@thinkingcat/auth-utils 1.0.49 → 2.0.0

package/dist/sso/api.js

@@ -0,0 +1,83 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateServiceSubscription = validateServiceSubscription;
+exports.refreshSSOToken = refreshSSOToken;
+exports.getRefreshTokenFromSSO = getRefreshTokenFromSSO;
+/**
+ * 서비스 구독 유효성 확인 함수
+ */
+function validateServiceSubscription(services, serviceId, ssoBaseURL) {
+    const filteredServices = services.filter(service => service.serviceId === serviceId);
+    if (filteredServices.length === 0) {
+        return {
+            isValid: false,
+            redirectUrl: `${ssoBaseURL}/services/${serviceId}?type=subscription_required`
+        };
+    }
+    const service = filteredServices[0];
+    if (service.isFree && service.status === "ACTIVE") {
+        return {
+            isValid: true,
+            service
+        };
+    }
+    if (service.status !== "ACTIVE") {
+        return {
+            isValid: false,
+            redirectUrl: `${ssoBaseURL}/services/${service.serviceId}?type=subscription_required`,
+            service
+        };
+    }
+    return {
+        isValid: true,
+        service
+    };
+}
+/**
+ * SSO 서버에서 refresh token을 사용하여 새로운 access token을 발급받는 함수
+ */
+async function refreshSSOToken(refreshToken, options) {
+    const { ssoBaseURL, authServiceKey } = options;
+    if (!authServiceKey) {
+        throw new Error('AUTH_SERVICE_SECRET_KEY not configured');
+    }
+    const refreshResponse = await fetch(`${ssoBaseURL}/api/sso/refresh`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'x-auth-service-key': authServiceKey,
+        },
+        body: JSON.stringify({ refreshToken }),
+    });
+    return await refreshResponse.json();
+}
+/**
+ * SSO 서버에서 사용자의 refresh token을 가져오는 함수
+ */
+async function getRefreshTokenFromSSO(userId, accessToken, options) {
+    const { ssoBaseURL, authServiceKey } = options;
+    if (!authServiceKey) {
+        return null;
+    }
+    try {
+        const refreshResponse = await fetch(`${ssoBaseURL}/api/sso/get-refresh-token`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'x-auth-service-key': authServiceKey,
+            },
+            body: JSON.stringify({
+                userId,
+                accessToken
+            }),
+        });
+        const refreshResult = await refreshResponse.json();
+        if (refreshResponse.ok && refreshResult.success && refreshResult.refreshToken) {
+            return refreshResult.refreshToken;
+        }
+    }
+    catch {
+        // Ignore error
+    }
+    return null;
+}

