npm - @ahhaohho/auth-middleware - Versions diffs - 2.2.1 → 2.3.0 - Mend

@ahhaohho/auth-middleware 2.2.1 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/src/utils/secretManager.js +30 -3

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ahhaohho/auth-middleware",
-  "version": "2.2.1",
+  "version": "2.3.0",
   "description": "Shared authentication and authorization middleware for ahhaohho microservices",
   "main": "src/index.js",
   "scripts": {

package/src/utils/secretManager.js CHANGED Viewed

@@ -46,7 +46,7 @@ class SecretManager {
         return JSON.parse(cachedKeys);
       }
-      // 2. AWS Secrets Manager에서 가져오기
+      // 2. AWS Secrets Manager에서 가져오기 (AWSCURRENT + AWSPREVIOUS)
       console.log('[@ahhaohho/auth-middleware] Fetching JWT keys from AWS Secrets Manager');
       const command = new GetSecretValueCommand({ SecretId: this.secretName });
       const response = await this.client.send(command);
@@ -56,9 +56,36 @@ class SecretManager {
       }
       const secret = JSON.parse(response.SecretString);
+      const currentKey = secret.current || secret.jwt_secret_key || secret.dev;
+      // previous 키 결정: secret 내 previous 필드 → AWSPREVIOUS 버전 순서
+      let previousKey = secret.previous || null;
+      if (!previousKey) {
+        try {
+          const prevCommand = new GetSecretValueCommand({
+            SecretId: this.secretName,
+            VersionStage: 'AWSPREVIOUS'
+          });
+          const prevResponse = await this.client.send(prevCommand);
+          if (prevResponse.SecretString) {
+            const prevSecret = JSON.parse(prevResponse.SecretString);
+            const prevCandidate = prevSecret.current || prevSecret.jwt_secret_key || prevSecret.dev;
+            // 이전 키가 현재 키와 다를 때만 사용
+            if (prevCandidate && prevCandidate !== currentKey) {
+              previousKey = prevCandidate;
+              console.log('[@ahhaohho/auth-middleware] Using AWSPREVIOUS version as fallback key');
+            }
+          }
+        } catch (prevError) {
+          // AWSPREVIOUS가 없을 수 있음 (첫 시크릿이거나 로테이션 미사용)
+          console.log('[@ahhaohho/auth-middleware] No AWSPREVIOUS version available');
+        }
+      }
       const keys = {
-        current: secret.current || secret.jwt_secret_key || secret.dev,
-        previous: secret.previous || null
+        current: currentKey,
+        previous: previousKey
       };
       // 3. Redis에 캐싱 (5분 TTL)