Drizzle 및 SQLite3 관련 패키지/코드 삭제

drizzle.config.ts

@@ -1,13 +0,0 @@
-import { defineConfig } from "drizzle-kit";
-
-export default defineConfig({
-  schema: "./src/lib/server/db/schema",
-
-  dbCredentials: {
-    url: process.env.DATABASE_URL || "local.db",
-  },
-
-  verbose: true,
-  strict: true,
-  dialect: "sqlite",
-});

drizzle/0000_regular_the_watchers.sql

@@ -1,178 +0,0 @@
-CREATE TABLE `client` (
-	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
-	`encryption_public_key` text NOT NULL,
-	`signature_public_key` text NOT NULL
-);
---> statement-breakpoint
-CREATE TABLE `user_client` (
-	`user_id` integer NOT NULL,
-	`client_id` integer NOT NULL,
-	`state` text DEFAULT 'challenging' NOT NULL,
-	PRIMARY KEY(`client_id`, `user_id`),
-	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`client_id`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-CREATE TABLE `user_client_challenge` (
-	`id` integer PRIMARY KEY NOT NULL,
-	`user_id` integer NOT NULL,
-	`client_id` integer NOT NULL,
-	`answer` text NOT NULL,
-	`allowed_ip` text NOT NULL,
-	`expires_at` integer NOT NULL,
-	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`client_id`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`user_id`,`client_id`) REFERENCES `user_client`(`user_id`,`client_id`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-CREATE TABLE `directory` (
-	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
-	`parent_id` integer,
-	`user_id` integer NOT NULL,
-	`master_encryption_key_version` integer NOT NULL,
-	`encrypted_data_encryption_key` text NOT NULL,
-	`data_encryption_key_version` integer NOT NULL,
-	`encrypted_name` text NOT NULL,
-	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`parent_id`) REFERENCES `directory`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`user_id`,`master_encryption_key_version`) REFERENCES `master_encryption_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-CREATE TABLE `directory_log` (
-	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
-	`directory_id` integer NOT NULL,
-	`timestamp` integer NOT NULL,
-	`action` text NOT NULL,
-	`new_name` text,
-	FOREIGN KEY (`directory_id`) REFERENCES `directory`(`id`) ON UPDATE no action ON DELETE cascade
-);
---> statement-breakpoint
-CREATE TABLE `file` (
-	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
-	`parent_id` integer,
-	`user_id` integer NOT NULL,
-	`path` text NOT NULL,
-	`master_encryption_key_version` integer NOT NULL,
-	`encrypted_data_encryption_key` text NOT NULL,
-	`data_encryption_key_version` integer NOT NULL,
-	`hmac_secret_key_version` integer,
-	`content_hmac` text,
-	`content_type` text NOT NULL,
-	`encrypted_content_iv` text NOT NULL,
-	`encrypted_content_hash` text NOT NULL,
-	`encrypted_name` text NOT NULL,
-	`encrypted_created_at` text,
-	`encrypted_last_modified_at` text NOT NULL,
-	FOREIGN KEY (`parent_id`) REFERENCES `directory`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`user_id`,`master_encryption_key_version`) REFERENCES `master_encryption_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`user_id`,`hmac_secret_key_version`) REFERENCES `hmac_secret_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-CREATE TABLE `file_log` (
-	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
-	`file_id` integer NOT NULL,
-	`timestamp` integer NOT NULL,
-	`action` text NOT NULL,
-	`new_name` text,
-	FOREIGN KEY (`file_id`) REFERENCES `file`(`id`) ON UPDATE no action ON DELETE cascade
-);
---> statement-breakpoint
-CREATE TABLE `hmac_secret_key` (
-	`user_id` integer NOT NULL,
-	`version` integer NOT NULL,
-	`state` text NOT NULL,
-	`master_encryption_key_version` integer NOT NULL,
-	`encrypted_key` text NOT NULL,
-	PRIMARY KEY(`user_id`, `version`),
-	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`user_id`,`master_encryption_key_version`) REFERENCES `master_encryption_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-CREATE TABLE `hmac_secret_key_log` (
-	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
