From 78dcd9b8e0164543cb284f2d7c36cb7d2c4d3c1a Mon Sep 17 00:00:00 2001 From: Joonsoo Kim Date: Thu, 30 Nov 2023 18:35:57 +0900 Subject: [PATCH 1/2] =?UTF-8?q?fix:=20=EB=A7=8C=EB=A3=8C=EB=90=9C=20?= =?UTF-8?q?=EC=95=A1=EC=84=B8=EC=8A=A4=20=ED=86=A0=ED=81=B0=EC=9C=BC?= =?UTF-8?q?=EB=A1=9C=20=EC=9A=94=EC=B2=AD=20=EC=8B=9C=20=EC=84=B1=EA=B3=B5?= =?UTF-8?q?=ED=95=98=EB=8F=84=EB=A1=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 액세스 토큰이 아니라 헤더에서 사용자 아이디를 추출함으로써 만료된 액세스 토큰으로 요청 시 성공하도록 수정 --- BE/src/auth/auth.controller.ts | 7 ++----- BE/src/auth/auth.service.ts | 16 +++++++++++----- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/BE/src/auth/auth.controller.ts b/BE/src/auth/auth.controller.ts index 31a556b..7aa0041 100644 --- a/BE/src/auth/auth.controller.ts +++ b/BE/src/auth/auth.controller.ts @@ -49,10 +49,7 @@ export class AuthController { @Post("/reissue") @UseGuards(ExpiredOrNotGuard) @HttpCode(201) - async reissueAccessToken( - @GetUser() user: User, - @Req() request: Request, - ): Promise { - return await this.authService.reissueAccessToken(user, request); + async reissueAccessToken(@Req() request: Request): Promise { + return await this.authService.reissueAccessToken(request); } } diff --git a/BE/src/auth/auth.service.ts b/BE/src/auth/auth.service.ts index fabb852..eb29c68 100644 --- a/BE/src/auth/auth.service.ts +++ b/BE/src/auth/auth.service.ts @@ -9,6 +9,7 @@ import { User } from "./users.entity"; import { Redis } from "ioredis"; import { InjectRedis } from "@liaoliaots/nestjs-redis"; import { Request } from "express"; +import * as jwt from "jsonwebtoken"; @Injectable() export class AuthService { @@ -59,11 +60,15 @@ export class AuthService { await this.redisClient.del(user.userId); } - async reissueAccessToken( - user: User, - request: Request, - ): Promise { - const userId = user.userId; + async reissueAccessToken(request: Request): Promise { + const expiredAccessToken = request.headers.authorization.split(" ")[1]; + + // 만료된 액세스 토큰을 직접 디코딩 + const base64Payload = expiredAccessToken.split(".")[1]; + const payload = Buffer.from(base64Payload, "base64"); + const expiredResult = JSON.parse(payload.toString()); + + const userId = expiredResult.userId; const accessTokenPayload = { userId }; const accessToken = await this.jwtService.sign(accessTokenPayload, { expiresIn: "1h", @@ -81,5 +86,6 @@ export class AuthService { await this.redisClient.set(userId, refreshToken, "EX", 86400); return new AccessTokenDto(accessToken); + return new AccessTokenDto("123151"); } } From 9af5a24ad94910208e51a04081428c1193ffb51f Mon Sep 17 00:00:00 2001 From: Joonsoo Kim Date: Thu, 30 Nov 2023 18:39:03 +0900 Subject: [PATCH 2/2] =?UTF-8?q?style:=20=EC=98=A4=ED=83=80=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 오타 수정 --- BE/src/auth/auth.service.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/BE/src/auth/auth.service.ts b/BE/src/auth/auth.service.ts index eb29c68..e5b20e5 100644 --- a/BE/src/auth/auth.service.ts +++ b/BE/src/auth/auth.service.ts @@ -86,6 +86,5 @@ export class AuthService { await this.redisClient.set(userId, refreshToken, "EX", 86400); return new AccessTokenDto(accessToken); - return new AccessTokenDto("123151"); } }