@thinkingcat/auth-utils 1.0.36 → 1.0.38
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +76 -10
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -435,20 +435,44 @@ async function createAuthResponse(accessToken, secret, options) {
|
|
|
435
435
|
}
|
|
436
436
|
// accessTokenExpires 추가 (15분)
|
|
437
437
|
jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
|
|
438
|
-
debugLog('createAuthResponse', 'JWT
|
|
438
|
+
debugLog('createAuthResponse', 'JWT created:', {
|
|
439
439
|
hasId: !!jwt.id,
|
|
440
440
|
hasEmail: !!jwt.email,
|
|
441
441
|
hasRole: !!jwt.role,
|
|
442
442
|
hasRefreshToken: !!jwt.refreshToken,
|
|
443
443
|
});
|
|
444
|
-
// 3.
|
|
444
|
+
// 3. NextAuth 세션 쿠키 생성 (jose 사용)
|
|
445
|
+
const nextAuthToken = await encodeNextAuthToken(jwt, secret);
|
|
446
|
+
debugLog('createAuthResponse', 'NextAuth session token encoded:', {
|
|
447
|
+
tokenLength: nextAuthToken.length,
|
|
448
|
+
});
|
|
449
|
+
// 4. Response 생성 (HTTP 302 리다이렉트 사용)
|
|
445
450
|
const { NextResponse: NextResponseClass } = await getNextServer();
|
|
446
451
|
// redirectPath가 있으면 302 리다이렉트, 없으면 200 OK
|
|
447
452
|
const response = redirectPath
|
|
448
453
|
? NextResponseClass.redirect(new URL(redirectPath, req.url), { status: 302 })
|
|
449
454
|
: NextResponseClass.json({ success: true, message: text || 'Authentication successful' }, { status: 200 });
|
|
450
|
-
//
|
|
451
|
-
|
|
455
|
+
// 5. NextAuth 세션 쿠키 설정
|
|
456
|
+
const nextAuthCookieName = isProduction
|
|
457
|
+
? '__Secure-next-auth.session-token'
|
|
458
|
+
: 'next-auth.session-token';
|
|
459
|
+
const cookieOptions = {
|
|
460
|
+
httpOnly: true,
|
|
461
|
+
secure: isProduction,
|
|
462
|
+
sameSite: isProduction ? 'none' : 'lax',
|
|
463
|
+
path: '/',
|
|
464
|
+
maxAge: 30 * 24 * 60 * 60, // 30일
|
|
465
|
+
};
|
|
466
|
+
if (cookieDomain) {
|
|
467
|
+
cookieOptions.domain = cookieDomain;
|
|
468
|
+
}
|
|
469
|
+
response.cookies.set(nextAuthCookieName, nextAuthToken, cookieOptions);
|
|
470
|
+
debugLog('createAuthResponse', 'NextAuth session cookie set:', {
|
|
471
|
+
name: nextAuthCookieName,
|
|
472
|
+
valueLength: nextAuthToken.length,
|
|
473
|
+
...cookieOptions,
|
|
474
|
+
});
|
|
475
|
+
// 6. 커스텀 토큰 쿠키 설정
|
|
452
476
|
if (refreshToken) {
|
|
453
477
|
setCustomTokens(response, accessToken, refreshToken, {
|
|
454
478
|
cookiePrefix,
|
|
@@ -613,12 +637,43 @@ async function verifyAndRefreshToken(req, secret, options) {
|
|
|
613
637
|
catch {
|
|
614
638
|
// 토큰 검증 실패
|
|
615
639
|
}
|
|
616
|
-
debugLog('verifyAndRefreshToken', 'Updating
|
|
617
|
-
// NextResponse.next()를
|
|
640
|
+
debugLog('verifyAndRefreshToken', 'Updating cookies including NextAuth session...');
|
|
641
|
+
// NextResponse.next()를 생성
|
|
618
642
|
const { NextResponse: NextResponseClass } = await getNextServer();
|
|
619
643
|
const response = NextResponseClass.next();
|
|
620
|
-
//
|
