npm - @thinkingcat/auth-utils - Versions diffs - 1.0.34 → 1.0.35 - Mend

@thinkingcat/auth-utils 1.0.34 → 1.0.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +86 -49
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -211,50 +211,36 @@ function createNextAuthJWT(payload, serviceId) {
  * @returns 인코딩된 세션 토큰
  */
 async function encodeNextAuthToken(jwt, secret, maxAge = 30 * 24 * 60 * 60) {
+    // Edge Runtime과 Node.js Runtime 간 호환성을 위해
+    // next-auth/jwt의 encode 대신 jose를 직접 사용
+    // (Edge Runtime에서 encode한 토큰을 Node.js Runtime에서 decode 못하는 문제 방지)
+    debugLog('encodeNextAuthToken', 'Using jose EncryptJWT for cross-runtime compatibility');
+    // NextAuth는 secret을 SHA-256 해시하여 32바이트 키로 사용
+    const secretHash = await createHashSHA256(secret);
+    // SHA-256 해시는 64자 hex 문자열이므로, 32바이트로 변환
+    const keyBytes = new Uint8Array(32);
+    for (let i = 0; i < 32; i++) {
+        keyBytes[i] = parseInt(secretHash.slice(i * 2, i * 2 + 2), 16);
+    }
+    const now = Math.floor(Date.now() / 1000);
+    // EncryptJWT를 사용하여 JWE 토큰 생성
+    // NextAuth는 'dir' 키 관리와 'A256GCM' 암호화를 사용
     try {
-        // next-auth/jwt의 encode 함수를 동적 import로 사용 (Edge Runtime 호환)
-        const { encode } = await Promise.resolve().then(() => __importStar(require('next-auth/jwt')));
-        debugLog('encodeNextAuthToken', 'Using next-auth/jwt encode');
-        const encoded = await encode({
-            token: jwt,
-            secret: secret,
-            maxAge: maxAge,
-        });
-        debugLog('encodeNextAuthToken', 'Encode successful, length:', encoded.length);
-        return encoded;
+        const token = await new jose_1.EncryptJWT(jwt)
+            .setProtectedHeader({
+            alg: 'dir', // Direct key agreement
+            enc: 'A256GCM' // AES-256-GCM encryption
+        })
+            .setIssuedAt(now)
+            .setExpirationTime(now + maxAge)
+            .setJti(crypto.randomUUID())
+            .encrypt(keyBytes);
+        debugLog('encodeNextAuthToken', 'EncryptJWT successful, length:', token.length);
+        return token;
     }
     catch (error) {
-        // Edge Runtime에서 encode가 작동하지 않을 수 있으므로
-        // jose의 EncryptJWT를 사용하여 JWE 토큰 생성 (NextAuth가 기대하는 형식)
-        debugLog('encodeNextAuthToken', 'encode failed, using EncryptJWT fallback', error);
-        // NextAuth는 secret을 SHA-256 해시하여 32바이트 키로 사용
-        // jose의 EncryptJWT는 'dir' 알고리즘에서 Uint8Array 키를 직접 사용
-        const secretHash = await createHashSHA256(secret);
-        // SHA-256 해시는 64자 hex 문자열이므로, 32바이트로 변환
-        const keyBytes = new Uint8Array(32);
-        for (let i = 0; i < 32; i++) {
-            keyBytes[i] = parseInt(secretHash.slice(i * 2, i * 2 + 2), 16);
-        }
-        const now = Math.floor(Date.now() / 1000);
-        // EncryptJWT를 사용하여 JWE 토큰 생성
-        // NextAuth는 'dir' 키 관리와 'A256GCM' 암호화를 사용
-        // 'dir' 알고리즘은 Uint8Array 키를 직접 사용
-        try {
-            const token = await new jose_1.EncryptJWT(jwt)
-                .setProtectedHeader({
-                alg: 'dir', // Direct key agreement
-                enc: 'A256GCM' // AES-256-GCM encryption
-            })
-                .setIssuedAt(now)
-                .setExpirationTime(now + maxAge)
-                .setJti(crypto.randomUUID())
-                .encrypt(keyBytes);
-            return token;
-        }
-        catch (encryptError) {
-            debugError('encodeNextAuthToken', 'EncryptJWT also failed:', encryptError);
-            throw new Error(`Failed to encode NextAuth token: ${error instanceof Error ? error.message : String(error)}`);
-        }
+        debugError('encodeNextAuthToken', 'EncryptJWT failed:', error);
+        throw new Error(`Failed to encode NextAuth token: ${error instanceof Error ? error.message : String(error)}`);
     }
 }
 function setCustomTokens(response, accessToken, optionsOrRefreshToken, options) {
@@ -449,19 +435,45 @@ async function createAuthResponse(accessToken, secret, options) {
     }
     // accessTokenExpires 추가 (15분)
     jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
-    debugLog('createAuthResponse', 'JWT created (for handleJWTCallback):', {
+    debugLog('createAuthResponse', 'JWT created:', {
         hasId: !!jwt.id,
         hasEmail: !!jwt.email,
         hasRole: !!jwt.role,
         hasRefreshToken: !!jwt.refreshToken,
     });
-    // 3. Response 생성 (HTTP 302 리다이렉트 사용)
+    // 3. NextAuth session cookie 생성 (jose 사용으로 Edge/Node.js Runtime 호환)
+    const nextAuthToken = await encodeNextAuthToken(jwt, secret);
+    debugLog('createAuthResponse', 'NextAuth session token encoded:', {
