npm - @thinkingcat/auth-utils - Versions diffs - 1.0.37 → 1.0.39 - Mend

@thinkingcat/auth-utils 1.0.37 → 1.0.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +104 -36
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -211,36 +211,49 @@ function createNextAuthJWT(payload, serviceId) {
  * @returns 인코딩된 세션 토큰
  */
 async function encodeNextAuthToken(jwt, secret, maxAge = 30 * 24 * 60 * 60) {
-    // Edge Runtime과 Node.js Runtime 간 호환성을 위해
-    // next-auth/jwt의 encode 대신 jose를 직접 사용
-    // (Edge Runtime에서 encode한 토큰을 Node.js Runtime에서 decode 못하는 문제 방지)
-    debugLog('encodeNextAuthToken', 'Using jose EncryptJWT for cross-runtime compatibility');
-    // NextAuth는 secret을 SHA-256 해시하여 32바이트 키로 사용
-    const secretHash = await createHashSHA256(secret);
-    // SHA-256 해시는 64자 hex 문자열이므로, 32바이트로 변환
-    const keyBytes = new Uint8Array(32);
-    for (let i = 0; i < 32; i++) {
-        keyBytes[i] = parseInt(secretHash.slice(i * 2, i * 2 + 2), 16);
-    }
-    const now = Math.floor(Date.now() / 1000);
-    // EncryptJWT를 사용하여 JWE 토큰 생성
-    // NextAuth는 'dir' 키 관리와 'A256GCM' 암호화를 사용
+    // NextAuth의 encode() 함수를 우선적으로 사용 (가장 호환성 좋음)
     try {
-        const token = await new jose_1.EncryptJWT(jwt)
-            .setProtectedHeader({
-            alg: 'dir', // Direct key agreement
-            enc: 'A256GCM' // AES-256-GCM encryption
-        })
-            .setIssuedAt(now)
-            .setExpirationTime(now + maxAge)
-            .setJti(crypto.randomUUID())
-            .encrypt(keyBytes);
-        debugLog('encodeNextAuthToken', 'EncryptJWT successful, length:', token.length);
-        return token;
+        const { encode } = await Promise.resolve().then(() => __importStar(require('next-auth/jwt')));
+        debugLog('encodeNextAuthToken', 'Using next-auth/jwt encode');
+        const encoded = await encode({
+            token: jwt,
+            secret: secret,
+            maxAge: maxAge,
+        });
+        debugLog('encodeNextAuthToken', 'NextAuth encode successful, length:', encoded.length);
+        return encoded;
     }
     catch (error) {
-        debugError('encodeNextAuthToken', 'EncryptJWT failed:', error);
-        throw new Error(`Failed to encode NextAuth token: ${error instanceof Error ? error.message : String(error)}`);
+        // Edge Runtime에서 encode가 작동하지 않을 수 있으므로
+        // jose의 EncryptJWT를 fallback으로 사용
+        debugLog('encodeNextAuthToken', 'NextAuth encode failed, using jose EncryptJWT fallback', error);
+        // NextAuth는 secret을 SHA-256 해시하여 32바이트 키로 사용
+        const secretHash = await createHashSHA256(secret);
+        // SHA-256 해시는 64자 hex 문자열이므로, 32바이트로 변환
+        const keyBytes = new Uint8Array(32);
+        for (let i = 0; i < 32; i++) {
+            keyBytes[i] = parseInt(secretHash.slice(i * 2, i * 2 + 2), 16);
+        }
+        const now = Math.floor(Date.now() / 1000);
+        // EncryptJWT를 사용하여 JWE 토큰 생성
+        // NextAuth는 'dir' 키 관리와 'A256GCM' 암호화를 사용
+        try {
+            const token = await new jose_1.EncryptJWT(jwt)
+                .setProtectedHeader({
+                alg: 'dir', // Direct key agreement
+                enc: 'A256GCM' // AES-256-GCM encryption
+            })
+                .setIssuedAt(now)
+                .setExpirationTime(now + maxAge)
+                .setJti(crypto.randomUUID())
+                .encrypt(keyBytes);
+            debugLog('encodeNextAuthToken', 'EncryptJWT fallback successful, length:', token.length);
+            return token;
+        }
+        catch (encryptError) {
+            debugError('encodeNextAuthToken', 'EncryptJWT also failed:', encryptError);
+            throw new Error(`Failed to encode NextAuth token: ${error instanceof Error ? error.message : String(error)}`);
+        }
     }
 }
 function setCustomTokens(response, accessToken, optionsOrRefreshToken, options) {
@@ -435,20 +448,44 @@ async function createAuthResponse(accessToken, secret, options) {
     }
     // accessTokenExpires 추가 (15분)
     jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
-    debugLog('createAuthResponse', 'JWT prepared (NextAuth will encode it in API Routes):', {
+    debugLog('createAuthResponse', 'JWT created:', {
         hasId: !!jwt.id,
         hasEmail: !!jwt.email,
         hasRole: !!jwt.role,
         hasRefreshToken: !!jwt.refreshToken,
     });
-    // 3. Response 생성 (HTTP 302 리다이렉트 사용)
+    // 3. NextAuth 세션 쿠키 생성 (NextAuth encode() 우선 사용)
+    const nextAuthToken = await encodeNextAuthToken(jwt, secret);
+    debugLog('createAuthResponse', 'NextAuth session token encoded:', {
+        tokenLength: nextAuthToken.length,
+    });
+    // 4. Response 생성 (HTTP 302 리다이렉트 사용)
     const { NextResponse: NextResponseClass } = await getNextServer();
