Merge pull request #33 from Decodeat/junho/hotfix-temp

kjhh2605 · web-flow · commit 48fa95860c54 · 2025-09-11T13:11:42.000+09:00
Fix: 리프레시토큰 재발급 api 수정
diff --git a/src/main/java/com/DecodEat/domain/refreshToken/controller/TokenController.java b/src/main/java/com/DecodEat/domain/refreshToken/controller/TokenController.java
@@ -5,6 +5,7 @@
 import com.DecodEat.domain.refreshToken.service.TokenService;
 import com.DecodEat.global.apiPayload.ApiResponse;
 import io.swagger.v3.oas.annotations.Operation;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -17,11 +18,8 @@ public class TokenController {
 
     @PostMapping("/api/token")
     @Operation(summary = "액세스 토큰 재발급 API")
-    public ApiResponse<CreateAccessTokenResponse> createAccessToken(@RequestBody CreateAccessTokenRequest request){
+    public ApiResponse<String> createAccessToken(HttpServletRequest request){
 
-        String refreshToken = request.getRefreshToken();
-        String newAccessToken = tokenService.createNewAccessToken(refreshToken);
-
-        return ApiResponse.onSuccess(new CreateAccessTokenResponse(newAccessToken));
+        return ApiResponse.onSuccess(tokenService.refreshAccessToken(request));
     }
 }
diff --git a/src/main/java/com/DecodEat/domain/refreshToken/service/TokenService.java b/src/main/java/com/DecodEat/domain/refreshToken/service/TokenService.java
@@ -6,7 +6,11 @@
 import com.DecodEat.domain.users.entity.User;
 import com.DecodEat.domain.users.service.UserService;
 import com.DecodEat.global.config.jwt.JwtTokenProvider;
+import com.DecodEat.global.config.oauth.OAuth2SuccessHandler;
 import com.DecodEat.global.exception.GeneralException;
+import com.DecodEat.global.util.CookieUtil;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 
@@ -31,4 +35,17 @@ public String createNewAccessToken(String refreshToken){
 
         return jwtTokenProvider.generateToken(user, Duration.ofHours(2)); // 액세스 토큰 유효시간 : 2시간
     }
+
+    public String refreshAccessToken(HttpServletRequest request){
+        Cookie cookie = CookieUtil
+                .getCookie(request, OAuth2SuccessHandler.REFRESH_TOKEN_COOKIE_NAME)
+                .orElseThrow(() -> new GeneralException(NO_RESULT));
+
+        String refreshToken = cookie.getValue();
+
+        if(!jwtTokenProvider.validToken(refreshToken)){
+            throw new GeneralException(UNEXPECTED_TOKEN);
+        }
+        return createNewAccessToken(refreshToken);
+    }
 }
diff --git a/src/main/java/com/DecodEat/global/config/oauth/OAuth2SuccessHandler.java b/src/main/java/com/DecodEat/global/config/oauth/OAuth2SuccessHandler.java
@@ -16,6 +16,8 @@
 import org.springframework.web.util.UriComponentsBuilder;
 
 import java.io.IOException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.time.Duration;
 import java.util.Map;
 
@@ -51,7 +53,6 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
 
         // 2. 액세스 토큰 생성
         String accessToken = tokenProvider.generateToken(user, ACCESS_TOKEN_DURATION);
-        addAccessTokenToCookie(request, response, accessToken);
 
         String targetUrl = getTargetUrl(accessToken);
 
@@ -71,14 +72,6 @@ private void saveRefreshToken(Long userId, String newRefreshToken) {
         refreshTokenRepository.save(refreshToken);
     }
 
-    private void addAccessTokenToCookie(HttpServletRequest request, HttpServletResponse response, String accessToken) {
-        int cookieMaxAge = (int) ACCESS_TOKEN_DURATION.toSeconds();
-        CookieUtil.deleteCookie(request, response, ACCESS_TOKEN_COOKIE_NAME);
-        CookieUtil.addCookie(response, ACCESS_TOKEN_COOKIE_NAME, accessToken, cookieMaxAge);
-    }
-
-
-
     // 생성된 리프레시 토큰을 쿠키에 저장
     private void addRefreshTokenToCookie(HttpServletRequest request, HttpServletResponse response, String refreshToken) {
         int cookieMaxAge = (int) REFRESH_TOKEN_DURATION.toSeconds();
@@ -94,9 +87,11 @@ private void clearAuthenticationAttributes(HttpServletRequest request, HttpServl
 
     // 액세스 토큰을 리다이렉트 경로에 파라미터로 추가
     private String getTargetUrl(String token) {
-        return UriComponentsBuilder.fromUriString("/decodeat.store") //todo:로그인 후 스웨거화면
-                .queryParam("token", token)
+        return UriComponentsBuilder.fromUriString("https://decodeat.netlify.app")
+                .queryParam("access_token", token)
                 .build()
                 .toUriString();
     }
+
+
 }
