Fix: OAuth 토큰 중복발급 제한

src/api/oauth/oauth.controller.ts

@@ -7,9 +7,11 @@ import loginCheck from '@src/util/loginCheck';
 
 
 router.get('/authentication', loginCheck, async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    const user = new User(jwt.verify(req.cookies.token).value);
     try {
         res.send(JSON.stringify(
             await service.authentication(
+                user,
                 String(req.query.clientId),
                 String(req.query.redirectURI)
             )

src/api/oauth/oauth.service.ts

@@ -1,5 +1,5 @@
 import express from 'express';
-import { BadRequestException, InternalServerException, NotFoundException, UnAuthorizedException } from '@src/util/exceptions';
+import { BadRequestException, NotFoundException, UnAuthorizedException } from '@src/util/exceptions';
 import * as oauthClientReposiroty from '@src/api/oauth/repository/client.repository';
 import * as oauthScopeReposiroty from '@src/api/oauth/repository/scope.repository';
 import * as oauthScopeInfoReposiroty from '@src/api/oauth/repository/scopeInfo.repository';
@@ -25,6 +25,7 @@ const getScopeInfoList = async () => {
 getScopeInfoList();
 
 const authentication = async (
+    user: User,
     clientId: string,
     redirectURI: string
 ) => {
@@ -41,8 +42,14 @@ const authentication = async (
     if (scopeInfo === null) {
         throw new NotFoundException('Failed to load scope info');
     }
+    if (await oauthTokenReposiroty.getByUsercodeAndClientId(user.getUser().code, clientId)) {
+        return {
+            authorized: true
+        }
+    }
 
     return {
+        authorized: false,
         domain,
         serviceName,
         scope: scopeInfoList.filter(e => scopeInfo.some(scope => scope.info == e.info))
@@ -91,6 +98,14 @@ const getToken = async (
     }
 
     await oauthAuthcodeReposiroty.expireCode(authcode);
+
+    const authorizedInfo = await oauthTokenReposiroty.getByUsercodeAndClientId(authcodeInfo.usercode, clientId);
+    if (authorizedInfo !== null) {
+        return {
+            token: authorizedInfo.token
+        }
+    }
+
     const newToken = crypto.randomBytes(16).toString('hex');
     await oauthTokenReposiroty.createToken(newToken, clientId, authcodeInfo.usercode);
 
@@ -171,15 +186,15 @@ const createClient = async (
     try {
         scopeList = (typeof scope == 'string')? JSON.parse(scope): scope;
         if (typeof scopeList != 'object' || !scopeList.length) {
-            throw new BadRequestException('Scope is invalid1');
+            throw new BadRequestException('Scope is invalid');
         }
     } catch (err) {
-        throw new BadRequestException('Scope is invalid2');
+        throw new BadRequestException('Scope is invalid');
     }
 
     const scopeListCheck = scopeList.filter((e: string) => scopeInfoList.some(scopeInfo => e == scopeInfo.info));
     if (scopeListCheck.length != scopeList.length) {
-        throw new BadRequestException('Scope is invalid3');
+        throw new BadRequestException('Scope is invalid');
     }
 
     const newClientId = crypto.randomBytes(4).toString('hex');

src/api/oauth/repository/token.repository.ts

@@ -25,6 +25,31 @@ const getByToken = async (
     }
 }
 
+const getByUsercodeAndClientId = async (
+    usercode: number,
+    clientId: string
+): Promise<{
+    token: string
+} | null> => {
+    const getQuery='SELECT token FROM oauth_token WHERE usercode=? AND client_id=?';
+    // SELECT 
+    //     token 
+    // FROM oauth_token 
+    // WHERE 
+    //     usercode=? AND 
+    //     client_id=?
+    try {
+        const [rows] = await pool.query(getQuery, [usercode, clientId]);
+        if (rows.length)
+            return rows[0];
+        else
+            return null;
+    } catch(err) {
+        console.error(err);
+        throw new InternalServerException();
+    }
+}
+
 const createToken = async (
     token: string,
     clientId: string,
@@ -62,6 +87,7 @@ const expireCode = async (
 
 export {
     getByToken,
+    getByUsercodeAndClientId,
     createToken,
     expireCode
 }