@ahhaohho/auth-middleware/src/strategies/refresh.strategy.js

Shared authentication middleware with Passport.js for ahhaohho microservices

const { Strategy: CustomStrategy } = require('passport-custom');
const { verifyTokenWithFallback } = require('../utils/jwtValidator');
const { isBlacklisted } = require('../utils/blacklist');

/**
 * 쿠키 또는 헤더에서 Refresh Token 추출
 * 우선순위: 1. 쿠키 (flc_refresh_token) 2. refresh-token 헤더
 * Bearer 접두사가 있든 없든 처리
 */
function extractRefreshToken(req) {
  // 1. 쿠키에서 FLC 리프레시 토큰 확인 (HttpOnly 쿠키 방식)
  if (req && req.cookies && req.cookies.flc_refresh_token) {
    return req.cookies.flc_refresh_token;
  }

  // 2. 헤더에서 리프레시 토큰 확인 (기존 방식 호환)
  let token = null;

  if (req && req.headers) {
    let refreshToken = req.headers['refresh-token'] || req.headers['refreshtoken'];

    if (refreshToken) {
      // Bearer 접두사 제거 (대소문자 구분 없이)
      if (refreshToken.startsWith('Bearer ')) {
        refreshToken = refreshToken.substring(7);
      } else if (refreshToken.startsWith('bearer ')) {
        refreshToken = refreshToken.substring(7);
      }

      token = refreshToken.trim();
    }
  }

  return token;
}

/**
 * Passport Refresh Token 전략 생성 (Custom Strategy 사용)
 */
function createRefreshStrategy() {
  return new CustomStrategy(async (req, done) => {
    try {
      // 1. 토큰 추출
      const token = extractRefreshToken(req);
      if (!token) {
        return done(null, false, { message: 'No refresh token provided' });
      }

      // 2. 다중 키로 토큰 검증
      const { decoded, keyUsed } = await verifyTokenWithFallback(token);

      if (!decoded || !decoded.userId) {
        return done(null, false, { message: 'Invalid refresh token payload' });
      }

      // 3. 블랙리스트 확인 (refresh 타입)
      const blacklisted = await isBlacklisted(decoded.userId, 'refresh', token);
      if (blacklisted) {
        return done(null, false, { message: 'Refresh token has been revoked' });
      }

      // 4. 검증 성공 - user 객체 반환
      console.log(
        `[@ahhaohho/auth-middleware] ✅ Refresh token verified with ${keyUsed} key for user ${decoded.userId}`
      );

      const user = {
        userId: decoded.userId,
        userRole: decoded.userRole,
        phoneNumber: decoded.phoneNumber
      };

      return done(null, user);
    } catch (error) {
      console.error('[@ahhaohho/auth-middleware] ❌ Refresh token verification failed:', error.message);
      return done(error, false);
    }
  });
}

module.exports = createRefreshStrategy;