diff --git a/app.js b/app.js
index 952e375ab1eefe8e4640271668cb1ca136c36754..937f5c05da96e28f4af7c063270a5e67151b116a 100644
--- a/app.js
+++ b/app.js
@@ -19,7 +19,7 @@ app.use(morgan('dev')); //濡쒓퉭��
// CORS �ㅼ젙
app.use(
cors({
- origin: 'http://localhost:3000',
+ origin: process.env.FRONTEND_URL,
methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
allowedHeaders: ['Content-Type', 'Authorization'],
credentials: true,
diff --git a/middlewares/auth.js b/middlewares/auth.js
index afc74eaad5520ace4dbb2b36a9a644cec88e8387..52eb397476e16fa8c98e7d2e29a15973d76215bc 100644
--- a/middlewares/auth.js
+++ b/middlewares/auth.js
@@ -1,15 +1,16 @@
// middlewares/auth.js
-
-exports.isLoggedIn = (req, res, next) => { //濡쒓렇�몃맂 �ъ슜�먯옄留� �묎렐�덉슜
+exports.isLoggedIn = (req, res, next) => { // 濡쒓렇�몃맂 �ъ슜�먮쭔 �묎렐 �덉슜
if (req.isAuthenticated()) {
return next();
}
- res.redirect('/auth/login');
+ // 由щ떎�대젆�� ���� 401 Unauthorized �곹깭 諛섑솚
+ res.status(401).json({ error: '濡쒓렇�� �섏��딆� �ъ슜��' });
};
-exports.isNotLoggedIn = (req, res, next) => { //濡쒓렇�� �덈릺硫� 由щ떎�대젆��
+exports.isNotLoggedIn = (req, res, next) => { // 濡쒓렇�� �덈맂 �ъ슜�먮쭔 �묎렐 �덉슜
if (!req.isAuthenticated()) {
return next();
}
- res.redirect('/');
+ // 由щ떎�대젆�� ���� 400 Bad Request �곹깭 諛섑솚 (�꾩슂�� �곕씪 蹂�寃� 媛���)
+ res.status(400).json({ error: '�대� 濡쒓렇�몃맂' });
};
diff --git a/passport/googleStrategy.js b/passport/googleStrategy.js
index cd23c9d71bce1b6ef26e59ee92bb8d3d3ef1f829..ada1aef6fa1cdeea29147c2e039625cae2b22424 100644
--- a/passport/googleStrategy.js
+++ b/passport/googleStrategy.js
@@ -1,15 +1,15 @@
// passport/googleStrategy.js
-
const { Strategy: GoogleStrategy } = require('passport-google-oauth20');
-const User = require('../models/user');
+const User = require('../models/user'); // �ъ슜�� 紐⑤뜽�� 媛��몄샃�덈떎.
module.exports = new GoogleStrategy(
{
clientID: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
callbackURL: process.env.CALLBACK_URL,
+ passReqToCallback: true, // req 媛앹껜瑜� 肄쒕갚�� �꾨떖
},
- async (accessToken, refreshToken, profile, done) => {
+ async (req, accessToken, refreshToken, profile, done) => {
try {
// �꾨줈�꾩뿉�� �ъ슜�� �뺣낫 異붿텧
const email = profile.emails[0].value;
@@ -23,7 +23,7 @@ module.exports = new GoogleStrategy(
return done(null, user);
} catch (err) {
- return done(err);
+ return done(err, null);
}
}
);
diff --git a/routes/auth.js b/routes/auth.js
index 7eda249d0f05a64d3537bc0462e2da4f7c6fd831..16247d5fb6695d92b707a11b86691bc7439658ea 100644
--- a/routes/auth.js
+++ b/routes/auth.js
@@ -1,5 +1,4 @@
// routes/auth.js
-
const express = require('express');
const passport = require('passport');
@@ -12,23 +11,41 @@ router.get('/login', (req, res) => {
// GET /auth/logout
router.get('/logout', (req, res) => {
- req.logout(() => {
- res.redirect('/');
+ req.logout((err) => {
+ if (err) {
+ return res.status(500).json({ error: 'Failed to logout' });
+ }
+ res.redirect(process.env.FRONTEND_URL);
});
});
// GET /auth/google
-router.get(
- '/google',
- passport.authenticate('google', { scope: ['profile', 'email'] })
-);
+router.get('/google', (req, res, next) => {
+ const redirectUrl = req.query.redirectUrl || process.env.FRONTEND_URL;
+
+ // 由щ떎�대젆�� URL 寃�利�
+ const allowedDomains = [process.env.FRONTEND_URL];
+ if (!allowedDomains.some((domain) => redirectUrl.startsWith(domain))) {
+ return res.status(400).json({ error: 'Invalid redirect URL' });
+ }
+
+ // �몄뀡�� redirectUrl ����
+ req.session.redirectUrl = redirectUrl;
+
+ passport.authenticate('google', { scope: ['profile', 'email'] })(req, res, next);
+});
// GET /auth/google/callback
router.get(
'/google/callback',
passport.authenticate('google', { failureRedirect: '/auth/login' }),
(req, res) => {
- res.redirect('/');
+ // �몄뀡�먯꽌 redirectUrl 媛��몄삤湲�
+ const redirectUrl = req.session.redirectUrl || process.env.FRONTEND_URL;
+
+ // �몄뀡�먯꽌 redirectUrl �쒓굅
+ req.session.redirectUrl = null;
+ res.redirect(redirectUrl);
}
);