summaryrefslogtreecommitdiff
path: root/app/api/auth/[...nextauth]/saml/provider.ts
diff options
context:
space:
mode:
Diffstat (limited to 'app/api/auth/[...nextauth]/saml/provider.ts')
-rw-r--r--app/api/auth/[...nextauth]/saml/provider.ts159
1 files changed, 143 insertions, 16 deletions
diff --git a/app/api/auth/[...nextauth]/saml/provider.ts b/app/api/auth/[...nextauth]/saml/provider.ts
index 92099be0..1f891661 100644
--- a/app/api/auth/[...nextauth]/saml/provider.ts
+++ b/app/api/auth/[...nextauth]/saml/provider.ts
@@ -1,5 +1,9 @@
import CredentialsProvider from "next-auth/providers/credentials"
import { getOrCreateSAMLUser, validateSAMLUserData } from '@/lib/users/saml-service'
+import { encode } from 'next-auth/jwt'
+import type { User } from 'next-auth'
+import type { SAMLUser } from './utils'
+import { debugLog, debugError, debugSuccess, debugProcess } from '@/lib/debug-utils'
interface SAMLProviderOptions {
id: string
@@ -28,59 +32,80 @@ export function SAMLProvider(options: SAMLProviderOptions) {
}
},
async authorize(credentials) {
+ debugLog('๐Ÿ” SAMLProvider.authorize called with credentials:', credentials);
+
try {
+ debugLog('๐Ÿ” Checking credentials.user:', {
+ hasCredentials: !!credentials,
+ hasUser: !!credentials?.user,
+ userType: typeof credentials?.user,
+ userValue: credentials?.user?.substring?.(0, 100) + '...'
+ });
+
if (!credentials?.user) {
- console.error('No user data provided')
+ debugError('No user data provided in credentials')
return null
}
- console.log('๐Ÿ” SAML Provider: Processing user data')
+ debugProcess('SAML Provider: Processing user data')
// ์‚ฌ์šฉ์ž ๋ฐ์ดํ„ฐ ํŒŒ์‹ฑ (UTF-8 ์ฒ˜๋ฆฌ ๊ฐœ์„ )
const userDataString = credentials.user
- console.log('๐Ÿ”ค Raw user data string:', userDataString.substring(0, 200) + '...')
+ debugLog('๐Ÿ”ค Raw user data string:', userDataString.substring(0, 200) + '...')
- const userData = JSON.parse(userDataString)
+ let userData;
+ try {
+ userData = JSON.parse(userDataString);
+ debugSuccess('JSON parsing successful:', userData);
+ } catch (parseError) {
+ debugError('JSON parsing failed:', parseError);
+ debugError('Raw string that failed to parse:', userDataString);
+ return null;
+ }
// ํŒŒ์‹ฑ๋œ ๋ฐ์ดํ„ฐ์˜ UTF-8 ํ™•์ธ
- console.log('๐Ÿ”ค Parsed user data UTF-8 check:', {
+ debugLog('๐Ÿ”ค Parsed user data UTF-8 check:', {
name: userData.name,
nameLength: userData.name?.length,
charCodes: userData.name ? [...userData.name].map(c => c.charCodeAt(0)) : []
})
if (!userData.id || !userData.email) {
- console.error('Invalid SAML user data:', userData)
+ debugError('Invalid SAML user data:', userData)
return null
}
- console.log('โœ… SAML Provider: User authenticated successfully', {
+ debugSuccess('SAML Provider: User authenticated successfully', {
id: userData.id,
email: userData.email,
name: userData.name
})
// ๐Ÿ”ฅ SAML ์‚ฌ์šฉ์ž ๋ฐ์ดํ„ฐ ๊ฒ€์ฆ
+ debugProcess('Validating SAML user data structure...');
const isValidData = await validateSAMLUserData(userData)
+ debugLog('Validation result:', isValidData);
if (!isValidData) {
- console.error('Invalid SAML user data structure:', userData)
+ debugError('Invalid SAML user data structure:', userData)
return null
}
// ๐Ÿ”ฅ JIT (Just-In-Time) ์‚ฌ์šฉ์ž ์ƒ์„ฑ ๋˜๋Š” ์กฐํšŒ
- const dbUser = await getOrCreateSAMLUser({
+ debugProcess('Creating/getting SAML user from database...');
+ const userCreateData = {
email: userData.email,
name: userData.name,
- // companyId: userData.companyId,
- // techCompanyId: userData.techCompanyId,
- // ! domain = evcp ์ด๋ฉด vendor๊ฐ€ ๊ฐ–๋Š” companyId, techCompanyId๋Š” null
companyId: undefined,
techCompanyId: undefined,
domain: userData.domain
- })
+ };
+ debugLog('User create data:', userCreateData);
+
+ const dbUser = await getOrCreateSAMLUser(userCreateData)
+ debugLog('Database user result:', dbUser);
if (!dbUser) {
- console.error('Failed to get or create SAML user')
