jwt-access-token.guard.ts
// import 생략
@Injectable()
export class AccessTokenGuard extends AuthGuard("jwt-access-token") {}
jwt-refresh-token.guard.ts
// import 생략
@Injectable()
export class RefreshTokenGuard extends AuthGuard("jwt-refresh-token") {}
jwt-access-token.strategy.ts
// import 생략
interface JwtPayload {
userId: number;
}
@Injectable()
export class AccessTokenStrategy extends PassportStrategy(Strategy, "jwt-access-token") {
constructor(private config: ConfigService, private prisma: PrismaService) {
super({
secretOrKey: config.get<string>("JWT_SECRET_KEY"),
jwtFromRequest: ExtractJwt.fromExtractors([
(req: Request) => {
return req.cookies["jwt-access-token"];
},
]),
});
}
async validate(payload: JwtPayload): Promise<User> {
const { userId } = payload;
const user = await this.prisma.user.findUnique({
where: { userId },
});
if (!user) throw new UnauthorizedException();
return user;
}
}
jwt-refresh-token.strategy.ts
// import 생략
interface JwtPayload {
userId: number;
}
@Injectable()
export class RefreshTokenStrategy extends PassportStrategy(Strategy, "jwt-refresh-token") {
constructor(private config: ConfigService, private prisma: PrismaService) {
super({
secretOrKey: config.get<string>("JWT_SECRET_KEY"),
jwtFromRequest: ExtractJwt.fromExtractors([
(req: Request) => {
return req.cookies["jwt-refresh-token"];
},
]),
});
}
async validate(req: Request, payload: JwtPayload) {
const { userId } = payload;
const user = await this.prisma.user.findUnique({
where: { userId },
});
if (!user) throw new UnauthorizedException();
const oldRefreshToken = req.get("Authorization").replace("Bearer", "").trim();
return {
user,
oldRefreshToken,
};
}
}
AccessTokenGuard가 달린다./auth/refresh-token에 GET 요청을 보내면 refresh token을 검증해 access token, refresh token을 재발급한다.