Merge pull request #327 from Quickchive/fix/use-rs-256

feat: use appleSignin library
Quickchive · May 6, 2024 · 05f76d2 · 05f76d2
2 parents 848be8a + 065f1e7
commit 05f76d2
Show file tree

Hide file tree

Showing 4 changed files with 99 additions and 38 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -45,6 +45,7 @@
     "@types/crypto-js": "^4.1.1",
     "@types/passport-google-oauth20": "^2.0.11",
     "@types/uuid": "^9.0.0",
+    "apple-signin-auth": "^1.7.6",
     "axios": "^0.27.2",
     "bcrypt": "^5.0.1",
     "cache-manager": "^4.1.0",

diff --git a/src/auth/oauth.service.ts b/src/auth/oauth.service.ts
@@ -183,7 +183,7 @@ export class OAuthService {
   }
 
   public async appleLogin(code: string) {
-    const { data } = await this.oauthUtil.getAppleToken(code);
+    const data = await this.oauthUtil.getAppleToken(code);
 
     if (!data.id_token) {
       throw new InternalServerErrorException(

diff --git a/src/auth/util/oauth.util.ts b/src/auth/util/oauth.util.ts
@@ -10,11 +10,19 @@ import {
   GetKakaoUserInfoOutput,
 } from '../dtos/kakao.dto';
 import { JwtService } from '@nestjs/jwt';
+import appleSignin from 'apple-signin-auth';
 
 @Injectable()
 export class OAuthUtil {
   constructor(private readonly jwtService: JwtService) {}
 
+  private readonly CLIENT_ID = process.env.APPLE_CLIENT_ID;
+  private readonly TEAM_ID = process.env.APPLE_TEAM_ID;
+  private readonly PRIMARY_KEY = String(process.env.APPLE_SECRET_KEY)
+    .split(String.raw`'\n`)
+    .join('\n');
+  private readonly KEY_ID = process.env.APPLE_KEY_ID;
+
   // Get access token from Kakao Auth Server
   async getKakaoAccessToken(code: string): Promise<GetKakaoAccessTokenOutput> {
     try {
@@ -72,44 +80,21 @@ export class OAuthUtil {
     }
   }
 
-  getAppleAccessToken(): string {
-    const timeNow = Math.floor(Date.now() / 1000);
-
-    const claims = {
-      iss: process.env.APPLE_TEAM_ID,
-      iat: timeNow,
-      aud: 'https://appleid.apple.com',
-      sub: process.env.APPLE_CLIENT_ID,
-    };
-
-    const privateKey = process.env
-      .APPLE_SECRET_KEY!.split(String.raw`\n`)
-      .join('\n');
-    console.log(privateKey);
-
-    return this.jwtService.sign(claims, {
-      keyid: process.env.APPLE_KEY_ID,
-      expiresIn: timeNow + 300,
-      privateKey,
-      algorithm: 'ES256',
+  getClientSecret(): string {
+    return appleSignin.getClientSecret({
+      clientID: this.CLIENT_ID!,
+      teamID: this.TEAM_ID!,
+      privateKey: this.PRIMARY_KEY!,
+      keyIdentifier: this.KEY_ID!,
+      expAfter: 300,
     });
   }
 
   async getAppleToken(code: string) {
-    return await axios.post(
-      'https://appleid.apple.com/auth/token',
-      qs.stringify({
-        grant_type: 'authorization_code',
-        code,
-        client_secret: this.getAppleAccessToken(),
-        client_id: process.env.APPLE_CLIENT_ID,
-        redirect_uri: process.env.APPLE_REDIRECT_URI,
-      }),
-      {
-        headers: {
-          'Content-Type': 'application/x-www-form-urlencoded',
-        },
-      },
-    );
+    return await appleSignin.getAuthorizationToken(code, {
+      clientID: this.CLIENT_ID!,
+      redirectUri: process.env.APPLE_REDIRECT_URI!,
+      clientSecret: this.getClientSecret(),
+    });
   }
 }