+ debugError('Failed to get or create SAML user')
return null
}
@@ -95,10 +120,15 @@ export function SAMLProvider(options: SAMLProviderOptions) {
imageUrl: dbUser.imageUrl, // DB์˜ ์‹ค์ œ ์ด๋ฏธ์ง€ URL
}
- console.log('โœ… SAML Provider: Returning user data to NextAuth:', userResult)
+ debugSuccess('SAML Provider: Returning user data to NextAuth:', userResult)
return userResult
} catch (error) {
- console.error('โŒ SAML Provider: Authentication failed', error)
+ debugError('SAML Provider: Authentication failed', {
+ error: error instanceof Error ? error.message : String(error),
+ stack: error instanceof Error ? error.stack : undefined,
+ errorType: typeof error,
+ credentials: credentials
+ });
return null
}
}
@@ -125,4 +155,101 @@ export function validateSAMLOptions(options: SAMLProviderOptions): boolean {
return required.every(field => field && field.length > 0)
}
+
+// SAMLProvider์˜ authorize ํ•จ์ˆ˜๋ฅผ ์ง์ ‘ ํ˜ธ์ถœํ•˜๊ธฐ ์œ„ํ•œ ํ—ฌํผ
+export async function authenticateSAMLUser(userData: SAMLUser) {
+ debugLog('authenticateSAMLUser called with:', userData);
+
+ try {
+ // SAMLProvider ๋Œ€์‹  ์ง์ ‘ ๋กœ์ง ์‹คํ–‰ (Provider ๋ž˜ํผ ์—†์ด)
+ debugProcess('SAML User Authentication: Processing user data')
+
+ // ์‚ฌ์šฉ์ž ๋ฐ์ดํ„ฐ ๊ฒ€์ฆ
+ if (!userData.id || !userData.email) {
+ debugError('Invalid SAML user data:', userData)
+ return null
+ }
+
+ debugSuccess('SAML User data validated successfully', {
+ id: userData.id,
+ email: userData.email,
+ name: userData.name
+ })
+
+ // ๐Ÿ”ฅ SAML ์‚ฌ์šฉ์ž ๋ฐ์ดํ„ฐ ๊ฒ€์ฆ
+ debugLog('Validating SAML user data structure...');
+ const isValidData = await validateSAMLUserData(userData)
+ debugLog('Validation result:', isValidData);
+ if (!isValidData) {
+ debugError('Invalid SAML user data structure:', userData)
+ return null
+ }
+
+ // ๐Ÿ”ฅ JIT (Just-In-Time) ์‚ฌ์šฉ์ž ์ƒ์„ฑ ๋˜๋Š” ์กฐํšŒ
+ debugLog('Creating/getting SAML user from database...');
+ const userCreateData = {
+ email: userData.email,
+ name: userData.name,
+ companyId: undefined,
+ techCompanyId: undefined,
+ domain: userData.domain
+ };
+ debugLog('User create data:', userCreateData);
+
+ const dbUser = await getOrCreateSAMLUser(userCreateData)
+ debugLog('Database user result:', dbUser);
+
+ if (!dbUser) {
+ debugError('Failed to get or create SAML user')
+ return null
+ }
+
+ // DB์—์„œ ๊ฐ€์ ธ์˜จ ์‹ค์ œ ์‚ฌ์šฉ์ž ์ •๋ณด ๋ฐ˜ํ™˜
+ const userResult = {
+ id: String(dbUser.id), // DB์˜ ์‹ค์ œ ID
+ name: dbUser.name, // DB์˜ ์‹ค์ œ ์ด๋ฆ„
+ email: dbUser.email, // DB์˜ ์‹ค์ œ ์ด๋ฉ”์ผ
+ companyId: dbUser.companyId, // DB์˜ ์‹ค์ œ ํšŒ์‚ฌ ID
+ techCompanyId: dbUser.techCompanyId, // DB์˜ ์‹ค์ œ ๊ธฐ์ˆ ํšŒ์‚ฌ ID
+ domain: dbUser.domain, // DB์˜ ์‹ค์ œ ๋„๋ฉ”์ธ
+ imageUrl: dbUser.imageUrl, // DB์˜ ์‹ค์ œ ์ด๋ฏธ์ง€ URL
+ }
+
+ debugSuccess('SAML User Authentication completed:', userResult)
+ return userResult;
+
+ } catch (error) {
+ debugError('authenticateSAMLUser error:', {
+ error: error instanceof Error ? error.message : String(error),
+ stack: error instanceof Error ? error.stack : undefined,
+ userData
+ });
+ return null;
+ }
+}
+
+// NextAuth JWT ํ† ํฐ ์ƒ์„ฑ ํ—ฌํผ
+export async function createNextAuthToken(user: User): Promise<string> {
+ const token = {
+ id: user.id,
+ email: user.email,
+ name: user.name,
+ companyId: user.companyId,
+ techCompanyId: user.techCompanyId,
+ domain: user.domain,
+ imageUrl: user.imageUrl,
+ iat: Math.floor(Date.now() / 1000),
+ exp: Math.floor(Date.now() / 1000) + (30 * 24 * 60 * 60) // 30์ผ
+ };
+
+ const secret = process.env.NEXTAUTH_SECRET!;
+ return await encode({ token, secret });
+}
+
+// NextAuth ์„ธ์…˜ ์ฟ ํ‚ค ์ด๋ฆ„ ๊ฐ€์ ธ์˜ค๊ธฐ
+export function getSessionCookieName(): string {
+ return process.env.NODE_ENV === 'production'
+ ? '__Secure-next-auth.session-token'
+ : 'next-auth.session-token';
+}
\ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-07 08:27:15 +0000