|
621
|
-
|
|
644
|
+
// NextAuth JWT 생성
|
|
645
|
+
const jwt = createNextAuthJWT(payload, serviceId);
|
|
646
|
+
if (newRefreshToken) {
|
|
647
|
+
jwt.refreshToken = newRefreshToken;
|
|
648
|
+
}
|
|
649
|
+
jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
|
|
650
|
+
// NextAuth 세션 쿠키 생성 (jose 사용)
|
|
651
|
+
try {
|
|
652
|
+
const nextAuthToken = await encodeNextAuthToken(jwt, secret);
|
|
653
|
+
const nextAuthCookieName = isProduction
|
|
654
|
+
? '__Secure-next-auth.session-token'
|
|
655
|
+
: 'next-auth.session-token';
|
|
656
|
+
const cookieOptions = {
|
|
657
|
+
httpOnly: true,
|
|
658
|
+
secure: isProduction,
|
|
659
|
+
sameSite: isProduction ? 'none' : 'lax',
|
|
660
|
+
path: '/',
|
|
661
|
+
maxAge: 30 * 24 * 60 * 60,
|
|
662
|
+
};
|
|
663
|
+
if (cookieDomain) {
|
|
664
|
+
cookieOptions.domain = cookieDomain;
|
|
665
|
+
}
|
|
666
|
+
response.cookies.set(nextAuthCookieName, nextAuthToken, cookieOptions);
|
|
667
|
+
debugLog('verifyAndRefreshToken', 'NextAuth session cookie set:', {
|
|
668
|
+
name: nextAuthCookieName,
|
|
669
|
+
valueLength: nextAuthToken.length,
|
|
670
|
+
});
|
|
671
|
+
}
|
|
672
|
+
catch (error) {
|
|
673
|
+
debugError('verifyAndRefreshToken', 'Failed to set NextAuth cookie:', error);
|
|
674
|
+
// Continue even if NextAuth cookie fails
|
|
675
|
+
}
|
|
676
|
+
// 커스텀 토큰 쿠키 설정
|
|
622
677
|
if (newRefreshToken) {
|
|
623
678
|
setCustomTokens(response, refreshResult.accessToken, newRefreshToken, {
|
|
624
679
|
cookiePrefix,
|
|
@@ -633,7 +688,7 @@ async function verifyAndRefreshToken(req, secret, options) {
|
|
|
633
688
|
cookieDomain,
|
|
634
689
|
});
|
|
635
690
|
}
|
|
636
|
-
debugLog('verifyAndRefreshToken', '
|
|
691
|
+
debugLog('verifyAndRefreshToken', 'All cookies updated');
|
|
637
692
|
return { isValid: true, response, payload };
|
|
638
693
|
}
|
|
639
694
|
catch (error) {
|
|
@@ -1019,7 +1074,18 @@ async function getJWTFromCustomTokenCookie(cookieName, secret, serviceId, licens
|
|
|
1019
1074
|
}
|
|
1020
1075
|
const { payload } = tokenResult;
|
|
1021
1076
|
const jwt = createNextAuthJWT(payload, serviceId);
|
|
1022
|
-
|
|
1077
|
+
// accessTokenExpires 추가 (15분)
|
|
1078
|
+
jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
|
|
1079
|
+
// refreshToken 읽기 (쿠키에서)
|
|
1080
|
+
const refreshTokenCookieName = cookieName.replace('_access_token', '_refresh_token');
|
|
1081
|
+
const refreshToken = cookieStore.get(refreshTokenCookieName)?.value;
|
|
1082
|
+
if (refreshToken) {
|
|
1083
|
+
jwt.refreshToken = refreshToken;
|
|
1084
|
+
}
|
|
1085
|
+
debugLog('getJWTFromCustomTokenCookie', 'JWT created successfully from custom token', {
|
|
1086
|
+
hasAccessTokenExpires: !!jwt.accessTokenExpires,
|
|
1087
|
+
hasRefreshToken: !!jwt.refreshToken,
|
|
1088
|
+
});
|
|
1023
1089
|
return jwt;
|
|
1024
1090
|
}
|
|
1025
1091
|
catch (error) {
|
package/package.json
CHANGED