npm - @thinkingcat/auth-utils - Versions diffs - 1.0.23 → 1.0.25 - Mend

@thinkingcat/auth-utils 1.0.23 → 1.0.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -598,6 +598,7 @@ export declare function verifyAndRefreshTokenWithNextAuth(req: NextRequest, next
     response?: NextResponse;
     error?: string;
     payload?: JWTPayload;
+    token?: JWT;
 }>;
 /**
  * 기본 미들웨어 설정을 생성하는 함수

package/dist/index.js CHANGED Viewed

@@ -1256,19 +1256,65 @@ async function verifyAndRefreshTokenWithNextAuth(req, nextAuthToken, secret, opt
         hasValidAccess: hasValidAccessToken,
         hasRefresh: !!refreshToken,
     });
-    // NextAuth 토큰 또는 access token 중 하나라도 유효하면 통과
-    if (hasValidNextAuthToken || hasValidAccessToken) {
-        debugLog('verifyAndRefreshTokenWithNextAuth', 'At least one token is valid');
-        return { isValid: true };
+    // NextAuth cookie와 access token이 모두 유효하면 통과
+    if (hasValidNextAuthToken && hasValidAccessToken) {
+        debugLog('verifyAndRefreshTokenWithNextAuth', 'Both NextAuth and access tokens are valid');
+        // payload 추출
+        let payload;
+        if (accessToken) {
+            try {
+                const secretBytes = new TextEncoder().encode(secret);
+                const result = await (0, jose_1.jwtVerify)(accessToken, secretBytes);
+                payload = result.payload;
+            }
+            catch {
+                // 이미 검증됐으므로 실패하지 않을 것
+            }
+        }
+        return {
+            isValid: true,
+            token: nextAuthToken,
+            payload
+        };
     }
-    // 둘 다 없으면 refresh token으로 갱신 시도
-    if (refreshToken) {
-        debugLog('verifyAndRefreshTokenWithNextAuth', 'No valid tokens, attempting refresh');
+    // NextAuth cookie가 없거나 access token이 없으면 refresh 시도
+    if (refreshToken && (!hasValidNextAuthToken || !hasValidAccessToken)) {
+        debugLog('verifyAndRefreshTokenWithNextAuth', 'Missing NextAuth or access token, attempting refresh');
         const authCheck = await verifyAndRefreshToken(req, secret, {
             ...options,
             forceRefresh: true,
         });
-        return authCheck;
+        // refresh 후 NextAuth token 재조회 (새로 생성된 cookie에서)
+        let refreshedToken = null;
+        if (authCheck.isValid && authCheck.payload) {
+            // payload에서 JWT 생성
+            refreshedToken = createNextAuthJWT(authCheck.payload, options.serviceId);
+        }
+        return {
+            ...authCheck,
+            token: refreshedToken || undefined
+        };
+    }
+    // 하나라도 유효하면 일단 통과 (refresh token이 없는 경우)
+    if (hasValidNextAuthToken || hasValidAccessToken) {
+        debugLog('verifyAndRefreshTokenWithNextAuth', 'At least one token is valid (no refresh token)');
+        // payload 추출
+        let payload;
+        if (accessToken && hasValidAccessToken) {
+            try {
+                const secretBytes = new TextEncoder().encode(secret);
+                const result = await (0, jose_1.jwtVerify)(accessToken, secretBytes);
+                payload = result.payload;
+            }
+            catch {
+                // 무시
+            }
+        }
+        return {
+            isValid: true,
+            token: nextAuthToken || (payload ? createNextAuthJWT(payload, options.serviceId) : undefined),
+            payload
+        };
     }
     debugLog('verifyAndRefreshTokenWithNextAuth', 'No tokens available');
     return { isValid: false, error: 'NO_TOKEN' };
@@ -1487,28 +1533,21 @@ async function handleMiddleware(req, config, options) {
             const ssoBaseURL = options.ssoBaseURL;
             return await redirectToSSOLogin(req, serviceId, ssoBaseURL);
         }
-        // 5. 토큰 확인 및 변환
-        let finalToken = token;
-        if (!finalToken && getNextAuthToken) {
-            finalToken = await getNextAuthToken(req);
-        }
-        else if (!finalToken) {
-            try {
-                const { getToken } = await Promise.resolve().then(() => __importStar(require('next-auth/jwt')));
-                finalToken = await getToken({ req, secret });
-            }
-            catch {
-                // NextAuth가 없으면 null 유지
-            }
-        }
-        // verifyAndRefreshToken이 성공했는데 NextAuth 토큰이 없으면, 자체 토큰을 사용
+        // 5. 토큰 확인 - authCheck 결과 재사용 (중복 검증 제거)
+        let finalToken = authCheck.token || token;
+        // authCheck에서 토큰을 반환하지 않았지만 유효한 경우 (드문 케이스)
         if (!finalToken && authCheck.isValid) {
-            const accessToken = req.cookies.get(`${cookiePrefix}_access_token`)?.value;
-            if (accessToken) {
-                const tokenResult = await verifyToken(accessToken, secret);
-                if (tokenResult) {
-                    const { payload } = tokenResult;
-                    finalToken = createNextAuthJWT(payload, serviceId);
+            debugLog('handleMiddleware', 'authCheck valid but no token, trying to get NextAuth token');
+            if (getNextAuthToken) {
+                finalToken = await getNextAuthToken(req);
+            }
+            else {
+                try {
+                    const { getToken } = await Promise.resolve().then(() => __importStar(require('next-auth/jwt')));
+                    finalToken = await getToken({ req, secret });
+                }
+                catch {
+                    // NextAuth가 없으면 null 유지
                 }
             }
         }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@thinkingcat/auth-utils",
-  "version": "1.0.23",
+  "version": "1.0.25",
   "description": "Authentication utilities for ThinkingCat SSO services with conditional logging",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",