diff --git a/src/routes/api/client/register/+server.ts b/src/routes/api/client/register/+server.ts index c4040bf..72f34ce 100644 --- a/src/routes/api/client/register/+server.ts +++ b/src/routes/api/client/register/+server.ts @@ -5,19 +5,19 @@ import { registerUserClient } from "$lib/server/services/client"; import type { RequestHandler } from "./$types"; export const POST: RequestHandler = async ({ request, cookies, getClientAddress }) => { + const { userId, clientId } = authenticate(cookies); + if (clientId) { + error(403, "Forbidden"); + } + const zodRes = z .object({ pubKey: z.string().base64().nonempty(), }) .safeParse(await request.json()); if (!zodRes.success) error(400, "Invalid request body"); - - const { userId, clientId } = authenticate(cookies); - if (clientId) { - error(403, "Forbidden"); - } - const { pubKey } = zodRes.data; + const challenge = await registerUserClient(userId, getClientAddress(), pubKey.trim()); return json({ challenge }); }; diff --git a/src/routes/api/client/verify/+server.ts b/src/routes/api/client/verify/+server.ts index 8a39dac..65b99b4 100644 --- a/src/routes/api/client/verify/+server.ts +++ b/src/routes/api/client/verify/+server.ts @@ -5,19 +5,19 @@ import { verifyUserClient } from "$lib/server/services/client"; import type { RequestHandler } from "./$types"; export const POST: RequestHandler = async ({ request, cookies, getClientAddress }) => { + const { userId, clientId } = authenticate(cookies); + if (clientId) { + error(403, "Forbidden"); + } + const zodRes = z .object({ answer: z.string().base64().nonempty(), }) .safeParse(await request.json()); if (!zodRes.success) error(400, "Invalid request body"); - - const { userId, clientId } = authenticate(cookies); - if (clientId) { - error(403, "Forbidden"); - } - const { answer } = zodRes.data; + await verifyUserClient(userId, getClientAddress(), answer.trim()); return text("Client verified", { headers: { "Content-Type": "text/plain" } }); }; diff --git a/src/routes/api/mek/register/+server.ts b/src/routes/api/mek/register/+server.ts index 0fe22e2..4afbacd 100644 --- a/src/routes/api/mek/register/+server.ts +++ b/src/routes/api/mek/register/+server.ts @@ -5,6 +5,8 @@ import { registerNewActiveMek } from "$lib/server/services/mek"; import type { RequestHandler } from "@sveltejs/kit"; export const POST: RequestHandler = async ({ request, cookies }) => { + const { userId, clientId } = await authorize(cookies, "activeClient"); + const zodRes = z .object({ meks: z.array( @@ -16,9 +18,8 @@ export const POST: RequestHandler = async ({ request, cookies }) => { }) .safeParse(await request.json()); if (!zodRes.success) error(400, "Invalid request body"); - - const { userId, clientId } = await authorize(cookies, "activeClient"); const { meks } = zodRes.data; + await registerNewActiveMek( userId, clientId, @@ -27,6 +28,5 @@ export const POST: RequestHandler = async ({ request, cookies }) => { encMek: mek.trim(), })), ); - return text("MEK registered", { headers: { "Content-Type": "text/plain" } }); }; diff --git a/src/routes/api/mek/register/initial/+server.ts b/src/routes/api/mek/register/initial/+server.ts index 9c44227..a7b4f6b 100644 --- a/src/routes/api/mek/register/initial/+server.ts +++ b/src/routes/api/mek/register/initial/+server.ts @@ -5,20 +5,19 @@ import { registerInitialActiveMek } from "$lib/server/services/mek"; import type { RequestHandler } from "@sveltejs/kit"; export const POST: RequestHandler = async ({ request, cookies }) => { + const { userId, clientId } = authenticate(cookies); + if (!clientId) { + error(403, "Forbidden"); + } + const zodRes = z .object({ mek: z.string().base64().nonempty(), }) .safeParse(await request.json()); if (!zodRes.success) error(400, "Invalid request body"); - - const { userId, clientId } = authenticate(cookies); - if (!clientId) { - error(403, "Forbidden"); - } - const { mek } = zodRes.data; - await registerInitialActiveMek(userId, clientId, mek); + await registerInitialActiveMek(userId, clientId, mek); return text("MEK registered", { headers: { "Content-Type": "text/plain" } }); };