개발 환경에서 액세스 토큰 미사용시 header에 user_id 추가 강제하도록 변경 (#78)

giwonn · Jan 14, 2024 · eb73e0d · eb73e0d
1 parent 3bee9ba
commit eb73e0d
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 14 deletions.
diff --git a/src/common/decorator/user-id.decorator.ts b/src/common/decorator/user-id.decorator.ts
@@ -1,5 +1,4 @@
 import {
-  BadRequestException,
   createParamDecorator,
   InternalServerErrorException,
 } from '@nestjs/common';
@@ -13,15 +12,5 @@ export const UserId = createParamDecorator((_, ctx) => {
     );
   }
 
-  if (process.env.NODE_ENV === 'development') {
-    if (!request.query?.userId) {
-      throw new BadRequestException(
-        'dev환경에서는 Query Parameter로 userId를 넣어주어야 합니다.',
-      );
-    }
-
-    return request.query?.userId;
-  }
-
   return request.userId;
 });
diff --git a/src/common/filter/fail-exception.filter.ts b/src/common/filter/fail-exception.filter.ts
@@ -22,7 +22,6 @@ export class FailExceptionFilter implements ExceptionFilter {
     const response = ctx.getResponse();
 
     const message = exception.getResponse()['message'];
-
     this.logger.warn(`FAIL - ${message}`);
 
     return response.status(statusCode).json({

diff --git a/src/common/guard/global/access-token.guard.ts b/src/common/guard/global/access-token.guard.ts
@@ -1,4 +1,5 @@
 import {
+  BadRequestException,
   type ExecutionContext,
   Injectable,
   UnauthorizedException,
@@ -12,14 +13,21 @@ import { BearerTokenGuard } from '@/common/guard/bearer-token.guard';
 @Injectable()
 export class AccessTokenGuard extends BearerTokenGuard {
   async canActivate(context: ExecutionContext) {
-    // 액세스 토큰이 필요 없는 요청
     const request = context.switchToHttp().getRequest();
     const path = request.route.path;
 
+    // 액세스 토큰이 필요 없는 요청
     if (path.startsWith('/auth/')) {
       return true;
     }
 
+    if (
+      process.env.NODE_ENV === 'development' &&
+      !request.headers.authorization
+    ) {
+      return this.devAuthenticate(request);
+    }
+
     // BearerTokenGuard 검증
     try {
       await super.canActivate(context);
@@ -36,4 +44,16 @@ export class AccessTokenGuard extends BearerTokenGuard {
 
     return true;
   }
+
+  devAuthenticate(request: any) {
+    if (!request.headers.user_id) {
+      throw new BadRequestException(
+        'dev환경에서는 액세스토큰 미사용시 header에 user_id라는 key로 userId를 넣어주어야 합니다.',
+      );
+    }
+
+    request.userId = request.headers.user_id;
+
+    return true;
+  }
 }
diff --git a/src/v1/auth/auth.controller.ts b/src/v1/auth/auth.controller.ts
@@ -1,7 +1,6 @@
 import {
   Controller,
   HttpCode,
-  HttpException,
   HttpStatus,
   Inject,
   Post,