devfront 개발모드 unkown로그인 제거

2026-06-19 08:15:07 +09:00
parent 7ea385a9f4
commit 016d783482
11 changed files with 162 additions and 34 deletions
--- a/devfront/src/lib/oidcStorage.test.ts
+++ b/devfront/src/lib/oidcStorage.test.ts
@@ -48,14 +48,14 @@ describe("findPersistedOidcUser", () => {
      JSON.stringify({
        access_token: "token-1",
        expires_at: expiresAt,
-        profile: { name: "Dev Admin" },
+        profile: { sub: "dev-admin-1", name: "Dev Admin" },
      }),
    );

    expect(findPersistedOidcUser(storage)).toEqual({
      access_token: "token-1",
      expires_at: expiresAt,
-      profile: { name: "Dev Admin" },
+      profile: { sub: "dev-admin-1", name: "Dev Admin" },
    });
  });

@@ -73,4 +73,20 @@ describe("findPersistedOidcUser", () => {

    expect(findPersistedOidcUser(storage)).toBeNull();
  });
+
+  it("skips placeholder unknown entries without an access token and subject", () => {
+    const storage = new MemoryStorage();
+    storage.setItem(
+      "oidc.user:issuer:devfront",
+      JSON.stringify({
+        expires_at: Math.floor(Date.now() / 1000) + 3600,
+        profile: {
+          name: "Unknown User",
+          email: "unknown@example.com",
+        },
+      }),
+    );
+
+    expect(findPersistedOidcUser(storage)).toBeNull();
+  });
 });
--- a/devfront/src/lib/oidcStorage.ts
+++ b/devfront/src/lib/oidcStorage.ts
@@ -7,6 +7,27 @@ export type PersistedOidcUser = {
 const OIDC_USER_KEY_PREFIX = "oidc.user:";
 const OIDC_CLIENT_ID = "devfront";

+export function isValidOidcSessionUser(
+  value: PersistedOidcUser | null | undefined,
+): value is PersistedOidcUser & {
+  access_token: string;
+  expires_at: number;
+  profile: Record<string, unknown> & { sub: string };
+} {
+  return (
+    value !== null &&
+    value !== undefined &&
+    typeof value.access_token === "string" &&
+    value.access_token.trim() !== "" &&
+    typeof value.expires_at === "number" &&
+    value.expires_at * 1000 > Date.now() &&
+    typeof value.profile === "object" &&
+    value.profile !== null &&
+    typeof value.profile.sub === "string" &&
+    value.profile.sub.trim() !== ""
+  );
+}
+
 export function findPersistedOidcUser(
  storage: Storage = window.localStorage,
 ): PersistedOidcUser | null {
@@ -27,10 +48,7 @@ export function findPersistedOidcUser(

    try {
      const parsed = JSON.parse(rawValue) as PersistedOidcUser;
-      if (
-        typeof parsed.expires_at === "number" &&
-        parsed.expires_at * 1000 > Date.now()
-      ) {
+      if (isValidOidcSessionUser(parsed)) {
        return parsed;
      }
    } catch {