-	`user_id` integer NOT NULL,
-	`hmac_secret_key_version` integer NOT NULL,
-	`timestamp` integer NOT NULL,
-	`action` text NOT NULL,
-	`action_by` integer,
-	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`action_by`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`user_id`,`hmac_secret_key_version`) REFERENCES `hmac_secret_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-CREATE TABLE `client_master_encryption_key` (
-	`user_id` integer NOT NULL,
-	`client_id` integer NOT NULL,
-	`version` integer NOT NULL,
-	`encrypted_key` text NOT NULL,
-	`encrypted_key_signature` text NOT NULL,
-	PRIMARY KEY(`client_id`, `user_id`, `version`),
-	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`client_id`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`user_id`,`version`) REFERENCES `master_encryption_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-CREATE TABLE `master_encryption_key` (
-	`user_id` integer NOT NULL,
-	`version` integer NOT NULL,
-	`state` text NOT NULL,
-	`retired_at` integer,
-	PRIMARY KEY(`user_id`, `version`),
-	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-CREATE TABLE `master_encryption_key_log` (
-	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
-	`user_id` integer NOT NULL,
-	`master_encryption_key_version` integer NOT NULL,
-	`timestamp` integer NOT NULL,
-	`action` text NOT NULL,
-	`action_by` integer,
-	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`action_by`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`user_id`,`master_encryption_key_version`) REFERENCES `master_encryption_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-CREATE TABLE `session` (
-	`id` text PRIMARY KEY NOT NULL,
-	`user_id` integer NOT NULL,
-	`client_id` integer,
-	`created_at` integer NOT NULL,
-	`last_used_at` integer NOT NULL,
-	`last_used_by_ip` text,
-	`last_used_by_user_agent` text,
-	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`client_id`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-CREATE TABLE `session_upgrade_challenge` (
-	`id` integer PRIMARY KEY NOT NULL,
-	`session_id` text NOT NULL,
-	`client_id` integer NOT NULL,
-	`answer` text NOT NULL,
-	`allowed_ip` text NOT NULL,
-	`expires_at` integer NOT NULL,
-	FOREIGN KEY (`session_id`) REFERENCES `session`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`client_id`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-CREATE TABLE `user` (
-	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
-	`email` text NOT NULL,
-	`password` text NOT NULL,
-	`nickname` text NOT NULL
-);
---> statement-breakpoint
-CREATE UNIQUE INDEX `client_encryption_public_key_unique` ON `client` (`encryption_public_key`);--> statement-breakpoint
-CREATE UNIQUE INDEX `client_signature_public_key_unique` ON `client` (`signature_public_key`);--> statement-breakpoint
-CREATE UNIQUE INDEX `client_encryption_public_key_signature_public_key_unique` ON `client` (`encryption_public_key`,`signature_public_key`);--> statement-breakpoint
-CREATE UNIQUE INDEX `user_client_challenge_answer_unique` ON `user_client_challenge` (`answer`);--> statement-breakpoint
-CREATE UNIQUE INDEX `directory_encrypted_data_encryption_key_unique` ON `directory` (`encrypted_data_encryption_key`);--> statement-breakpoint
-CREATE UNIQUE INDEX `file_path_unique` ON `file` (`path`);--> statement-breakpoint
-CREATE UNIQUE INDEX `file_encrypted_data_encryption_key_unique` ON `file` (`encrypted_data_encryption_key`);--> statement-breakpoint
-CREATE UNIQUE INDEX `hmac_secret_key_encrypted_key_unique` ON `hmac_secret_key` (`encrypted_key`);--> statement-breakpoint
-CREATE UNIQUE INDEX `session_user_id_client_id_unique` ON `session` (`user_id`,`client_id`);--> statement-breakpoint
-CREATE UNIQUE INDEX `session_upgrade_challenge_session_id_unique` ON `session_upgrade_challenge` (`session_id`);--> statement-breakpoint
-CREATE UNIQUE INDEX `session_upgrade_challenge_answer_unique` ON `session_upgrade_challenge` (`answer`);--> statement-breakpoint
-CREATE UNIQUE INDEX `user_email_unique` ON `user` (`email`);

