refactor: HttpOnly 쿠키 기반 인증으로 전환

Access Token을 쿠키로 관리하도록 변경하고
클라이언트 측 토큰 저장/헤더 설정 로직을 제거한다.
jwt-decode 패키지 삭제.

Author: alexization

package-lock.json

@@ -23,7 +23,6 @@
     "clsx": "^2.1.1",
     "cmdk": "^1.1.1",
     "framer-motion": "^12.26.2",
-    "jwt-decode": "^4.0.0",
     "lucide-react": "^0.562.0",
     "next": "16.1.3",
     "next-themes": "^0.4.6",

package.json

@@ -1,11 +1,10 @@
 "use client"
 
-import { useEffect, useState, Suspense } from "react"
-import { useRouter, useSearchParams } from "next/navigation"
+import { useEffect, useRef, useState, Suspense } from "react"
+import { useRouter } from "next/navigation"
 import { useAuthStore } from "@/features/auth/store/auth-store"
 import { apiClient, getErrorMessage } from "@/shared/lib/api-client"
-import { getUser } from "@/features/user/api/user-service"
-import { jwtDecode } from "jwt-decode"
+import { RegisterUserResponse } from "@/shared/types/api"
 import { toast } from "sonner"
 import { Card } from "@/shared/components/card"
 import { Button } from "@/shared/components/button"
@@ -14,13 +13,6 @@ import { Loader2, AlertCircle, RefreshCcw } from "lucide-react"
 import { motion, AnimatePresence } from "framer-motion"
 import Link from "next/link"
 
-interface JwtPayload {
-  sub: string;
-  role: string;
-  iat: number;
-  exp: number;
-}
-
 const LOADING_STEPS = [
   "GitHub 계정을 확인하고 있습니다...",
   "공개 레포지토리 데이터를 수집 중입니다...",
@@ -31,11 +23,11 @@ const LOADING_STEPS = [
 
 function RedirectHandler() {
   const router = useRouter()
-  const searchParams = useSearchParams()
   const { login } = useAuthStore()
 
   const [currentStep, setCurrentStep] = useState(0)
   const [error, setError] = useState<string | null>(null)
+  const hasCalledRef = useRef(false)
 
   // Fake Progress Logic
   useEffect(() => {
@@ -48,39 +40,26 @@ function RedirectHandler() {
   }, [error]);
 
   useEffect(() => {
-    const accessToken = searchParams.get("accessToken")
-
-    if (accessToken) {
-      apiClient.defaults.headers.common["Authorization"] = `Bearer ${accessToken}`
-
-      try {
-        const decoded = jwtDecode<JwtPayload>(accessToken)
-        const username = decoded.sub
-
-        getUser(username).then((user) => {
-          login(user, accessToken)
-          toast.success(`환영합니다, ${user.username}님!`)
-          router.replace(`/users/${user.username}`)
-        }).catch((err) => {
-          if (process.env.NODE_ENV === "development") {
-            console.error("Failed to fetch user info", err)
-          }
-          const errorMessage = getErrorMessage(err, "사용자 정보를 불러오는데 실패했습니다.")
-          setError(errorMessage)
-          toast.error(errorMessage)
-        })
-
-      } catch (e) {
+    if (hasCalledRef.current) return
+    hasCalledRef.current = true
+
+    // 쿠키는 이미 Set-Cookie로 설정되어 있으므로, /users/me로 사용자 정보 조회
+    apiClient.get<void, RegisterUserResponse>('/users/me')
+      .then((user) => {
+        login(user)
+        toast.success(`환영합니다, ${user.username}님!`)
+        router.replace(`/users/${user.username}`)
+      })
+      .catch((err) => {
         if (process.env.NODE_ENV === "development") {
-          console.error("Invalid Token", e)
+          console.error("Failed to fetch user info", err)
         }
-        setError("로그인 토큰이 올바르지 않습니다.")
-        toast.error("로그인 토큰이 올바르지 않습니다.")
-      }
-    } else {
-      router.replace("/login")
-    }
-  }, [searchParams, router, login])
+        const errorMessage = getErrorMessage(err, "사용자 정보를 불러오는데 실패했습니다.")
+        setError(errorMessage)
+        toast.error(errorMessage)
+      })
+  // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [])
 
   // Error State UI
   if (error) {
@@ -194,4 +173,4 @@ export default function AuthCallbackPage() {
         </Suspense>
       </div>
   )
-}
+}

src/app/auth/callback/page.tsx

@@ -1,11 +1,10 @@
 "use client"
 
