Token Upgrade시 챌린지를 거치도록 변경

2025-12-16 06:58:46 +00:00 · 2024-12-31 03:01:29 +09:00
parent 4f20d2edbf
commit b84d6fd5ad
14 changed files with 208 additions and 69 deletions
--- a/src/routes/api/auth/upgradeToken/verify/+server.ts
+++ b/src/routes/api/auth/upgradeToken/verify/+server.ts
@@ -0,0 +1,35 @@
+import { error, text } from "@sveltejs/kit";
+import { z } from "zod";
+import { upgradeToken } from "$lib/server/services/auth";
+import type { RequestHandler } from "./$types";
+
+export const POST: RequestHandler = async ({ request, cookies, getClientAddress }) => {
+  const token = cookies.get("refreshToken");
+  if (!token) error(401, "Refresh token not found");
+
+  const zodRes = z
+    .object({
+      answer: z.string().base64().nonempty(),
+      sigAnswer: z.string().base64().nonempty(),
+    })
+    .safeParse(await request.json());
+  if (!zodRes.success) error(400, "Invalid request body");
+  const { answer, sigAnswer } = zodRes.data;
+
+  const { accessToken, refreshToken } = await upgradeToken(
+    token.trim(),
+    getClientAddress(),
+    answer.trim(),
+    sigAnswer.trim(),
+  );
+  cookies.set("accessToken", accessToken, {
+    path: "/",
+    sameSite: "strict",
+  });
+  cookies.set("refreshToken", refreshToken, {
+    path: "/api/auth",
+    sameSite: "strict",
+  });
+
+  return text("Token upgraded", { headers: { "Content-Type": "text/plain" } });
+};