Spaces:
Sleeping
Sleeping
File size: 1,753 Bytes
3ec134e |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
// backend/src/auth/controller.ts
import { Request, Response } from "express";
import jwt from "jsonwebtoken";
const ACCESS_SECRET = process.env.JWT_SECRET!;
const REFRESH_SECRET = process.env.JWT_REFRESH_SECRET!;
export function login(req: Request, res: Response) {
const { id, password } = req.body;
if (id !== process.env.ADMIN_ID || password !== process.env.ADMIN_PASSWORD) {
return res.status(401).json({ error: "Invalid credentials" });
}
const payload = { id };
// Access Token (1시간)
const accessToken = jwt.sign(payload, ACCESS_SECRET, { expiresIn: "1h" });
// Refresh Token (7일)
const refreshToken = jwt.sign(payload, REFRESH_SECRET, { expiresIn: "7d" });
// Refresh Token은 HttpOnly 쿠키에 저장
res.cookie("refreshToken", refreshToken, {
httpOnly: true,
secure: true,
sameSite: "none",
path: "/api/auth/refresh",
maxAge: 7 * 24 * 60 * 60 * 1000,
});
return res.json({ token: accessToken });
}
export function verify(req: Request, res: Response) {
if (!req.user) {
return res.status(401).json({ valid: false, error: "Invalid or expired token" });
}
return res.json({ valid: true, user: req.user });
}
export function refresh(req: Request, res: Response) {
const token = req.cookies.refreshToken;
if (!token) {
return res.status(401).json({ error: "Missing refresh token" });
}
try {
const decoded = jwt.verify(token, REFRESH_SECRET) as any;
const payload = { id: decoded.id };
// 새 Access Token 발급
const newAccessToken = jwt.sign(payload, ACCESS_SECRET, { expiresIn: "1h" });
return res.json({ token: newAccessToken });
} catch (err) {
return res.status(401).json({ error: "Refresh token invalid or expired" });
}
}
|