drizzle/meta/_journal.json

@@ -1,13 +0,0 @@
-{
-  "version": "7",
-  "dialect": "sqlite",
-  "entries": [
-    {
-      "idx": 0,
-      "version": "6",
-      "when": 1737219722656,
-      "tag": "0000_regular_the_watchers",
-      "breakpoints": true
-    }
-  ]
-}

kysely.config.ts

@@ -0,0 +1,18 @@
+import { defineConfig } from "kysely-ctl";
+import { Pool } from "pg";
+
+export default defineConfig({
+  dialect: "pg",
+  dialectConfig: {
+    pool: new Pool({
+      host: process.env.DATABASE_HOST,
+      port: process.env.DATABASE_PORT ? parseInt(process.env.DATABASE_PORT) : undefined,
+      user: process.env.DATABASE_USER,
+      password: process.env.DATABASE_PASSWORD,
+      database: process.env.DATABASE_NAME,
+    }),
+  },
+  migrations: {
+    migrationFolder: "./src/lib/server/db/migrations",
+  },
+});

package.json

@@ -12,10 +12,7 @@
     "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
     "format": "prettier --write .",
     "lint": "prettier --check . && eslint .",
-    "db:push": "drizzle-kit push",
-    "db:generate": "drizzle-kit generate",
-    "db:migrate": "drizzle-kit migrate",
-    "db:studio": "drizzle-kit studio"
+    "db:migrate": "kysely migrate"
   },
   "devDependencies": {
     "@eslint/compat": "^1.2.4",
@@ -31,7 +28,6 @@
     "autoprefixer": "^10.4.20",
     "axios": "^1.7.9",
     "dexie": "^4.0.10",
-    "drizzle-kit": "^0.22.8",
     "eslint": "^9.17.0",
     "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-svelte": "^2.46.1",
@@ -40,6 +36,7 @@
     "file-saver": "^2.0.5",
     "globals": "^15.14.0",
     "heic2any": "^0.0.4",
+    "kysely-ctl": "^0.10.1",
     "mime": "^4.0.6",
     "p-limit": "^6.2.0",
     "prettier": "^3.4.2",
@@ -56,8 +53,6 @@
   "dependencies": {
     "@fastify/busboy": "^3.1.1",
     "argon2": "^0.41.1",
-    "better-sqlite3": "^11.7.2",
-    "drizzle-orm": "^0.33.0",
     "kysely": "^0.27.5",
     "ms": "^2.1.3",
     "node-schedule": "^2.1.1",

src/lib/server/db/drizzle.ts

@@ -1,15 +0,0 @@
-import Database from "better-sqlite3";
-import { drizzle } from "drizzle-orm/better-sqlite3";
-import { migrate } from "drizzle-orm/better-sqlite3/migrator";
-import env from "$lib/server/loadenv";
-
-const client = new Database(env.databaseUrl);
-const db = drizzle(client);
-
-export const migrateDB = () => {
-  if (process.env.NODE_ENV === "production") {
-    migrate(db, { migrationsFolder: "./drizzle" });
-  }
-};
-
-export default db;

