🔧 fix : jwt secret .env에서 읽도록 수정, refresh API 응답 방식 수정

boostcampwm-2024 · Nov 11, 2024 · e1dda3f · e1dda3f
1 parent 7f20998
commit e1dda3f
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 6 deletions.
diff --git a/BE/src/auth/auth.controller.ts b/BE/src/auth/auth.controller.ts
@@ -7,6 +7,7 @@ import {
   UseGuards,
   Req,
   Res,
+  UnauthorizedException,
 } from '@nestjs/common';
 import { AuthGuard } from '@nestjs/passport';
 import { ApiOperation } from '@nestjs/swagger';
@@ -39,8 +40,7 @@ export class AuthController {
 
     res.cookie('refreshToken', refreshToken, { httpOnly: true });
     res.cookie('isRefreshToken', true, { httpOnly: true });
-    res.json(accessToken);
-    return res.redirect(this.configService.get<string>('CLIENT_URL'));
+    return res.status(200).json({ accessToken });
   }
 
   @ApiOperation({ summary: 'Token 인증 테스트 API' })
@@ -72,15 +72,15 @@ export class AuthController {
       typeof req.cookies.refreshToken !== 'string' ||
       typeof req.cookies.accessToken !== 'string'
     ) {
-      return res.status(400).send();
+      throw new UnauthorizedException('Invalid refresh token');
     }
 
     const { refreshToken } = req.cookies;
 
     const newAccessToken = await this.authService.refreshToken(refreshToken);
 
-    res.cookie('accessToken', newAccessToken, { httpOnly: true });
+    res.cookie('refreshToken', refreshToken, { httpOnly: true });
     res.cookie('isRefreshToken', true, { httpOnly: true });
-    return res.status(200).send();
+    return res.status(200).json({ accessToken: newAccessToken });
   }
 }
diff --git a/BE/src/auth/strategy/jwt.strategy.ts b/BE/src/auth/strategy/jwt.strategy.ts
@@ -4,14 +4,16 @@ import { ExtractJwt, Strategy } from 'passport-jwt';
 import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { UserRepository } from '../user.repository';
 import { User } from '../user.entity';
+import { ConfigService } from '@nestjs/config';
 
 @Injectable()
 export class JwtStrategy extends PassportStrategy(Strategy) {
   constructor(
     @InjectRepository(UserRepository) private userRepository: UserRepository,
+    private readonly configService: ConfigService,
   ) {
     super({
-      secretOrKey: 'Juga16',
+      secretOrKey: configService.get<string>('JWT_SECRET'),
       jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
     });
   }