@thinkingcat/auth-utils 2.0.3 → 2.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/middleware/handler.js +30 -23
  2. package/package.json +1 -1
package/dist/middleware/handler.js CHANGED
@@ -71,11 +71,14 @@ async function handleMiddleware(req, config, options) {
71
71
  (0, logger_js_1.debugLog)('handleMiddleware', 'getToken failed', error);
72
72
  }
73
73
  }
74
- // Refresh token 체크 - 없으면 모든 인증 쿠키 초기화
74
+ const effectiveRole = (0, roles_js_1.getEffectiveRole)(token, serviceId);
75
+ // Relaxed Cookie Cleanup - 어떠한 인증 토큰도 없을 때만 잔여 쿠키 정리
75
76
  const refreshTokenCookieName = `${cookiePrefix}_refresh_token`;
76
77
  const refreshTokenCookie = req.cookies.get(refreshTokenCookieName);
77
- if (!refreshTokenCookie && req.cookies.getAll().length > 0) {
78
- (0, logger_js_1.debugLog)('handleMiddleware', `No refresh token found (${refreshTokenCookieName}), clearing all auth cookies`);
78
+ // 공개 경로 및 루트(/) 토큰 처리 경로는 제외
79
+ const isPublicPath = config.publicPaths.some((path) => pathname === path || pathname.startsWith(path));
80
+ const isAuthFlow = pathname === '/' && req.nextUrl.searchParams.has('token');
81
+ if (!isPublicPath && !isAuthFlow && !token && !refreshTokenCookie) {
79
82
  // 인증 관련 쿠키 패턴
80
83
  const authCookiePatterns = [
81
84
  /^next-auth\./,
@@ -85,27 +88,31 @@ async function handleMiddleware(req, config, options) {
85
88
  /^auth-token$/,
86
89
  /^__Secure-auth-token$/,
87
90
  ];
88
- // 응답 생성하여 쿠키 삭제
89
- const response = NextResponseClass.next();
90
- // 모든 쿠키 확인하고 인증 관련 쿠키 삭제
91
- req.cookies.getAll().forEach((cookie) => {
92
- const isAuthCookie = authCookiePatterns.some((pattern) => pattern.test(cookie.name));
93
- if (isAuthCookie) {
94
- (0, logger_js_1.debugLog)('handleMiddleware', `Deleting stale cookie: ${cookie.name}`);
95
- response.cookies.delete(cookie.name);
96
- // 추가로 만료된 쿠키로 설정
97
- response.cookies.set(cookie.name, '', {
98
- expires: new Date(0),
99
- path: '/',
100
- secure: isProduction,
101
- httpOnly: true,
102
- sameSite: 'lax',
103
- });
104
- }
105
- });
106
- (0, logger_js_1.debugLog)('handleMiddleware', 'Stale auth cookies cleared');
91
+ const hasAuthCookies = req.cookies.getAll().some((cookie) => authCookiePatterns.some((pattern) => pattern.test(cookie.name)));
92
+ if (hasAuthCookies) {
93
+ (0, logger_js_1.debugLog)('handleMiddleware', `Inconsistent state detected (no session, no refresh token, but auth cookies exist). Cleaning up.`);
94
+ const ssoBaseURL = options.ssoBaseURL;
95
+ const response = await (0, redirect_js_1.redirectToSSOLogin)(req, serviceId, ssoBaseURL);
96
+ // 모든 쿠키 확인하고 인증 관련 쿠키 삭제
97
+ req.cookies.getAll().forEach((cookie) => {
98
+ const isAuthCookie = authCookiePatterns.some((pattern) => pattern.test(cookie.name));
99
+ if (isAuthCookie) {
100
+ (0, logger_js_1.debugLog)('handleMiddleware', `Deleting stale cookie: ${cookie.name}`);
101
+ response.cookies.delete(cookie.name);
102
+ // 추가로 만료된 쿠키로 설정 (확실한 삭제 보장)
103
+ response.cookies.set(cookie.name, '', {
104
+ expires: new Date(0),
105
+ path: '/',
106
+ secure: isProduction,
107
+ httpOnly: true,
108
+ sameSite: isProduction ? 'none' : 'lax',
109
+ ...(cookieDomain && { domain: cookieDomain }),
110
+ });
111
+ }
112
+ });
113
+ return response;
114
+ }
107
115
  }
108
- const effectiveRole = (0, roles_js_1.getEffectiveRole)(token, serviceId);
109
116
  // 1. API 요청 처리
110
117
  if (pathname.startsWith('/api/')) {
111
118
  if (config.authApiPaths.includes(pathname)) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@thinkingcat/auth-utils",
3
- "version": "2.0.3",
3
+ "version": "2.0.4",
4
4
  "description": "Authentication utilities for ThinkingCat SSO services with conditional logging",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",