@ahhaohho/auth-middleware 1.0.7 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/src/strategies/jwt.strategy.js +16 -4
  3. package/src/strategies/refresh.strategy.js +8 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ahhaohho/auth-middleware",
3
- "version": "1.0.7",
3
+ "version": "1.0.8",
4
4
  "description": "Shared authentication middleware with Passport.js for ahhaohho microservices",
5
5
  "main": "src/index.js",
6
6
  "scripts": {
package/src/strategies/jwt.strategy.js CHANGED
@@ -4,9 +4,16 @@ const { isBlacklisted } = require('../utils/blacklist');
4
4
  const jwt = require('jsonwebtoken');
5
5
 
6
6
  /**
7
- * Bearer 접두사가 있든 없든 토큰을 추출하는 커스텀 함수
7
+ * 쿠키 또는 Bearer 헤더에서 토큰을 추출하는 커스텀 함수
8
+ * 우선순위: 1. 쿠키 (flc_auth_token) 2. Authorization 헤더
8
9
  */
9
- const extractJwtFromHeader = (req) => {
10
+ const extractJwtFromRequest = (req) => {
11
+ // 1. 쿠키에서 FLC 토큰 확인 (HttpOnly 쿠키 방식)
12
+ if (req.cookies && req.cookies.flc_auth_token) {
13
+ return req.cookies.flc_auth_token;
14
+ }
15
+
16
+ // 2. Authorization 헤더에서 토큰 확인 (기존 방식 호환)
10
17
  const authHeader = req.headers.authorization || req.headers.Authorization;
11
18
 
12
19
  if (!authHeader) {
@@ -32,13 +39,18 @@ const extractJwtFromHeader = (req) => {
32
39
  return null;
33
40
  };
34
41
 
42
+ /**
43
+ * @deprecated Use extractJwtFromRequest instead
44
+ */
45
+ const extractJwtFromHeader = extractJwtFromRequest;
46
+
35
47
  /**
36
48
  * Passport JWT 전략 생성
37
49
  * Access Token 검증용
38
50
  */
39
51
  function createJwtStrategy() {
40
52
  const options = {
41
- jwtFromRequest: extractJwtFromHeader,
53
+ jwtFromRequest: extractJwtFromRequest,
42
54
  // 다중 키 지원을 위한 secretOrKeyProvider 사용
43
55
  secretOrKeyProvider: async (request, rawJwtToken, done) => {
44
56
  try {
@@ -111,7 +123,7 @@ function createJwtStrategy() {
111
123
  }
112
124
 
113
125
  // 블랙리스트 확인
114
- const token = extractJwtFromHeader(request);
126
+ const token = extractJwtFromRequest(request);
115
127
  const blacklisted = await isBlacklisted(decoded.userId, 'access', token);
116
128
  if (blacklisted) {
117
129
  return done(new Error('Token has been revoked'), false);
package/src/strategies/refresh.strategy.js CHANGED
@@ -3,10 +3,17 @@ const { verifyTokenWithFallback } = require('../utils/jwtValidator');
3
3
  const { isBlacklisted } = require('../utils/blacklist');
4
4
 
5
5
  /**
6
- * Refresh Token 헤더에서 토큰 추출
6
+ * 쿠키 또는 헤더에서 Refresh Token 추출
7
+ * 우선순위: 1. 쿠키 (flc_refresh_token) 2. refresh-token 헤더
7
8
  * Bearer 접두사가 있든 없든 처리
8
9
  */
9
10
  function extractRefreshToken(req) {
11
+ // 1. 쿠키에서 FLC 리프레시 토큰 확인 (HttpOnly 쿠키 방식)
12
+ if (req && req.cookies && req.cookies.flc_refresh_token) {
13
+ return req.cookies.flc_refresh_token;
14
+ }
15
+
16
+ // 2. 헤더에서 리프레시 토큰 확인 (기존 방식 호환)
10
17
  let token = null;
11
18
 
12
19
  if (req && req.headers) {