npm - @thinkingcat/auth-utils - Versions diffs - 1.0.38 → 1.0.40 - Mend

@thinkingcat/auth-utils 1.0.38 → 1.0.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +47 -56
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -211,36 +211,49 @@ function createNextAuthJWT(payload, serviceId) {
  * @returns 인코딩된 세션 토큰
  */
 async function encodeNextAuthToken(jwt, secret, maxAge = 30 * 24 * 60 * 60) {
-    // Edge Runtime과 Node.js Runtime 간 호환성을 위해
-    // next-auth/jwt의 encode 대신 jose를 직접 사용
-    // (Edge Runtime에서 encode한 토큰을 Node.js Runtime에서 decode 못하는 문제 방지)
-    debugLog('encodeNextAuthToken', 'Using jose EncryptJWT for cross-runtime compatibility');
-    // NextAuth는 secret을 SHA-256 해시하여 32바이트 키로 사용
-    const secretHash = await createHashSHA256(secret);
-    // SHA-256 해시는 64자 hex 문자열이므로, 32바이트로 변환
-    const keyBytes = new Uint8Array(32);
-    for (let i = 0; i < 32; i++) {
-        keyBytes[i] = parseInt(secretHash.slice(i * 2, i * 2 + 2), 16);
-    }
-    const now = Math.floor(Date.now() / 1000);
-    // EncryptJWT를 사용하여 JWE 토큰 생성
-    // NextAuth는 'dir' 키 관리와 'A256GCM' 암호화를 사용
+    // NextAuth의 encode() 함수를 우선적으로 사용 (가장 호환성 좋음)
     try {
-        const token = await new jose_1.EncryptJWT(jwt)
-            .setProtectedHeader({
-            alg: 'dir', // Direct key agreement
-            enc: 'A256GCM' // AES-256-GCM encryption
-        })
-            .setIssuedAt(now)
-            .setExpirationTime(now + maxAge)
-            .setJti(crypto.randomUUID())
-            .encrypt(keyBytes);
-        debugLog('encodeNextAuthToken', 'EncryptJWT successful, length:', token.length);
-        return token;
+        const { encode } = await Promise.resolve().then(() => __importStar(require('next-auth/jwt')));
+        debugLog('encodeNextAuthToken', 'Using next-auth/jwt encode');
+        const encoded = await encode({
+            token: jwt,
+            secret: secret,
+            maxAge: maxAge,
+        });
+        debugLog('encodeNextAuthToken', 'NextAuth encode successful, length:', encoded.length);
+        return encoded;
     }
     catch (error) {
-        debugError('encodeNextAuthToken', 'EncryptJWT failed:', error);
-        throw new Error(`Failed to encode NextAuth token: ${error instanceof Error ? error.message : String(error)}`);
+        // Edge Runtime에서 encode가 작동하지 않을 수 있으므로
+        // jose의 EncryptJWT를 fallback으로 사용
+        debugLog('encodeNextAuthToken', 'NextAuth encode failed, using jose EncryptJWT fallback', error);
+        // NextAuth는 secret을 SHA-256 해시하여 32바이트 키로 사용
+        const secretHash = await createHashSHA256(secret);
+        // SHA-256 해시는 64자 hex 문자열이므로, 32바이트로 변환
+        const keyBytes = new Uint8Array(32);
+        for (let i = 0; i < 32; i++) {
+            keyBytes[i] = parseInt(secretHash.slice(i * 2, i * 2 + 2), 16);
+        }
+        const now = Math.floor(Date.now() / 1000);
+        // EncryptJWT를 사용하여 JWE 토큰 생성
+        // NextAuth는 'dir' 키 관리와 'A256GCM' 암호화를 사용
+        try {
+            const token = await new jose_1.EncryptJWT(jwt)
+                .setProtectedHeader({
+                alg: 'dir', // Direct key agreement
+                enc: 'A256GCM' // AES-256-GCM encryption
+            })
+                .setIssuedAt(now)
+                .setExpirationTime(now + maxAge)
+                .setJti(crypto.randomUUID())
+                .encrypt(keyBytes);
+            debugLog('encodeNextAuthToken', 'EncryptJWT fallback successful, length:', token.length);
