@ahhaohho/auth-middleware 1.0.4 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ahhaohho/auth-middleware",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.5",
|
|
4
4
|
"description": "Shared authentication middleware with Passport.js for ahhaohho microservices",
|
|
5
5
|
"main": "src/index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -28,11 +28,12 @@
|
|
|
28
28
|
"author": "ahhaohho",
|
|
29
29
|
"license": "MIT",
|
|
30
30
|
"dependencies": {
|
|
31
|
-
"
|
|
32
|
-
"passport-jwt": "^4.0.1",
|
|
33
|
-
"jsonwebtoken": "^9.0.2",
|
|
31
|
+
"@aws-sdk/client-secrets-manager": "^3.552.0",
|
|
34
32
|
"ioredis": "^5.4.1",
|
|
35
|
-
"
|
|
33
|
+
"jsonwebtoken": "^9.0.2",
|
|
34
|
+
"passport": "^0.7.0",
|
|
35
|
+
"passport-custom": "^1.1.1",
|
|
36
|
+
"passport-jwt": "^4.0.1"
|
|
36
37
|
},
|
|
37
38
|
"peerDependencies": {
|
|
38
39
|
"express": "^4.x"
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
const { Strategy:
|
|
1
|
+
const { Strategy: CustomStrategy } = require('passport-custom');
|
|
2
2
|
const { verifyTokenWithFallback } = require('../utils/jwtValidator');
|
|
3
3
|
const { isBlacklisted } = require('../utils/blacklist');
|
|
4
4
|
|
|
@@ -23,48 +23,46 @@ function extractRefreshToken(req) {
|
|
|
23
23
|
}
|
|
24
24
|
|
|
25
25
|
/**
|
|
26
|
-
* Passport Refresh Token 전략 생성
|
|
26
|
+
* Passport Refresh Token 전략 생성 (Custom Strategy 사용)
|
|
27
27
|
*/
|
|
28
28
|
function createRefreshStrategy() {
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
if (!decoded || !decoded.userId) {
|
|
37
|
-
return done(new Error('Invalid refresh token payload'), false);
|
|
38
|
-
}
|
|
29
|
+
return new CustomStrategy(async (req, done) => {
|
|
30
|
+
try {
|
|
31
|
+
// 1. 토큰 추출
|
|
32
|
+
const token = extractRefreshToken(req);
|
|
33
|
+
if (!token) {
|
|
34
|
+
return done(null, false, { message: 'No refresh token provided' });
|
|
35
|
+
}
|
|
39
36
|
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
if (blacklisted) {
|
|
43
|
-
return done(new Error('Refresh token has been revoked'), false);
|
|
44
|
-
}
|
|
37
|
+
// 2. 다중 키로 토큰 검증
|
|
38
|
+
const { decoded, keyUsed } = await verifyTokenWithFallback(token);
|
|
45
39
|
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
);
|
|
40
|
+
if (!decoded || !decoded.userId) {
|
|
41
|
+
return done(null, false, { message: 'Invalid refresh token payload' });
|
|
42
|
+
}
|
|
50
43
|
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
done(
|
|
44
|
+
// 3. 블랙리스트 확인 (refresh 타입)
|
|
45
|
+
const blacklisted = await isBlacklisted(decoded.userId, 'refresh', token);
|
|
46
|
+
if (blacklisted) {
|
|
47
|
+
return done(null, false, { message: 'Refresh token has been revoked' });
|
|
55
48
|
}
|
|
56
|
-
},
|
|
57
|
-
passReqToCallback: false
|
|
58
|
-
};
|
|
59
49
|
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
phoneNumber: jwtPayload.phoneNumber
|
|
65
|
-
};
|
|
50
|
+
// 4. 검증 성공 - user 객체 반환
|
|
51
|
+
console.log(
|
|
52
|
+
`[@ahhaohho/auth-middleware] ✅ Refresh token verified with ${keyUsed} key for user ${decoded.userId}`
|
|
53
|
+
);
|
|
66
54
|
|
|
67
|
-
|
|
55
|
+
const user = {
|
|
56
|
+
userId: decoded.userId,
|
|
57
|
+
userRole: decoded.userRole,
|
|
58
|
+
phoneNumber: decoded.phoneNumber
|
|
59
|
+
};
|
|
60
|
+
|
|
61
|
+
return done(null, user);
|
|
62
|
+
} catch (error) {
|
|
63
|
+
console.error('[@ahhaohho/auth-middleware] ❌ Refresh token verification failed:', error.message);
|
|
64
|
+
return done(error, false);
|
|
65
|
+
}
|
|
68
66
|
});
|
|
69
67
|
}
|
|
70
68
|
|