npm - @thinkingcat/auth-utils - Versions diffs - 1.0.24 → 1.0.26 - Mend

@thinkingcat/auth-utils 1.0.24 → 1.0.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -130,11 +130,13 @@ export declare function encodeNextAuthToken(jwt: JWT, secret: string, maxAge?: n
 export declare function setCustomTokens(response: ResponseLike, accessToken: string, refreshToken: string, options?: {
     cookiePrefix?: string;
     isProduction?: boolean;
+    cookieDomain?: string;
 }): void;
 export declare function setCustomTokens(response: ResponseLike, accessToken: string, options?: {
     refreshToken?: string;
     cookiePrefix?: string;
     isProduction?: boolean;
+    cookieDomain?: string;
 }): void;
 /**
  * NextAuth 세션 토큰만 설정
@@ -598,6 +600,7 @@ export declare function verifyAndRefreshTokenWithNextAuth(req: NextRequest, next
     response?: NextResponse;
     error?: string;
     payload?: JWTPayload;
+    token?: JWT;
 }>;
 /**
  * 기본 미들웨어 설정을 생성하는 함수

package/dist/index.js CHANGED Viewed

@@ -259,15 +259,17 @@ function setCustomTokens(response, accessToken, optionsOrRefreshToken, options)
     let refreshTokenValue;
     let cookiePrefix;
     let isProduction;
+    let cookieDomain;
     if (typeof optionsOrRefreshToken === 'string') {
         // 기존 방식: refreshToken이 문자열로 전달된 경우
         refreshTokenValue = optionsOrRefreshToken;
-        const { cookiePrefix: prefix, isProduction: prod = false, } = options || {};
+        const { cookiePrefix: prefix, isProduction: prod = false, cookieDomain: domain, } = options || {};
         if (!prefix) {
             throw new Error('cookiePrefix is required');
         }
         cookiePrefix = prefix;
         isProduction = prod;
+        cookieDomain = domain;
     }
     else {
         // 새로운 방식: options 객체로 전달된 경우
@@ -278,27 +280,31 @@ function setCustomTokens(response, accessToken, optionsOrRefreshToken, options)
         }
         cookiePrefix = opts.cookiePrefix;
         isProduction = opts.isProduction || false;
+        cookieDomain = opts.cookieDomain;
     }
-    // access_token 설정
-    const accessTokenName = `${cookiePrefix}_access_token`;
-    response.cookies.delete(accessTokenName);
-    response.cookies.set(accessTokenName, accessToken, {
+    // 쿠키 옵션 생성
+    const cookieOptions = {
         httpOnly: true,
         secure: isProduction,
         sameSite: isProduction ? 'none' : 'lax',
-        maxAge: 15 * 60, // 15분
         path: '/',
-    });
+        maxAge: 15 * 60, // access token: 15분
+    };
+    if (cookieDomain) {
+        cookieOptions.domain = cookieDomain;
+    }
+    // access_token 설정
+    const accessTokenName = `${cookiePrefix}_access_token`;
+    response.cookies.delete(accessTokenName);
+    response.cookies.set(accessTokenName, accessToken, cookieOptions);
     // refresh_token 설정 (있는 경우)
     if (refreshTokenValue) {
         const refreshTokenName = `${cookiePrefix}_refresh_token`;
-        response.cookies.set(refreshTokenName, refreshTokenValue, {
-            httpOnly: true,
-            secure: isProduction,
-            sameSite: isProduction ? 'none' : 'lax',
-            maxAge: 30 * 24 * 60 * 60, // 30일
-            path: '/',
-        });
+        const refreshCookieOptions = {
+            ...cookieOptions,
+            maxAge: 30 * 24 * 60 * 60, // refresh token: 30일
+        };
+        response.cookies.set(refreshTokenName, refreshTokenValue, refreshCookieOptions);
     }
 }
 /**
@@ -468,12 +474,14 @@ async function createAuthResponse(accessToken, secret, options) {
         setCustomTokens(response, accessToken, refreshToken, {
             cookiePrefix,
             isProduction,
+            cookieDomain,
         });
     }
     else {
         setCustomTokens(response, accessToken, {
             cookiePrefix,
             isProduction,
+            cookieDomain,
         });
     }
     debugLog('createAuthResponse', 'Custom tokens set successfully');
@@ -1259,7 +1267,23 @@ async function verifyAndRefreshTokenWithNextAuth(req, nextAuthToken, secret, opt
     // NextAuth cookie와 access token이 모두 유효하면 통과
     if (hasValidNextAuthToken && hasValidAccessToken) {
         debugLog('verifyAndRefreshTokenWithNextAuth', 'Both NextAuth and access tokens are valid');
-        return { isValid: true };
+        // payload 추출
+        let payload;
+        if (accessToken) {
