Merge pull request #5 from kmc7468/dev

v0.2.0
kmc7468 · Jan 12, 2025 · 7f128cc · 7f128cc
2 parents a198e5f + 8a620fa
commit 7f128cc
Show file tree

Hide file tree

Showing 101 changed files with 4,817 additions and 3,295 deletions.
diff --git a/.env.example b/.env.example
@@ -1,10 +1,9 @@
 # Required environment variables
-JWT_SECRET=
+SESSION_SECRET=
 
 # Optional environment variables
 DATABASE_URL=
-JWT_ACCESS_TOKEN_EXPIRES=
-JWT_REFRESH_TOKEN_EXPIRES=
+SESSION_EXPIRES=
 USER_CLIENT_CHALLENGE_EXPIRES=
-TOKEN_UPGRADE_CHALLENGE_EXPIRES=
+SESSION_UPGRADE_CHALLENGE_EXPIRES=
 LIBRARY_PATH=
diff --git a/Dockerfile b/Dockerfile
@@ -1,8 +1,8 @@
 # Base Image
-FROM node:18-alpine AS base
+FROM node:22-alpine AS base
 WORKDIR /app
 
-RUN npm install -g pnpm@8
+RUN npm install -g pnpm@9
 COPY pnpm-lock.yaml .
 
 # Build Stage

diff --git a/README.md b/README.md
@@ -30,12 +30,11 @@ docker compose up --build -d
 필수 환경 변수가 아닌 경우, 설정해야 하는 특별한 이유가 없다면 기본값을 사용하는 것이 좋아요.
 
 |이름|필수|기본값|설명|
-|-:|:-:|:-:|:-|
-|`JWT_SECRET`|Y||JWT의 서명을 위해 사용돼요. 안전한 값으로 설정해 주세요.|
-|`JWT_ACCESS_TOKEN_EXPIRES`||`5m`|Access Token의 유효 시간이에요.|
-|`JWT_REFRESH_TOKEN_EXPIRES`||`14d`|Refresh Token의 유효 시간이에요.|
+|:-|:-:|:-:|:-|
+|`SESSION_SECRET`|Y||Session ID의 서명을 위해 사용돼요. 안전한 값으로 설정해 주세요.|
+|`SESSION_EXPIRES`||`14d`|Session의 유효 시간이에요. Session은 마지막으로 사용된 후 설정된 유효 시간이 지나면 자동으로 삭제돼요.|
 |`USER_CLIENT_CHALLENGE_EXPIRES`||`5m`|암호 키를 서버에 처음 등록할 때 사용되는 챌린지의 유효 시간이에요.|
-|`TOKEN_UPGRADE_CHALLENGE_EXPIRES`||`5m`|암호 키와 함께 로그인할 때 사용되는 챌린지의 유효 시간이에요.|
+|`SESSION_UPGRADE_CHALLENGE_EXPIRES`||`5m`|암호 키와 함께 로그인할 때 사용되는 챌린지의 유효 시간이에요.|
 |`TRUST_PROXY`|||신뢰할 수 있는 리버스 프록시의 수예요. 설정할 경우 1 이상의 정수로 설정해 주세요. 프록시에서 `X-Forwarded-For` HTTP 헤더를 올바르게 설정하도록 구성해 주세요.|
 |`NODE_ENV`||`production`|ArkVault의 사용 용도예요. `production`인 경우, 컨테이너가 실행될 때마다 DB 마이그레이션이 자동으로 실행돼요.|
 |`PORT`||`80`|ArkVault 서버의 포트예요.|

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -8,11 +8,10 @@ services:
     environment:
       # ArkVault
       - DATABASE_URL=/app/data/database.sqlite
-      - JWT_SECRET=${JWT_SECRET:?} # Required
-      - JWT_ACCESS_TOKEN_EXPIRES
-      - JWT_REFRESH_TOKEN_EXPIRES
+      - SESSION_SECRET=${SESSION_SECRET:?} # Required
+      - SESSION_EXPIRES
       - USER_CLIENT_CHALLENGE_EXPIRES
-      - TOKEN_UPGRADE_CHALLENGE_EXPIRES
+      - SESSION_UPGRADE_CHALLENGE_EXPIRES
       - LIBRARY_PATH=/app/data/library
       # SvelteKit
       - ADDRESS_HEADER=${TRUST_PROXY:+X-Forwarded-For}