package/dist/types/index.d.ts

@@ -0,0 +1,138 @@
+export interface ResponseLike {
+    cookies: {
+        delete(name: string): void;
+        set(name: string, value: string, options?: {
+            httpOnly?: boolean;
+            secure?: boolean;
+            sameSite?: 'strict' | 'lax' | 'none';
+            maxAge?: number;
+            path?: string;
+            domain?: string;
+        }): void;
+    };
+}
+export interface ServiceInfo {
+    serviceId: string;
+    role: string;
+    joinedAt: string;
+    lastAccessAt?: string;
+    expiredAt?: string;
+    status: string;
+    isFree?: boolean;
+}
+export interface SSOUpsertResponse {
+    success: boolean;
+    message?: string;
+    user?: {
+        id: string;
+        email: string;
+        name: string;
+    };
+}
+export interface SSOErrorResponse {
+    error: string;
+    message?: string;
+}
+export interface SSORefreshTokenResponse {
+    success: boolean;
+    accessToken?: string;
+    refreshToken?: string;
+    user?: {
+        id: string;
+        email: string;
+        name: string;
+    };
+    error?: string;
+}
+export interface SSOGetRefreshTokenResponse {
+    success: boolean;
+    refreshToken?: string;
+    error?: string;
+}
+export interface SSORegisterResponse {
+    success: boolean;
+    message?: string;
+    user?: {
+        id: string;
+        email: string;
+        name: string;
+    };
+}
+export interface JWTPayload {
+    sub?: string;
+    id?: string;
+    email: string;
+    name: string;
+    role?: string;
+    iat?: number;
+    exp?: number;
+    services?: ServiceInfo[];
+    phoneVerified?: boolean;
+    emailVerified?: boolean;
+    smsVerified?: boolean;
+    phone?: string;
+    isPasswordReset?: boolean;
+    decryptedEmail?: string;
+    decryptedPhone?: string;
+    emailHash?: string;
+    maskedEmail?: string;
+    phoneHash?: string;
+    maskedPhone?: string;
+    refreshToken?: string;
+    accessToken?: string;
+    accessTokenExpires?: number;
+    serviceId?: string;
+    [key: string]: unknown;
+}
+/**
+ * 역할 기반 접근 제어 헬퍼 함수
+ */
+export interface RoleAccessConfig {
+    [role: string]: {
+        paths: string[];
+        message: string;
+        allowedRoles?: string[];
+    };
+}
+/**
+ * 미들웨어 설정 인터페이스
+ */
+export interface MiddlewareConfig {
+    /** 공개 접근 가능한 경로 배열 */
+    publicPaths?: string[];
+    /** 구독이 필요한 경로 배열 */
+    subscriptionRequiredPaths?: string[];
+    /** 구독 상태 확인을 제외할 API 경로 배열 */
+    subscriptionExemptApiPaths?: string[];
+    /** 인증 관련 API 경로 배열 */
+    authApiPaths?: string[];
+    /** 역할별 대시보드 경로 객체 */
+    rolePaths?: Record<string, string>;
+    /** 역할 기반 접근 제어 설정 */
+    roleAccessConfig?: RoleAccessConfig;
+    /** 서비스 ID */
+    serviceId?: string;
+    /** 시스템 관리자 역할명 (기본값: 'SYSTEM_ADMIN') */
+    systemAdminRole?: string;
+    /** 에러 페이지 경로 (기본값: '/error') */
+    errorPath?: string;
+}
+/**
+ * 미들웨어 실행 옵션
+ */
+export interface MiddlewareOptions {
+    /** NextAuth Secret (필수) */
+    secret: string;
+    /** 프로덕션 환경 여부 (필수) */
+    isProduction: boolean;
+    /** 쿠키 도메인 (선택사항) */
+    cookieDomain?: string;
+    /** NextAuth 토큰을 가져오는 함수 (선택사항) */
+    getNextAuthToken?: (req: any) => Promise<any>;
+    /** SSO 서버 기본 URL (필수) */
+    ssoBaseURL: string;
+    /** 인증 서비스 키 (선택사항) */
+    authServiceKey?: string;
+    /** 라이센스 키 (필수) */
+    licenseKey: string;
+}

package/dist/types/index.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/utils/crypto.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Edge Runtime 호환을 위해 Web Crypto API 사용
+ */
+export declare function createHashSHA256(data: string): Promise<string>;

package/dist/utils/crypto.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createHashSHA256 = createHashSHA256;
+/**
+ * Edge Runtime 호환을 위해 Web Crypto API 사용
+ */
+async function createHashSHA256(data) {
+    const encoder = new TextEncoder();
+    const dataBuffer = encoder.encode(data);
+    const hashBuffer = await crypto.subtle.digest('SHA-256', dataBuffer);
+    const hashArray = Array.from(new Uint8Array(hashBuffer));
+    return hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
+}

package/dist/utils/license.d.ts

@@ -0,0 +1,4 @@
+/**
+ * 라이센스 키 유효성 확인
+ */
+export declare function checkLicenseKey(licenseKey: string): Promise<void>;

package/dist/utils/license.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkLicenseKey = checkLicenseKey;
+const crypto_1 = require("./crypto");
+// 유효한 라이센스 키 해시 목록
+const VALID_LICENSE_KEY_HASHES = new Set([
+    '73bce4f3b64804c255cdab450d759a8b53038f9edb59ae42d9988b08dfd007e2',
+]);
+/**
+ * 라이센스 키 유효성 확인
+ */
+async function checkLicenseKey(licenseKey) {
+    if (!licenseKey || licenseKey.length < 10) {
+        throw new Error('License key is required');
+    }
+    const keyHash = await (0, crypto_1.createHashSHA256)(licenseKey);
+    if (!VALID_LICENSE_KEY_HASHES.has(keyHash)) {
+        throw new Error('Invalid license key');
+    }
+}

