Merge branch 'main' into Feat/#24

Yujin1219 · web-flow · commit 6a75aced61a4 · 2025-09-11T13:04:04.000+09:00
diff --git a/src/main/java/com/DecodEat/domain/refreshToken/controller/TokenController.java b/src/main/java/com/DecodEat/domain/refreshToken/controller/TokenController.java
@@ -1,8 +1,8 @@
 package com.DecodEat.domain.refreshToken.controller;
 
-import com.DecodEat.domain.RefreshToken.dto.request.CreateAccessTokenRequest;
-import com.DecodEat.domain.RefreshToken.dto.response.CreateAccessTokenResponse;
-import com.DecodEat.domain.RefreshToken.service.TokenService;
+import com.DecodEat.domain.refreshToken.dto.request.CreateAccessTokenRequest;
+import com.DecodEat.domain.refreshToken.dto.response.CreateAccessTokenResponse;
+import com.DecodEat.domain.refreshToken.service.TokenService;
 import com.DecodEat.global.apiPayload.ApiResponse;
 import io.swagger.v3.oas.annotations.Operation;
 import lombok.RequiredArgsConstructor;
diff --git a/src/main/java/com/DecodEat/domain/refreshToken/dto/request/CreateAccessTokenRequest.java b/src/main/java/com/DecodEat/domain/refreshToken/dto/request/CreateAccessTokenRequest.java
@@ -1,4 +1,4 @@
-package com.DecodEat.domain.RefreshToken.dto.request;
+package com.DecodEat.domain.refreshToken.dto.request;
 
 import lombok.Getter;
 import lombok.Setter;
diff --git a/src/main/java/com/DecodEat/domain/refreshToken/dto/response/CreateAccessTokenResponse.java b/src/main/java/com/DecodEat/domain/refreshToken/dto/response/CreateAccessTokenResponse.java
@@ -1,4 +1,4 @@
-package com.DecodEat.domain.RefreshToken.dto.response;
+package com.DecodEat.domain.refreshToken.dto.response;
 
 import lombok.AllArgsConstructor;
 import lombok.Getter;
diff --git a/src/main/java/com/DecodEat/domain/refreshToken/entity/RefreshToken.java b/src/main/java/com/DecodEat/domain/refreshToken/entity/RefreshToken.java
@@ -1,4 +1,4 @@
-package com.DecodEat.domain.RefreshToken.entity;
+package com.DecodEat.domain.refreshToken.entity;
 
 import jakarta.persistence.*;
 import lombok.*;
diff --git a/src/main/java/com/DecodEat/domain/refreshToken/repository/RefreshTokenRepository.java b/src/main/java/com/DecodEat/domain/refreshToken/repository/RefreshTokenRepository.java
@@ -1,6 +1,6 @@
-package com.DecodEat.domain.RefreshToken.repository;
+package com.DecodEat.domain.refreshToken.repository;
 
-import com.DecodEat.domain.RefreshToken.entity.RefreshToken;
+import com.DecodEat.domain.refreshToken.entity.RefreshToken;
 import org.springframework.data.jpa.repository.JpaRepository;
 
 import java.util.Optional;
diff --git a/src/main/java/com/DecodEat/domain/refreshToken/service/RefreshTokenService.java b/src/main/java/com/DecodEat/domain/refreshToken/service/RefreshTokenService.java
@@ -1,7 +1,7 @@
-package com.DecodEat.domain.RefreshToken.service;
+package com.DecodEat.domain.refreshToken.service;
 
-import com.DecodEat.domain.RefreshToken.entity.RefreshToken;
-import com.DecodEat.domain.RefreshToken.repository.RefreshTokenRepository;
+import com.DecodEat.domain.refreshToken.entity.RefreshToken;
+import com.DecodEat.domain.refreshToken.repository.RefreshTokenRepository;
 import com.DecodEat.global.exception.GeneralException;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
diff --git a/src/main/java/com/DecodEat/domain/refreshToken/service/TokenService.java b/src/main/java/com/DecodEat/domain/refreshToken/service/TokenService.java
@@ -1,4 +1,4 @@
-package com.DecodEat.domain.RefreshToken.service;
+package com.DecodEat.domain.refreshToken.service;
 
 
 import static com.DecodEat.global.apiPayload.code.status.ErrorStatus.*;
@@ -10,6 +10,7 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 
+
 import java.time.Duration;
 
