kegorii/Jwt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

jwt 로 변경... 진행중

Browse Source
This commit is contained in:
pd0a6847 2025-06-25 17:07:16 +09:00
parent a0d3926ff5
commit e0ed7c598b
9 changed files with 288 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
package-lock.json generated
View File

@ -12,12 +12,14 @@
"@oslojs/crypto": "^1.0.1", "@oslojs/crypto": "^1.0.1",
"@oslojs/encoding": "^1.1.0", "@oslojs/encoding": "^1.1.0",
"drizzle-orm": "^0.40.0", "drizzle-orm": "^0.40.0",
"jsonwebtoken": "^9.0.2",
"postgres": "^3.4.5" "postgres": "^3.4.5"
}, },
"devDependencies": { "devDependencies": {
"@sveltejs/adapter-auto": "^6.0.0", "@sveltejs/adapter-auto": "^6.0.0",
"@sveltejs/kit": "^2.16.0", "@sveltejs/kit": "^2.16.0",
"@sveltejs/vite-plugin-svelte": "^5.0.0", "@sveltejs/vite-plugin-svelte": "^5.0.0",
"@types/jsonwebtoken": "^9.0.10",
"@types/node": "^22", "@types/node": "^22",
"drizzle-kit": "^0.30.2", "drizzle-kit": "^0.30.2",
"svelte": "^5.0.0", "svelte": "^5.0.0",
@ -1696,6 +1698,24 @@
"dev": true, "dev": true,
"license": "MIT" "license": "MIT"
}, },
"node_modules/@types/jsonwebtoken": {
"version": "9.0.10",
"resolved": "https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-9.0.10.tgz",
"integrity": "sha512-asx5hIG9Qmf/1oStypjanR7iKTv0gXQ1Ov/jfrX6kS/EO0OFni8orbmGCn0672NHR3kXHwpAwR+B368ZGN/2rA==",
"dev": true,
"license": "MIT",
"dependencies": {
"@types/ms": "*",
"@types/node": "*"
}
},
"node_modules/@types/ms": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz",
"integrity": "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==",
"dev": true,
"license": "MIT"
},
"node_modules/@types/node": { "node_modules/@types/node": {
"version": "22.15.33", "version": "22.15.33",
"resolved": "https://registry.npmjs.org/@types/node/-/node-22.15.33.tgz", "resolved": "https://registry.npmjs.org/@types/node/-/node-22.15.33.tgz",
@ -1739,6 +1759,12 @@
"node": ">= 0.4" "node": ">= 0.4"
} }
}, },
"node_modules/buffer-equal-constant-time": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
"integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==",
"license": "BSD-3-Clause"
},
"node_modules/buffer-from": { "node_modules/buffer-from": {
"version": "1.1.2", "version": "1.1.2",
"resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
@ -1955,6 +1981,15 @@
} }
} }
}, },
"node_modules/ecdsa-sig-formatter": {
"version": "1.0.11",
"resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
"integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
"license": "Apache-2.0",
"dependencies": {
"safe-buffer": "^5.0.1"
}
},
"node_modules/env-paths": { "node_modules/env-paths": {
"version": "3.0.0", "version": "3.0.0",
"resolved": "https://registry.npmjs.org/env-paths/-/env-paths-3.0.0.tgz", "resolved": "https://registry.npmjs.org/env-paths/-/env-paths-3.0.0.tgz",
@ -2121,6 +2156,49 @@
"node": ">=16" "node": ">=16"
} }
}, },
"node_modules/jsonwebtoken": {
"version": "9.0.2",
"resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz",
"integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==",
"license": "MIT",
"dependencies": {
"jws": "^3.2.2",
"lodash.includes": "^4.3.0",
"lodash.isboolean": "^3.0.3",
"lodash.isinteger": "^4.0.4",
"lodash.isnumber": "^3.0.3",
"lodash.isplainobject": "^4.0.6",
"lodash.isstring": "^4.0.1",
"lodash.once": "^4.0.0",
"ms": "^2.1.1",
"semver": "^7.5.4"
},
"engines": {
"node": ">=12",
"npm": ">=6"
}
},
"node_modules/jwa": {
"version": "1.4.2",
"resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.2.tgz",
"integrity": "sha512-eeH5JO+21J78qMvTIDdBXidBd6nG2kZjg5Ohz/1fpa28Z4CcsWUzJ1ZZyFq/3z3N17aZy+ZuBoHljASbL1WfOw==",
"license": "MIT",
"dependencies": {
"buffer-equal-constant-time": "^1.0.1",
"ecdsa-sig-formatter": "1.0.11",
"safe-buffer": "^5.0.1"
}
},
"node_modules/jws": {
"version": "3.2.2",
"resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz",
"integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==",
"license": "MIT",
"dependencies": {
"jwa": "^1.4.1",
"safe-buffer": "^5.0.1"
}
},
"node_modules/kleur": { "node_modules/kleur": {
"version": "4.1.5", "version": "4.1.5",
"resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz", "resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz",
@ -2138,6 +2216,48 @@
"dev": true, "dev": true,
"license": "MIT" "license": "MIT"
}, },
"node_modules/lodash.includes": {
"version": "4.3.0",
"resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz",
"integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==",
"license": "MIT"
},
"node_modules/lodash.isboolean": {
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz",
"integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==",
"license": "MIT"
},
"node_modules/lodash.isinteger": {
"version": "4.0.4",
"resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz",
"integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==",
"license": "MIT"
},
"node_modules/lodash.isnumber": {
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz",
"integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==",
"license": "MIT"
},
"node_modules/lodash.isplainobject": {
"version": "4.0.6",
"resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz",
"integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==",
"license": "MIT"
},
"node_modules/lodash.isstring": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz",
"integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==",
"license": "MIT"
},
"node_modules/lodash.once": {
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
"integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==",
"license": "MIT"
},
"node_modules/magic-string": { "node_modules/magic-string": {
"version": "0.30.17", "version": "0.30.17",
"resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.17.tgz", "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.17.tgz",
@ -2172,7 +2292,6 @@
"version": "2.1.3", "version": "2.1.3",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
"integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
"devOptional": true,
"license": "MIT" "license": "MIT"
}, },
"node_modules/nanoid": { "node_modules/nanoid": {
@ -2333,11 +2452,30 @@
"node": ">=6" "node": ">=6"
} }
}, },
"node_modules/safe-buffer": {
"version": "5.2.1",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
"integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
"funding": [
{
"type": "github",
"url": "https://github.com/sponsors/feross"
},
{
"type": "patreon",
"url": "https://www.patreon.com/feross"
},
{
"type": "consulting",
"url": "https://feross.org/support"
}
],
"license": "MIT"
},
"node_modules/semver": { "node_modules/semver": {
"version": "7.7.2", "version": "7.7.2",
"resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz", "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz",
"integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==", "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==",
"devOptional": true,
"license": "ISC", "license": "ISC",
"bin": { "bin": {
"semver": "bin/semver.js" "semver": "bin/semver.js"

