[Add] PKCE 체크 및 관련 기능 구현, Playground 디렉토리 정리

2025-05-26 00:56:03 +09:00 · 2025-05-26 00:56:03 +09:00 · 0a24c5594d
commit 0a24c5594d
parent ba20dd9007
13 changed files with 164 additions and 140 deletions
--- a/playground/PKCEDowngrade/.gitignore
+++ b/playground/PKCEDowngrade/.gitignore
@ -0,0 +1,2 @@
+# deps
+node_modules/
--- a/playground/PKCEDowngrade/README.md
+++ b/playground/PKCEDowngrade/README.md
@ -0,0 +1,11 @@
+To install dependencies:
+```sh
+bun install
+```
+
+To run:
+```sh
+bun run dev
+```
+
+open http://localhost:3000
--- a/playground/PKCEDowngrade/bun.lock
+++ b/playground/PKCEDowngrade/bun.lock
@ -0,0 +1,25 @@
+{
+  "lockfileVersion": 1,
+  "workspaces": {
+    "": {
+      "name": "PKCEDowngrade",
+      "dependencies": {
+        "hono": "^4.7.10",
+      },
+      "devDependencies": {
+        "@types/bun": "latest",
+      },
+    },
+  },
+  "packages": {
+    "@types/bun": ["@types/bun@1.2.14", "", { "dependencies": { "bun-types": "1.2.14" } }, "sha512-VsFZKs8oKHzI7zwvECiAJ5oSorWndIWEVhfbYqZd4HI/45kzW7PN2Rr5biAzvGvRuNmYLSANY+H59ubHq8xw7Q=="],
+
+    "@types/node": ["@types/node@22.15.21", "", { "dependencies": { "undici-types": "~6.21.0" } }, "sha512-EV/37Td6c+MgKAbkcLG6vqZ2zEYHD7bvSrzqqs2RIhbA6w3x+Dqz8MZM3sP6kGTeLrdoOgKZe+Xja7tUB2DNkQ=="],
+
+    "bun-types": ["bun-types@1.2.14", "", { "dependencies": { "@types/node": "*" } }, "sha512-Kuh4Ub28ucMRWeiUUWMHsT9Wcbr4H3kLIO72RZZElSDxSu7vpetRvxIUDUaW6QtaIeixIpm7OXtNnZPf82EzwA=="],
+
+    "hono": ["hono@4.7.10", "", {}, "sha512-QkACju9MiN59CKSY5JsGZCYmPZkA6sIW6OFCUp7qDjZu6S6KHtJHhAc9Uy9mV9F8PJ1/HQ3ybZF2yjCa/73fvQ=="],
+
+    "undici-types": ["undici-types@6.21.0", "", {}, "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ=="],
+  }
+}
--- a/playground/PKCEDowngrade/package.json
+++ b/playground/PKCEDowngrade/package.json
@ -0,0 +1,12 @@
+{
+  "name": "PKCEDowngrade",
+  "scripts": {
+    "dev": "bun run --hot src/index.ts"
+  },
+  "dependencies": {
+    "hono": "^4.7.10"
+  },
+  "devDependencies": {
+    "@types/bun": "latest"
+  }
+}
--- a/playground/PKCEDowngrade/src/index.ts
+++ b/playground/PKCEDowngrade/src/index.ts
@ -0,0 +1,94 @@
+import { Hono } from 'hono'
+import { randomBytes, createHash } from 'crypto'
+import { Buffer } from 'buffer'
+
+const app = new Hono()
+
+// In-memory PKCE store (should use Redis or similar in production)
+const pkceStore = new Map<string, string>()
+
+const generateCodeVerifier = () => {
+  return randomBytes(32).toString('hex')
+}
+
+const generateCodeChallenge = (verifier: string) => {
+  const hash = createHash('sha256').update(verifier).digest()
+  return hash.toString('base64url')
+}
+
+// Step 1: Redirect to GitHub with PKCE
+app.get('/login', (c) => {
+  const codeVerifier = generateCodeVerifier()
+  const codeChallenge = generateCodeChallenge(codeVerifier)
+  const state = randomBytes(8).toString('hex')
+
+  pkceStore.set(state, codeVerifier)
+
+  const params = new URLSearchParams({
+    client_id: process.env.GITHUB_CLIENT_ID!,
+    redirect_uri: 'http://localhost:8787/callback',
+    scope: 'read:user',
+    state,
+    response_type: 'code',
+    code_challenge: codeChallenge,
+    code_challenge_method: 'S256',
+  })
+
+  return c.redirect(`https://github.com/login/oauth/authorize?${params}`)
+})
+
+// Step 2: GitHub redirects back here
+app.get('/callback', async (c) => {
+  const url = new URL(c.req.url)
+  const code = url.searchParams.get('code')
+  const state = url.searchParams.get('state')
+
+  if (!code || !state) {
+    return c.text('Missing code or state', 400)
+  }
+
+  const codeVerifier = pkceStore.get(state)
+  if (!codeVerifier) {
+    return c.text('Invalid or expired state', 400)
+  }
+
+  // Step 3: Exchange code + verifier for token
+  const tokenRes = await fetch('https://github.com/login/oauth/access_token', {
+    method: 'POST',
+    headers: {
+      Accept: 'application/json',
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({
+      client_id: process.env.GITHUB_CLIENT_ID,
+      client_secret: process.env.GITHUB_CLIENT_SECRET,
+      code,
+      redirect_uri: 'http://localhost:8787/callback',
+      code_verifier: codeVerifier,
+    }),
+  })
+
+  const tokenData = await tokenRes.json()
+  if (!tokenData.access_token) {
+    return c.text('Failed to get access token', 500)
+  }
+
+  // Step 4: Use token to fetch user profile
+  const userRes = await fetch('https://api.github.com/user', {
+    headers: {
+      Authorization: `Bearer ${tokenData.access_token}`,
+      'User-Agent': 'hono-app',
+    },
+  })
+
+  const user = await userRes.json()
+  return c.json({
+    message: 'GitHub login successful!',
+    user,
+  })
+})
+
+export default { 
+  port: 8787,
+  fetch: app.fetch,
+}
--- a/playground/PKCEDowngrade/tsconfig.json
+++ b/playground/PKCEDowngrade/tsconfig.json
@ -0,0 +1,7 @@
+{
+  "compilerOptions": {
+    "strict": true,
+    "jsx": "react-jsx",
+    "jsxImportSource": "hono/jsx"
+  }
+}