Skip to content

[FEAT] #33 쿠키 setSecure 동적 설정 추가 #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lehojun merged 1 commit into from
May 29, 2025
Merged

[FEAT] #33 쿠키 setSecure 동적 설정 추가 #34

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion src/main/java/com/example/be/service/UserServiceImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ public CommonDTO.IsSuccessDTO signUp(UserDTO.SingUpRequestDto request) {

}

public CommonDTO.IsSuccessDTO login(UserDTO.LoginRequestDto request, HttpServletResponse response) {
public CommonDTO.IsSuccessDTO login(UserDTO.LoginRequestDto request, HttpServletResponse response, HttpServletRequest httpRequest) {
//db에 아이디랑 비밀번호가 일치하는지 조회
// 일치한다면 토큰 발급 후 response

Expand All @@ -84,13 +84,17 @@ public CommonDTO.IsSuccessDTO login(UserDTO.LoginRequestDto request, HttpServlet
// AccessToken 발급
String accessToken = jwtUtil.generateAccessToken(user.getUserId(), ACCESS_TOKEN_EXPIRATION_TIME);

String origin = httpRequest.getHeader("Origin");
boolean isSecure = origin == null || !origin.contains("localhost");


// 쿠키에 액세스 토큰 추가
Cookie accessTokenCookie = new Cookie("accessToken", accessToken);
accessTokenCookie.setHttpOnly(true); // JavaScript에서 접근 불가능하게 설정
accessTokenCookie.setSecure(true); // HTTPS에서만 전송되도록 설정, https 적용 후 true로 설정 예정
accessTokenCookie.setPath("/"); // 모든 경로에서 쿠키 접근 가능
accessTokenCookie.setMaxAge((int) (ACCESS_TOKEN_EXPIRATION_TIME / 1000)); // 밀리초를 초로 변환
accessTokenCookie.setSecure(isSecure); // localhost면 false, 배포면 true
response.addCookie(accessTokenCookie);

// 쿠키에 리프레시 토큰 추가
Expand All @@ -99,6 +103,7 @@ public CommonDTO.IsSuccessDTO login(UserDTO.LoginRequestDto request, HttpServlet
refreshTokenCookie.setSecure(true);
refreshTokenCookie.setPath("/");
refreshTokenCookie.setMaxAge((int) (REFRESH_TOKEN_EXPIRATION_TIME / 1000));
refreshTokenCookie.setSecure(isSecure);
response.addCookie(refreshTokenCookie);

return CommonDTO.IsSuccessDTO.builder()
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/com/example/be/web/controller/UserController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ public ApiResponse<CommonDTO.IsSuccessDTO> signup(@RequestBody UserDTO.SingUpReq

@PostMapping("/login")
@Operation(summary = "로그인 API")
public ApiResponse<CommonDTO.IsSuccessDTO> login(@RequestBody UserDTO.LoginRequestDto request, HttpServletResponse response) {
return ApiResponse.onSuccess(userService.login(request, response));
public ApiResponse<CommonDTO.IsSuccessDTO> login(@RequestBody UserDTO.LoginRequestDto dtoRequest, HttpServletResponse response, HttpServletRequest request) {
return ApiResponse.onSuccess(userService.login(dtoRequest, response, request));
}

@PostMapping("/info")
Expand Down