+        tokenLength: nextAuthToken.length,
+        tokenPrefix: nextAuthToken.substring(0, 30) + '...',
+    });
+    // 4. Response 생성 (HTTP 302 리다이렉트 사용)
     const { NextResponse: NextResponseClass } = await getNextServer();
     // redirectPath가 있으면 302 리다이렉트, 없으면 200 OK
     const response = redirectPath
         ? NextResponseClass.redirect(new URL(redirectPath, req.url), { status: 302 })
         : NextResponseClass.json({ success: true, message: text || 'Authentication successful' }, { status: 200 });
-    // 4. 커스텀 토큰 쿠키만 설정 (NextAuth 쿠키는 handleJWTCallback에서 생성됨)
+    // 5. NextAuth session cookie 설정
+    const nextAuthCookieName = isProduction
+        ? '__Secure-next-auth.session-token'
+        : 'next-auth.session-token';
+    const cookieOptions = {
+        httpOnly: true,
+        secure: isProduction,
+        sameSite: isProduction ? 'none' : 'lax',
+        path: '/',
+        maxAge: 30 * 24 * 60 * 60, // 30일
+    };
+    if (cookieDomain) {
+        cookieOptions.domain = cookieDomain;
+    }
+    response.cookies.set(nextAuthCookieName, nextAuthToken, cookieOptions);
+    debugLog('createAuthResponse', 'NextAuth session cookie set:', {
+        name: nextAuthCookieName,
+        valueLength: nextAuthToken.length,
+        ...cookieOptions,
+    });
+    // 6. 커스텀 토큰 쿠키 설정
     if (refreshToken) {
         setCustomTokens(response, accessToken, refreshToken, {
             cookiePrefix,
@@ -626,12 +638,37 @@ async function verifyAndRefreshToken(req, secret, options) {
                     catch {
                         // 토큰 검증 실패
                     }
-                    debugLog('verifyAndRefreshToken', 'Updating custom cookies only (NextAuth will handle session)...');
-                    // NextResponse.next()를 생성하고 커스텀 토큰만 설정
-                    // NextAuth 쿠키는 생성하지 않음 - NextAuth가 자체적으로 처리하도록 함
+                    debugLog('verifyAndRefreshToken', 'Updating cookies with NextAuth session...');
+                    // NextResponse.next()를 생성하고 쿠키 설정
                     const { NextResponse: NextResponseClass } = await getNextServer();
                     const response = NextResponseClass.next();
-                    // 커스텀 토큰 쿠키만 설정
+                    // NextAuth JWT 생성
+                    const jwt = createNextAuthJWT(payload, serviceId);
+                    if (newRefreshToken) {
+                        jwt.refreshToken = newRefreshToken;
+                    }
+                    jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
+                    // NextAuth 세션 쿠키 설정 (jose 사용으로 Edge/Node.js Runtime 호환)
+                    const nextAuthToken = await encodeNextAuthToken(jwt, secret);
+                    const nextAuthCookieName = isProduction
+                        ? '__Secure-next-auth.session-token'
+                        : 'next-auth.session-token';
+                    const cookieOptions = {
+                        httpOnly: true,
+                        secure: isProduction,
+                        sameSite: isProduction ? 'none' : 'lax',
+                        path: '/',
+                        maxAge: 30 * 24 * 60 * 60,
+                    };
+                    if (cookieDomain) {
+                        cookieOptions.domain = cookieDomain;
+                    }
+                    response.cookies.set(nextAuthCookieName, nextAuthToken, cookieOptions);
+                    debugLog('verifyAndRefreshToken', 'NextAuth session cookie set:', {
+                        name: nextAuthCookieName,
+                        valueLength: nextAuthToken.length,
+                    });
+                    // 커스텀 토큰 쿠키 설정
                     if (newRefreshToken) {
                         setCustomTokens(response, refreshResult.accessToken, newRefreshToken, {
                             cookiePrefix,
@@ -646,7 +683,7 @@ async function verifyAndRefreshToken(req, secret, options) {
                             cookieDomain,
                         });
                     }
-                    debugLog('verifyAndRefreshToken', 'Custom cookies updated, NextAuth will pick them up via handleJWTCallback');
+                    debugLog('verifyAndRefreshToken', 'All cookies updated, continuing with current request');
                     return { isValid: true, response, payload };
                 }
                 catch (error) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@thinkingcat/auth-utils",
-  "version": "1.0.34",
+  "version": "1.0.35",
   "description": "Authentication utilities for ThinkingCat SSO services with conditional logging",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",