src/lib/server/db/migrations/1737357000-Initial.ts

@@ -0,0 +1,222 @@
+import { Kysely } from "kysely";
+
+export const up = async (db: Kysely<any>) => {
+  // user.ts
+  await db.schema
+    .createTable("user")
+    .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+    .addColumn("email", "text", (col) => col.unique().notNull())
+    .addColumn("nickname", "text", (col) => col.notNull())
+    .addColumn("password", "text", (col) => col.notNull())
+    .execute();
+
+  // client.ts
+  await db.schema
+    .createTable("client")
+    .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+    .addColumn("encryption_public_key", "text", (col) => col.unique().notNull())
+    .addColumn("signature_public_key", "text", (col) => col.unique().notNull())
+    .addUniqueConstraint("client_ak01", ["encryption_public_key", "signature_public_key"])
+    .execute();
+  await db.schema
+    .createTable("user_client")
+    .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+    .addColumn("client_id", "integer", (col) => col.references("client.id").notNull())
+    .addColumn("state", "text", (col) => col.notNull().defaultTo("challenging"))
+    .addPrimaryKeyConstraint("user_client_pk", ["user_id", "client_id"])
+    .execute();
+  await db.schema
+    .createTable("user_client_challenge")
+    .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+    .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+    .addColumn("client_id", "integer", (col) => col.references("client.id").notNull())
+    .addColumn("answer", "text", (col) => col.unique().notNull())
+    .addColumn("allowed_ip", "text", (col) => col.notNull())
+    .addColumn("expires_at", "timestamp(3)", (col) => col.notNull())
+    .addForeignKeyConstraint(
+      "user_client_challenge_fk01",
+      ["user_id", "client_id"],
+      "user_client",
+      ["user_id", "client_id"],
+    )
+    .execute();
+
+  // session.ts
+  await db.schema
+    .createTable("session")
+    .addColumn("id", "text", (col) => col.primaryKey())
+    .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+    .addColumn("client_id", "integer", (col) => col.references("client.id"))
+    .addColumn("created_at", "timestamp(3)", (col) => col.notNull())
+    .addColumn("last_used_at", "timestamp(3)", (col) => col.notNull())
+    .addColumn("last_used_by_ip", "text")
+    .addColumn("last_used_by_agent", "text")
+    .addUniqueConstraint("session_ak01", ["user_id", "client_id"])
+    .execute();
+  await db.schema
+    .createTable("session_upgrade_challenge")
+    .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+    .addColumn("session_id", "text", (col) => col.references("session.id").unique().notNull())
+    .addColumn("client_id", "integer", (col) => col.references("client.id").notNull())
+    .addColumn("answer", "text", (col) => col.unique().notNull())
+    .addColumn("allowed_ip", "text", (col) => col.notNull())
+    .addColumn("expires_at", "timestamp(3)", (col) => col.notNull())
+    .execute();
+
+  // mek.ts
+  await db.schema
+    .createTable("master_encryption_key")
+    .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+    .addColumn("version", "integer", (col) => col.notNull())
+    .addColumn("state", "text", (col) => col.notNull())
+    .addPrimaryKeyConstraint("master_encryption_key_pk", ["user_id", "version"])
+    .execute();
+  await db.schema
+    .createTable("master_encryption_key_log")
+    .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+    .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+    .addColumn("master_encryption_key_version", "integer", (col) => col.notNull())
+    .addColumn("timestamp", "timestamp(3)", (col) => col.notNull())
+    .addColumn("action", "text", (col) => col.notNull())
+    .addColumn("action_by", "integer", (col) => col.references("client.id"))
+    .addForeignKeyConstraint(
+      "master_encryption_key_log_fk01",
+      ["user_id", "master_encryption_key_version"],
+      "master_encryption_key",
+      ["user_id", "version"],
+    )
+    .execute();
+  await db.schema
+    .createTable("client_master_encryption_key")
+    .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+    .addColumn("client_id", "integer", (col) => col.references("client.id").notNull())
+    .addColumn("version", "integer", (col) => col.notNull())
+    .addColumn("encrypted_key", "text", (col) => col.notNull())
+    .addColumn("encrypted_key_signature", "text", (col) => col.notNull())
+    .addPrimaryKeyConstraint("client_master_encryption_key_pk", ["user_id", "client_id", "version"])
+    .addForeignKeyConstraint(
+      "client_master_encryption_key_fk01",
+      ["user_id", "version"],
+      "master_encryption_key",
+      ["user_id", "version"],
+    )
+    .execute();
+
+  // hsk.ts
+  await db.schema
+    .createTable("hmac_secret_key")
+    .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+    .addColumn("version", "integer", (col) => col.notNull())
+    .addColumn("state", "text", (col) => col.notNull())
