npm - @thinkingcat/auth-utils - Versions diffs - 1.0.32 → 1.0.34 - Mend

@thinkingcat/auth-utils 1.0.32 → 1.0.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +8 -57
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -449,47 +449,19 @@ async function createAuthResponse(accessToken, secret, options) {
     }
     // accessTokenExpires 추가 (15분)
     jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
-    debugLog('createAuthResponse', 'JWT created:', {
+    debugLog('createAuthResponse', 'JWT created (for handleJWTCallback):', {
         hasId: !!jwt.id,
         hasEmail: !!jwt.email,
         hasRole: !!jwt.role,
         hasRefreshToken: !!jwt.refreshToken,
     });
-    // 3. NextAuth session cookie 생성
-    const nextAuthToken = await encodeNextAuthToken(jwt, secret);
-    debugLog('createAuthResponse', 'NextAuth session token encoded:', {
-        tokenLength: nextAuthToken.length,
-        tokenPrefix: nextAuthToken.substring(0, 30) + '...',
-        jwtId: jwt.id,
-        jwtEmail: jwt.email?.substring(0, 20) + '...',
-    });
-    // 4. Response 생성 (HTTP 302 리다이렉트 사용)
+    // 3. Response 생성 (HTTP 302 리다이렉트 사용)
     const { NextResponse: NextResponseClass } = await getNextServer();
     // redirectPath가 있으면 302 리다이렉트, 없으면 200 OK
     const response = redirectPath
         ? NextResponseClass.redirect(new URL(redirectPath, req.url), { status: 302 })
         : NextResponseClass.json({ success: true, message: text || 'Authentication successful' }, { status: 200 });
-    // 4. NextAuth session cookie 설정
-    const nextAuthCookieName = isProduction
-        ? '__Secure-next-auth.session-token'
-        : 'next-auth.session-token';
-    const cookieOptions = {
-        httpOnly: true,
-        secure: isProduction,
-        sameSite: isProduction ? 'none' : 'lax',
-        path: '/',
-        maxAge: 30 * 24 * 60 * 60, // 30일
-    };
-    if (cookieDomain) {
-        cookieOptions.domain = cookieDomain;
-    }
-    response.cookies.set(nextAuthCookieName, nextAuthToken, cookieOptions);
-    debugLog('createAuthResponse', 'NextAuth session cookie set:', {
-        name: nextAuthCookieName,
-        valueLength: nextAuthToken.length,
-        ...cookieOptions,
-    });
-    // 5. 커스텀 토큰 쿠키 설정
+    // 4. 커스텀 토큰 쿠키만 설정 (NextAuth 쿠키는 handleJWTCallback에서 생성됨)
     if (refreshToken) {
         setCustomTokens(response, accessToken, refreshToken, {
             cookiePrefix,
@@ -654,33 +626,12 @@ async function verifyAndRefreshToken(req, secret, options) {
                     catch {
                         // 토큰 검증 실패
                     }
-                    debugLog('verifyAndRefreshToken', 'Updating cookies without redirect...');
-                    // NextResponse.next()를 생성하고 쿠키만 설정
+                    debugLog('verifyAndRefreshToken', 'Updating custom cookies only (NextAuth will handle session)...');
+                    // NextResponse.next()를 생성하고 커스텀 토큰만 설정
+                    // NextAuth 쿠키는 생성하지 않음 - NextAuth가 자체적으로 처리하도록 함
                     const { NextResponse: NextResponseClass } = await getNextServer();
                     const response = NextResponseClass.next();
-                    // NextAuth JWT 생성
-                    const jwt = createNextAuthJWT(payload, serviceId);
-                    if (newRefreshToken) {
-                        jwt.refreshToken = newRefreshToken;
-                    }
-                    jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
-                    // NextAuth 세션 쿠키 설정
-                    const nextAuthToken = await encodeNextAuthToken(jwt, secret);
-                    const nextAuthCookieName = isProduction
-                        ? '__Secure-next-auth.session-token'
-                        : 'next-auth.session-token';
-                    const cookieOptions = {
-                        httpOnly: true,
-                        secure: isProduction,
-                        sameSite: isProduction ? 'none' : 'lax',
-                        path: '/',
-                        maxAge: 30 * 24 * 60 * 60,
-                    };
-                    if (cookieDomain) {
-                        cookieOptions.domain = cookieDomain;
-                    }
-                    response.cookies.set(nextAuthCookieName, nextAuthToken, cookieOptions);
-                    // 커스텀 토큰 쿠키 설정
+                    // 커스텀 토큰 쿠키만 설정
                     if (newRefreshToken) {
                         setCustomTokens(response, refreshResult.accessToken, newRefreshToken, {
                             cookiePrefix,
@@ -695,7 +646,7 @@ async function verifyAndRefreshToken(req, secret, options) {
                             cookieDomain,
                         });
                     }
-                    debugLog('verifyAndRefreshToken', 'Cookies updated, continuing with current request');
+                    debugLog('verifyAndRefreshToken', 'Custom cookies updated, NextAuth will pick them up via handleJWTCallback');
                     return { isValid: true, response, payload };
                 }
                 catch (error) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@thinkingcat/auth-utils",
-  "version": "1.0.32",
+  "version": "1.0.34",
   "description": "Authentication utilities for ThinkingCat SSO services with conditional logging",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",