-import { useEffect, useState, Suspense } from "react"
-import { useRouter, useSearchParams } from "next/navigation"
+import { useEffect, useRef, useState, Suspense } from "react"
+import { useRouter } from "next/navigation"
 import { useAuthStore } from "@/features/auth/store/auth-store"
 import { apiClient, getErrorMessage } from "@/shared/lib/api-client"
-import { getUser } from "@/features/user/api/user-service"
-import { jwtDecode } from "jwt-decode"
+import { RegisterUserResponse } from "@/shared/types/api"
 import { toast } from "sonner"
 import { Card } from "@/shared/components/card"
 import { Button } from "@/shared/components/button"
@@ -14,13 +13,6 @@ import { Loader2, AlertCircle, RefreshCcw } from "lucide-react"
 import { motion, AnimatePresence } from "framer-motion"
 import Link from "next/link"
 
-interface JwtPayload {
-  sub: string;
-  role: string;
-  iat: number;
-  exp: number;
-}
-
 const LOADING_STEPS = [
   "GitHub 계정을 확인하고 있습니다...",
   "공개 레포지토리 데이터를 수집 중입니다...",
@@ -31,11 +23,11 @@ const LOADING_STEPS = [
 
 function RedirectHandler() {
   const router = useRouter()
-  const searchParams = useSearchParams()
   const { login } = useAuthStore()
 
   const [currentStep, setCurrentStep] = useState(0)
   const [error, setError] = useState<string | null>(null)
+  const hasCalledRef = useRef(false)
 
   // Fake Progress Logic
   useEffect(() => {
@@ -48,39 +40,26 @@ function RedirectHandler() {
   }, [error]);
 
   useEffect(() => {
-    const accessToken = searchParams.get("accessToken")
-
-    if (accessToken) {
-      apiClient.defaults.headers.common["Authorization"] = `Bearer ${accessToken}`
-
-      try {
-        const decoded = jwtDecode<JwtPayload>(accessToken)
-        const username = decoded.sub
-
-        getUser(username).then((user) => {
-          login(user, accessToken)
-          toast.success(`환영합니다, ${user.username}님!`)
-          router.replace(`/users/${user.username}`)
-        }).catch((err) => {
-          if (process.env.NODE_ENV === "development") {
-            console.error("Failed to fetch user info", err)
-          }
-          const errorMessage = getErrorMessage(err, "사용자 정보를 불러오는데 실패했습니다.")
-          setError(errorMessage)
-          toast.error(errorMessage)
-        })
-
-      } catch (e) {
+    if (hasCalledRef.current) return
+    hasCalledRef.current = true
+
+    // 쿠키는 이미 Set-Cookie로 설정되어 있으므로, /users/me로 사용자 정보 조회
+    apiClient.get<void, RegisterUserResponse>('/users/me')
+      .then((user) => {
+        login(user)
+        toast.success(`환영합니다, ${user.username}님!`)
+        router.replace(`/users/${user.username}`)
+      })
+      .catch((err) => {
         if (process.env.NODE_ENV === "development") {
-          console.error("Invalid Token", e)
+          console.error("Failed to fetch user info", err)
         }
-        setError("로그인 토큰이 올바르지 않습니다.")
-        toast.error("로그인 토큰이 올바르지 않습니다.")
-      }
-    } else {
-      router.replace("/login")
-    }
-  }, [searchParams, router, login])
+        const errorMessage = getErrorMessage(err, "사용자 정보를 불러오는데 실패했습니다.")
+        setError(errorMessage)
+        toast.error(errorMessage)
+      })
+  // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [])
 
   // Error State UI
   if (error) {
@@ -194,4 +173,4 @@ export default function OAuth2RedirectPage() {
         </Suspense>
       </div>
   )
-}
+}

src/app/oauth2/redirect/page.tsx

@@ -1,44 +1,24 @@
 import { create } from 'zustand';
 import { persist } from 'zustand/middleware';
 import { User } from '@/shared/types/api';
-import { apiClient } from '@/shared/lib/api-client';
 
 interface AuthState {
   user: User | null;
   isAuthenticated: boolean;
-  accessToken: string | null;
-  login: (user: User, accessToken?: string) => void;
+  login: (user: User) => void;
   logout: () => void;
-  setAccessToken: (token: string) => void;
 }
 
 export const useAuthStore = create<AuthState>()(
   persist(
     (set) => ({
       user: null,
       isAuthenticated: false,
-      accessToken: null,
-      login: (user, accessToken) => set((state) => ({ 
-          user, 
-          isAuthenticated: true,
-          accessToken: accessToken || state.accessToken 
-      })),
-      logout: () => {
-          set({ user: null, isAuthenticated: false, accessToken: null });
-          delete apiClient.defaults.headers.common["Authorization"];
-      },
-      setAccessToken: (token) => {
-          set({ accessToken: token });
-          apiClient.defaults.headers.common["Authorization"] = `Bearer ${token}`;
-      }
+      login: (user) => set({ user, isAuthenticated: true }),
+      logout: () => set({ user: null, isAuthenticated: false }),
     }),
     {
       name: 'auth-storage',
-      onRehydrateStorage: () => (state) => {
-          if (state?.accessToken) {
-              apiClient.defaults.headers.common["Authorization"] = `Bearer ${state.accessToken}`;
-          }
-      }
     }
   )
-);
+);