npm - @thinkingcat/auth-utils - Versions diffs - 1.0.45 → 1.0.47 - Mend

@thinkingcat/auth-utils 1.0.45 → 1.0.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +24 -7
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -164,10 +164,16 @@ function createNextAuthJWT(payload, serviceId) {
     const services = payload.services || [];
     const service = services.find((s) => s.serviceId === serviceId);
     const effectiveRole = service?.role || payload.role || 'ADMIN';
+    // name 필드 결정: payload.name이 있으면 사용, 없으면 decryptedEmail 또는 maskedEmail 사용
+    // email은 암호화되어 있을 수 있으므로 직접 사용하지 않음
+    const displayName = payload.name
+        || payload.decryptedEmail
+        || payload.maskedEmail
+        || 'User';
     const jwt = {
         id: (payload.id || payload.sub),
         email: payload.email,
-        name: (payload.name || payload.email || 'User'), // name이 없으면 email 또는 기본값 사용
+        name: displayName,
         role: effectiveRole, // Role enum 타입 (string으로 캐스팅)
         services: payload.services,
         phoneVerified: payload.phoneVerified ?? false,
@@ -657,12 +663,23 @@ async function verifyAndRefreshToken(req, secret, options) {
                     }
                     jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
                     // NextAuth 세션 쿠키 생성
-                    // 주의: NextAuth는 세션 쿠키를 자동으로 관리하므로, 직접 설정하는 것이 문제를 일으킬 수 있습니다.
-                    // 따라서 커스텀 토큰만 설정하고, NextAuth 세션은 JWT 콜백에서 처리하도록 합니다.
-                    debugLog('verifyAndRefreshToken', 'Skipping NextAuth session cookie - will be handled by NextAuth JWT callback', {
-                        hasJWT: !!jwt,
-                        jwtId: jwt?.id,
-                    });
+                    // 미들웨어에서는 NextAuth JWT callback이 실행되지 않으므로,
+                    // refresh 후 NextAuth 세션 쿠키를 직접 설정해야 합니다.
+                    try {
+                        const encodedSessionToken = await encodeNextAuthToken(jwt, secret, 30 * 24 * 60 * 60);
+                        setNextAuthToken(response, encodedSessionToken, {
+                            isProduction,
+                            cookieDomain,
+                        });
+                        debugLog('verifyAndRefreshToken', 'NextAuth session cookie set successfully', {
+                            hasJWT: !!jwt,
+                            jwtId: jwt?.id,
+                        });
+                    }
+                    catch (error) {
+                        debugError('verifyAndRefreshToken', 'Failed to set NextAuth session cookie:', error);
+                        // NextAuth 세션 쿠키 설정 실패해도 커스텀 토큰은 설정하므로 계속 진행
+                    }
                     // 커스텀 토큰 쿠키 설정
                     if (newRefreshToken) {
                         setCustomTokens(response, refreshResult.accessToken, newRefreshToken, {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@thinkingcat/auth-utils",
-  "version": "1.0.45",
+  "version": "1.0.47",
   "description": "Authentication utilities for ThinkingCat SSO services with conditional logging",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",