세션 만료 관리 토글 동작을 실제 정책에 맞게 분리

2026-04-06 13:19:05 +09:00
parent 8942c78fb4
commit 6a3bb19e7d
7 changed files with 217 additions and 4 deletions
--- a/adminfront/src/components/layout/AppLayout.tsx
+++ b/adminfront/src/components/layout/AppLayout.tsx
@@ -19,7 +19,10 @@ import { useAuth } from "react-oidc-context";
 import { NavLink, Outlet, useLocation, useNavigate } from "react-router-dom";
 import { fetchMe } from "../../lib/adminApi";
 import { t } from "../../lib/i18n";
-import { shouldAttemptSlidingSessionRenew } from "../../lib/sessionSliding";
+import {
+  shouldAttemptSlidingSessionRenew,
+  shouldAttemptUnlimitedSessionRenew,
+} from "../../lib/sessionSliding";
 import LanguageSelector from "../common/LanguageSelector";
 import RoleSwitcher from "./RoleSwitcher";

@@ -221,6 +224,52 @@ function AppLayout() {
    isSessionExpiryEnabled,
  ]);

+  useEffect(() => {
+    const maybeKeepSessionAlive = async () => {
+      const now = Date.now();
+      if (
+        !shouldAttemptUnlimitedSessionRenew({
+          expiresAtSec: auth.user?.expires_at,
+          nowMs: now,
+          isEnabled: isSessionExpiryEnabled,
+          isAuthenticated: auth.isAuthenticated,
+          isLoading: auth.isLoading,
+          isRenewInFlight: isRenewInFlightRef.current,
+          lastAttemptAtMs: lastRenewAttemptAtRef.current,
+        })
+      ) {
+        return;
+      }
+
+      isRenewInFlightRef.current = true;
+      lastRenewAttemptAtRef.current = now;
+
+      try {
+        await auth.signinSilent();
+      } catch (error) {
+        console.error("세션 무제한 유지 갱신에 실패했습니다.", error);
+      } finally {
+        isRenewInFlightRef.current = false;
+      }
+    };
+
+    const timer = window.setInterval(() => {
+      void maybeKeepSessionAlive();
+    }, 30_000);
+
+    void maybeKeepSessionAlive();
+
+    return () => {
+      window.clearInterval(timer);
+    };
+  }, [
+    auth,
+    auth.isAuthenticated,
+    auth.isLoading,
+    auth.user?.expires_at,
+    isSessionExpiryEnabled,
+  ]);
+
  useEffect(() => {
    const routeKey = `${location.pathname}${location.search}${location.hash}`;
    if (lastVisitedRouteRef.current === null) {
--- a/adminfront/src/lib/auth.ts
+++ b/adminfront/src/lib/auth.ts
@@ -10,7 +10,7 @@ export const oidcConfig: AuthProviderProps = {
  scope: "openid offline_access profile email", // offline_access for refresh token
  post_logout_redirect_uri: window.location.origin,
  userStore: new WebStorageStateStore({ store: window.localStorage }),
-  automaticSilentRenew: true,
+  automaticSilentRenew: false,
 };

 export const userManager = new UserManager({
--- a/adminfront/src/lib/sessionSliding.test.ts
+++ b/adminfront/src/lib/sessionSliding.test.ts
@@ -2,6 +2,7 @@ import { describe, expect, it } from "vitest";
 import {
  SESSION_RENEW_THRESHOLD_MS,
  shouldAttemptSlidingSessionRenew,
+  shouldAttemptUnlimitedSessionRenew,
 } from "./sessionSliding";

 describe("shouldAttemptSlidingSessionRenew", () => {
@@ -71,3 +72,55 @@ describe("shouldAttemptSlidingSessionRenew", () => {
    ).toBe(false);
  });
 });
+
+describe("shouldAttemptUnlimitedSessionRenew", () => {
+  const nowMs = 1_700_000_000_000;
+
+  it("returns false when unlimited mode is not active", () => {
+    expect(
+      shouldAttemptUnlimitedSessionRenew({
+        expiresAtSec: Math.floor(
+          (nowMs + SESSION_RENEW_THRESHOLD_MS - 1_000) / 1000,
+        ),
+        nowMs,
+        isEnabled: true,
+        isAuthenticated: true,
+        isLoading: false,
+        isRenewInFlight: false,
+        lastAttemptAtMs: 0,
+      }),
+    ).toBe(false);
+  });
+
+  it("returns true near expiry when session expiry management is disabled", () => {
+    expect(
+      shouldAttemptUnlimitedSessionRenew({
+        expiresAtSec: Math.floor(
+          (nowMs + SESSION_RENEW_THRESHOLD_MS - 1_000) / 1000,
+        ),
+        nowMs,
+        isEnabled: false,
+        isAuthenticated: true,
+        isLoading: false,
+        isRenewInFlight: false,
+        lastAttemptAtMs: 0,
+      }),
+    ).toBe(true);
+  });
+
+  it("returns false when the token still has enough remaining lifetime", () => {
+    expect(
+      shouldAttemptUnlimitedSessionRenew({
+        expiresAtSec: Math.floor(
+          (nowMs + SESSION_RENEW_THRESHOLD_MS + 1_000) / 1000,
+        ),
+        nowMs,
+        isEnabled: false,
+        isAuthenticated: true,
+        isLoading: false,
+        isRenewInFlight: false,
+        lastAttemptAtMs: 0,
+      }),
+    ).toBe(false);
+  });
+});
--- a/adminfront/src/lib/sessionSliding.ts
+++ b/adminfront/src/lib/sessionSliding.ts
@@ -43,3 +43,34 @@ export function shouldAttemptSlidingSessionRenew({

  return true;
 }
+
+export function shouldAttemptUnlimitedSessionRenew({
+  expiresAtSec,
+  nowMs,
+  isEnabled,
+  isAuthenticated,
+  isLoading,
+  isRenewInFlight,
+  lastAttemptAtMs,
+  thresholdMs = SESSION_RENEW_THRESHOLD_MS,
+  throttleMs = SESSION_RENEW_THROTTLE_MS,
+}: SlidingSessionRenewDecisionParams) {
+  if (isEnabled || !isAuthenticated || isLoading || isRenewInFlight) {
+    return false;
+  }
+
+  if (typeof expiresAtSec !== "number") {
+    return false;
+  }
+
+  const remainingMs = expiresAtSec * 1000 - nowMs;
+  if (remainingMs <= 0 || remainingMs > thresholdMs) {
+    return false;
+  }
+
+  if (nowMs - lastAttemptAtMs < throttleMs) {
+    return false;
+  }
+
+  return true;
+}