     // redirectPath가 있으면 302 리다이렉트, 없으면 200 OK
     const response = redirectPath
         ? NextResponseClass.redirect(new URL(redirectPath, req.url), { status: 302 })
         : NextResponseClass.json({ success: true, message: text || 'Authentication successful' }, { status: 200 });
-    // 4. 커스텀 토큰 쿠키만 설정
-    // NextAuth 쿠키는 handleJWTCallback에서 커스텀 토큰을 읽어서 자동 생성됨
+    // 5. NextAuth 세션 쿠키 설정
+    const nextAuthCookieName = isProduction
+        ? '__Secure-next-auth.session-token'
+        : 'next-auth.session-token';
+    const cookieOptions = {
+        httpOnly: true,
+        secure: isProduction,
+        sameSite: isProduction ? 'none' : 'lax',
+        path: '/',
+        maxAge: 30 * 24 * 60 * 60, // 30일
+    };
+    if (cookieDomain) {
+        cookieOptions.domain = cookieDomain;
+    }
+    response.cookies.set(nextAuthCookieName, nextAuthToken, cookieOptions);
+    debugLog('createAuthResponse', 'NextAuth session cookie set:', {
+        name: nextAuthCookieName,
+        valueLength: nextAuthToken.length,
+        ...cookieOptions,
+    });
+    // 6. 커스텀 토큰 쿠키 설정
     if (refreshToken) {
         setCustomTokens(response, accessToken, refreshToken, {
             cookiePrefix,
@@ -613,12 +650,43 @@ async function verifyAndRefreshToken(req, secret, options) {
                     catch {
                         // 토큰 검증 실패
                     }
-                    debugLog('verifyAndRefreshToken', 'Updating custom cookies only (NextAuth will handle session)...');
-                    // NextResponse.next()를 생성하고 커스텀 토큰만 설정
+                    debugLog('verifyAndRefreshToken', 'Updating cookies including NextAuth session...');
+                    // NextResponse.next()를 생성
                     const { NextResponse: NextResponseClass } = await getNextServer();
                     const response = NextResponseClass.next();
-                    // 커스텀 토큰 쿠키만 설정
-                    // NextAuth 쿠키는 handleJWTCallback에서 커스텀 토큰을 읽어서 자동 생성됨
+                    // NextAuth JWT 생성
+                    const jwt = createNextAuthJWT(payload, serviceId);
+                    if (newRefreshToken) {
+                        jwt.refreshToken = newRefreshToken;
+                    }
+                    jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
+                    // NextAuth 세션 쿠키 생성 (NextAuth encode() 우선 사용)
+                    try {
+                        const nextAuthToken = await encodeNextAuthToken(jwt, secret);
+                        const nextAuthCookieName = isProduction
+                            ? '__Secure-next-auth.session-token'
+                            : 'next-auth.session-token';
+                        const cookieOptions = {
+                            httpOnly: true,
+                            secure: isProduction,
+                            sameSite: isProduction ? 'none' : 'lax',
+                            path: '/',
+                            maxAge: 30 * 24 * 60 * 60,
+                        };
+                        if (cookieDomain) {
+                            cookieOptions.domain = cookieDomain;
+                        }
+                        response.cookies.set(nextAuthCookieName, nextAuthToken, cookieOptions);
+                        debugLog('verifyAndRefreshToken', 'NextAuth session cookie set:', {
+                            name: nextAuthCookieName,
+                            valueLength: nextAuthToken.length,
+                        });
+                    }
+                    catch (error) {
+                        debugError('verifyAndRefreshToken', 'Failed to set NextAuth cookie:', error);
+                        // Continue even if NextAuth cookie fails
+                    }
+                    // 커스텀 토큰 쿠키 설정
                     if (newRefreshToken) {
                         setCustomTokens(response, refreshResult.accessToken, newRefreshToken, {
                             cookiePrefix,
@@ -633,7 +701,7 @@ async function verifyAndRefreshToken(req, secret, options) {
                             cookieDomain,
                         });
                     }
-                    debugLog('verifyAndRefreshToken', 'Custom cookies updated, NextAuth will pick them up via handleJWTCallback');
+                    debugLog('verifyAndRefreshToken', 'All cookies updated');
                     return { isValid: true, response, payload };
                 }
                 catch (error) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@thinkingcat/auth-utils",
-  "version": "1.0.37",
+  "version": "1.0.39",
   "description": "Authentication utilities for ThinkingCat SSO services with conditional logging",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",