+    .addColumn("master_encryption_key_version", "integer", (col) => col.notNull())
+    .addColumn("encrypted_key", "text", (col) => col.unique().notNull())
+    .addPrimaryKeyConstraint("hmac_secret_key_pk", ["user_id", "version"])
+    .addForeignKeyConstraint(
+      "hmac_secret_key_fk01",
+      ["user_id", "master_encryption_key_version"],
+      "master_encryption_key",
+      ["user_id", "version"],
+    )
+    .execute();
+  await db.schema
+    .createTable("hmac_secret_key_log")
+    .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+    .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+    .addColumn("hmac_secret_key_version", "integer", (col) => col.notNull())
+    .addColumn("timestamp", "timestamp(3)", (col) => col.notNull())
+    .addColumn("action", "text", (col) => col.notNull())
+    .addColumn("action_by", "integer", (col) => col.references("client.id"))
+    .addForeignKeyConstraint(
+      "hmac_secret_key_log_fk01",
+      ["user_id", "hmac_secret_key_version"],
+      "hmac_secret_key",
+      ["user_id", "version"],
+    )
+    .execute();
+
+  // file.ts
+  await db.schema
+    .createTable("directory")
+    .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+    .addColumn("parent_id", "integer", (col) => col.references("directory.id"))
+    .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+    .addColumn("master_encryption_key_version", "integer", (col) => col.notNull())
+    .addColumn("encrypted_data_encryption_key", "text", (col) => col.unique().notNull())
+    .addColumn("data_encryption_key_version", "timestamp(3)", (col) => col.notNull())
+    .addColumn("encrypted_name", "json", (col) => col.notNull())
+    .addForeignKeyConstraint(
+      "directory_fk01",
+      ["user_id", "master_encryption_key_version"],
+      "master_encryption_key",
+      ["user_id", "version"],
+    )
+    .execute();
+  await db.schema
+    .createTable("directory_log")
+    .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+    .addColumn("directory_id", "integer", (col) =>
+      col.references("directory.id").onDelete("cascade").notNull(),
+    )
+    .addColumn("timestamp", "timestamp(3)", (col) => col.notNull())
+    .addColumn("action", "text", (col) => col.notNull())
+    .addColumn("new_name", "json")
+    .execute();
+  await db.schema
+    .createTable("file")
+    .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+    .addColumn("parent_id", "integer", (col) => col.references("directory.id"))
+    .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+    .addColumn("path", "text", (col) => col.unique().notNull())
+    .addColumn("master_encryption_key_version", "integer", (col) => col.notNull())
+    .addColumn("encrypted_data_encryption_key", "text", (col) => col.unique().notNull())
+    .addColumn("data_encryption_key_version", "timestamp(3)", (col) => col.notNull())
+    .addColumn("hmac_secret_key_version", "integer")
+    .addColumn("content_hmac", "text")
+    .addColumn("content_type", "text", (col) => col.notNull())
+    .addColumn("encrypted_content_iv", "text", (col) => col.notNull())
+    .addColumn("encrypted_content_hash", "text", (col) => col.notNull())
+    .addColumn("encrypted_name", "json", (col) => col.notNull())
+    .addColumn("encrypted_created_at", "json")
+    .addColumn("encrypted_last_modified_at", "json", (col) => col.notNull())
+    .addForeignKeyConstraint(
+      "file_fk01",
+      ["user_id", "master_encryption_key_version"],
+      "master_encryption_key",
+      ["user_id", "version"],
+    )
+    .addForeignKeyConstraint(
+      "file_fk02",
+      ["user_id", "hmac_secret_key_version"],
+      "hmac_secret_key",
+      ["user_id", "version"],
+    )
+    .execute();
+  await db.schema
+    .createTable("file_log")
+    .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+    .addColumn("file_id", "integer", (col) =>
+      col.references("file.id").onDelete("cascade").notNull(),
+    )
+    .addColumn("timestamp", "timestamp(3)", (col) => col.notNull())
+    .addColumn("action", "text", (col) => col.notNull())
+    .addColumn("new_name", "json")
+    .execute();
+};
+
+export const down = async (db: Kysely<any>) => {
+  await db.schema.dropTable("file_log").execute();
+  await db.schema.dropTable("file").execute();
+  await db.schema.dropTable("directory_log").execute();
+  await db.schema.dropTable("directory").execute();
+  await db.schema.dropTable("hmac_secret_key_log").execute();
+  await db.schema.dropTable("hmac_secret_key").execute();
+  await db.schema.dropTable("client_master_encryption_key").execute();
+  await db.schema.dropTable("master_encryption_key_log").execute();
+  await db.schema.dropTable("master_encryption_key").execute();
+  await db.schema.dropTable("session_upgrade_challenge").execute();
+  await db.schema.dropTable("session").execute();
+  await db.schema.dropTable("user_client_challenge").execute();
+  await db.schema.dropTable("user_client").execute();
+  await db.schema.dropTable("client").execute();
+  await db.schema.dropTable("user").execute();
+};