 @RequiredArgsConstructor
diff --git a/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java b/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java
@@ -1,26 +1,24 @@
 package com.DecodEat.global.config;
 
-import com.DecodEat.domain.RefreshToken.repository.RefreshTokenRepository;
+import com.DecodEat.domain.refreshToken.repository.RefreshTokenRepository;
 import com.DecodEat.domain.users.service.UserService;
 import com.DecodEat.global.config.jwt.JwtTokenProvider;
 import com.DecodEat.global.config.oauth.OAuth2AuthorizationRequestBasedOnCookieRepository;
 import com.DecodEat.global.config.oauth.OAuth2SuccessHandler;
 import com.DecodEat.global.config.oauth.OAuth2UserCustomService;
 import lombok.RequiredArgsConstructor;
-import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.HttpStatusEntryPoint;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.beans.factory.annotation.Value;
 
 @RequiredArgsConstructor
 @Configuration
@@ -31,6 +29,8 @@ public class WebOAuthSecurityConfig {
     private final RefreshTokenRepository refreshTokenRepository;
     private final UserService userService;
     private final CorsConfigurationSource corsConfigurationSource; // CorsCongifuragtinoSource Bean 주입 위함
+    @Value("${spring.security.oauth2.client.registration.kakao.client-id}")
+    private String kakaoClientId;
 
 //    @Bean
 //    public WebSecurityCustomizer configure() {
@@ -77,6 +77,15 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                 .defaultAuthenticationEntryPointFor(
                         new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED),
                         new AntPathRequestMatcher("/api/**")));
+        // 7. 로그아웃
+        http.logout(logout -> logout
+                .logoutUrl("/api/logout")
+                // 👇 카카오 로그아웃 URL로 리다이렉트
+                .logoutSuccessUrl("https://kauth.kakao.com/oauth/logout?client_id=" + kakaoClientId + "&logout_redirect_uri=https://decodeat.store.app/")
+                .invalidateHttpSession(true)
+                .deleteCookies("JSESSIONID")
+                .clearAuthentication(true)
+        );
 
         return http.build();
     }
diff --git a/src/main/java/com/DecodEat/global/config/oauth/OAuth2SuccessHandler.java b/src/main/java/com/DecodEat/global/config/oauth/OAuth2SuccessHandler.java
@@ -1,7 +1,7 @@
 package com.DecodEat.global.config.oauth;
 
-import com.DecodEat.domain.RefreshToken.entity.RefreshToken;
-import com.DecodEat.domain.RefreshToken.repository.RefreshTokenRepository;
+import com.DecodEat.domain.refreshToken.entity.RefreshToken;
+import com.DecodEat.domain.refreshToken.repository.RefreshTokenRepository;
 import com.DecodEat.domain.users.entity.User;
 import com.DecodEat.domain.users.service.UserService;
 import com.DecodEat.global.config.jwt.JwtTokenProvider;
@@ -24,6 +24,7 @@
 public class OAuth2SuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
 
     public static final String REFRESH_TOKEN_COOKIE_NAME = "refresh_token";
+    public static final String ACCESS_TOKEN_COOKIE_NAME = "access_token";
     public static final Duration REFRESH_TOKEN_DURATION = Duration.ofDays(14);
     public static final Duration ACCESS_TOKEN_DURATION = Duration.ofHours(1);
     public static final String REDIRECT_PATH = "/oauth2/redirect"; // 프론트엔드로 리다이렉트할 경로
@@ -48,8 +49,10 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
         saveRefreshToken(user.getId(), refreshToken);
         addRefreshTokenToCookie(request, response, refreshToken);
 
