npm - @thinkingcat/auth-utils - Versions diffs - 2.0.2 → 2.0.4 - Mend

@thinkingcat/auth-utils 2.0.2 → 2.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/middleware/handler.js +41 -0
package/package.json +1 -1

package/dist/middleware/handler.js CHANGED Viewed

@@ -72,6 +72,47 @@ async function handleMiddleware(req, config, options) {
             }
         }
         const effectiveRole = (0, roles_js_1.getEffectiveRole)(token, serviceId);
+        // Relaxed Cookie Cleanup - 어떠한 인증 토큰도 없을 때만 잔여 쿠키 정리
+        const refreshTokenCookieName = `${cookiePrefix}_refresh_token`;
+        const refreshTokenCookie = req.cookies.get(refreshTokenCookieName);
+        // 공개 경로 및 루트(/)의 토큰 처리 경로는 제외
+        const isPublicPath = config.publicPaths.some((path) => pathname === path || pathname.startsWith(path));
+        const isAuthFlow = pathname === '/' && req.nextUrl.searchParams.has('token');
+        if (!isPublicPath && !isAuthFlow && !token && !refreshTokenCookie) {
+            // 인증 관련 쿠키 패턴
+            const authCookiePatterns = [
+                /^next-auth\./,
+                /^__Secure-next-auth\./,
+                /_access_token$/,
+                /_refresh_token$/,
+                /^auth-token$/,
+                /^__Secure-auth-token$/,
+            ];
+            const hasAuthCookies = req.cookies.getAll().some((cookie) => authCookiePatterns.some((pattern) => pattern.test(cookie.name)));
+            if (hasAuthCookies) {
+                (0, logger_js_1.debugLog)('handleMiddleware', `Inconsistent state detected (no session, no refresh token, but auth cookies exist). Cleaning up.`);
+                const ssoBaseURL = options.ssoBaseURL;
+                const response = await (0, redirect_js_1.redirectToSSOLogin)(req, serviceId, ssoBaseURL);
+                // 모든 쿠키 확인하고 인증 관련 쿠키 삭제
+                req.cookies.getAll().forEach((cookie) => {
+                    const isAuthCookie = authCookiePatterns.some((pattern) => pattern.test(cookie.name));
+                    if (isAuthCookie) {
+                        (0, logger_js_1.debugLog)('handleMiddleware', `Deleting stale cookie: ${cookie.name}`);
+                        response.cookies.delete(cookie.name);
+                        // 추가로 만료된 쿠키로 설정 (확실한 삭제 보장)
+                        response.cookies.set(cookie.name, '', {
+                            expires: new Date(0),
+                            path: '/',
+                            secure: isProduction,
+                            httpOnly: true,
+                            sameSite: isProduction ? 'none' : 'lax',
+                            ...(cookieDomain && { domain: cookieDomain }),
+                        });
+                    }
+                });
+                return response;
+            }
+        }
         // 1. API 요청 처리
         if (pathname.startsWith('/api/')) {
             if (config.authApiPaths.includes(pathname)) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@thinkingcat/auth-utils",
-  "version": "2.0.2",
+  "version": "2.0.4",
   "description": "Authentication utilities for ThinkingCat SSO services with conditional logging",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",