-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathproxy.ts
More file actions
118 lines (103 loc) · 3.72 KB
/
Copy pathproxy.ts
File metadata and controls
118 lines (103 loc) · 3.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
import {
ACCESS_TOKEN_COOKIE_NAME,
ACCESS_TOKEN_MAX_AGE,
REFRESH_TOKEN_MAX_AGE,
} from '@/lib/constants/auth';
import { BASE_URL } from '@/lib/constants/apiInstance';
import { decodeJWT } from '@/lib/utils/auth/decodeJWT';
/**
* JWT 토큰이 만료되었는지 확인 (5분 여유 시간 포함)
*/
function isTokenExpired(token: string): boolean {
const payload = decodeJWT(token);
if (!payload?.exp) return true;
const now = Math.floor(Date.now() / 1000);
const bufferTime = 5 * 60; // 5분 여유 시간
return payload.exp - now < bufferTime;
}
/**
* Middleware: 모든 요청 전에 토큰 자동 갱신
*/
export async function proxy(request: NextRequest) {
const rememberMe = request.cookies.get('rememberMe')?.value;
const accessToken = request.cookies.get(ACCESS_TOKEN_COOKIE_NAME)?.value;
// rememberMe가 true이고 (accessToken이 없거나 만료되었으면) 토큰 갱신 시도
const shouldRefreshToken =
rememberMe === 'true' && (!accessToken || isTokenExpired(accessToken));
if (shouldRefreshToken) {
try {
const cookieHeader = request.headers.get('cookie') || '';
// 백엔드에 RefreshToken으로 새 AccessToken 요청
const response = await fetch(`${BASE_URL}/api/auth/token/refresh`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Cookie: cookieHeader,
},
});
if (response.ok) {
const data = await response.json();
if (data.data?.accessToken) {
const nextResponse = NextResponse.next();
// 새 AccessToken 설정
nextResponse.cookies.set(
ACCESS_TOKEN_COOKIE_NAME,
data.data.accessToken,
{
maxAge: ACCESS_TOKEN_MAX_AGE,
path: '/',
secure: process.env.NODE_ENV === 'production',
sameSite: 'lax',
}
);
// 백엔드가 Set-Cookie로 새 RefreshToken을 내려줬다면 파싱해서 설정
const setCookieHeader = response.headers.get('set-cookie');
if (setCookieHeader) {
const refreshTokenMatch = /refreshToken=([^;]+)/.exec(
setCookieHeader
);
if (refreshTokenMatch) {
const newRefreshToken = refreshTokenMatch[1];
nextResponse.cookies.set('refreshToken', newRefreshToken, {
maxAge: REFRESH_TOKEN_MAX_AGE,
path: '/',
secure: process.env.NODE_ENV === 'production',
sameSite: 'lax',
httpOnly: true,
});
}
}
console.info(
'[Middleware] 토큰 갱신 성공:',
accessToken ? '만료된 토큰 갱신' : '토큰 없음으로 갱신'
);
return nextResponse;
}
} else {
// RefreshToken도 만료된 경우 rememberMe 삭제
console.warn('[Middleware] 토큰 갱신 실패, rememberMe 삭제');
const nextResponse = NextResponse.next();
nextResponse.cookies.delete('rememberMe');
nextResponse.cookies.delete(ACCESS_TOKEN_COOKIE_NAME);
return nextResponse;
}
} catch (error) {
console.error('[Middleware] 토큰 갱신 중 오류:', error);
}
}
return NextResponse.next();
}
export const config = {
matcher: [
/*
* Match all request paths except for the ones starting with:
* - _next/static (static files)
* - _next/image (image optimization files)
* - favicon.ico (favicon file)
* - public folder
*/
'/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)',
],
};