PM_test/oauth/oauthService.js

const crypto = require('crypto');
const axios = require('axios');
const jwt = require('jsonwebtoken');

exports.exchangeToken = async (code, state, hostname) => {
    let client_id = '';
    if (process.env.CLIENT_ID.includes('PM_LOCAL')) client_id = process.env.CLIENT_ID;
    else if (process.env.SERVICE_NAME === 'PM_ver4_ONPREMISE') client_id = 'PM_ONPREMISE';
    else if (process.env.SERVICE_NAME === 'PM_ver4_CLOUD_OVERSEAS') {
        if (hostname.toLowerCase().includes('gtb.')) client_id = 'PM_GTB';
        if (hostname.toLowerCase().includes('bim.')) client_id = 'PM_BIM';
        if (hostname.toLowerCase().includes('overseas.')) client_id = 'PM_OVERSEAS';
        if (hostname.toLowerCase().includes('jangheon.')) client_id = 'PM_JANGHEON';
        if (hostname.toLowerCase().includes('jangheonindustry.')) client_id = 'PM_JANGHEONINDUSTRY';
        //test용 - sentinel에 등록되어있어야함
        if (hostname.toLowerCase().includes('172') || hostname.toLowerCase().includes('localhost')) {
            client_id = process.env.CLIENT_ID;
        }
    }

    let secret = '';
    if (process.env.CLIENT_ID.includes('PM_LOCAL')) secret = process.env.CLIENT_SECRET_LOCAL;
    else if (process.env.SERVICE_NAME === 'PM_ver4_ONPREMISE') secret = process.env.CLIENT_SECRET_ONPREMISE;
    else if (process.env.SERVICE_NAME === 'PM_ver4_CLOUD_OVERSEAS') {
        if (hostname.toLowerCase().includes('gtb.')) secret = process.env.CLIENT_SECRET_GTB;
        if (hostname.toLowerCase().includes('bim.')) secret = process.env.CLIENT_SECRET_BIM;
        if (hostname.toLowerCase().includes('overseas.')) secret = process.env.CLIENT_SECRET_OVERSEAS;
        if (hostname.toLowerCase().includes('jangheon.')) secret = process.env.CLIENT_SECRET_JANGHEON;
        if (hostname.toLowerCase().includes('jangheonindustry.')) secret = process.env.CLIENT_SECRET_JANGHEONINDUSTRY;
        //test용 - sentinel에 등록되어있어야함
        if (hostname.toLowerCase().includes('172') || hostname.toLowerCase().includes('localhost')) {
            secret = process.env.CLIENT_SECRET_LOCAL;
        }
    }


    const { encrypted, iv } = _encrypt(secret);
    console.log("encrypted ", encrypted);
    const tokenResp = await axios.post(`${process.env.SENTINEL_BASE}/oauth/token`, {
        code,
        client_id: client_id,
        client_secret_enc: encrypted,
        iv,
        state // state 추가
    });

    const { access_token, next } = tokenResp.data;
    // return jwt.verify(access_token, process.env.JWT_SECRET);

    const verifyOptions = {
        issuer: process.env.JWT_ISSUER,
        audience: client_id,
        algorithms: ["HS256"],
        clockTolerance: 30
    };

    const user = jwt.verify(access_token, process.env.JWT_SECRET, verifyOptions);

    return {
        user,
        next: next || null,
    };
};

exports.isLoggedIn = async (req, res, next) => {
    // 로컬 테스트 시 강제로 세션 주입하고 통과시킴
    req.session.user = {
        userId: 'test_user',
        user_nm: '테스트사용자',
        group: 'dev'
    };
    next();
}

//const AES_KEY = Buffer.from(process.env.AES_KEY_32BYTE, "utf8");
const AES_KEY_32BYTE = "abcdefghijklmnopqrstuvwxyz123456";


function _encrypt(text) {
    const iv = crypto.randomBytes(16);
    const cipher = crypto.createCipheriv("aes-256-cbc", AES_KEY, iv);

    let enc = cipher.update(text, "utf8", "base64");
    enc += cipher.final("base64");

    return {
        encrypted: enc,
        iv: iv.toString("base64")
    };
}