@thinkingcat/auth-utils 2.0.8 → 2.0.10

package/dist/core/jwt.d.ts

@@ -15,7 +15,7 @@ export declare function extractRoleFromPayload(payload: JWTPayload, serviceId: s
  */
 export declare function createNextAuthJWT(payload: JWTPayload, serviceId: string): JWT;
 /**
- * NextAuth JWT를 인코딩된 세션 토큰으로 변환 (HKDF 기반 암호화 적용)
+ * NextAuth JWT를 인코딩된 세션 토큰으로 변환
  */
 export declare function encodeNextAuthToken(jwt: JWT, secret: string, maxAge?: number): Promise<string>;
 /**

package/dist/core/jwt.js

@@ -41,6 +41,7 @@ exports.isTokenExpired = isTokenExpired;
 exports.isValidToken = isValidToken;
 const jose_1 = require("jose");
 const logger_js_1 = require("../utils/logger.js");
+const crypto_js_1 = require("../utils/crypto.js");
 /**
  * 토큰 검증 및 디코딩
  */
@@ -115,7 +116,7 @@ function createNextAuthJWT(payload, serviceId) {
     return jwt;
 }
 /**
- * NextAuth JWT를 인코딩된 세션 토큰으로 변환 (HKDF 기반 암호화 적용)
+ * NextAuth JWT를 인코딩된 세션 토큰으로 변환
  */
 async function encodeNextAuthToken(jwt, secret, maxAge = 30 * 24 * 60 * 60) {
     try {
@@ -129,23 +130,14 @@ async function encodeNextAuthToken(jwt, secret, maxAge = 30 * 24 * 60 * 60) {
         return encoded;
     }
     catch (error) {
-        (0, logger_js_1.debugLog)('encodeNextAuthToken', 'NextAuth encode failed, using jose EncryptJWT fallback with HKDF', error);
-        // NextAuth.js의 표준 HKDF 키 유도 방식 구현
-        // https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/jwt/index.ts
+        (0, logger_js_1.debugLog)('encodeNextAuthToken', 'NextAuth encode failed, using jose EncryptJWT fallback', error);
+        const secretHash = await (0, crypto_js_1.createHashSHA256)(secret);
+        const keyBytes = new Uint8Array(32);
+        for (let i = 0; i < 32; i++) {
+            keyBytes[i] = parseInt(secretHash.slice(i * 2, i * 2 + 2), 16);
+        }
         const now = Math.floor(Date.now() / 1000);
         try {
-            // Web Crypto API를 이용한 HKDF 구현
-            const encoder = new TextEncoder();
-            const secretKey = await crypto.subtle.importKey('raw', encoder.encode(secret), 'HKDF', false, ['deriveKey']);
-            const derivedKey = await crypto.subtle.deriveKey({
-                name: 'HKDF',
-                hash: 'SHA-256',
-                salt: encoder.encode(''),
-                info: encoder.encode('NextAuth.js Generated Encryption Key'),
-            }, secretKey, { name: 'AES-GCM', length: 256 }, true, ['encrypt']);
-            // 유도된 키를 Uint8Array로 변환
-            const exportedKey = await crypto.subtle.exportKey('raw', derivedKey);
-            const keyBytes = new Uint8Array(exportedKey);
             const token = await new jose_1.EncryptJWT(jwt)
                 .setProtectedHeader({
                 alg: 'dir',
@@ -158,7 +150,7 @@ async function encodeNextAuthToken(jwt, secret, maxAge = 30 * 24 * 60 * 60) {
             return token;
         }
         catch (encryptError) {
-            (0, logger_js_1.debugError)('encodeNextAuthToken', 'HKDF EncryptJWT failed:', encryptError);
+            (0, logger_js_1.debugError)('encodeNextAuthToken', 'EncryptJWT also failed:', encryptError);
             throw new Error(`Failed to encode NextAuth token: ${error instanceof Error ? error.message : String(error)}`);
         }
     }

package/dist/types/index.d.ts

@@ -14,6 +14,8 @@ export interface ResponseLike {
 export interface ServiceInfo {
     serviceId: string;
     role: string;
+    joinedAt: string;
+    lastAccessAt?: string;
     expiredAt?: string;
     status: string;
     isFree?: boolean;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@thinkingcat/auth-utils",
-  "version": "2.0.8",
+  "version": "2.0.10",
   "description": "Authentication utilities for ThinkingCat SSO services with conditional logging",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",