package/dist/utils/logger.d.ts

@@ -0,0 +1,5 @@
+/**
+ * 조건부 로깅 유틸리티 (환경 변수 AUTH_UTILS_DEBUG=true 시에만 로그 출력)
+ */
+export declare function debugLog(context: string, ...args: any[]): void;
+export declare function debugError(context: string, ...args: any[]): void;

package/dist/utils/logger.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.debugLog = debugLog;
+exports.debugError = debugError;
+/**
+ * 조건부 로깅 유틸리티 (환경 변수 AUTH_UTILS_DEBUG=true 시에만 로그 출력)
+ */
+function debugLog(context, ...args) {
+    if (process.env.AUTH_UTILS_DEBUG === 'true' || process.env.NODE_ENV === 'development') {
+        console.log(`[${context}]`, ...args);
+    }
+}
+function debugError(context, ...args) {
+    if (process.env.AUTH_UTILS_DEBUG === 'true' || process.env.NODE_ENV === 'development') {
+        console.error(`[${context}]`, ...args);
+    }
+}

package/dist/utils/path.d.ts

@@ -0,0 +1,12 @@
+/**
+ * 공개 경로인지 확인하는 함수
+ */
+export declare function isPublicPath(pathname: string, publicPaths: string[]): boolean;
+/**
+ * API 경로인지 확인하는 함수
+ */
+export declare function isApiPath(pathname: string): boolean;
+/**
+ * 보호된 API 경로인지 확인하는 함수
+ */
+export declare function isProtectedApiPath(pathname: string, exemptPaths?: string[]): boolean;

package/dist/utils/path.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isPublicPath = isPublicPath;
+exports.isApiPath = isApiPath;
+exports.isProtectedApiPath = isProtectedApiPath;
+/**
+ * 공개 경로인지 확인하는 함수
+ */
+function isPublicPath(pathname, publicPaths) {
+    return publicPaths.some(path => pathname === path || pathname.startsWith(path));
+}
+/**
+ * API 경로인지 확인하는 함수
+ */
+function isApiPath(pathname) {
+    return pathname.startsWith('/api/');
+}
+/**
+ * 보호된 API 경로인지 확인하는 함수
+ */
+function isProtectedApiPath(pathname, exemptPaths = []) {
+    if (!isApiPath(pathname))
+        return false;
+    return !exemptPaths.some(path => pathname.startsWith(path));
+}

package/dist/utils/redirect.d.ts

@@ -0,0 +1,20 @@
+import type { NextRequest, NextResponse } from 'next/server';
+/**
+ * 리다이렉트용 HTML 생성
+ * @param redirectPath 리다이렉트할 경로
+ * @param text 표시할 텍스트 (필수)
+ * @returns HTML 문자열
+ */
+export declare function createRedirectHTML(redirectPath: string, text: string): string;
+/**
+ * 에러 페이지로 리다이렉트하는 헬퍼 함수
+ */
+export declare function redirectToError(req: NextRequest, code: string, message: string, errorPath?: string): Promise<NextResponse>;
+/**
+ * SSO 로그인 페이지로 리다이렉트하는 헬퍼 함수
+ */
+export declare function redirectToSSOLogin(req: NextRequest, serviceId: string, ssoBaseURL: string): Promise<NextResponse>;
+/**
+ * 역할별 대시보드 경로로 리다이렉트하는 헬퍼 함수
+ */
+export declare function redirectToRoleDashboard(req: NextRequest, role: string, rolePaths: Record<string, string>, defaultPath?: string): Promise<NextResponse>;

