백엔드에서 JWT가 아닌 세션 ID 기반으로 인증하도록 변경

2025-12-16 06:58:46 +00:00 · 2025-01-12 07:28:38 +09:00
parent 0bdf990dae
commit 1a86c8d9e0
42 changed files with 487 additions and 624 deletions
--- a/src/lib/server/loadenv.ts
+++ b/src/lib/server/loadenv.ts
@@ -3,19 +3,18 @@ import { building } from "$app/environment";
 import { env } from "$env/dynamic/private";

 if (!building) {
-  if (!env.JWT_SECRET) throw new Error("JWT_SECRET is not set");
+  if (!env.SESSION_SECRET) throw new Error("SESSION_SECRET not set");
 }

 export default {
  databaseUrl: env.DATABASE_URL || "local.db",
-  jwt: {
-    secret: env.JWT_SECRET,
-    accessExp: ms(env.JWT_ACCESS_TOKEN_EXPIRES || "5m"),
-    refreshExp: ms(env.JWT_REFRESH_TOKEN_EXPIRES || "14d"),
+  session: {
+    secret: env.SESSION_SECRET!,
+    exp: ms(env.SESSION_EXPIRES || "14d"),
  },
  challenge: {
    userClientExp: ms(env.USER_CLIENT_CHALLENGE_EXPIRES || "5m"),
-    tokenUpgradeExp: ms(env.TOKEN_UPGRADE_CHALLENGE_EXPIRES || "5m"),
+    sessionUpgradeExp: ms(env.SESSION_UPGRADE_CHALLENGE_EXPIRES || "5m"),
  },
  libraryPath: env.LIBRARY_PATH || "library",
 };