백엔드에서 JWT가 아닌 세션 ID 기반으로 인증하도록 변경

2025-12-16 06:58:46 +00:00 · 2025-01-12 07:28:38 +09:00
parent 0bdf990dae
commit 1a86c8d9e0
42 changed files with 487 additions and 624 deletions
--- a/src/lib/server/middlewares/authenticate.ts
+++ b/src/lib/server/middlewares/authenticate.ts
@@ -0,0 +1,34 @@
+import { error, redirect, type Handle } from "@sveltejs/kit";
+import { authenticate, AuthenticationError } from "$lib/server/modules/auth";
+
+const whitelist = ["/auth/login", "/api/auth/login"];
+
+export const authenticateMiddleware: Handle = async ({ event, resolve }) => {
+  const { pathname, search } = event.url;
+  if (whitelist.some((path) => pathname.startsWith(path))) {
+    return await resolve(event);
+  }
+
+  try {
+    const sessionIdSigned = event.cookies.get("sessionId");
+    if (!sessionIdSigned) {
+      throw new AuthenticationError(401, "Session id not found");
+    }
+
+    const { ip, userAgent } = event.locals;
+    event.locals.session = await authenticate(sessionIdSigned, ip, userAgent);
+  } catch (e) {
+    if (e instanceof AuthenticationError) {
+      if (pathname.startsWith("/api")) {
+        error(e.status, e.message);
+      } else {
+        redirect(302, "/auth/login?redirect=" + encodeURIComponent(pathname + search));
+      }
+    }
+    throw e;
+  }
+
+  return await resolve(event);
+};
+
+export default authenticateMiddleware;