npm - @ahhaohho/auth-middleware - Versions diffs - 1.0.2 → 1.0.4 - Mend

@ahhaohho/auth-middleware 1.0.2 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -12,10 +12,10 @@ Shared authentication middleware with Passport.js for ahhaohho microservices.
 ## Installation
-### Using Git (recommended for private packages)
+### Using npm (recommended)
 ```bash
-npm install git+ssh://git@github.com:ahhaohho/auth-middleware.git#v1.0.0
+npm install @ahhaohho/auth-middleware
 ```
 Or add to `package.json`:
@@ -23,7 +23,23 @@ Or add to `package.json`:
 ```json
 {
   "dependencies": {
-    "@ahhaohho/auth-middleware": "git+ssh://git@github.com:ahhaohho/auth-middleware.git#v1.0.0"
+    "@ahhaohho/auth-middleware": "^1.0.2"
+  }
+}
+```
+### Using Git
+```bash
+npm install git+ssh://git@github.com:Future-Lab-META/auth-middleware.git#v1.0.2
+```
+Or add to `package.json`:
+```json
+{
+  "dependencies": {
+    "@ahhaohho/auth-middleware": "git+ssh://git@github.com:Future-Lab-META/auth-middleware.git#v1.0.2"
   }
 }
 ```
@@ -70,9 +86,19 @@ REDIS_PORT=6379
 JWT_SECRET_NAME=your-secret-name
 # Optional
-ELASTICACHE_ENDPOINT=your-elasticache-endpoint  # If using ElastiCache
+ELASTICACHE_ENDPOINT=your-elasticache-endpoint  # If using ElastiCache (auto-enables TLS)
+REDIS_TLS=true                                  # Force enable TLS for Redis connection
 ```
+#### Redis Configuration Notes
+- **REDIS_HOST**: If set, takes priority over ELASTICACHE_ENDPOINT
+- **ELASTICACHE_ENDPOINT**: Used only when REDIS_HOST is not set
+- **TLS Auto-detection**:
+  - TLS is automatically disabled for `localhost` and `127.0.0.1`
+  - TLS is automatically enabled when using ELASTICACHE_ENDPOINT (without REDIS_HOST)
+  - Use `REDIS_TLS=true` to force enable TLS for any host
 ## Architecture
 ### JWT Verification Flow
@@ -166,7 +192,7 @@ auth-middleware/
 ```bash
 # Clone the repository
-git clone git@github.com:ahhaohho/auth-middleware.git
+git clone git@github.com:Future-Lab-META/auth-middleware.git
 cd auth-middleware
 # Install dependencies
@@ -197,10 +223,20 @@ git push origin main --tags
 ### Using Specific Versions
+```bash
+# npm
+npm install @ahhaohho/auth-middleware@1.0.2
+# Git
+npm install git+ssh://git@github.com:Future-Lab-META/auth-middleware.git#v1.0.2
+```
+Or in `package.json`:
 ```json
 {
   "dependencies": {
-    "@ahhaohho/auth-middleware": "git+ssh://git@github.com:ahhaohho/auth-middleware.git#v1.0.0"
+    "@ahhaohho/auth-middleware": "1.0.2"
   }
 }
 ```

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ahhaohho/auth-middleware",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "Shared authentication middleware with Passport.js for ahhaohho microservices",
   "main": "src/index.js",
   "scripts": {
@@ -9,12 +9,12 @@
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/ahhaohho/auth-middleware.git"
+    "url": "git+https://github.com/Future-Lab-META/auth-middleware.git"
   },
   "bugs": {
-    "url": "https://github.com/ahhaohho/auth-middleware/issues"
+    "url": "https://github.com/Future-Lab-META/auth-middleware/issues"
   },
-  "homepage": "https://github.com/ahhaohho/auth-middleware#readme",
+  "homepage": "https://github.com/Future-Lab-META/auth-middleware#readme",
   "publishConfig": {
     "access": "public"
   },

