Feat: JWT 인증 구현 (토큰 버전 검증 제외)

dungbik · dungbik · commit ea54127e8d3f · 2025-09-13T00:43:53.000+09:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -25,6 +25,7 @@
     "@nestjs/core": "^11.0.1",
     "@nestjs/platform-express": "^11.0.1",
     "@nestjs/typeorm": "^11.0.0",
+    "jsonwebtoken": "^9.0.2",
     "mysql2": "^3.14.4",
     "reflect-metadata": "^0.2.2",
     "rxjs": "^7.8.1",
@@ -38,6 +39,7 @@
     "@nestjs/testing": "^11.0.1",
     "@types/express": "^5.0.0",
     "@types/jest": "^30.0.0",
+    "@types/jsonwebtoken": "^9.0.10",
     "@types/node": "^22.10.7",
     "@types/supertest": "^6.0.2",
     "eslint": "^9.18.0",
diff --git a/src/app.controller.spec.ts b/src/app.controller.spec.ts
diff --git a/src/app.controller.ts b/src/app.controller.ts
diff --git a/src/app.module.ts b/src/app.module.ts
@@ -1,11 +1,11 @@
 import { Module } from '@nestjs/common';
 import { ConfigModule } from '@nestjs/config';
 import { TypeOrmModule } from '@nestjs/typeorm';
-import { AppController } from './app.controller';
-import { AppService } from './app.service';
+import { AuthModule } from './auth/auth.module';
 
 @Module({
   imports: [
+    AuthModule,
     ConfigModule.forRoot({ isGlobal: true }),
     TypeOrmModule.forRoot({
       type: 'mysql',
@@ -15,10 +15,10 @@ import { AppService } from './app.service';
       password: process.env.DB_PASSWORD,
       database: process.env.DB_DATABASE,
       entities: [__dirname + '/**/*.entity{.ts,.js}'],
-      synchronize: false,
+      synchronize: process.env.NODE_ENnestV !== 'production',
     }),
   ],
-  controllers: [AppController],
-  providers: [AppService],
+  controllers: [],
+  providers: [],
 })
-export class AppModule {}
+export class AppModule {}
diff --git a/src/app.service.ts b/src/app.service.ts
diff --git a/src/auth.guard.ts b/src/auth.guard.ts
@@ -0,0 +1,32 @@
+import { Request } from 'express';
+import { Observable } from 'rxjs';
+import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
+import { AuthService } from './auth/auth.service';
+
+@Injectable()
+export class AuthGuard implements CanActivate {
+  constructor(private authService: AuthService) {}
+
+  canActivate(
+    context: ExecutionContext,
+  ): boolean | Promise<boolean> | Observable<boolean> {
+    const request = context.switchToHttp().getRequest();
+    return this.validateRequest(request);
+  }
+
+  private validateRequest(request: Request) {
+    const authHeader = request.headers.authorization;
+
+    if (authHeader) {
+      const token = authHeader.startsWith('Bearer ')
+        ? authHeader.slice(7)
+        : null;
+      if (token) {
+        request.user = this.authService.verify(token);
+        return true;
+      }
+    }
+
+    return false;
+  }
+}
diff --git a/src/auth/auth.controller.ts b/src/auth/auth.controller.ts
@@ -0,0 +1,13 @@
+import { Controller, Get, UseGuards } from '@nestjs/common';
+import type { UserAuth } from '../types/userAuth.type';
+import { AuthUser } from '../decorators/auth-user.decorator';
+import { AuthGuard } from '../auth.guard';
+
+@Controller('auth')
+export class AuthController {
+  @UseGuards(AuthGuard)
+  @Get('test')
+  test(@AuthUser() userAuth: UserAuth): UserAuth {
+    return userAuth;
+  }
+}
diff --git a/src/auth/auth.module.ts b/src/auth/auth.module.ts
@@ -0,0 +1,13 @@
+import { Module } from '@nestjs/common';
+import { AuthService } from './auth.service';
+import { AuthController } from './auth.controller';
+import authConfig from '../config/authConfig';
+import { ConfigModule } from '@nestjs/config';
+
+@Module({
+  imports: [ConfigModule.forFeature(authConfig)],
+  controllers: [AuthController],
+  providers: [AuthService],
+  exports: [],
+})
+export class AuthModule {}
diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts
@@ -0,0 +1,38 @@
+import * as jwt from 'jsonwebtoken';
+import { Inject, Injectable, UnauthorizedException } from '@nestjs/common';
+import authConfig from 'src/config/authConfig';
+import type { ConfigType } from '@nestjs/config';
+import { UserAuth } from '../types/userAuth.type';
+
+interface User {
+  user_id: string;
+  role: string;
+  token_version: number;
+}
+
+@Injectable()
+export class AuthService {
+  constructor(
+    @Inject(authConfig.KEY) private config: ConfigType<typeof authConfig>,
+  ) {}
+
+  verify(token: string): UserAuth {
+    try {
+      const payload = jwt.verify(token, this.config.jwtSecret) as unknown as (
+        | jwt.JwtPayload
+        | string
+      ) &
+        User;
+
+      const { user_id, role, token_version } = payload;
+
+      return {
+        userId: user_id,
+        role,
+        tokenVersion: token_version,
+      };
+    } catch (e) {
+      throw new UnauthorizedException(e);
+    }
+  }
+}
diff --git a/src/config/authConfig.ts b/src/config/authConfig.ts
@@ -0,0 +1,5 @@
+import { registerAs } from '@nestjs/config';
+
+export default registerAs('auth', () => ({
+  jwtSecret: process.env.JWT_SECRET || 'defaultSecret',
+}));
diff --git a/src/decorators/auth-user.decorator.ts b/src/decorators/auth-user.decorator.ts
@@ -0,0 +1,9 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+import { UserAuth } from '../types/userAuth.type';
+
+export const AuthUser = createParamDecorator<UserAuth>(
+  (data: unknown, ctx: ExecutionContext): UserAuth => {
+    const request = ctx.switchToHttp().getRequest();
+    return request.user;
+  },
+);
diff --git a/src/types/express.d.ts b/src/types/express.d.ts
@@ -0,0 +1,8 @@
+import 'express';
+import { UserAuth } from './userAuth.type';
+
+declare module 'express' {
+  export interface Request {
+    user?: UserAuth;
+  }
+}
diff --git a/src/types/userAuth.type.ts b/src/types/userAuth.type.ts
@@ -0,0 +1,5 @@
+export interface UserAuth {
+  userId: string;
+  role: string;
+  tokenVersion: number;
+}