2
package.json
View File

@ -18,6 +18,7 @@
"@sveltejs/adapter-auto": "^6.0.0", "@sveltejs/adapter-auto": "^6.0.0",
"@sveltejs/kit": "^2.16.0", "@sveltejs/kit": "^2.16.0",
"@sveltejs/vite-plugin-svelte": "^5.0.0", "@sveltejs/vite-plugin-svelte": "^5.0.0",
"@types/jsonwebtoken": "^9.0.10",
"@types/node": "^22", "@types/node": "^22",
"drizzle-kit": "^0.30.2", "drizzle-kit": "^0.30.2",
"svelte": "^5.0.0", "svelte": "^5.0.0",
@ -31,6 +32,7 @@
"@oslojs/crypto": "^1.0.1", "@oslojs/crypto": "^1.0.1",
"@oslojs/encoding": "^1.1.0", "@oslojs/encoding": "^1.1.0",
"drizzle-orm": "^0.40.0", "drizzle-orm": "^0.40.0",
"jsonwebtoken": "^9.0.2",
"postgres": "^3.4.5" "postgres": "^3.4.5"
} }
} }

17
src/app.d.ts vendored
View File

@ -1,11 +1,8 @@
// for information about these interfaces // src/app.d.ts
declare global { declare namespace App {
namespace App { interface Locals {
interface Locals { user: {
user: import('$lib/server/auth').SessionValidationResult['user']; id: string;
session: import('$lib/server/auth').SessionValidationResult['session'] } | null;
}
} }
} }
export {};

