fix: Access Token 인증 과정에서 tokenVersion 제거

#293

Author: minjungw00

server/src/auth/auth.controller.ts

@@ -103,9 +103,6 @@ export class AuthController {
     // DB에서 refresh token 삭제
     await this.authService.removeRefreshToken(user.id);
 
-    // 사용자의 token version 증가
-    await this.authService.increaseTokenVersion(user);
-
     // 쿠키 삭제
     this.authService.clearCookie(req.res);
   }

server/src/auth/auth.service.ts

@@ -71,7 +71,6 @@ export class AuthService {
     return this.jwtService.sign({
       sub: user.id,
       email: user.email,
-      tokenVersion: await this.increaseTokenVersion(user),
     });
   }
 
@@ -87,12 +86,6 @@ export class AuthService {
     return refreshToken;
   }
 
-  async increaseTokenVersion(user: User): Promise<number> {
-    const tokenVersion = user.tokenVersion + 1;
-    await this.userModel.updateOne({ id: user.id }, { tokenVersion });
-    return tokenVersion;
-  }
-
   async login(user: User, res: Response): Promise<UserDto> {
     const accessToken = await this.generateAccessToken(user);
     const refreshToken = await this.generateRefreshToken(user.id);

server/src/auth/guards/jwt-auth.guard.ts

@@ -1,14 +1,9 @@
 import { Injectable, ExecutionContext, UnauthorizedException } from "@nestjs/common";
 import { AuthGuard } from "@nestjs/passport";
-import { AuthService } from "../auth.service";
-import { JwtService } from "@nestjs/jwt";
 
 @Injectable()
 export class JwtAuthGuard extends AuthGuard("jwt") {
-  constructor(
-    private readonly authService: AuthService,
-    private readonly jwtService: JwtService,
-  ) {
+  constructor() {
     super();
   }
 
@@ -22,14 +17,6 @@ export class JwtAuthGuard extends AuthGuard("jwt") {
 
     const canActivate = (await super.canActivate(context)) as boolean;
 
-    // Access Token의 tokenVersion과 사용자의 tokenVersion 일치 여부 확인
-    const decodedToken = this.jwtService.decode(token) as { sub: string; tokenVersion: number };
-    const user = await this.authService.findById(decodedToken.sub);
-
-    if (!user || user.tokenVersion !== decodedToken.tokenVersion) {
-      throw new UnauthorizedException("Invalid token version");
-    }
-
     return canActivate;
   }
 }

server/src/auth/schemas/user.schema.ts

@@ -18,9 +18,6 @@ export class User {
   @Prop({ required: true })
   name: string;
 
-  @Prop({ required: true, default: () => 0 })
-  tokenVersion: number;
-
   @Prop()
   refreshToken: string;
 

server/src/auth/test/auth.controller.spec.ts

@@ -25,7 +25,6 @@ describe("AuthController", () => {
     validateUser: jest.fn(),
     getProfile: jest.fn(),
     refresh: jest.fn(),
-    increaseTokenVersion: jest.fn(),
     isValidEmail: jest.fn(),
   };
 

server/src/auth/test/auth.service.spec.ts

@@ -25,7 +25,6 @@ describe("AuthService", () => {
     email: "[email protected]",
     password: "hashedPassword",
     name: "Test User",
-    tokenVersion: 0,
   };
 
   const mockUserModel = {
@@ -139,7 +138,6 @@ describe("AuthService", () => {
         id: "mockNanoId123",
         email: "[email protected]",
         name: "Test User",
-        tokenVersion: 0,
       };
 
       const mockResponse = {
@@ -152,7 +150,6 @@ describe("AuthService", () => {
       expect(jwtService.sign).toHaveBeenCalledWith({
         sub: user.id,
         email: user.email,
-        tokenVersion: user.tokenVersion + 1,
       });
       expect(mockResponse.cookie).toHaveBeenCalledWith("refreshToken", expect.any(String), {
         httpOnly: true,
@@ -234,7 +231,6 @@ describe("AuthService", () => {
       expect(jwtService.sign).toHaveBeenCalledWith({
         sub: mockUser.id,
         email: mockUser.email,
-        tokenVersion: 1,
       });
       expect(mockResponse.header).toHaveBeenCalledWith("Authorization", `Bearer test-token`);
       expect(result).toEqual({