+            try {
+                const secretBytes = new TextEncoder().encode(secret);
+                const result = await (0, jose_1.jwtVerify)(accessToken, secretBytes);
+                payload = result.payload;
+            }
+            catch {
+                // 이미 검증됐으므로 실패하지 않을 것
+            }
+        }
+        return {
+            isValid: true,
+            token: nextAuthToken,
+            payload
+        };
     }
     // NextAuth cookie가 없거나 access token이 없으면 refresh 시도
     if (refreshToken && (!hasValidNextAuthToken || !hasValidAccessToken)) {
@@ -1268,12 +1292,37 @@ async function verifyAndRefreshTokenWithNextAuth(req, nextAuthToken, secret, opt
             ...options,
             forceRefresh: true,
         });
-        return authCheck;
+        // refresh 후 NextAuth token 재조회 (새로 생성된 cookie에서)
+        let refreshedToken = null;
+        if (authCheck.isValid && authCheck.payload) {
+            // payload에서 JWT 생성
+            refreshedToken = createNextAuthJWT(authCheck.payload, options.serviceId);
+        }
+        return {
+            ...authCheck,
+            token: refreshedToken || undefined
+        };
     }
     // 하나라도 유효하면 일단 통과 (refresh token이 없는 경우)
     if (hasValidNextAuthToken || hasValidAccessToken) {
         debugLog('verifyAndRefreshTokenWithNextAuth', 'At least one token is valid (no refresh token)');
-        return { isValid: true };
+        // payload 추출
+        let payload;
+        if (accessToken && hasValidAccessToken) {
+            try {
+                const secretBytes = new TextEncoder().encode(secret);
+                const result = await (0, jose_1.jwtVerify)(accessToken, secretBytes);
+                payload = result.payload;
+            }
+            catch {
+                // 무시
+            }
+        }
+        return {
+            isValid: true,
+            token: nextAuthToken || (payload ? createNextAuthJWT(payload, options.serviceId) : undefined),
+            payload
+        };
     }
     debugLog('verifyAndRefreshTokenWithNextAuth', 'No tokens available');
     return { isValid: false, error: 'NO_TOKEN' };
@@ -1492,28 +1541,21 @@ async function handleMiddleware(req, config, options) {
             const ssoBaseURL = options.ssoBaseURL;
             return await redirectToSSOLogin(req, serviceId, ssoBaseURL);
         }
-        // 5. 토큰 확인 및 변환
-        let finalToken = token;
-        if (!finalToken && getNextAuthToken) {
-            finalToken = await getNextAuthToken(req);
-        }
-        else if (!finalToken) {
-            try {
-                const { getToken } = await Promise.resolve().then(() => __importStar(require('next-auth/jwt')));
-                finalToken = await getToken({ req, secret });
-            }
-            catch {
-                // NextAuth가 없으면 null 유지
-            }
-        }
-        // verifyAndRefreshToken이 성공했는데 NextAuth 토큰이 없으면, 자체 토큰을 사용
+        // 5. 토큰 확인 - authCheck 결과 재사용 (중복 검증 제거)
+        let finalToken = authCheck.token || token;
+        // authCheck에서 토큰을 반환하지 않았지만 유효한 경우 (드문 케이스)
         if (!finalToken && authCheck.isValid) {
-            const accessToken = req.cookies.get(`${cookiePrefix}_access_token`)?.value;
-            if (accessToken) {
-                const tokenResult = await verifyToken(accessToken, secret);
-                if (tokenResult) {
-                    const { payload } = tokenResult;
-                    finalToken = createNextAuthJWT(payload, serviceId);
+            debugLog('handleMiddleware', 'authCheck valid but no token, trying to get NextAuth token');
+            if (getNextAuthToken) {
+                finalToken = await getNextAuthToken(req);
+            }
+            else {
+                try {
+                    const { getToken } = await Promise.resolve().then(() => __importStar(require('next-auth/jwt')));
+                    finalToken = await getToken({ req, secret });
+                }
+                catch {
+                    // NextAuth가 없으면 null 유지
                 }
             }
         }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@thinkingcat/auth-utils",
-  "version": "1.0.24",
+  "version": "1.0.26",
   "description": "Authentication utilities for ThinkingCat SSO services with conditional logging",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",