npm - @thinkingcat/auth-utils - Versions diffs - 1.0.24 → 1.0.25 - Mend

@thinkingcat/auth-utils 1.0.24 → 1.0.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -598,6 +598,7 @@ export declare function verifyAndRefreshTokenWithNextAuth(req: NextRequest, next
     response?: NextResponse;
     error?: string;
     payload?: JWTPayload;
+    token?: JWT;
 }>;
 /**
  * 기본 미들웨어 설정을 생성하는 함수

package/dist/index.js CHANGED Viewed

@@ -1259,7 +1259,23 @@ async function verifyAndRefreshTokenWithNextAuth(req, nextAuthToken, secret, opt
     // NextAuth cookie와 access token이 모두 유효하면 통과
     if (hasValidNextAuthToken && hasValidAccessToken) {
         debugLog('verifyAndRefreshTokenWithNextAuth', 'Both NextAuth and access tokens are valid');
-        return { isValid: true };
+        // payload 추출
+        let payload;
+        if (accessToken) {
+            try {
+                const secretBytes = new TextEncoder().encode(secret);
+                const result = await (0, jose_1.jwtVerify)(accessToken, secretBytes);
+                payload = result.payload;
+            }
+            catch {
+                // 이미 검증됐으므로 실패하지 않을 것
+            }
+        }
+        return {
+            isValid: true,
+            token: nextAuthToken,
+            payload
+        };
     }
     // NextAuth cookie가 없거나 access token이 없으면 refresh 시도
     if (refreshToken && (!hasValidNextAuthToken || !hasValidAccessToken)) {
@@ -1268,12 +1284,37 @@ async function verifyAndRefreshTokenWithNextAuth(req, nextAuthToken, secret, opt
             ...options,
             forceRefresh: true,
         });
-        return authCheck;
+        // refresh 후 NextAuth token 재조회 (새로 생성된 cookie에서)
+        let refreshedToken = null;
+        if (authCheck.isValid && authCheck.payload) {
+            // payload에서 JWT 생성
+            refreshedToken = createNextAuthJWT(authCheck.payload, options.serviceId);
+        }
+        return {
+            ...authCheck,
+            token: refreshedToken || undefined
+        };
     }
     // 하나라도 유효하면 일단 통과 (refresh token이 없는 경우)
     if (hasValidNextAuthToken || hasValidAccessToken) {
         debugLog('verifyAndRefreshTokenWithNextAuth', 'At least one token is valid (no refresh token)');
-        return { isValid: true };
+        // payload 추출
+        let payload;
+        if (accessToken && hasValidAccessToken) {
+            try {
+                const secretBytes = new TextEncoder().encode(secret);
+                const result = await (0, jose_1.jwtVerify)(accessToken, secretBytes);
+                payload = result.payload;
+            }
+            catch {
+                // 무시
+            }
+        }
+        return {
+            isValid: true,
+            token: nextAuthToken || (payload ? createNextAuthJWT(payload, options.serviceId) : undefined),
+            payload
+        };
     }
     debugLog('verifyAndRefreshTokenWithNextAuth', 'No tokens available');
     return { isValid: false, error: 'NO_TOKEN' };
@@ -1492,28 +1533,21 @@ async function handleMiddleware(req, config, options) {
             const ssoBaseURL = options.ssoBaseURL;
             return await redirectToSSOLogin(req, serviceId, ssoBaseURL);
         }
-        // 5. 토큰 확인 및 변환
-        let finalToken = token;
-        if (!finalToken && getNextAuthToken) {
-            finalToken = await getNextAuthToken(req);
-        }
-        else if (!finalToken) {
-            try {
-                const { getToken } = await Promise.resolve().then(() => __importStar(require('next-auth/jwt')));
-                finalToken = await getToken({ req, secret });
-            }
-            catch {
-                // NextAuth가 없으면 null 유지
-            }
-        }
-        // verifyAndRefreshToken이 성공했는데 NextAuth 토큰이 없으면, 자체 토큰을 사용
+        // 5. 토큰 확인 - authCheck 결과 재사용 (중복 검증 제거)
+        let finalToken = authCheck.token || token;
+        // authCheck에서 토큰을 반환하지 않았지만 유효한 경우 (드문 케이스)
         if (!finalToken && authCheck.isValid) {
-            const accessToken = req.cookies.get(`${cookiePrefix}_access_token`)?.value;
-            if (accessToken) {
-                const tokenResult = await verifyToken(accessToken, secret);
-                if (tokenResult) {
-                    const { payload } = tokenResult;
-                    finalToken = createNextAuthJWT(payload, serviceId);
+            debugLog('handleMiddleware', 'authCheck valid but no token, trying to get NextAuth token');
+            if (getNextAuthToken) {
+                finalToken = await getNextAuthToken(req);
+            }
+            else {
+                try {
+                    const { getToken } = await Promise.resolve().then(() => __importStar(require('next-auth/jwt')));
+                    finalToken = await getToken({ req, secret });
+                }
+                catch {
+                    // NextAuth가 없으면 null 유지
                 }
             }
         }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@thinkingcat/auth-utils",
-  "version": "1.0.24",
+  "version": "1.0.25",
   "description": "Authentication utilities for ThinkingCat SSO services with conditional logging",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",