src/lib/server/db/schema/client.ts

@@ -1,65 +1,4 @@
-import {
-  sqliteTable,
-  text,
-  integer,
-  primaryKey,
-  foreignKey,
-  unique,
-} from "drizzle-orm/sqlite-core";
 import type { ColumnType, Generated } from "kysely";
-import { user } from "./user";
-
-export const client = sqliteTable(
-  "client",
-  {
-    id: integer("id").primaryKey({ autoIncrement: true }),
-    encPubKey: text("encryption_public_key").notNull().unique(), // Base64
-    sigPubKey: text("signature_public_key").notNull().unique(), // Base64
-  },
-  (t) => ({
-    unq: unique().on(t.encPubKey, t.sigPubKey),
-  }),
-);
-
-export const userClient = sqliteTable(
-  "user_client",
-  {
-    userId: integer("user_id")
-      .notNull()
-      .references(() => user.id),
-    clientId: integer("client_id")
-      .notNull()
-      .references(() => client.id),
-    state: text("state", { enum: ["challenging", "pending", "active"] })
-      .notNull()
-      .default("challenging"),
-  },
-  (t) => ({
-    pk: primaryKey({ columns: [t.userId, t.clientId] }),
-  }),
-);
-
-export const userClientChallenge = sqliteTable(
-  "user_client_challenge",
-  {
-    id: integer("id").primaryKey(),
-    userId: integer("user_id")
-      .notNull()
-      .references(() => user.id),
-    clientId: integer("client_id")
-      .notNull()
-      .references(() => client.id),
-    answer: text("answer").notNull().unique(), // Base64
-    allowedIp: text("allowed_ip").notNull(),
-    expiresAt: integer("expires_at", { mode: "timestamp_ms" }).notNull(),
-  },
-  (t) => ({
-    ref: foreignKey({
-      columns: [t.userId, t.clientId],
-      foreignColumns: [userClient.userId, userClient.clientId],
-    }),
-  }),
-);
 
 interface ClientTable {
   id: Generated<number>;

src/lib/server/db/schema/file.ts

@@ -1,92 +1,4 @@
-import { sqliteTable, text, integer, foreignKey } from "drizzle-orm/sqlite-core";
 import type { ColumnType, Generated } from "kysely";
-import { hsk } from "./hsk";
-import { mek } from "./mek";
-import { user } from "./user";
-
-const ciphertext = (name: string) =>
-  text(name, { mode: "json" }).$type<{
-    ciphertext: string; // Base64
-    iv: string; // Base64
-  }>();
-
-export const directory = sqliteTable(
-  "directory",
-  {
-    id: integer("id").primaryKey({ autoIncrement: true }),
-    parentId: integer("parent_id"),
-    userId: integer("user_id")
-      .notNull()
-      .references(() => user.id),
-    mekVersion: integer("master_encryption_key_version").notNull(),
-    encDek: text("encrypted_data_encryption_key").notNull().unique(), // Base64
-    dekVersion: integer("data_encryption_key_version", { mode: "timestamp_ms" }).notNull(),
-    encName: ciphertext("encrypted_name").notNull(),
-  },
-  (t) => ({
-    ref1: foreignKey({
-      columns: [t.parentId],
-      foreignColumns: [t.id],
-    }),
-    ref2: foreignKey({
-      columns: [t.userId, t.mekVersion],
-      foreignColumns: [mek.userId, mek.version],
-    }),
-  }),
-);
-
-export const directoryLog = sqliteTable("directory_log", {
-  id: integer("id").primaryKey({ autoIncrement: true }),
-  directoryId: integer("directory_id")
-    .notNull()
-    .references(() => directory.id, { onDelete: "cascade" }),
-  timestamp: integer("timestamp", { mode: "timestamp_ms" }).notNull(),
-  action: text("action", { enum: ["create", "rename"] }).notNull(),
-  newName: ciphertext("new_name"),
-});
-
-export const file = sqliteTable(
-  "file",
-  {
-    id: integer("id").primaryKey({ autoIncrement: true }),
-    parentId: integer("parent_id").references(() => directory.id),
-    userId: integer("user_id")
-      .notNull()
-      .references(() => user.id),
-    path: text("path").notNull().unique(),
-    mekVersion: integer("master_encryption_key_version").notNull(),
-    encDek: text("encrypted_data_encryption_key").notNull().unique(), // Base64
-    dekVersion: integer("data_encryption_key_version", { mode: "timestamp_ms" }).notNull(),
-    hskVersion: integer("hmac_secret_key_version"),
-    contentHmac: text("content_hmac"), // Base64
-    contentType: text("content_type").notNull(),
-    encContentIv: text("encrypted_content_iv").notNull(), // Base64
-    encContentHash: text("encrypted_content_hash").notNull(), // Base64
-    encName: ciphertext("encrypted_name").notNull(),
-    encCreatedAt: ciphertext("encrypted_created_at"),
-    encLastModifiedAt: ciphertext("encrypted_last_modified_at").notNull(),
-  },
-  (t) => ({
-    ref1: foreignKey({
-      columns: [t.userId, t.mekVersion],
-      foreignColumns: [mek.userId, mek.version],
-    }),
-    ref2: foreignKey({
-      columns: [t.userId, t.hskVersion],
-      foreignColumns: [hsk.userId, hsk.version],
-    }),
-  }),
-);
-
-export const fileLog = sqliteTable("file_log", {
-  id: integer("id").primaryKey({ autoIncrement: true }),
-  fileId: integer("file_id")
-    .notNull()
-    .references(() => file.id, { onDelete: "cascade" }),
-  timestamp: integer("timestamp", { mode: "timestamp_ms" }).notNull(),
-  action: text("action", { enum: ["create", "rename"] }).notNull(),
-  newName: ciphertext("new_name"),
-});
 
