npm - @ahhaohho/auth-middleware - Versions diffs - 2.3.1 → 2.3.3 - Mend

@ahhaohho/auth-middleware 2.3.1 → 2.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/src/middleware/auth.js +4 -4
package/src/utils/secretManager.js +15 -2

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ahhaohho/auth-middleware",
-  "version": "2.3.1",
+  "version": "2.3.3",
   "description": "Shared authentication and authorization middleware for ahhaohho microservices",
   "main": "src/index.js",
   "scripts": {

package/src/middleware/auth.js CHANGED Viewed

@@ -38,7 +38,7 @@ function authenticateJWT(req, res, next) {
     if (err || !user) {
       return res.status(401).json({
         error: 'Unauthorized',
-        message: err?.message || info?.message || 'Invalid or expired token'
+        message: info?.message || 'Invalid or expired token'
       });
     }
@@ -69,7 +69,7 @@ function authenticateRefresh(req, res, next) {
     if (err || !user) {
       return res.status(401).json({
         error: 'Invalid refresh token',
-        message: err?.message || info?.message || 'Invalid or expired refresh token'
+        message: info?.message || 'Invalid or expired refresh token'
       });
     }
@@ -163,7 +163,7 @@ async function authenticateHybrid(req, res, next) {
       if (refreshErr || !refreshUser) {
         return res.status(401).json({
           error: 'Unauthorized',
-          message: refreshErr?.message || 'Both access and refresh tokens are invalid'
+          message: 'Both access and refresh tokens are invalid'
         });
       }
@@ -196,7 +196,7 @@ async function authenticateHybrid(req, res, next) {
         console.error('[@ahhaohho/auth-middleware] Failed to generate new token:', tokenError.message);
         return res.status(500).json({
           error: 'Token generation error',
-          message: tokenError.message
+          message: 'Failed to generate new access token'
         });
       }
     })(req, res, next);

package/src/utils/secretManager.js CHANGED Viewed

@@ -1,6 +1,19 @@
 const { SecretsManagerClient, GetSecretValueCommand } = require('@aws-sdk/client-secrets-manager');
 const redisManager = require('../config/redis');
+/**
+ * NODE_ENV에 따라 시크릿에서 올바른 키를 선택
+ * Secret 구조: { dev: "...", staging: "...", prod: "..." }
+ * @param {object} secret - AWS Secrets Manager에서 가져온 시크릿 객체
+ * @returns {string|undefined}
+ */
+function resolveKeyByEnv(secret) {
+  const env = process.env.NODE_ENV;
+  if (env === 'production') return secret.prod;
+  if (env === 'staging') return secret.staging;
+  return secret.dev;
+}
 /**
  * AWS Secrets Manager에서 JWT 키 가져오기
  *
@@ -56,7 +69,7 @@ class SecretManager {
       }
       const secret = JSON.parse(response.SecretString);
-      const currentKey = secret.current || secret.jwt_secret_key || secret.dev;
+      const currentKey = secret.current || secret.jwt_secret_key || resolveKeyByEnv(secret);
       // previous 키 결정: secret 내 previous 필드 → AWSPREVIOUS 버전 순서
       let previousKey = secret.previous || null;
@@ -70,7 +83,7 @@ class SecretManager {
           const prevResponse = await this.client.send(prevCommand);
           if (prevResponse.SecretString) {
             const prevSecret = JSON.parse(prevResponse.SecretString);
-            const prevCandidate = prevSecret.current || prevSecret.jwt_secret_key || prevSecret.dev;
+            const prevCandidate = prevSecret.current || prevSecret.jwt_secret_key || resolveKeyByEnv(prevSecret);
             // 이전 키가 현재 키와 다를 때만 사용
             if (prevCandidate && prevCandidate !== currentKey) {
               previousKey = prevCandidate;