Merge pull request #159 from prgrms-web-devcourse-final-project/feature/

#152-refrash-token-cookie Feature/#152 리프레시 토큰 쿠키 sameSite 설정 추가
prgrms-web-devcourse-final-project · Dec 7, 2024 · 2fd4882 · 2fd4882
2 parents 5ed52a1 + da409c7
commit 2fd4882
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 24 deletions.
diff --git a/src/main/java/postman/bottler/user/auth/CookieService.java b/src/main/java/postman/bottler/user/auth/CookieService.java
@@ -0,0 +1,20 @@
+package postman.bottler.user.auth;
+
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.http.ResponseCookie;
+import org.springframework.stereotype.Service;
+
+@Service
+public class CookieService {
+    public void addCookie(HttpServletResponse response, String name, String value) {
+        ResponseCookie cookie = ResponseCookie.from(name, value)
+                .path("/")
+                .sameSite("None")
+                .httpOnly(true)
+                .secure(true)
+                .maxAge(7 * 24 * 60 * 60)
+                .build();
+
+        response.addHeader("Set-Cookie", cookie.toString());
+    }
+}
diff --git a/src/main/java/postman/bottler/user/controller/AuthController.java b/src/main/java/postman/bottler/user/controller/AuthController.java
@@ -13,6 +13,7 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import postman.bottler.global.response.ApiResponse;
+import postman.bottler.user.auth.CookieService;
 import postman.bottler.user.dto.request.SignInRequestDTO;
 import postman.bottler.user.dto.response.AccessTokenResponseDTO;
 import postman.bottler.user.dto.response.SignInDTO;
@@ -28,6 +29,7 @@
 @Tag(name = "유저", description = "유저 관련 API")
 public class AuthController {
     private final UserService userService;
+    private final CookieService cookieService;
 
     @Operation(summary = "로그인", description = "이메일과 비밀번호로 로그인합니다.")
     @PostMapping("/signin")
@@ -37,20 +39,10 @@ public ApiResponse<SignInResponseDTO> signin(
             HttpServletResponse response) {
         validateRequestDTO(bindingResult);
         SignInDTO signInDTO = userService.signin(signInRequestDTO.email(), signInRequestDTO.password());
-        addHttpOnlyCookie(response, "refreshToken", signInDTO.refreshToken());
-
+        cookieService.addCookie(response, "refreshToken", signInDTO.refreshToken());
         return ApiResponse.onSuccess(new SignInResponseDTO(signInDTO.accessToken()));
     }
 
-    private void addHttpOnlyCookie(HttpServletResponse response, String name, String value) {
-        Cookie cookie = new Cookie(name, value);
-        cookie.setHttpOnly(true);
-        cookie.setSecure(true);
-        cookie.setPath("/");
-        cookie.setMaxAge(7 * 24 * 60 * 60);
-        response.addCookie(cookie);
-    }
-
     @Operation(summary = "리프레시 토큰 유효성 검사", description = "리프레시 토큰 유효성 검사 성공 시 새로운 액세스 토큰 발급합니다.")
     @PostMapping("/validate")
     public ApiResponse<AccessTokenResponseDTO> validateRefreshToken(HttpServletRequest request) {

diff --git a/src/main/java/postman/bottler/user/controller/OAuthController.java b/src/main/java/postman/bottler/user/controller/OAuthController.java
@@ -2,7 +2,6 @@
 
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletResponse;
 import java.util.Map;
 import lombok.RequiredArgsConstructor;
@@ -12,6 +11,7 @@
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.view.RedirectView;
 import postman.bottler.global.response.ApiResponse;
+import postman.bottler.user.auth.CookieService;
 import postman.bottler.user.dto.response.SignInDTO;
 import postman.bottler.user.dto.response.SignInResponseDTO;
 import postman.bottler.user.exception.KakaoAuthCodeException;
@@ -25,6 +25,7 @@
 public class OAuthController {
     private final KakaoService kakaoService;
     private final UserService userService;
+    private final CookieService cookieService;
 
     @Operation(summary = "카카오 소셜로그인", description = "카카오 서버로 요청을 보내 회원가입 및 로그인을 합니다.")
     @GetMapping("/kakao")
@@ -44,17 +45,7 @@ public ApiResponse<SignInResponseDTO> kakaoSignin(@RequestParam("code") String c
 
         SignInDTO signInDTO = userService.kakaoSignin(kakaoId, nickname);
 
-        addHttpOnlyCookie(response, "refreshToken", signInDTO.refreshToken());
-
+        cookieService.addCookie(response, "refreshToken", signInDTO.refreshToken());
         return ApiResponse.onSuccess(new SignInResponseDTO(signInDTO.accessToken()));
     }
-
-    private void addHttpOnlyCookie(HttpServletResponse response, String name, String value) {
-        Cookie cookie = new Cookie(name, value);
-        cookie.setHttpOnly(true);
-        cookie.setSecure(true);
-        cookie.setPath("/");
-        cookie.setMaxAge(7 * 24 * 60 * 60);
-        response.addCookie(cookie);
-    }
 }
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -13,7 +13,7 @@ spring:
         dialect: org.hibernate.dialect.MySQLDialect
         format_sql: true
         highlight_sql: true
-    show-sql: true
+    show-sql: false
   data:
     redis:
       host: ${REDIS_HOST}