1313import com .bootsignal .domain .auth .dto .SignupRequest ;
1414import com .bootsignal .domain .auth .dto .SignupResponse ;
1515import com .bootsignal .domain .auth .service .AuthService ;
16+ import com .bootsignal .global .security .jwt .JwtTokenCookieManager ;
17+ import jakarta .servlet .http .HttpServletRequest ;
18+ import jakarta .servlet .http .HttpServletResponse ;
1619import jakarta .validation .Valid ;
1720import jakarta .validation .constraints .Email ;
1821import jakarta .validation .constraints .NotBlank ;
2225import org .springframework .validation .annotation .Validated ;
2326import org .springframework .web .bind .annotation .GetMapping ;
2427import org .springframework .web .bind .annotation .PostMapping ;
25- import org .springframework .web .bind .annotation .RequestParam ;
2628import org .springframework .web .bind .annotation .RequestBody ;
2729import org .springframework .web .bind .annotation .RequestMapping ;
30+ import org .springframework .web .bind .annotation .RequestParam ;
2831import org .springframework .web .bind .annotation .ResponseStatus ;
2932import org .springframework .web .bind .annotation .RestController ;
3033
3134/**
32- * 회원가입, 로그인, 소셜 로그인, 토큰 관리, 비밀번호 찾기 API를 제공하는 인증 컨트롤러입니다.
35+ * 회원가입, 로그인, 소셜 로그인, HttpOnly 쿠키 기반 토큰 관리, 비밀번호 찾기 API를 제공하는 인증 컨트롤러입니다.
3336 */
3437@ RestController
3538@ RequestMapping ("/api/auth" )
3841public class AuthController {
3942
4043 private final AuthService authService ;
44+ private final JwtTokenCookieManager jwtTokenCookieManager ;
4145
4246 @ GetMapping ("/check-email" )
4347 public EmailAvailabilityResponse checkEmail (
@@ -57,23 +61,32 @@ public SignupResponse signup(@Valid @RequestBody SignupRequest request) {
5761 }
5862
5963 @ PostMapping ("/login" )
60- public LoginResponse login (@ Valid @ RequestBody LoginRequest request ) {
61- return authService .login (request );
64+ public LoginResponse login (@ Valid @ RequestBody LoginRequest request , HttpServletResponse response ) {
65+ LoginResponse loginResponse = authService .login (request );
66+ jwtTokenCookieManager .addTokenCookies (response , loginResponse );
67+ return loginResponse ;
6268 }
6369
6470 @ PostMapping ("/google/login" )
65- public LoginResponse googleLogin (@ Valid @ RequestBody GoogleLoginRequest request ) {
66- return authService .googleLogin (request );
71+ public LoginResponse googleLogin (@ Valid @ RequestBody GoogleLoginRequest request , HttpServletResponse response ) {
72+ LoginResponse loginResponse = authService .googleLogin (request );
73+ jwtTokenCookieManager .addTokenCookies (response , loginResponse );
74+ return loginResponse ;
6775 }
6876
6977 @ PostMapping ("/kakao/login" )
70- public LoginResponse kakaoLogin (@ Valid @ RequestBody KakaoLoginRequest request ) {
71- return authService .kakaoLogin (request );
78+ public LoginResponse kakaoLogin (@ Valid @ RequestBody KakaoLoginRequest request , HttpServletResponse response ) {
79+ LoginResponse loginResponse = authService .kakaoLogin (request );
80+ jwtTokenCookieManager .addTokenCookies (response , loginResponse );
81+ return loginResponse ;
7282 }
7383
7484 @ PostMapping ("/refresh" )
75- public LoginResponse refresh (@ Valid @ RequestBody RefreshTokenRequest request ) {
76- return authService .refresh (request );
85+ public LoginResponse refresh (HttpServletRequest request , HttpServletResponse response ) {
86+ String refreshToken = jwtTokenCookieManager .requireRefreshToken (request );
87+ LoginResponse loginResponse = authService .refresh (new RefreshTokenRequest (refreshToken ));
88+ jwtTokenCookieManager .addTokenCookies (response , loginResponse );
89+ return loginResponse ;
7790 }
7891
7992 @ PostMapping ("/password/forgot" )
@@ -88,7 +101,12 @@ public AuthActionResponse resetPassword(@Valid @RequestBody PasswordResetRequest
88101
89102 @ PostMapping ("/logout" )
90103 @ ResponseStatus (HttpStatus .NO_CONTENT )
91- public void logout (@ Valid @ RequestBody RefreshTokenRequest request ) {
92- authService .logout (request );
104+ public void logout (HttpServletRequest request , HttpServletResponse response ) {
105+ try {
106+ String refreshToken = jwtTokenCookieManager .requireRefreshToken (request );
107+ authService .logout (new RefreshTokenRequest (refreshToken ));
108+ } finally {
109+ jwtTokenCookieManager .clearTokenCookies (response );
110+ }
93111 }
94112}
0 commit comments