59
src/hooks.server.ts
View File

@ -1,26 +1,63 @@
import type { Handle } from '@sveltejs/kit'; import type { Handle } from '@sveltejs/kit';
import * as auth from '$lib/server/auth'; import * as auth from '$lib/server/auth';
import { db } from '$lib/server/db';
import * as table from '$lib/server/db/schema';
const handleAuth: Handle = async ({ event, resolve }) => { const handleAuth: Handle = async ({ event, resolve }) => {
const sessionToken = event.cookies.get(auth.sessionCookieName); // 1. 먼저 액세스 토큰 확인
const accessToken = event.cookies.get(auth.jwtCookieName);
if (!sessionToken) { if (accessToken) {
const { user, isValid } = auth.validateJwtToken(accessToken);
if (isValid && user) {
event.locals.user = user;
return resolve(event);
}
// 액세스 토큰이 유효하지 않으면 refresh 시도
}
// 2. 액세스 토큰이 없거나 유효하지 않을 때 리프레시 토큰 확인
const refreshToken = event.cookies.get(auth.refreshCookieName);
if (!refreshToken) {
// 두 토큰 모두 없거나 유효하지 않으면 인증되지 않은 사용자로 처리
event.locals.user = null; event.locals.user = null;
event.locals.session = null;
return resolve(event); return resolve(event);
} }
const { session, user } = await auth.validateSessionToken(sessionToken); // 리프레시 토큰 검증
const { userId, isValid } = auth.validateRefreshToken(refreshToken);
if (session) { if (!isValid || !userId) {
auth.setSessionTokenCookie(event, sessionToken, session.expiresAt); // 리프레시 토큰이 유효하지 않으면 모든 쿠키 삭제
} else { auth.deleteAuthCookies(event);
auth.deleteSessionTokenCookie(event); event.locals.user = null;
return resolve(event);
} }
event.locals.user = user; // 유효한 리프레시 토큰이 있으면 사용자 정보 조회
event.locals.session = session; const user = await db.query.users.findFirst({
where: (users, { eq }) => eq(users.id, userId)
});
if (!user) {
auth.deleteAuthCookies(event);
event.locals.user = null;
return resolve(event);
}
// 새 액세스 토큰 발급
const newAccessToken = auth.generateAccessToken(user.id, user.email);
auth.setAccessTokenCookie(event, newAccessToken);
// 사용자 정보 설정
event.locals.user = {
id: user.id,
email: user.email
};
return resolve(event); return resolve(event);
}; };
export const handle: Handle = handleAuth; export const handle: Handle = handleAuth;

