@ahhaohho/auth-middleware 1.0.6 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +1 -1
  2. package/package.json +1 -1
  3. package/src/strategies/jwt.strategy.js +36 -5
  4. package/src/strategies/refresh.strategy.js +8 -1
package/README.md CHANGED
@@ -1,4 +1,4 @@
1
- # @ahhaohho/auth-middleware
1
+ ㅈ# @ahhaohho/auth-middleware
2
2
 
3
3
  Shared authentication middleware with Passport.js for ahhaohho microservices.
4
4
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ahhaohho/auth-middleware",
3
- "version": "1.0.6",
3
+ "version": "1.0.8",
4
4
  "description": "Shared authentication middleware with Passport.js for ahhaohho microservices",
5
5
  "main": "src/index.js",
6
6
  "scripts": {
package/src/strategies/jwt.strategy.js CHANGED
@@ -4,9 +4,16 @@ const { isBlacklisted } = require('../utils/blacklist');
4
4
  const jwt = require('jsonwebtoken');
5
5
 
6
6
  /**
7
- * Bearer 접두사가 있든 없든 토큰을 추출하는 커스텀 함수
7
+ * 쿠키 또는 Bearer 헤더에서 토큰을 추출하는 커스텀 함수
8
+ * 우선순위: 1. 쿠키 (flc_auth_token) 2. Authorization 헤더
8
9
  */
9
- const extractJwtFromHeader = (req) => {
10
+ const extractJwtFromRequest = (req) => {
11
+ // 1. 쿠키에서 FLC 토큰 확인 (HttpOnly 쿠키 방식)
12
+ if (req.cookies && req.cookies.flc_auth_token) {
13
+ return req.cookies.flc_auth_token;
14
+ }
15
+
16
+ // 2. Authorization 헤더에서 토큰 확인 (기존 방식 호환)
10
17
  const authHeader = req.headers.authorization || req.headers.Authorization;
11
18
 
12
19
  if (!authHeader) {
@@ -32,13 +39,18 @@ const extractJwtFromHeader = (req) => {
32
39
  return null;
33
40
  };
34
41
 
42
+ /**
43
+ * @deprecated Use extractJwtFromRequest instead
44
+ */
45
+ const extractJwtFromHeader = extractJwtFromRequest;
46
+
35
47
  /**
36
48
  * Passport JWT 전략 생성
37
49
  * Access Token 검증용
38
50
  */
39
51
  function createJwtStrategy() {
40
52
  const options = {
41
- jwtFromRequest: extractJwtFromHeader,
53
+ jwtFromRequest: extractJwtFromRequest,
42
54
  // 다중 키 지원을 위한 secretOrKeyProvider 사용
43
55
  secretOrKeyProvider: async (request, rawJwtToken, done) => {
44
56
  try {
@@ -65,9 +77,23 @@ function createJwtStrategy() {
65
77
  '[@ahhaohho/auth-middleware] ⚠️ Token verified with previous key (fallback)'
66
78
  );
67
79
  } catch (previousKeyError) {
80
+ // 🚨 임시: invalid signature도 허용 (다음 앱 배포 전까지)
81
+ if (currentKeyError.message.includes('invalid signature') || currentKeyError.message.includes('jwt malformed')) {
82
+ console.warn('[@ahhaohho/auth-middleware] ⚠️ [TEMPORARY] Allowing invalid signature');
83
+ request._jwtDecoded = { userId: 'unknown', userRole: 'guest' };
84
+ request._jwtKeyUsed = 'bypassed';
85
+ return done(null, keys.current);
86
+ }
68
87
  return done(currentKeyError, false);
69
88
  }
70
89
  } else {
90
+ // 🚨 임시: invalid signature도 허용 (다음 앱 배포 전까지)
91
+ if (currentKeyError.message.includes('invalid signature') || currentKeyError.message.includes('jwt malformed')) {
92
+ console.warn('[@ahhaohho/auth-middleware] ⚠️ [TEMPORARY] Allowing invalid signature');
93
+ request._jwtDecoded = { userId: 'unknown', userRole: 'guest' };
94
+ request._jwtKeyUsed = 'bypassed';
95
+ return done(null, keys.current);
96
+ }
71
97
  return done(currentKeyError, false);
72
98
  }
73
99
  }
@@ -97,7 +123,7 @@ function createJwtStrategy() {
97
123
  }
98
124
 
99
125
  // 블랙리스트 확인
100
- const token = extractJwtFromHeader(request);
126
+ const token = extractJwtFromRequest(request);
101
127
  const blacklisted = await isBlacklisted(decoded.userId, 'access', token);
102
128
  if (blacklisted) {
103
129
  return done(new Error('Token has been revoked'), false);
@@ -108,10 +134,15 @@ function createJwtStrategy() {
108
134
  );
109
135
 
110
136
  // req.user에 주입할 사용자 정보 반환
137
+ // FLC 토큰 지원: email, name, loginMethod 추가
111
138
  const user = {
112
139
  userId: decoded.userId,
113
140
  userRole: decoded.userRole,
114
- phoneNumber: decoded.phoneNumber
141
+ phoneNumber: decoded.phoneNumber,
142
+ email: decoded.email,
143
+ name: decoded.name,
144
+ loginMethod: decoded.loginMethod,
145
+ imwebId: decoded.imwebId
115
146
  };
116
147
 
117
148
  return done(null, user);
package/src/strategies/refresh.strategy.js CHANGED
@@ -3,10 +3,17 @@ const { verifyTokenWithFallback } = require('../utils/jwtValidator');
3
3
  const { isBlacklisted } = require('../utils/blacklist');
4
4
 
5
5
  /**
6
- * Refresh Token 헤더에서 토큰 추출
6
+ * 쿠키 또는 헤더에서 Refresh Token 추출
7
+ * 우선순위: 1. 쿠키 (flc_refresh_token) 2. refresh-token 헤더
7
8
  * Bearer 접두사가 있든 없든 처리
8
9
  */
9
10
  function extractRefreshToken(req) {
11
+ // 1. 쿠키에서 FLC 리프레시 토큰 확인 (HttpOnly 쿠키 방식)
12
+ if (req && req.cookies && req.cookies.flc_refresh_token) {
13
+ return req.cookies.flc_refresh_token;
14
+ }
15
+
16
+ // 2. 헤더에서 리프레시 토큰 확인 (기존 방식 호환)
10
17
  let token = null;
11
18
 
12
19
  if (req && req.headers) {