@ahhaohho/auth-middleware 1.0.5 → 1.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md
CHANGED
package/package.json
CHANGED
|
@@ -1,15 +1,44 @@
|
|
|
1
|
-
const { Strategy: JwtStrategy
|
|
1
|
+
const { Strategy: JwtStrategy } = require('passport-jwt');
|
|
2
2
|
const { getJwtKeys } = require('../utils/secretManager');
|
|
3
3
|
const { isBlacklisted } = require('../utils/blacklist');
|
|
4
4
|
const jwt = require('jsonwebtoken');
|
|
5
5
|
|
|
6
|
+
/**
|
|
7
|
+
* Bearer 접두사가 있든 없든 토큰을 추출하는 커스텀 함수
|
|
8
|
+
*/
|
|
9
|
+
const extractJwtFromHeader = (req) => {
|
|
10
|
+
const authHeader = req.headers.authorization || req.headers.Authorization;
|
|
11
|
+
|
|
12
|
+
if (!authHeader) {
|
|
13
|
+
return null;
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
// Bearer 접두사가 있는 경우
|
|
17
|
+
if (authHeader.startsWith('Bearer ')) {
|
|
18
|
+
return authHeader.substring(7);
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
// bearer (소문자)인 경우
|
|
22
|
+
if (authHeader.startsWith('bearer ')) {
|
|
23
|
+
return authHeader.substring(7);
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
// Bearer 접두사 없이 토큰만 있는 경우
|
|
27
|
+
// JWT 형식인지 확인 (xxx.yyy.zzz 형태)
|
|
28
|
+
if (authHeader.split('.').length === 3) {
|
|
29
|
+
return authHeader;
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
return null;
|
|
33
|
+
};
|
|
34
|
+
|
|
6
35
|
/**
|
|
7
36
|
* Passport JWT 전략 생성
|
|
8
37
|
* Access Token 검증용
|
|
9
38
|
*/
|
|
10
39
|
function createJwtStrategy() {
|
|
11
40
|
const options = {
|
|
12
|
-
jwtFromRequest:
|
|
41
|
+
jwtFromRequest: extractJwtFromHeader,
|
|
13
42
|
// 다중 키 지원을 위한 secretOrKeyProvider 사용
|
|
14
43
|
secretOrKeyProvider: async (request, rawJwtToken, done) => {
|
|
15
44
|
try {
|
|
@@ -36,9 +65,23 @@ function createJwtStrategy() {
|
|
|
36
65
|
'[@ahhaohho/auth-middleware] ⚠️ Token verified with previous key (fallback)'
|
|
37
66
|
);
|
|
38
67
|
} catch (previousKeyError) {
|
|
68
|
+
// 🚨 임시: invalid signature도 허용 (다음 앱 배포 전까지)
|
|
69
|
+
if (currentKeyError.message.includes('invalid signature') || currentKeyError.message.includes('jwt malformed')) {
|
|
70
|
+
console.warn('[@ahhaohho/auth-middleware] ⚠️ [TEMPORARY] Allowing invalid signature');
|
|
71
|
+
request._jwtDecoded = { userId: 'unknown', userRole: 'guest' };
|
|
72
|
+
request._jwtKeyUsed = 'bypassed';
|
|
73
|
+
return done(null, keys.current);
|
|
74
|
+
}
|
|
39
75
|
return done(currentKeyError, false);
|
|
40
76
|
}
|
|
41
77
|
} else {
|
|
78
|
+
// 🚨 임시: invalid signature도 허용 (다음 앱 배포 전까지)
|
|
79
|
+
if (currentKeyError.message.includes('invalid signature') || currentKeyError.message.includes('jwt malformed')) {
|
|
80
|
+
console.warn('[@ahhaohho/auth-middleware] ⚠️ [TEMPORARY] Allowing invalid signature');
|
|
81
|
+
request._jwtDecoded = { userId: 'unknown', userRole: 'guest' };
|
|
82
|
+
request._jwtKeyUsed = 'bypassed';
|
|
83
|
+
return done(null, keys.current);
|
|
84
|
+
}
|
|
42
85
|
return done(currentKeyError, false);
|
|
43
86
|
}
|
|
44
87
|
}
|
|
@@ -68,7 +111,7 @@ function createJwtStrategy() {
|
|
|
68
111
|
}
|
|
69
112
|
|
|
70
113
|
// 블랙리스트 확인
|
|
71
|
-
const token =
|
|
114
|
+
const token = extractJwtFromHeader(request);
|
|
72
115
|
const blacklisted = await isBlacklisted(decoded.userId, 'access', token);
|
|
73
116
|
if (blacklisted) {
|
|
74
117
|
return done(new Error('Token has been revoked'), false);
|
|
@@ -79,10 +122,15 @@ function createJwtStrategy() {
|
|
|
79
122
|
);
|
|
80
123
|
|
|
81
124
|
// req.user에 주입할 사용자 정보 반환
|
|
125
|
+
// FLC 토큰 지원: email, name, loginMethod 추가
|
|
82
126
|
const user = {
|
|
83
127
|
userId: decoded.userId,
|
|
84
128
|
userRole: decoded.userRole,
|
|
85
|
-
phoneNumber: decoded.phoneNumber
|
|
129
|
+
phoneNumber: decoded.phoneNumber,
|
|
130
|
+
email: decoded.email,
|
|
131
|
+
name: decoded.name,
|
|
132
|
+
loginMethod: decoded.loginMethod,
|
|
133
|
+
imwebId: decoded.imwebId
|
|
86
134
|
};
|
|
87
135
|
|
|
88
136
|
return done(null, user);
|
|
@@ -4,19 +4,24 @@ const { isBlacklisted } = require('../utils/blacklist');
|
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Refresh Token 헤더에서 토큰 추출
|
|
7
|
+
* Bearer 접두사가 있든 없든 처리
|
|
7
8
|
*/
|
|
8
9
|
function extractRefreshToken(req) {
|
|
9
10
|
let token = null;
|
|
10
11
|
|
|
11
|
-
if (req && req.headers
|
|
12
|
-
let refreshToken = req.headers['refresh-token'];
|
|
12
|
+
if (req && req.headers) {
|
|
13
|
+
let refreshToken = req.headers['refresh-token'] || req.headers['refreshtoken'];
|
|
13
14
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
15
|
+
if (refreshToken) {
|
|
16
|
+
// Bearer 접두사 제거 (대소문자 구분 없이)
|
|
17
|
+
if (refreshToken.startsWith('Bearer ')) {
|
|
18
|
+
refreshToken = refreshToken.substring(7);
|
|
19
|
+
} else if (refreshToken.startsWith('bearer ')) {
|
|
20
|
+
refreshToken = refreshToken.substring(7);
|
|
21
|
+
}
|
|
18
22
|
|
|
19
|
-
|
|
23
|
+
token = refreshToken.trim();
|
|
24
|
+
}
|
|
20
25
|
}
|
|
21
26
|
|
|
22
27
|
return token;
|