); const { state, isInitialMekNeeded } = await getUserClientStatus(userId, clientId);
return json({ id: clientId, state, isInitialMekNeeded }); return json(clientStatusResponse.parse({ id: clientId, state, isInitialMekNeeded }));
}; };

27
src/routes/api/directory/[id]/+server.ts
View File

@@ -1,6 +1,7 @@
import { error, json } from "@sveltejs/kit"; import { error, json } from "@sveltejs/kit";
import { z } from "zod"; import { z } from "zod";
import { authorize } from "$lib/server/modules/auth"; import { authorize } from "$lib/server/modules/auth";
import { directroyEntriesResponse } from "$lib/server/schemas/directory";
import { getDirectroyInformation } from "$lib/server/services/file"; import { getDirectroyInformation } from "$lib/server/services/file";
import type { RequestHandler } from "./$types"; import type { RequestHandler } from "./$types";
@@ -16,16 +17,18 @@ export const GET: RequestHandler = async ({ cookies, params }) => {
const { id } = zodRes.data; const { id } = zodRes.data;
const { metadata, directories, files } = await getDirectroyInformation(userId, id); const { metadata, directories, files } = await getDirectroyInformation(userId, id);
return json({ return json(
metadata: metadata && { directroyEntriesResponse.parse({
createdAt: metadata.createdAt, metadata: metadata && {
mekVersion: metadata.mekVersion, createdAt: metadata.createdAt,
dek: metadata.encDek.ciphertext, mekVersion: metadata.mekVersion,
dekIv: metadata.encDek.iv, dek: metadata.encDek.ciphertext,
name: metadata.encName.ciphertext, dekIv: metadata.encDek.iv,
nameIv: metadata.encName.iv, name: metadata.encName.ciphertext,
}, nameIv: metadata.encName.iv,
subDirectories: directories, },
files, subDirectories: directories,
}); files,
}),
);
}; };

11
src/routes/api/directory/create/+server.ts
View File

@@ -1,7 +1,7 @@
import { text } from "@sveltejs/kit"; import { text } from "@sveltejs/kit";
import { z } from "zod";
import { authorize } from "$lib/server/modules/auth"; import { authorize } from "$lib/server/modules/auth";
import { parseSignedRequest } from "$lib/server/modules/crypto"; import { parseSignedRequest } from "$lib/server/modules/crypto";
import { directoryCreateRequest } from "$lib/server/schemas/directory";
import { createDirectory } from "$lib/server/services/file"; import { createDirectory } from "$lib/server/services/file";
import type { RequestHandler } from "./$types"; import type { RequestHandler } from "./$types";
@@ -10,14 +10,7 @@ export const POST: RequestHandler = async ({ request, cookies }) => {
const { parentId, mekVersion, dek, dekIv, name, nameIv } = await parseSignedRequest( const { parentId, mekVersion, dek, dekIv, name, nameIv } = await parseSignedRequest(
clientId, clientId,
await request.json(), await request.json(),
z.object({ directoryCreateRequest,
parentId: z.union([z.enum(["root"]), z.number().int().positive()]),
mekVersion: z.number().int().positive(),
dek: z.string().base64().nonempty(),
dekIv: z.string().base64().nonempty(),
name: z.string().base64().nonempty(),
nameIv: z.string().base64().nonempty(),
}),
); );
await createDirectory({ await createDirectory({

16
src/routes/api/mek/list/+server.ts
View File

@@ -1,10 +1,20 @@
import { json } from "@sveltejs/kit"; import { json } from "@sveltejs/kit";
import { authorize } from "$lib/server/modules/auth"; import { authorize } from "$lib/server/modules/auth";
import { masterKeyListResponse } from "$lib/server/schemas/mek";
import { getClientMekList } from "$lib/server/services/mek"; import { getClientMekList } from "$lib/server/services/mek";
import type { RequestHandler } from "@sveltejs/kit"; import type { RequestHandler } from "./$types";
export const GET: RequestHandler = async ({ cookies }) => { export const GET: RequestHandler = async ({ cookies }) => {
const { userId, clientId } = await authorize(cookies, "activeClient"); const { userId, clientId } = await authorize(cookies, "activeClient");
const { meks } = await getClientMekList(userId, clientId); const { encMeks } = await getClientMekList(userId, clientId);
return json({ meks }); return json(
masterKeyListResponse.parse({
meks: encMeks.map(({ version, state, encMek, encMekSig }) => ({
version,
state,
mek: encMek,
mekSig: encMekSig,
})),
}),
);
}; };

9
src/routes/api/mek/register/initial/+server.ts
View File

@@ -1,9 +1,9 @@
import { error, text } from "@sveltejs/kit"; import { error, text } from "@sveltejs/kit";
import { z } from "zod";
import { authenticate } from "$lib/server/modules/auth"; import { authenticate } from "$lib/server/modules/auth";
import { parseSignedRequest } from "$lib/server/modules/crypto"; import { parseSignedRequest } from "$lib/server/modules/crypto";
import { initialMasterKeyRegisterRequest } from "$lib/server/schemas/mek";
import { registerInitialActiveMek } from "$lib/server/services/mek"; import { registerInitialActiveMek } from "$lib/server/services/mek";
import type { RequestHandler } from "@sveltejs/kit"; import type { RequestHandler } from "./$types";
export const POST: RequestHandler = async ({ request, cookies }) => { export const POST: RequestHandler = async ({ request, cookies }) => {
const { userId, clientId } = authenticate(cookies); const { userId, clientId } = authenticate(cookies);
@@ -14,10 +14,7 @@ export const POST: RequestHandler = async ({ request, cookies }) => {
const { mek, mekSig } = await parseSignedRequest( const { mek, mekSig } = await parseSignedRequest(
clientId, clientId,
await request.json(), await request.json(),
z.object({ initialMasterKeyRegisterRequest,
mek: z.string().base64().nonempty(),
mekSig: z.string().base64().nonempty(),
}),
); );
await registerInitialActiveMek(userId, clientId, mek, mekSig); await registerInitialActiveMek(userId, clientId, mek, mekSig);