Enhance user management and token invalidation features

- Added comprehensive validation for user data during registration and updates, including email format, company code existence, user type validation, and password length checks. - Implemented JWT token invalidation for users when their status changes or when roles are updated, ensuring security and compliance with the latest policies. - Introduced a new TokenInvalidationService to manage token versioning and invalidation processes efficiently. - Updated the admin controller to provide detailed error messages and success responses for user status changes and validations. - Enhanced the authentication middleware to check token versions against the database, ensuring that invalidated tokens cannot be used. This commit improves the overall security and user management experience within the application.
2026-03-25 18:47:50 +09:00
parent 782ebb1b33
commit 70e040db39
12 changed files with 573 additions and 36 deletions
--- a/backend-node/src/controllers/roleController.ts
+++ b/backend-node/src/controllers/roleController.ts
@@ -472,6 +472,10 @@ export const addRoleMembers = async (
      req.user?.userId || "SYSTEM"
    );

+    // 권한 변경된 사용자들의 JWT 토큰 무효화
+    const { TokenInvalidationService } = require("../services/tokenInvalidationService");
+    await TokenInvalidationService.invalidateMultipleUserTokens(userIds);
+
    const response: ApiResponse<null> = {
      success: true,
      message: "권한 그룹 멤버 추가 성공",
@@ -568,6 +572,13 @@ export const updateRoleMembers = async (
      );
    }

+    // 권한 변경된 사용자들의 JWT 토큰 무효화
+    const allAffectedUsers = [...new Set([...toAdd, ...toRemove])];
+    if (allAffectedUsers.length > 0) {
+      const { TokenInvalidationService } = require("../services/tokenInvalidationService");
+      await TokenInvalidationService.invalidateMultipleUserTokens(allAffectedUsers);
+    }
+
    logger.info("권한 그룹 멤버 일괄 업데이트 성공", {
      masterObjid,
      added: toAdd.length,
@@ -646,6 +657,10 @@ export const removeRoleMembers = async (
      req.user?.userId || "SYSTEM"
    );

+    // 권한 변경된 사용자들의 JWT 토큰 무효화
+    const { TokenInvalidationService } = require("../services/tokenInvalidationService");
+    await TokenInvalidationService.invalidateMultipleUserTokens(userIds);
+
    const response: ApiResponse<null> = {
      success: true,
      message: "권한 그룹 멤버 제거 성공",
@@ -777,6 +792,18 @@ export const setMenuPermissions = async (
      req.user?.userId || "SYSTEM"
    );

+    // 해당 권한 그룹의 모든 멤버 JWT 토큰 무효화
+    try {
+      const members = await RoleService.getRoleMembers(authObjid);
+      const memberIds = members.map((m: any) => m.userId);
+      if (memberIds.length > 0) {
+        const { TokenInvalidationService } = require("../services/tokenInvalidationService");
+        await TokenInvalidationService.invalidateMultipleUserTokens(memberIds);
+      }
+    } catch (invalidateError) {
+      logger.warn("메뉴 권한 변경 후 토큰 무효화 실패 (권한 설정은 성공)", { invalidateError });
+    }
+
    const response: ApiResponse<null> = {
      success: true,
      message: "메뉴 권한 설정 성공",