package/dist/utils/redirect.js

@@ -0,0 +1,106 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createRedirectHTML = createRedirectHTML;
+exports.redirectToError = redirectToError;
+exports.redirectToSSOLogin = redirectToSSOLogin;
+exports.redirectToRoleDashboard = redirectToRoleDashboard;
+const server_1 = require("./server");
+/**
+ * 리다이렉트용 HTML 생성
+ * @param redirectPath 리다이렉트할 경로
+ * @param text 표시할 텍스트 (필수)
+ * @returns HTML 문자열
+ */
+function createRedirectHTML(redirectPath, text) {
+    return `
+    <!DOCTYPE html>
+    <html>
+      <head>
+        <meta charset="utf-8">
+        <title>Redirecting...</title>
+        <style>
+          * { margin: 0; padding: 0; box-sizing: border-box; }
+          html, body {
+            width: 100%;
+            height: 100%;
+            overflow: hidden;
+          }
+          body {
+            display: flex;
+            align-items: flex-start;
+            justify-content: flex-start;
+            padding-left: 10%;
+            padding-top: 20%;
+            background: #fff;
+          }
+          .typing-text {
+            font-family: 'Courier New', monospace;
+            font-size: 2.5rem;
+            font-weight: bold;
+            color: #667eea;
+            letter-spacing: 0.1em;
+          }
+          .cursor {
+            display: inline-block;
+            width: 3px;
+            height: 2.5rem;
+            background-color: #667eea;
+            margin-left: 2px;
+            animation: blink 0.7s infinite;
+          }
+          @keyframes blink {
+            0%, 50% { opacity: 1; }
+            51%, 100% { opacity: 0; }
+          }
+        </style>
+      </head>
+      <body>
+        <div class="typing-text">
+          <span id="text"></span><span class="cursor"></span>
+        </div>
+        <script>
+          const text = '${text}';
+          let index = 0;
+          const speed = 100;
+          
+          function type() {
+            if (index < text.length) {
+              document.getElementById('text').textContent += text.charAt(index);
+              index++;
+              setTimeout(type, speed);
+            } else {
+              setTimeout(() => window.location.href = '${redirectPath}', 200);
+            }
+          }
+          
+          type();
+        </script>
+      </body>
+    </html>
+  `;
+}
+/**
+ * 에러 페이지로 리다이렉트하는 헬퍼 함수
+ */
+async function redirectToError(req, code, message, errorPath = '/error') {
+    const url = new URL(errorPath, req.url);
+    url.searchParams.set('code', code);
+    url.searchParams.set('message', message);
+    const { NextResponse: NextResponseClass } = await (0, server_1.getNextServer)();
+    return NextResponseClass.redirect(url);
+}
+/**
+ * SSO 로그인 페이지로 리다이렉트하는 헬퍼 함수
+ */
+async function redirectToSSOLogin(req, serviceId, ssoBaseURL) {
+    const { NextResponse: NextResponseClass } = await (0, server_1.getNextServer)();
+    return NextResponseClass.redirect(new URL(`${ssoBaseURL}/auth/login?serviceId=${serviceId}`, req.url));
+}
+/**
+ * 역할별 대시보드 경로로 리다이렉트하는 헬퍼 함수
+ */
+async function redirectToRoleDashboard(req, role, rolePaths, defaultPath = '/admin') {
+    const redirectPath = rolePaths[role] || defaultPath;
+    const { NextResponse: NextResponseClass } = await (0, server_1.getNextServer)();
+    return NextResponseClass.redirect(new URL(redirectPath, req.url));
+}

package/dist/utils/server.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Edge Runtime 호환을 위해 next/server를 동적 import
+ */
+export declare function getNextServer(): Promise<{
+    default: typeof import("next/server");
+    NextFetchEvent: typeof import("next/server").NextFetchEvent;
+    NextRequest: typeof import("next/server").NextRequest;
+    NextResponse: typeof import("next/server").NextResponse;
+    userAgentFromString: typeof import("next/server").userAgentFromString;
+    userAgent: typeof import("next/server").userAgent;
+    URLPattern: typeof import("next/server").URLPattern;
+    ImageResponse: typeof import("next/server").ImageResponse;
+    after: typeof import("next/server").after;
+    connection: typeof import("next/server").connection;
+}>;

package/dist/utils/server.js

@@ -0,0 +1,42 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getNextServer = getNextServer;
+/**
+ * Edge Runtime 호환을 위해 next/server를 동적 import
+ */
+async function getNextServer() {
+    return await Promise.resolve().then(() => __importStar(require('next/server')));
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@thinkingcat/auth-utils",
-  "version": "1.0.49",
+  "version": "2.0.0",
   "description": "Authentication utilities for ThinkingCat SSO services with conditional logging",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -40,4 +40,4 @@
     "README.md",
     ".env.example"
   ]
-}
+}