112
src/lib/server/auth.ts
View File

@ -1,81 +1,67 @@
import type { RequestEvent } from '@sveltejs/kit'; import type { RequestEvent } from '@sveltejs/kit';
import { eq } from 'drizzle-orm'; import jwt from 'jsonwebtoken';
import { sha256 } from '@oslojs/crypto/sha2';
import { encodeBase64url, encodeHexLowerCase } from '@oslojs/encoding';
import { db } from '$lib/server/db'; import { db } from '$lib/server/db';
import * as table from '$lib/server/db/schema'; import * as table from '$lib/server/db/schema';
const DAY_IN_MS = 1000 * 60 * 60 * 24;
export const sessionCookieName = 'auth-session'; const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key';
const REFRESH_SECRET = process.env.REFRESH_SECRET || 'refresh-secret-key'; // 별도의 키 사용 권장
export const jwtCookieName = 'auth-token';
export const refreshCookieName = 'refresh-token';
export function generateSessionToken() { // 액세스 토큰 생성 (15분 유효)
const bytes = crypto.getRandomValues(new Uint8Array(18)); export function generateAccessToken(userId: string) {
const token = encodeBase64url(bytes); return jwt.sign(
return token; { userId },
JWT_SECRET,
{ expiresIn: '15m' }
);
} }
export async function createSession(token: string, userId: string) { // 리프레시 토큰 생성 (30일 유효)
const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token))); export function generateRefreshToken(userId: string) {
const session: table.Session = { return jwt.sign(
id: sessionId, { userId, type: 'refresh' },
userId, REFRESH_SECRET,
expiresAt: new Date(Date.now() + DAY_IN_MS * 30) { expiresIn: '30d' }
}; );
await db.insert(table.session).values(session);
return session;
} }
export async function validateSessionToken(token: string) { // 리프레시 토큰 검증
const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token))); export function validateRefreshToken(token: string) {
const [result] = await db try {
.select({ const decoded = jwt.verify(token, REFRESH_SECRET) as { userId: string, type: string };
// Adjust user table here to tweak returned data if (decoded.type !== 'refresh') {
user: { id: table.user.id, username: table.user.username }, return { userId: null, isValid: false };
session: table.session }
}) return { userId: decoded.userId, isValid: true };
.from(table.session) } catch (error) {
.innerJoin(table.user, eq(table.session.userId, table.user.id)) return { userId: null, isValid: false };
.where(eq(table.session.id, sessionId));
if (!result) {
return { session: null, user: null };
} }
const { session, user } = result;
const sessionExpired = Date.now() >= session.expiresAt.getTime();
if (sessionExpired) {
await db.delete(table.session).where(eq(table.session.id, session.id));
return { session: null, user: null };
}
const renewSession = Date.now() >= session.expiresAt.getTime() - DAY_IN_MS * 15;
if (renewSession) {
session.expiresAt = new Date(Date.now() + DAY_IN_MS * 30);
await db
.update(table.session)
.set({ expiresAt: session.expiresAt })
.where(eq(table.session.id, session.id));
}
return { session, user };
} }
export type SessionValidationResult = Awaited<ReturnType<typeof validateSessionToken>>; // 쿠키 설정 함수들
export function setAccessTokenCookie(event: RequestEvent, token: string) {
export async function invalidateSession(sessionId: string) { event.cookies.set(jwtCookieName, token, {
await db.delete(table.session).where(eq(table.session.id, sessionId)); expires: new Date(Date.now() + 15 * 60 * 1000), // 15분
} path: '/',
httpOnly: true,
export function setSessionTokenCookie(event: RequestEvent, token: string, expiresAt: Date) { secure: process.env.NODE_ENV === 'production',
event.cookies.set(sessionCookieName, token, { sameSite: 'lax'
expires: expiresAt,
path: '/'
}); });
} }
export function deleteSessionTokenCookie(event: RequestEvent) { export function setRefreshTokenCookie(event: RequestEvent, token: string) {
event.cookies.delete(sessionCookieName, { event.cookies.set(refreshCookieName, token, {
path: '/' expires: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000), // 30일
path: '/',
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'lax'
}); });
} }
export function deleteAuthCookies(event: RequestEvent) {
event.cookies.delete(jwtCookieName, { path: '/' });
event.cookies.delete(refreshCookieName, { path: '/' });
}

11
src/lib/server/db/schema.ts
View File

@ -2,17 +2,16 @@ import { pgTable, serial, integer, text, timestamp } from 'drizzle-orm/pg-core';
export const user = pgTable('user', { export const user = pgTable('user', {
id: text('id').primaryKey(), id: text('id').primaryKey(),
age: integer('age'), email: text('email').notNull().unique(),
username: text('username').notNull().unique(),
passwordHash: text('password_hash').notNull() passwordHash: text('password_hash').notNull()
}); });
export const session = pgTable('session', { export const refreshTokens = pgTable('refresh_tokens', {
id: text('id').primaryKey(), id: text('id').primaryKey(),
userId: text('user_id').notNull().references(() => user.id), userId: text('user_id').notNull(),
expiresAt: timestamp('expires_at', { withTimezone: true, mode: 'date' }).notNull() expiresAt: timestamp('expires_at').notNull(),
createdAt: timestamp('created_at').defaultNow().notNull()
}); });
export type Session = typeof session.$inferSelect;
export type User = typeof user.$inferSelect; export type User = typeof user.$inferSelect;

7
src/routes/demo/lucia/+page.server.ts
View File

@ -10,12 +10,7 @@ export const load: PageServerLoad = async () => {
export const actions: Actions = { export const actions: Actions = {
logout: async (event) => { logout: async (event) => {
if (!event.locals.session) { auth.deleteAuthCookies(event);
return fail(401);
}
await auth.invalidateSession(event.locals.session.id);
auth.deleteSessionTokenCookie(event);
return redirect(302, '/demo/lucia/login'); return redirect(302, '/demo/lucia/login');
}, },
}; };

