common auth/session bootstrap과 renew policy 공용화

2026-05-11 14:58:28 +09:00
parent 1419c8db27
commit 1c083dd586
10 changed files with 198 additions and 317 deletions
--- a/common/core/auth/.gitkeep
+++ b/common/core/auth/.gitkeep
@@ -1 +0,0 @@
-
--- a/common/core/auth/index.ts
+++ b/common/core/auth/index.ts
@@ -0,0 +1,63 @@
+export const DEFAULT_OIDC_SCOPE = "openid offline_access profile email";
+export const DEFAULT_OIDC_REDIRECT_PATH = "/auth/callback";
+
+export type CommonOidcConfigOptions<TUserStore = unknown> = {
+  authority: string;
+  clientId: string;
+  origin?: string;
+  redirectPath?: string;
+  scope?: string;
+  automaticSilentRenew?: boolean;
+  userStore: TUserStore;
+};
+
+type CommonOidcRuntimeConfig<TUserStore> = {
+  authority: string;
+  client_id: string;
+  redirect_uri: string;
+  response_type: "code";
+  scope: string;
+  post_logout_redirect_uri: string;
+  popup_redirect_uri: string;
+  userStore: TUserStore;
+  automaticSilentRenew: boolean;
+};
+
+export function buildCommonOidcRuntimeConfig<TUserStore>({
+  authority,
+  clientId,
+  origin = window.location.origin,
+  redirectPath = DEFAULT_OIDC_REDIRECT_PATH,
+  scope = DEFAULT_OIDC_SCOPE,
+  automaticSilentRenew = false,
+  userStore,
+}: CommonOidcConfigOptions<TUserStore>): CommonOidcRuntimeConfig<TUserStore> {
+  const callbackUrl = `${origin}${redirectPath}`;
+
+  return {
+    authority,
+    client_id: clientId,
+    redirect_uri: callbackUrl,
+    response_type: "code",
+    scope,
+    post_logout_redirect_uri: origin,
+    popup_redirect_uri: callbackUrl,
+    userStore,
+    automaticSilentRenew,
+  };
+}
+
+export function buildCommonUserManagerSettings<
+  TConfig extends {
+    authority?: string;
+    client_id?: string;
+    redirect_uri?: string;
+  },
+>(config: TConfig) {
+  return {
+    ...config,
+    authority: config.authority || "",
+    client_id: config.client_id || "",
+    redirect_uri: config.redirect_uri || "",
+  };
+}
--- a/common/core/session/.gitkeep
+++ b/common/core/session/.gitkeep
@@ -1 +0,0 @@
-
--- a/common/core/session/index.ts
+++ b/common/core/session/index.ts
@@ -0,0 +1,65 @@
+export const DEFAULT_SESSION_RENEW_THRESHOLD_MS = 10 * 60 * 1000;
+export const DEFAULT_SESSION_RENEW_THROTTLE_MS = 30 * 1000;
+
+export type SessionRenewDecisionParams = {
+  expiresAtSec?: number | null;
+  nowMs: number;
+  isEnabled: boolean;
+  isAuthenticated: boolean;
+  isLoading: boolean;
+  isRenewInFlight: boolean;
+  lastAttemptAtMs: number;
+  thresholdMs?: number;
+  throttleMs?: number;
+};
+
+function hasRenewPreconditions({
+  isAuthenticated,
+  isLoading,
+  isRenewInFlight,
+}: SessionRenewDecisionParams) {
+  return isAuthenticated && !isLoading && !isRenewInFlight;
+}
+
+function isRenewWindowOpen({
+  expiresAtSec,
+  nowMs,
+  lastAttemptAtMs,
+  thresholdMs = DEFAULT_SESSION_RENEW_THRESHOLD_MS,
+  throttleMs = DEFAULT_SESSION_RENEW_THROTTLE_MS,
+}: SessionRenewDecisionParams) {
+  if (typeof expiresAtSec !== "number") {
+    return false;
+  }
+
+  const remainingMs = expiresAtSec * 1000 - nowMs;
+  if (remainingMs <= 0 || remainingMs > thresholdMs) {
+    return false;
+  }
+
+  if (nowMs - lastAttemptAtMs < throttleMs) {
+    return false;
+  }
+
+  return true;
+}
+
+export function shouldAttemptSlidingSessionRenew(
+  params: SessionRenewDecisionParams,
+) {
+  if (!params.isEnabled || !hasRenewPreconditions(params)) {
+    return false;
+  }
+
+  return isRenewWindowOpen(params);
+}
+
+export function shouldAttemptUnlimitedSessionRenew(
+  params: SessionRenewDecisionParams,
+) {
+  if (params.isEnabled || !hasRenewPreconditions(params)) {
+    return false;
+  }
+
+  return isRenewWindowOpen(params);
+}