diff --git a/drizzle/0000_handy_captain_marvel.sql → drizzle/0000_unknown_stark_industries.sql b/drizzle/0000_handy_captain_marvel.sql → drizzle/0000_unknown_stark_industries.sql
@@ -17,17 +17,16 @@ CREATE TABLE `user_client_challenge` (
 	`id` integer PRIMARY KEY NOT NULL,
 	`user_id` integer NOT NULL,
 	`client_id` integer NOT NULL,
-	`challenge` text NOT NULL,
+	`answer` text NOT NULL,
 	`allowed_ip` text NOT NULL,
 	`expires_at` integer NOT NULL,
-	`is_used` integer DEFAULT false NOT NULL,
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`client_id`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action
+	FOREIGN KEY (`client_id`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action,
+	FOREIGN KEY (`user_id`,`client_id`) REFERENCES `user_client`(`user_id`,`client_id`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
 CREATE TABLE `directory` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
-	`created_at` integer NOT NULL,
 	`parent_id` integer,
 	`user_id` integer NOT NULL,
 	`master_encryption_key_version` integer NOT NULL,
@@ -39,23 +38,66 @@ CREATE TABLE `directory` (
 	FOREIGN KEY (`user_id`,`master_encryption_key_version`) REFERENCES `master_encryption_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
+CREATE TABLE `directory_log` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`directory_id` integer NOT NULL,
+	`timestamp` integer NOT NULL,
+	`action` text NOT NULL,
+	`new_name` text,
+	FOREIGN KEY (`directory_id`) REFERENCES `directory`(`id`) ON UPDATE no action ON DELETE cascade
+);
+--> statement-breakpoint
 CREATE TABLE `file` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
-	`path` text NOT NULL,
 	`parent_id` integer,
-	`created_at` integer NOT NULL,
 	`user_id` integer NOT NULL,
+	`path` text NOT NULL,
 	`master_encryption_key_version` integer NOT NULL,
 	`encrypted_data_encryption_key` text NOT NULL,
 	`data_encryption_key_version` integer NOT NULL,
+	`hmac_secret_key_version` integer,
+	`content_hmac` text,
 	`content_type` text NOT NULL,
 	`encrypted_content_iv` text NOT NULL,
 	`encrypted_name` text NOT NULL,
 	FOREIGN KEY (`parent_id`) REFERENCES `directory`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
+	FOREIGN KEY (`user_id`,`master_encryption_key_version`) REFERENCES `master_encryption_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action,
+	FOREIGN KEY (`user_id`,`hmac_secret_key_version`) REFERENCES `hmac_secret_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
+);
+--> statement-breakpoint
+CREATE TABLE `file_log` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`file_id` integer NOT NULL,
+	`timestamp` integer NOT NULL,
+	`action` text NOT NULL,
+	`new_name` text,
+	FOREIGN KEY (`file_id`) REFERENCES `file`(`id`) ON UPDATE no action ON DELETE cascade
+);
+--> statement-breakpoint
+CREATE TABLE `hmac_secret_key` (
+	`user_id` integer NOT NULL,
+	`version` integer NOT NULL,
+	`state` text NOT NULL,
+	`master_encryption_key_version` integer NOT NULL,
+	`encrypted_key` text NOT NULL,
+	PRIMARY KEY(`user_id`, `version`),
+	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`user_id`,`master_encryption_key_version`) REFERENCES `master_encryption_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
+CREATE TABLE `hmac_secret_key_log` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`user_id` integer NOT NULL,
+	`hmac_secret_key_version` integer NOT NULL,
+	`timestamp` integer NOT NULL,
+	`action` text NOT NULL,
+	`action_by` integer,
+	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
+	FOREIGN KEY (`action_by`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
+	FOREIGN KEY (`user_id`,`hmac_secret_key_version`) REFERENCES `hmac_secret_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
+);
+--> statement-breakpoint
 CREATE TABLE `client_master_encryption_key` (
 	`user_id` integer NOT NULL,
 	`client_id` integer NOT NULL,
@@ -71,49 +113,63 @@ CREATE TABLE `client_master_encryption_key` (
 CREATE TABLE `master_encryption_key` (
 	`user_id` integer NOT NULL,
