Merge branch 'dev' of https://github.com/sparcs-kaist/taxi-back into #…

…273-안-읽은-메세지-확인

app.js

@@ -38,6 +38,9 @@ app.use(require("./src/middlewares/limitRate"));
 // [Router] Swagger (API 문서)
 app.use("/docs", require("./src/routes/docs"));
 
+// [Middleware] 모든 API 요청에 대하여 origin 검증
+app.use(require("./src/middlewares/originValidator"));
+
 // [Router] APIs
 app.use("/auth", require("./src/routes/auth"));
 app.use("/logininfo", require("./src/routes/logininfo"));

src/middlewares/information.js

@@ -1,15 +1,5 @@
 module.exports = (req, res, next) => {
   req.clientIP = req.headers["x-forwarded-for"] || req.connection.remoteAddress;
   req.timestamp = Date.now();
-  req.origin =
-    req.headers.origin ||
-    req.headers.referer ||
-    req.session?.loginAfterState?.redirectOrigin; // sparcssso/callback 요청은 헤더에 origin이 없음
-
-  if (!req.origin) {
-    return res.status(400).json({
-      error: "Bad Request : request must have origin in header",
-    });
-  }
   next();
 };

src/middlewares/originValidator.js

@@ -0,0 +1,13 @@
+module.exports = (req, res, next) => {
+  req.origin =
+    req.headers.origin ||
+    req.headers.referer ||
+    req.session?.loginAfterState?.redirectOrigin; // sparcssso/callback 요청은 헤더에 origin이 없음
+
+  if (!req.origin) {
+    return res.status(400).json({
+      error: "Bad Request : request must have origin in header",
+    });
+  }
+  next();
+};

src/services/auth.replace.js

@@ -34,6 +34,7 @@ const loginReplaceHandler = (req, res) => {
   if (!loginAfterState)
     return res.status(400).send("SparcsssoCallbackHandler : invalid request");
   const { redirectOrigin, redirectPath } = loginAfterState;
+  req.session.loginAfterState = undefined;
   tryLogin(req, res, createUserData(id), redirectOrigin, redirectPath);
 };