🐛 fix: JWT Malformed error handling fix

waktaplay · Feb 18, 2024 · e2e33c7 · e2e33c7
1 parent e624771
commit e2e33c7
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 43 deletions.
diff --git a/src/auth/oauth2/dto/accessToken.dto.ts b/src/auth/oauth2/dto/accessToken.dto.ts
@@ -7,7 +7,7 @@ export class accessTokenDto {
 
   /**
    * 발급된 Refresh Token (Access Token 갱신 시 사용)
-   * @example eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMDQ1NjcwNTg1OTcyMDAzMDQwNzYiLCJlbWFpbCI6ImttczAyMTlrbXNAZ21haWwuY29tIiwicHJvdmlkZXIiOiJnb29nbGUiLCJpYXQiOjE3MDY4OTE1Nzl9.YVkyUuE7Ca-6sd9dQOW1OIgPQWtF6lDwt-wlv5p1neM
+   * @example eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMDQ1NjcwNTg1OTcyMDAzMDQwNzYiLCJpYXQiOjE3MDY4OTE1NzksImV4cCI6MTcwOTQ4MzU3OX0.j0fhOuROu2sNzUhiXeoimC6HR3Rf0d7pjZueGeVFXwI
    */
   refresh_token: string
 

diff --git a/src/auth/oauth2/dto/accessTokenRequest.dto.ts b/src/auth/oauth2/dto/accessTokenRequest.dto.ts
@@ -7,7 +7,7 @@ export class accessTokenRequestDto {
 
   /**
    * Access Token 발급 시 얻은 refresh_token
-   * @example 9d37086ce42e22d980b158fe5b971b2c1c1b205b
+   * @example eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMDQ1NjcwNTg1OTcyMDAzMDQwNzYiLCJpYXQiOjE3MDY4OTE1NzksImV4cCI6MTcwOTQ4MzU3OX0.j0fhOuROu2sNzUhiXeoimC6HR3Rf0d7pjZueGeVFXwI
    */
   refresh_token?: string
 

diff --git a/src/auth/oauth2/oauth2.controller.ts b/src/auth/oauth2/oauth2.controller.ts
@@ -227,9 +227,9 @@ export class OAuth2Controller {
 
         // Refresh Token으로 Access Token 갱신
         return await this.oauth2Service.refreshAccessToken(
-          refresh_token,
           clientId,
           clientSecret,
+          refresh_token,
         )
       }
     } catch (e) {

diff --git a/src/auth/oauth2/oauth2.service.ts b/src/auth/oauth2/oauth2.service.ts
@@ -1,4 +1,4 @@
-import { JwtService } from '@nestjs/jwt'
+import { JsonWebTokenError, JwtService } from '@nestjs/jwt'
 import { CACHE_MANAGER } from '@nestjs/cache-manager'
 import { HttpStatus, Inject, Injectable, Logger } from '@nestjs/common'
 
@@ -166,49 +166,60 @@ export class OAuth2Service {
     clientSecret: string,
     refreshToken: string,
   ): Promise<accessTokenDto> {
-    const token = await this.jwtService.verifyAsync(refreshToken)
-    const validationData = await this.cacheManager.get<{
-      user: User
-      accessToken: string
-      refreshToken: string
-    }>(`token:${token.sub}`)
-
-    if (!token || validationData?.refreshToken !== refreshToken) {
-      throw new APIException(
-        HttpStatus.BAD_REQUEST,
-        '유효하지 않은 Refresh Token입니다.',
-      )
-    }
-
-    const client = await this.clientsModel.findOne({
-      id: clientId,
-      secret: clientSecret,
-    })
-
-    if (!client) {
-      throw new APIException(
-        HttpStatus.BAD_REQUEST,
-        '잘못된 클라이언트 정보입니다.',
-      )
-    }
+    try {
+      const token = await this.jwtService.verifyAsync(refreshToken)
+      const validationData = await this.cacheManager.get<{
+        user: User
+        accessToken: string
+        refreshToken: string
+      }>(`token:${token.sub}`)
+
+      if (!token || validationData?.refreshToken !== refreshToken) {
+        throw new APIException(
+          HttpStatus.BAD_REQUEST,
+          '유효하지 않은 Refresh Token입니다.',
+        )
+      }
+
+      const client = await this.clientsModel.findOne({
+        id: clientId,
+        secret: clientSecret,
+      })
 
-    const user = validationData.user
+      if (!client) {
+        throw new APIException(
+          HttpStatus.BAD_REQUEST,
+          '잘못된 클라이언트 정보입니다.',
+        )
+      }
 
-    const { accessToken, refreshToken: renewedRefreshToken } =
-      await this.issueToken(user)
+      const user = validationData.user
 
-    await this.cacheManager.del(`token:${user.user.id}`)
-    await this.cacheManager.set(`token:${user.user.id}`, {
-      user: user,
-      accessToken: accessToken,
-      refreshToken: renewedRefreshToken,
-    })
+      const { accessToken, refreshToken: renewedRefreshToken } =
+        await this.issueToken(user)
 
-    return {
-      access_token: accessToken,
-      refresh_token: renewedRefreshToken,
-      token_type: 'Bearer',
-      expires_in: ms('1h') / 1000,
+      await this.cacheManager.del(`token:${user.user.id}`)
+      await this.cacheManager.set(`token:${user.user.id}`, {
+        user: user,
+        accessToken: accessToken,
+        refreshToken: renewedRefreshToken,
+      })
+
+      return {
+        access_token: accessToken,
+        refresh_token: renewedRefreshToken,
+        token_type: 'Bearer',
+        expires_in: ms('1h') / 1000,
+      }
+    } catch (e) {
+      if (e instanceof JsonWebTokenError) {
+        throw new APIException(
+          HttpStatus.BAD_REQUEST,
+          `잘못된 요청입니다. (${e.message})`,
+        )
+      }
+
+      throw e
     }
   }