From eed60bb4a14875e67d8f05980b575706a9200d22 Mon Sep 17 00:00:00 2001 From: static Date: Mon, 20 Jan 2025 19:40:38 +0900 Subject: [PATCH] =?UTF-8?q?=EC=BB=B4=ED=8C=8C=EC=9D=BC=20=EC=98=A4?= =?UTF-8?q?=EB=A5=98=20=EB=93=B1=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- package.json | 2 +- src/lib/server/db/mek.ts | 4 ++-- src/lib/server/db/migrations/1737357000-Initial.ts | 2 ++ src/lib/server/modules/mek.ts | 2 +- src/lib/server/services/client.ts | 2 +- src/lib/server/services/directory.ts | 10 +++++----- src/lib/server/services/file.ts | 14 +++++++------- src/lib/server/services/mek.ts | 10 +++++----- src/routes/api/directory/[id]/rename/+server.ts | 2 +- src/routes/api/directory/create/+server.ts | 3 +-- src/routes/api/file/[id]/rename/+server.ts | 2 +- src/routes/api/file/upload/+server.ts | 9 +++------ 12 files changed, 30 insertions(+), 32 deletions(-) diff --git a/package.json b/package.json index cfed32a..8185f79 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "type": "module", "scripts": { "dev": "vite dev", - "dev:db": "docker compose -f docker-compose.dev.yaml up -d", + "dev:db": "docker compose -f docker-compose.dev.yaml -p arkvault-dev up -d", "build": "vite build", "preview": "vite preview", "check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json", diff --git a/src/lib/server/db/mek.ts b/src/lib/server/db/mek.ts index ff3c999..d6eecb0 100644 --- a/src/lib/server/db/mek.ts +++ b/src/lib/server/db/mek.ts @@ -82,8 +82,8 @@ export const getAllValidClientMeks = async (userId: number, clientId: number) => .onRef("client_master_encryption_key.version", "=", "master_encryption_key.version"), ) .selectAll() - .where("user_id", "=", userId) - .where("client_id", "=", clientId) + .where("client_master_encryption_key.user_id", "=", userId) + .where("client_master_encryption_key.client_id", "=", clientId) .where((eb) => eb.or([eb("state", "=", "active"), eb("state", "=", "retired")])) .execute(); return clientMeks.map( diff --git a/src/lib/server/db/migrations/1737357000-Initial.ts b/src/lib/server/db/migrations/1737357000-Initial.ts index 9dd987c..5caf503 100644 --- a/src/lib/server/db/migrations/1737357000-Initial.ts +++ b/src/lib/server/db/migrations/1737357000-Initial.ts @@ -1,5 +1,6 @@ import { Kysely } from "kysely"; +// eslint-disable-next-line @typescript-eslint/no-explicit-any export const up = async (db: Kysely) => { // user.ts await db.schema @@ -203,6 +204,7 @@ export const up = async (db: Kysely) => { .execute(); }; +// eslint-disable-next-line @typescript-eslint/no-explicit-any export const down = async (db: Kysely) => { await db.schema.dropTable("file_log").execute(); await db.schema.dropTable("file").execute(); diff --git a/src/lib/server/modules/mek.ts b/src/lib/server/modules/mek.ts index d65ef0a..1605d75 100644 --- a/src/lib/server/modules/mek.ts +++ b/src/lib/server/modules/mek.ts @@ -21,5 +21,5 @@ export const verifyClientEncMekSig = async ( } const data = JSON.stringify({ version, key: encMek }); - return verifySignature(Buffer.from(data), encMekSig, userClient.client.sigPubKey); + return verifySignature(Buffer.from(data), encMekSig, userClient.sigPubKey); }; diff --git a/src/lib/server/services/client.ts b/src/lib/server/services/client.ts index b5b0209..0d0b82d 100644 --- a/src/lib/server/services/client.ts +++ b/src/lib/server/services/client.ts @@ -63,7 +63,7 @@ export const registerUserClient = async ( } try { - const clientId = await createClient(encPubKey, sigPubKey, userId); + const { clientId } = await createClient(encPubKey, sigPubKey, userId); return { challenge: await createUserClientChallenge(ip, userId, clientId, encPubKey) }; } catch (e) { if (e instanceof IntegrityError && e.message === "Public key(s) already registered") { diff --git a/src/lib/server/services/directory.ts b/src/lib/server/services/directory.ts index 4dc14ce..be795b0 100644 --- a/src/lib/server/services/directory.ts +++ b/src/lib/server/services/directory.ts @@ -8,8 +8,9 @@ import { setDirectoryEncName, unregisterDirectory, getAllFilesByParent, - type NewDirectoryParams, + type NewDirectory, } from "$lib/server/db/file"; +import type { Ciphertext } from "$lib/server/db/schema"; export const getDirectoryInformation = async (userId: number, directoryId: "root" | number) => { const directory = directoryId !== "root" ? await getDirectory(userId, directoryId) : undefined; @@ -53,11 +54,10 @@ export const renameDirectory = async ( userId: number, directoryId: number, dekVersion: Date, - newEncName: string, - newEncNameIv: string, + newEncName: Ciphertext, ) => { try { - await setDirectoryEncName(userId, directoryId, dekVersion, newEncName, newEncNameIv); + await setDirectoryEncName(userId, directoryId, dekVersion, newEncName); } catch (e) { if (e instanceof IntegrityError) { if (e.message === "Directory not found") { @@ -70,7 +70,7 @@ export const renameDirectory = async ( } }; -export const createDirectory = async (params: NewDirectoryParams) => { +export const createDirectory = async (params: NewDirectory) => { const oneMinuteAgo = new Date(Date.now() - 60 * 1000); const oneMinuteLater = new Date(Date.now() + 60 * 1000); if (params.dekVersion <= oneMinuteAgo || params.dekVersion >= oneMinuteLater) { diff --git a/src/lib/server/services/file.ts b/src/lib/server/services/file.ts index ea01f16..0f2d371 100644 --- a/src/lib/server/services/file.ts +++ b/src/lib/server/services/file.ts @@ -13,8 +13,9 @@ import { getFile, setFileEncName, unregisterFile, - type NewFileParams, + type NewFile, } from "$lib/server/db/file"; +import type { Ciphertext } from "$lib/server/db/schema"; import env from "$lib/server/loadenv"; export const getFileInformation = async (userId: number, fileId: number) => { @@ -38,8 +39,8 @@ export const getFileInformation = async (userId: number, fileId: number) => { export const deleteFile = async (userId: number, fileId: number) => { try { - const filePath = await unregisterFile(userId, fileId); - unlink(filePath); // Intended + const { path } = await unregisterFile(userId, fileId); + unlink(path); // Intended } catch (e) { if (e instanceof IntegrityError && e.message === "File not found") { error(404, "Invalid file id"); @@ -65,11 +66,10 @@ export const renameFile = async ( userId: number, fileId: number, dekVersion: Date, - newEncName: string, - newEncNameIv: string, + newEncName: Ciphertext, ) => { try { - await setFileEncName(userId, fileId, dekVersion, newEncName, newEncNameIv); + await setFileEncName(userId, fileId, dekVersion, newEncName); } catch (e) { if (e instanceof IntegrityError) { if (e.message === "File not found") { @@ -96,7 +96,7 @@ const safeUnlink = async (path: string) => { }; export const uploadFile = async ( - params: Omit, + params: Omit, encContentStream: Readable, encContentHash: Promise, ) => { diff --git a/src/lib/server/services/mek.ts b/src/lib/server/services/mek.ts index e0deeb0..097906a 