 	`version` integer NOT NULL,
-	`created_by` integer NOT NULL,
-	`created_at` integer NOT NULL,
 	`state` text NOT NULL,
 	`retired_at` integer,
 	PRIMARY KEY(`user_id`, `version`),
+	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action
+);
+--> statement-breakpoint
+CREATE TABLE `master_encryption_key_log` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`user_id` integer NOT NULL,
+	`master_encryption_key_version` integer NOT NULL,
+	`timestamp` integer NOT NULL,
+	`action` text NOT NULL,
+	`action_by` integer,
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`created_by`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action
+	FOREIGN KEY (`action_by`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action,
+	FOREIGN KEY (`user_id`,`master_encryption_key_version`) REFERENCES `master_encryption_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
-CREATE TABLE `refresh_token` (
+CREATE TABLE `session` (
 	`id` text PRIMARY KEY NOT NULL,
 	`user_id` integer NOT NULL,
 	`client_id` integer,
-	`expires_at` integer NOT NULL,
+	`created_at` integer NOT NULL,
+	`last_used_at` integer NOT NULL,
+	`last_used_by_ip` text,
+	`last_used_by_user_agent` text,
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`client_id`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
-CREATE TABLE `token_upgrade_challenge` (
+CREATE TABLE `session_upgrade_challenge` (
 	`id` integer PRIMARY KEY NOT NULL,
-	`refresh_token_id` text NOT NULL,
+	`session_id` text NOT NULL,
 	`client_id` integer NOT NULL,
-	`challenge` text NOT NULL,
+	`answer` text NOT NULL,
 	`allowed_ip` text NOT NULL,
 	`expires_at` integer NOT NULL,
-	`is_used` integer DEFAULT false NOT NULL,
-	FOREIGN KEY (`refresh_token_id`) REFERENCES `refresh_token`(`id`) ON UPDATE no action ON DELETE no action,
+	FOREIGN KEY (`session_id`) REFERENCES `session`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`client_id`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
 CREATE TABLE `user` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`email` text NOT NULL,
-	`password` text NOT NULL
+	`password` text NOT NULL,
+	`nickname` text NOT NULL
 );
 --> statement-breakpoint
 CREATE UNIQUE INDEX `client_encryption_public_key_unique` ON `client` (`encryption_public_key`);--> statement-breakpoint
 CREATE UNIQUE INDEX `client_signature_public_key_unique` ON `client` (`signature_public_key`);--> statement-breakpoint
 CREATE UNIQUE INDEX `client_encryption_public_key_signature_public_key_unique` ON `client` (`encryption_public_key`,`signature_public_key`);--> statement-breakpoint
-CREATE UNIQUE INDEX `user_client_challenge_challenge_unique` ON `user_client_challenge` (`challenge`);--> statement-breakpoint
+CREATE UNIQUE INDEX `user_client_challenge_answer_unique` ON `user_client_challenge` (`answer`);--> statement-breakpoint
 CREATE UNIQUE INDEX `directory_encrypted_data_encryption_key_unique` ON `directory` (`encrypted_data_encryption_key`);--> statement-breakpoint
 CREATE UNIQUE INDEX `file_path_unique` ON `file` (`path`);--> statement-breakpoint
 CREATE UNIQUE INDEX `file_encrypted_data_encryption_key_unique` ON `file` (`encrypted_data_encryption_key`);--> statement-breakpoint
-CREATE UNIQUE INDEX `refresh_token_user_id_client_id_unique` ON `refresh_token` (`user_id`,`client_id`);--> statement-breakpoint
-CREATE UNIQUE INDEX `token_upgrade_challenge_challenge_unique` ON `token_upgrade_challenge` (`challenge`);--> statement-breakpoint
+CREATE UNIQUE INDEX `hmac_secret_key_encrypted_key_unique` ON `hmac_secret_key` (`encrypted_key`);--> statement-breakpoint
+CREATE UNIQUE INDEX `session_user_id_client_id_unique` ON `session` (`user_id`,`client_id`);--> statement-breakpoint
+CREATE UNIQUE INDEX `session_upgrade_challenge_session_id_unique` ON `session_upgrade_challenge` (`session_id`);--> statement-breakpoint
+CREATE UNIQUE INDEX `session_upgrade_challenge_answer_unique` ON `session_upgrade_challenge` (`answer`);--> statement-breakpoint
 CREATE UNIQUE INDEX `user_email_unique` ON `user` (`email`);