 export type Ciphertext = {
   ciphertext: string; // Base64

src/lib/server/db/schema/hsk.ts

@@ -1,48 +1,4 @@
-import { sqliteTable, text, integer, primaryKey, foreignKey } from "drizzle-orm/sqlite-core";
 import type { ColumnType, Generated } from "kysely";
-import { client } from "./client";
-import { mek } from "./mek";
-import { user } from "./user";
-
-export const hsk = sqliteTable(
-  "hmac_secret_key",
-  {
-    userId: integer("user_id")
-      .notNull()
-      .references(() => user.id),
-    version: integer("version").notNull(),
-    state: text("state", { enum: ["active"] }).notNull(),
-    mekVersion: integer("master_encryption_key_version").notNull(),
-    encHsk: text("encrypted_key").notNull().unique(), // Base64
-  },
-  (t) => ({
-    pk: primaryKey({ columns: [t.userId, t.version] }),
-    ref: foreignKey({
-      columns: [t.userId, t.mekVersion],
-      foreignColumns: [mek.userId, mek.version],
-    }),
-  }),
-);
-
-export const hskLog = sqliteTable(
-  "hmac_secret_key_log",
-  {
-    id: integer("id").primaryKey({ autoIncrement: true }),
-    userId: integer("user_id")
-      .notNull()
-      .references(() => user.id),
-    hskVersion: integer("hmac_secret_key_version").notNull(),
-    timestamp: integer("timestamp", { mode: "timestamp_ms" }).notNull(),
-    action: text("action", { enum: ["create"] }).notNull(),
-    actionBy: integer("action_by").references(() => client.id),
-  },
-  (t) => ({
-    ref: foreignKey({
-      columns: [t.userId, t.hskVersion],
-      foreignColumns: [hsk.userId, hsk.version],
-    }),
-  }),
-);
 
 export type HskState = "active";
 