-        // 2. 액세스 토큰 생성 -> 리다이렉트 경로에 파라미터로 추가
+        // 2. 액세스 토큰 생성
         String accessToken = tokenProvider.generateToken(user, ACCESS_TOKEN_DURATION);
+        addAccessTokenToCookie(request, response, accessToken);
+
         String targetUrl = getTargetUrl(accessToken);
 
         // 3. 인증 관련 설정값, 쿠키 제거
@@ -68,6 +71,14 @@ private void saveRefreshToken(Long userId, String newRefreshToken) {
         refreshTokenRepository.save(refreshToken);
     }
 
+    private void addAccessTokenToCookie(HttpServletRequest request, HttpServletResponse response, String accessToken) {
+        int cookieMaxAge = (int) ACCESS_TOKEN_DURATION.toSeconds();
+        CookieUtil.deleteCookie(request, response, ACCESS_TOKEN_COOKIE_NAME);
+        CookieUtil.addCookie(response, ACCESS_TOKEN_COOKIE_NAME, accessToken, cookieMaxAge);
+    }
+
+
+
     // 생성된 리프레시 토큰을 쿠키에 저장
     private void addRefreshTokenToCookie(HttpServletRequest request, HttpServletResponse response, String refreshToken) {
         int cookieMaxAge = (int) REFRESH_TOKEN_DURATION.toSeconds();
diff --git a/src/main/java/com/DecodEat/global/util/CookieUtil.java b/src/main/java/com/DecodEat/global/util/CookieUtil.java
@@ -3,6 +3,7 @@
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.http.ResponseCookie;
 import org.springframework.util.SerializationUtils;
 
 import java.io.*;
@@ -24,15 +25,15 @@ public static Optional<Cookie> getCookie(HttpServletRequest request, String name
     }
 
     // 응답 객체(response)에 쿠키를 추가하는 메소드
-    // httpOnly: true -> 자바스크립트에서 쿠키에 접근 불가
-    // secure: true -> HTTPS 통신에서만 쿠_cookie 전송
     public static void addCookie(HttpServletResponse response, String name, String value, int maxAge) {
-        Cookie cookie = new Cookie(name, value);
-        cookie.setPath("/"); // 쿠키가 적용될 경로
-        cookie.setMaxAge(maxAge); // 쿠키의 유효 기간(초 단위)
-        cookie.setHttpOnly(true); // JavaScript를 통한 접근 방지
-        // cookie.setSecure(true); // HTTPS를 사용하는 경우에만 활성화
-        response.addCookie(cookie);
+        ResponseCookie cookie = ResponseCookie.from(name, value)
+                .path("/")
+                .maxAge(maxAge)
+                .httpOnly(true)
+                .secure(true)
+                .sameSite("None")
+                .build();
+        response.addHeader("Set-Cookie", cookie.toString());
     }
 
     // 특정 이름의 쿠키를 삭제하는 메소드
@@ -41,10 +42,13 @@ public static void deleteCookie(HttpServletRequest request, HttpServletResponse
         if (cookies != null && cookies.length > 0) {
             for (Cookie cookie : cookies) {
                 if (name.equals(cookie.getName())) {
-                    cookie.setValue("");
-                    cookie.setPath("/");
-                    cookie.setMaxAge(0); // 유효 기간을 0으로 설정하여 즉시 만료
-                    response.addCookie(cookie);
+                    ResponseCookie deleteCookie = ResponseCookie.from(name, "")
+                            .path("/")
+                            .maxAge(0)
+                            .secure(true)
+                            .sameSite("None")
+                            .build();
+                    response.addHeader("Set-Cookie", deleteCookie.toString());
                 }
             }
         }
@@ -61,4 +65,4 @@ public static <T> T deserialize(Cookie cookie, Class<T> cls) {
         byte[] decodedBytes = Base64.getUrlDecoder().decode(cookie.getValue());
         return cls.cast(SerializationUtils.deserialize(decodedBytes));
     }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-package com.DecodEat.domain.RefreshToken.dto.request;`
	`1`	`+package com.DecodEat.domain.refreshToken.dto.request;`
`2`	`2`
`3`	`3`	`import lombok.Getter;`
`4`	`4`	`import lombok.Setter;`