@thinkingcat/auth-utils 1.0.19 → 1.0.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +2 -0
- package/dist/index.js +54 -4
- package/package.json +1 -1
package/dist/index.d.ts
CHANGED
|
@@ -468,6 +468,8 @@ export declare function handleJWTCallback(token: JWT, user?: {
|
|
|
468
468
|
serviceId?: string;
|
|
469
469
|
cookieName?: string;
|
|
470
470
|
debug?: boolean;
|
|
471
|
+
ssoBaseURL?: string;
|
|
472
|
+
authServiceKey?: string;
|
|
471
473
|
}): Promise<JWT>;
|
|
472
474
|
/**
|
|
473
475
|
* 쿠키에서 커스텀 토큰을 읽어서 NextAuth JWT로 변환하는 헬퍼 함수
|
package/dist/index.js
CHANGED
|
@@ -871,13 +871,14 @@ function mapTokenToSession(session, token) {
|
|
|
871
871
|
* @returns 업데이트된 JWT 토큰
|
|
872
872
|
*/
|
|
873
873
|
async function handleJWTCallback(token, user, account, options) {
|
|
874
|
-
const { secret, licenseKey, serviceId, cookieName, debug = false, } = options || {};
|
|
874
|
+
const { secret, licenseKey, serviceId, cookieName, debug = false, ssoBaseURL, authServiceKey, } = options || {};
|
|
875
875
|
// 디버깅 로그
|
|
876
876
|
if (debug) {
|
|
877
877
|
debugLog('handleJWTCallback', 'Token received:', {
|
|
878
878
|
hasId: !!token.id,
|
|
879
879
|
hasEmail: !!token.email,
|
|
880
880
|
hasRole: !!token.role,
|
|
881
|
+
hasExpires: !!token.accessTokenExpires,
|
|
881
882
|
});
|
|
882
883
|
}
|
|
883
884
|
// 1. 초기 로그인 시 (providers를 통한 로그인)
|
|
@@ -885,12 +886,61 @@ async function handleJWTCallback(token, user, account, options) {
|
|
|
885
886
|
debugLog('handleJWTCallback', 'Initial login, creating token from user data');
|
|
886
887
|
return createInitialJWTToken(token, user, account);
|
|
887
888
|
}
|
|
888
|
-
// 2.
|
|
889
|
+
// 2. 토큰 유효성 체크
|
|
890
|
+
const now = Date.now();
|
|
891
|
+
const expires = token.accessTokenExpires;
|
|
892
|
+
const hasValidToken = token.id && expires && expires > now;
|
|
893
|
+
const refreshToken = token.refreshToken;
|
|
894
|
+
// 2-1. nextauth token이 있고 만료되지 않았으면 그대로 사용
|
|
895
|
+
if (hasValidToken) {
|
|
896
|
+
debugLog('handleJWTCallback', 'Token is still valid, using existing token');
|
|
897
|
+
return token;
|
|
898
|
+
}
|
|
899
|
+
// 2-2. nextauth token이 없거나 만료됨 → refresh token으로 갱신 시도
|
|
900
|
+
// (refreshToken이 있고 SSO 설정이 있을 때만)
|
|
901
|
+
if (refreshToken && ssoBaseURL && authServiceKey && secret) {
|
|
902
|
+
debugLog('handleJWTCallback', 'Token invalid or expired, attempting refresh');
|
|
903
|
+
try {
|
|
904
|
+
debugLog('handleJWTCallback', 'Calling SSO refresh endpoint');
|
|
905
|
+
const response = await fetch(`${ssoBaseURL}/api/sso/refresh`, {
|
|
906
|
+
method: 'POST',
|
|
907
|
+
headers: {
|
|
908
|
+
'Content-Type': 'application/json',
|
|
909
|
+
'x-auth-service-key': authServiceKey,
|
|
910
|
+
},
|
|
911
|
+
body: JSON.stringify({ refreshToken }),
|
|
912
|
+
});
|
|
913
|
+
if (response.ok) {
|
|
914
|
+
const result = await response.json();
|
|
915
|
+
if (result.success && result.accessToken) {
|
|
916
|
+
debugLog('handleJWTCallback', 'Successfully refreshed token');
|
|
917
|
+
// 새 액세스 토큰 검증 및 페이로드 추출
|
|
918
|
+
const tokenResult = await verifyToken(result.accessToken, secret);
|
|
919
|
+
if (tokenResult) {
|
|
920
|
+
const newJWT = createNextAuthJWT(tokenResult.payload, serviceId || '');
|
|
921
|
+
return {
|
|
922
|
+
...newJWT,
|
|
923
|
+
refreshToken, // 기존 refresh token 유지
|
|
924
|
+
accessTokenExpires: Date.now() + (15 * 60 * 1000), // 15분
|
|
925
|
+
};
|
|
926
|
+
}
|
|
927
|
+
}
|
|
928
|
+
}
|
|
929
|
+
debugLog('handleJWTCallback', 'Failed to refresh token, SSO response not ok');
|
|
930
|
+
}
|
|
931
|
+
catch (error) {
|
|
932
|
+
console.error('[handleJWTCallback] Error refreshing token:', error);
|
|
933
|
+
}
|
|
934
|
+
}
|
|
935
|
+
else {
|
|
936
|
+
debugLog('handleJWTCallback', 'Cannot refresh - missing refresh token or SSO config');
|
|
937
|
+
}
|
|
938
|
+
// 3. refresh 실패 시 - 기존 토큰이 있으면 반환
|
|
889
939
|
if (token.id) {
|
|
890
|
-
debugLog('handleJWTCallback', '
|
|
940
|
+
debugLog('handleJWTCallback', 'Refresh failed, returning existing token (possibly expired)');
|
|
891
941
|
return token;
|
|
892
942
|
}
|
|
893
|
-
//
|
|
943
|
+
// 4. 토큰에 id가 없는 경우 - 커스텀 토큰 쿠키에서 정보 읽기
|
|
894
944
|
debugLog('handleJWTCallback', 'Token has no id, checking custom token cookie');
|
|
895
945
|
if (secret && licenseKey && serviceId) {
|
|
896
946
|
const cookieNameToUse = cookieName || `${serviceId}_access_token`;
|
package/package.json
CHANGED