package/src/index.js CHANGED Viewed

@@ -5,7 +5,7 @@
  * for ahhaohho microservices
  */
-const { authenticateJWT, authenticateRefresh, optionalAuth } = require('./middleware/auth');
+const { authenticateJWT, authenticateRefresh, optionalAuth, authenticateHybrid } = require('./middleware/auth');
 const { verifyTokenWithFallback, signToken, getCurrentSigningKey } = require('./utils/jwtValidator');
 const { isBlacklisted, addToBlacklist, clearBlacklist } = require('./utils/blacklist');
 const { getJwtKeys, invalidateCache } = require('./utils/secretManager');
@@ -17,6 +17,7 @@ module.exports = {
   authenticateJWT,
   authenticateRefresh,
   optionalAuth,
+  authenticateHybrid,
   // 유틸리티 함수 (필요시 직접 사용)
   utils: {

package/src/middleware/auth.js CHANGED Viewed

@@ -114,8 +114,104 @@ function optionalAuth(req, res, next) {
   })(req, res, next);
 }
+/**
+ * Hybrid 인증 미들웨어 (access token 만료 시 refresh token으로 자동 갱신)
+ *
+ * 1. Access token 검증 시도
+ * 2. 실패하면 refresh token 확인
+ * 3. Refresh token이 유효하면 새 access token 생성하여 응답 헤더에 추가
+ *
+ * @example
+ * router.get('/protected', authenticateHybrid, (req, res) => {
+ *   // req.user 사용 가능
+ *   // 응답 헤더에 x-new-access-token이 있으면 클라이언트가 토큰 갱신해야 함
+ *   res.json({ userId: req.user.userId });
+ * });
+ */
+async function authenticateHybrid(req, res, next) {
+  initializePassport();
+  // 1. Access token 검증 시도
+  passport.authenticate('jwt', { session: false }, async (err, user, info) => {
+    if (err) {
+      console.error('[@ahhaohho/auth-middleware] Hybrid auth error:', err.message);
+      return res.status(500).json({
+        error: 'Authentication error',
+        message: err.message
+      });
+    }
+    // Access token이 유효한 경우
+    if (user) {
+      req.user = user;
+      return next();
+    }
+    // 2. Access token이 유효하지 않은 경우, refresh token 확인
+    console.log('[@ahhaohho/auth-middleware] Access token invalid, trying refresh token...');
+    // Refresh token이 없으면 401 반환
+    if (!req.headers['refresh-token'] && !req.headers['refreshtoken']) {
+      return res.status(401).json({
+        error: 'Unauthorized',
+        message: 'Access token expired and no refresh token provided'
+      });
+    }
+    // 3. Refresh token 검증
+    passport.authenticate('refresh', { session: false }, async (refreshErr, refreshUser, refreshInfo) => {
+      console.log('[@ahhaohho/auth-middleware] 🔍 Refresh callback:', { hasError: !!refreshErr, hasUser: !!refreshUser, userId: refreshUser?.userId });
+      if (refreshErr) {
+        console.error('[@ahhaohho/auth-middleware] Refresh token error:', refreshErr.message);
+        return res.status(500).json({
+          error: 'Token refresh error',
+          message: refreshErr.message
+        });
+      }
+      if (!refreshUser) {
+        console.error('[@ahhaohho/auth-middleware] ❌ No refresh user found, returning 401');
+        return res.status(401).json({
+          error: 'Unauthorized',
+          message: 'Both access and refresh tokens are invalid'
+        });
+      }
+      // 4. 새 access token 생성
+      try {
+        const { signToken } = require('../utils/jwtValidator');
+        const tokenData = {
+          userId: refreshUser.userId,
+          userRole: refreshUser.userRole,
+          phoneNumber: refreshUser.phoneNumber
+        };
+        const newAccessToken = await signToken(tokenData, { expiresIn: '1h' });
+        console.log('[@ahhaohho/auth-middleware] ✅ New access token generated for userId:', refreshUser.userId);
+        // 5. 응답 헤더에 새 토큰 추가 (클라이언트가 이를 확인하여 저장)
+        res.setHeader('X-New-Access-Token', newAccessToken);
+        // 6. req.user 설정하고 계속 진행
+        req.user = refreshUser;
+        next();
+      } catch (tokenError) {
+        console.error('[@ahhaohho/auth-middleware] Failed to generate new token:', tokenError.message);
+        return res.status(500).json({
+          error: 'Token generation error',
+          message: tokenError.message
+        });
+      }
+    })(req, res, next);
+  })(req, res, next);
+}
 module.exports = {
   authenticateJWT,
   authenticateRefresh,
-  optionalAuth
+  optionalAuth,
+  authenticateHybrid
 };