74
src/routes/demo/lucia/login/+page.server.ts
View File

@ -17,20 +17,20 @@ export const load: PageServerLoad = async (event) => {
export const actions: Actions = { export const actions: Actions = {
login: async (event) => { login: async (event) => {
const formData = await event.request.formData(); const formData = await event.request.formData();
const username = formData.get('username'); const email = formData.get('email');
const password = formData.get('password'); const password = formData.get('password');
// 타입 체크 및 검증
if (!validateUsername(username)) { if (!email || typeof email !== 'string') {
return fail(400, { message: 'Invalid username (min 3, max 31 characters, alphanumeric only)' }); return fail(400, { message: '이메일이 필요합니다' });
}
if (!validatePassword(password)) {
return fail(400, { message: 'Invalid password (min 6, max 255 characters)' });
} }
if (!password || typeof password !== 'string') {
return fail(400, { message: '비밀번호가 필요합니다' });
}
const results = await db const results = await db
.select() .select()
.from(table.user) .from(table.user)
.where(eq(table.user.username, username)); .where(eq(table.user.email, email));
const existingUser = results.at(0); const existingUser = results.at(0);
if (!existingUser) { if (!existingUser) {
@ -47,25 +47,31 @@ export const actions: Actions = {
return fail(400, { message: 'Incorrect username or password' }); return fail(400, { message: 'Incorrect username or password' });
} }
const sessionToken = auth.generateSessionToken(); // 두 토큰 모두 생성
const session = await auth.createSession(sessionToken, existingUser.id); const accessToken = auth.generateAccessToken(existingUser.id);
auth.setSessionTokenCookie(event, sessionToken, session.expiresAt); const refreshToken = auth.generateRefreshToken(existingUser.id);
return redirect(302, '/demo/lucia'); // 두 쿠키 모두 설정
auth.setAccessTokenCookie(event, accessToken);
auth.setRefreshTokenCookie(event, refreshToken);
return redirect(302, '/dashboard');
}, },
register: async (event) => { register: async (event) => {
const formData = await event.request.formData(); const formData = await event.request.formData();
const username = formData.get('username'); const email = formData.get('email');
const password = formData.get('password'); const password = formData.get('password');
if (!validateUsername(username)) {
return fail(400, { message: 'Invalid username' });
}
if (!validatePassword(password)) {
return fail(400, { message: 'Invalid password' });
}
const userId = generateUserId(); const userId = generateUserId();
// 타입 체크 및 검증
if (!email || typeof email !== 'string') {
return fail(400, { message: '이메일이 필요합니다' });
}
if (!password || typeof password !== 'string') {
return fail(400, { message: '비밀번호가 필요합니다' });
}
const passwordHash = await hash(password, { const passwordHash = await hash(password, {
// recommended minimum parameters // recommended minimum parameters
memoryCost: 19456, memoryCost: 19456,
@ -75,11 +81,16 @@ export const actions: Actions = {
}); });
try { try {
await db.insert(table.user).values({ id: userId, username, passwordHash }); await db.insert(table.user).values({ id: userId, email, passwordHash });
// 두 토큰 모두 생성
const accessToken = auth.generateAccessToken(userId);
const refreshToken = auth.generateRefreshToken(userId);
// 두 쿠키 모두 설정
auth.setAccessTokenCookie(event, accessToken);
auth.setRefreshTokenCookie(event, refreshToken);
const sessionToken = auth.generateSessionToken();
const session = await auth.createSession(sessionToken, userId);
auth.setSessionTokenCookie(event, sessionToken, session.expiresAt);
} catch { } catch {
return fail(500, { message: 'An error has occurred' }); return fail(500, { message: 'An error has occurred' });
} }
@ -93,20 +104,3 @@ function generateUserId() {
const id = encodeBase32LowerCase(bytes); const id = encodeBase32LowerCase(bytes);
return id; return id;
} }
function validateUsername(username: unknown): username is string {
return (
typeof username === 'string' &&
username.length >= 3 &&
username.length <= 31 &&
/^[a-z0-9_-]+$/.test(username)
);
}
function validatePassword(password: unknown): password is string {
return (
typeof password === 'string' &&
password.length >= 6 &&
password.length <= 255
);
}

4
src/routes/demo/lucia/login/+page.svelte
View File

@ -8,9 +8,9 @@
<h1>Login/Register</h1> <h1>Login/Register</h1>
<form method="post" action="?/login" use:enhance> <form method="post" action="?/login" use:enhance>
<label> <label>
Username email
<input <input
name="username" name="email"
/> />
</label> </label>