From 1bc442b1d33a2dd4651510f402536cdff7fa08d6 Mon Sep 17 00:00:00 2001
From: KMINGON <rlaalsrhs59@gmail.com>
Date: Wed, 4 Jun 2025 17:01:32 +0900
Subject: [PATCH] =?UTF-8?q?[FIX]:=20tokenType=EA=B9=8C=EC=A7=80=20?=
 =?UTF-8?q?=EA=B2=80=EC=82=AC=ED=95=98=EC=97=AC=20OAuth=20Flow=EC=9D=B8?=
 =?UTF-8?q?=EC=A7=80=20=ED=99=95=EC=9D=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/controller/accessTokenDetector.ts     | 71 ++++++++++++-------
 1 file changed, 46 insertions(+), 25 deletions(-)

diff --git a/packages/backend/src/controller/accessTokenDetector.ts b/packages/backend/src/controller/accessTokenDetector.ts
index 6e95120..283b19b 100644
--- a/packages/backend/src/controller/accessTokenDetector.ts
+++ b/packages/backend/src/controller/accessTokenDetector.ts
@@ -132,34 +132,53 @@ export class AccessTokenLeakController {
    * @param text - 검사할 텍스트
    * @returns 토큰 값이 있으면 해당 값, 없으면 null
    */
-private extractTokenFromText(text: string): string | null {
+  private extractTokenFromText(text: string): string | null {
      // 토큰 관련 키워드 리스트
     const tokenKeys = [
-        'access_token',
-        'accesstoken',
-        'Access-Token',
-        'Refresh_Token',
-        'Refresh-Token',
-        'RefreshToken',
-        'Secret_Token',
-        'Secret-Token',
-        'SecretToken',
-        'SSO_Auth',
-        'SSO-Auth',
-        'SSOAuth',
-        'auth_token',
-        'session_token'
-     ];
+      'access_token',
+      'accesstoken',
+      'Access-Token',
+      'Refresh_Token',
+      'Refresh-Token',
+      'RefreshToken',
+      'Secret_Token',
+      'Secret-Token',
+      'SecretToken',
+      'SSO_Auth',
+      'SSO-Auth',
+      'SSOAuth',
+      'auth_token',
+      'session_token'
+    ];
 
-  // 정규표현식 패턴 리스트 생성
+    const tokenTypeKeys = [
+      'token_type',
+      'tokenType'
+    ];
+
+     // 정규표현식 토큰 타입 유무 패턴 리스트 생성
+    const tokenTypeRegexes: RegExp[] = [];
+    for (const key of tokenTypeKeys) {
+      // JSON 형식: "token_type": "Bearer"
+      tokenTypeRegexes.push(new RegExp(`"${key}"\\s*:\\s*"bearer"`, 'i'));
+      // 일반 key=value 형식: token_type=Bearer
+      tokenTypeRegexes.push(new RegExp(`${key}[=:]\\s*bearer`, 'i'));
+      // 공백 있는 형식: token_type : Bearer
+      tokenTypeRegexes.push(new RegExp(`${key}\\s*:\\s*bearer`, 'i'));
+    }
+
+    // token_type=bearer 형태 중 하나라도 포함되는지 확인
+    const hasTokenTypeBearer = tokenTypeRegexes.some(rx => rx.test(text));
+
+    // 정규표현식 토큰 유무 패턴 리스트 생성
     const tokenPatterns: RegExp[] = [];
 
     for (const key of tokenKeys) {
-        // 1. key=token 또는 key: token
-        tokenPatterns.push(new RegExp(`${key}[=:]\\s*([a-zA-Z0-9\\-._~+/]+=*)`, 'i'));
+      // 1. key=token 또는 key: token
+      tokenPatterns.push(new RegExp(`${key}[=:]\\s*([a-zA-Z0-9\\-._~+/]+=*)`, 'i'));
 
-        // 2. JSON 형태의 "key": "token"
-        tokenPatterns.push(new RegExp(`"${key}"\\s*:\\s*"([^"]+)"`, 'i'));
+      // 2. JSON 형태의 "key": "token"
+      tokenPatterns.push(new RegExp(`"${key}"\\s*:\\s*"([^"]+)"`, 'i'));
     }
 
     // 3. Authorization: Bearer <token> 형태
@@ -167,12 +186,14 @@ private extractTokenFromText(text: string): string | null {
 
     // 모든 패턴에 대해 검사
     for (const pattern of tokenPatterns) {
-        const match = pattern.exec(text);
-        if (match && match[1]) {
-        return match[1];
+      const match = pattern.exec(text);
+      if (match && match[1]) {
+        if(hasTokenTypeBearer){
+          return match[1];
         }
+      }
     }
 
     return null;
-    }
+  }
 }
\ No newline at end of file