src/lib/server/db/schema/mek.ts

@@ -1,64 +1,4 @@
-import { sqliteTable, text, integer, primaryKey, foreignKey } from "drizzle-orm/sqlite-core";
 import type { ColumnType, Generated } from "kysely";
-import { client } from "./client";
-import { user } from "./user";
-
-export const mek = sqliteTable(
-  "master_encryption_key",
-  {
-    userId: integer("user_id")
-      .notNull()
-      .references(() => user.id),
-    version: integer("version").notNull(),
-    state: text("state", { enum: ["active", "retired", "dead"] }).notNull(),
-    retiredAt: integer("retired_at", { mode: "timestamp_ms" }),
-  },
-  (t) => ({
-    pk: primaryKey({ columns: [t.userId, t.version] }),
-  }),
-);
-
-export const mekLog = sqliteTable(
-  "master_encryption_key_log",
-  {
-    id: integer("id").primaryKey({ autoIncrement: true }),
-    userId: integer("user_id")
-      .notNull()
-      .references(() => user.id),
-    mekVersion: integer("master_encryption_key_version").notNull(),
-    timestamp: integer("timestamp", { mode: "timestamp_ms" }).notNull(),
-    action: text("action", { enum: ["create"] }).notNull(),
-    actionBy: integer("action_by").references(() => client.id),
-  },
-  (t) => ({
-    ref: foreignKey({
-      columns: [t.userId, t.mekVersion],
-      foreignColumns: [mek.userId, mek.version],
-    }),
-  }),
-);
-
-export const clientMek = sqliteTable(
-  "client_master_encryption_key",
-  {
-    userId: integer("user_id")
-      .notNull()
-      .references(() => user.id),
-    clientId: integer("client_id")
-      .notNull()
-      .references(() => client.id),
-    mekVersion: integer("version").notNull(),
-    encMek: text("encrypted_key").notNull(), // Base64
-    encMekSig: text("encrypted_key_signature").notNull(), // Base64
-  },
-  (t) => ({
-    pk: primaryKey({ columns: [t.userId, t.clientId, t.mekVersion] }),
-    ref: foreignKey({
-      columns: [t.userId, t.mekVersion],
-      foreignColumns: [mek.userId, mek.version],
-    }),
-  }),
-);
 
 export type MekState = "active" | "retired" | "dead";
 

src/lib/server/db/schema/session.ts

@@ -1,39 +1,4 @@
-import { sqliteTable, text, integer, unique } from "drizzle-orm/sqlite-core";
 import type { ColumnType, Generated } from "kysely";
-import { client } from "./client";
-import { user } from "./user";
-
-export const session = sqliteTable(
-  "session",
-  {
-    id: text("id").notNull().primaryKey(),
-    userId: integer("user_id")
-      .notNull()
-      .references(() => user.id),
-    clientId: integer("client_id").references(() => client.id),
-    createdAt: integer("created_at", { mode: "timestamp_ms" }).notNull(),
-    lastUsedAt: integer("last_used_at", { mode: "timestamp_ms" }).notNull(),
-    lastUsedByIp: text("last_used_by_ip"),
-    lastUsedByUserAgent: text("last_used_by_user_agent"),
-  },
-  (t) => ({
-    unq: unique().on(t.userId, t.clientId),
-  }),
-);
-
-export const sessionUpgradeChallenge = sqliteTable("session_upgrade_challenge", {
-  id: integer("id").primaryKey(),
-  sessionId: text("session_id")
-    .notNull()
-    .references(() => session.id)
-    .unique(),
-  clientId: integer("client_id")
-    .notNull()
-    .references(() => client.id),
-  answer: text("answer").notNull().unique(), // Base64
-  allowedIp: text("allowed_ip").notNull(),
-  expiresAt: integer("expires_at", { mode: "timestamp_ms" }).notNull(),
-});
 
 interface SessionTable {
   id: string;

src/lib/server/db/schema/user.ts

@@ -1,13 +1,5 @@
-import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
 import type { Generated } from "kysely";
 
-export const user = sqliteTable("user", {
-  id: integer("id").primaryKey({ autoIncrement: true }),
-  email: text("email").notNull().unique(),
-  password: text("password").notNull(),
-  nickname: text("nickname").notNull(),
-});
-
 interface UserTable {
   id: Generated<number>;
   email: string;

src/lib/server/loadenv.ts

@@ -9,8 +9,8 @@ if (!building) {
 
 export default {
   database: {
-    host: env.DATABASE_HOST || "localhost",
-    port: parseInt(env.DATABASE_PORT || "5432", 10),
+    host: env.DATABASE_HOST,
+    port: env.DATABASE_PORT ? parseInt(env.DATABASE_PORT, 10) : undefined,
     user: env.DATABASE_USER,
     password: env.DATABASE_PASSWORD!,
     name: env.DATABASE_NAME,