100644 --- a/src/lib/server/services/mek.ts +++ b/src/lib/server/services/mek.ts @@ -7,11 +7,11 @@ import { verifyClientEncMekSig } from "$lib/server/modules/mek"; export const getClientMekList = async (userId: number, clientId: number) => { const clientMeks = await getAllValidClientMeks(userId, clientId); return { - encMeks: clientMeks.map((clientMek) => ({ - version: clientMek.master_encryption_key.version, - state: clientMek.master_encryption_key.state as "active" | "retired", - encMek: clientMek.client_master_encryption_key.encMek, - encMekSig: clientMek.client_master_encryption_key.encMekSig, + encMeks: clientMeks.map(({ version, state, encMek, encMekSig }) => ({ + version, + state, + encMek, + encMekSig, })), }; }; diff --git a/src/routes/api/directory/[id]/rename/+server.ts b/src/routes/api/directory/[id]/rename/+server.ts index 0d95e13..cc50b2f 100644 --- a/src/routes/api/directory/[id]/rename/+server.ts +++ b/src/routes/api/directory/[id]/rename/+server.ts @@ -20,6 +20,6 @@ export const POST: RequestHandler = async ({ locals, params, request }) => { if (!bodyZodRes.success) error(400, "Invalid request body"); const { dekVersion, name, nameIv } = bodyZodRes.data; - await renameDirectory(userId, id, new Date(dekVersion), name, nameIv); + await renameDirectory(userId, id, new Date(dekVersion), { ciphertext: name, iv: nameIv }); return text("Directory renamed", { headers: { "Content-Type": "text/plain" } }); }; diff --git a/src/routes/api/directory/create/+server.ts b/src/routes/api/directory/create/+server.ts index 07711fc..7c65436 100644 --- a/src/routes/api/directory/create/+server.ts +++ b/src/routes/api/directory/create/+server.ts @@ -17,8 +17,7 @@ export const POST: RequestHandler = async ({ locals, request }) => { mekVersion, encDek: dek, dekVersion: new Date(dekVersion), - encName: name, - encNameIv: nameIv, + encName: { ciphertext: name, iv: nameIv }, }); return text("Directory created", { headers: { "Content-Type": "text/plain" } }); }; diff --git a/src/routes/api/file/[id]/rename/+server.ts b/src/routes/api/file/[id]/rename/+server.ts index c6748a0..343f146 100644 --- a/src/routes/api/file/[id]/rename/+server.ts +++ b/src/routes/api/file/[id]/rename/+server.ts @@ -20,6 +20,6 @@ export const POST: RequestHandler = async ({ locals, params, request }) => { if (!bodyZodRes.success) error(400, "Invalid request body"); const { dekVersion, name, nameIv } = bodyZodRes.data; - await renameFile(userId, id, new Date(dekVersion), name, nameIv); + await renameFile(userId, id, new Date(dekVersion), { ciphertext: name, iv: nameIv }); return text("File renamed", { headers: { "Content-Type": "text/plain" } }); }; diff --git a/src/routes/api/file/upload/+server.ts b/src/routes/api/file/upload/+server.ts index a69df0c..b54a542 100644 --- a/src/routes/api/file/upload/+server.ts +++ b/src/routes/api/file/upload/+server.ts @@ -40,12 +40,9 @@ const parseFileMetadata = (userId: number, json: string) => { contentHmac, contentType, encContentIv: contentIv, - encName: name, - encNameIv: nameIv, - encCreatedAt: createdAt ?? null, - encCreatedAtIv: createdAtIv ?? null, - encLastModifiedAt: lastModifiedAt, - encLastModifiedAtIv: lastModifiedAtIv, + encName: { ciphertext: name, iv: nameIv }, + encCreatedAt: createdAt && createdAtIv ? { ciphertext: createdAt, iv: createdAtIv } : null, + encLastModifiedAt: { ciphertext: lastModifiedAt, iv: lastModifiedAtIv }, } satisfies FileMetadata; };