+            return token;
+        }
+        catch (encryptError) {
+            debugError('encodeNextAuthToken', 'EncryptJWT also failed:', encryptError);
+            throw new Error(`Failed to encode NextAuth token: ${error instanceof Error ? error.message : String(error)}`);
+        }
     }
 }
 function setCustomTokens(response, accessToken, optionsOrRefreshToken, options) {
@@ -435,44 +448,22 @@ async function createAuthResponse(accessToken, secret, options) {
     }
     // accessTokenExpires 추가 (15분)
     jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
-    debugLog('createAuthResponse', 'JWT created:', {
+    debugLog('createAuthResponse', 'JWT prepared (NextAuth will create session from custom tokens):', {
         hasId: !!jwt.id,
         hasEmail: !!jwt.email,
         hasRole: !!jwt.role,
         hasRefreshToken: !!jwt.refreshToken,
     });
-    // 3. NextAuth 세션 쿠키 생성 (jose 사용)
-    const nextAuthToken = await encodeNextAuthToken(jwt, secret);
-    debugLog('createAuthResponse', 'NextAuth session token encoded:', {
-        tokenLength: nextAuthToken.length,
-    });
-    // 4. Response 생성 (HTTP 302 리다이렉트 사용)
+    // 3. Response 생성 (HTTP 302 리다이렉트 사용)
     const { NextResponse: NextResponseClass } = await getNextServer();
     // redirectPath가 있으면 302 리다이렉트, 없으면 200 OK
     const response = redirectPath
         ? NextResponseClass.redirect(new URL(redirectPath, req.url), { status: 302 })
         : NextResponseClass.json({ success: true, message: text || 'Authentication successful' }, { status: 200 });
-    // 5. NextAuth 세션 쿠키 설정
-    const nextAuthCookieName = isProduction
-        ? '__Secure-next-auth.session-token'
-        : 'next-auth.session-token';
-    const cookieOptions = {
-        httpOnly: true,
-        secure: isProduction,
-        sameSite: isProduction ? 'none' : 'lax',
-        path: '/',
-        maxAge: 30 * 24 * 60 * 60, // 30일
-    };
-    if (cookieDomain) {
-        cookieOptions.domain = cookieDomain;
-    }
-    response.cookies.set(nextAuthCookieName, nextAuthToken, cookieOptions);
-    debugLog('createAuthResponse', 'NextAuth session cookie set:', {
-        name: nextAuthCookieName,
-        valueLength: nextAuthToken.length,
-        ...cookieOptions,
-    });
-    // 6. 커스텀 토큰 쿠키 설정
+    // 4. 처음 로그인 시에는 NextAuth 쿠키를 생성하지 않음
+    // Edge Runtime에서 생성한 NextAuth 쿠키는 Node.js Runtime에서 디코드 실패
+    // 대신 커스텀 토큰만 설정하고, handleJWTCallback이 이를 읽어서 세션 생성
+    // 5. 커스텀 토큰 쿠키 설정
     if (refreshToken) {
         setCustomTokens(response, accessToken, refreshToken, {
             cookiePrefix,
@@ -647,7 +638,7 @@ async function verifyAndRefreshToken(req, secret, options) {
                         jwt.refreshToken = newRefreshToken;
                     }
                     jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
-                    // NextAuth 세션 쿠키 생성 (jose 사용)
+                    // NextAuth 세션 쿠키 생성 (NextAuth encode() 우선 사용)
                     try {
                         const nextAuthToken = await encodeNextAuthToken(jwt, secret);
                         const nextAuthCookieName = isProduction

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@thinkingcat/auth-utils",
-  "version": "1.0.38",
+  "version": "1.0.40",
   "description": "Authentication utilities for ThinkingCat SSO services with conditional logging",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",