From f6432ff2906e71aefbb6c5f0ac8dfc757b59d15a Mon Sep 17 00:00:00 2001
From: static <kmc7468@naver.com>
Date: Sun, 29 Dec 2024 00:36:13 +0900
Subject: [PATCH] =?UTF-8?q?/api/key/register=20Endpoint=EC=97=90=EC=84=9C,?=
 =?UTF-8?q?=20=EC=A0=9C=EA=B3=B5=EB=90=9C=20=EA=B3=B5=EA=B0=9C=20=ED=82=A4?=
 =?UTF-8?q?=EA=B0=80=20RSA=204096=EC=9D=98=20=EA=B3=B5=EA=B0=9C=20?=
 =?UTF-8?q?=ED=82=A4=EA=B0=80=20=EB=A7=9E=EB=8A=94=EC=A7=80=20=EA=B2=80?=
 =?UTF-8?q?=EC=A6=9D=ED=95=98=EB=8F=84=EB=A1=9D=20=EA=B0=9C=EC=84=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/lib/server/services/key.ts | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/lib/server/services/key.ts b/src/lib/server/services/key.ts
index f5dfa44..7222036 100644
--- a/src/lib/server/services/key.ts
+++ b/src/lib/server/services/key.ts
@@ -1,5 +1,5 @@
 import { error } from "@sveltejs/kit";
-import { randomBytes, publicEncrypt } from "crypto";
+import { randomBytes, publicEncrypt, createPublicKey } from "crypto";
 import ms from "ms";
 import { promisify } from "util";
 import {
@@ -29,6 +29,15 @@ export const registerPubKey = async (userId: number, ip: string, pubKey: string)
     error(409, "Public key already registered");
   }
 
+  const pubKeyPem = `-----BEGIN PUBLIC KEY-----\n${pubKey}\n-----END PUBLIC KEY-----`;
+  const pubKeyObject = createPublicKey(pubKeyPem);
+  if (
+    pubKeyObject.asymmetricKeyType !== "rsa" ||
+    pubKeyObject.asymmetricKeyDetails?.modulusLength !== 4096
+  ) {
+    error(400, "Invalid public key");
+  }
+
   const clientId = await createClient(pubKey, userId);
   return await generateChallenge(userId, ip, clientId, pubKey);
 };