Skip to content

로그아웃 API 구현 및 domain Host name 추출 수정 #225

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sangcci merged 2 commits into from
Mar 15, 2025
Merged

로그아웃 API 구현 및 domain Host name 추출 수정 #225

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
01e5807
feat: add logout API
sangcci Mar 14, 2025
9794220
fix: add to parse Header Referer and add parsing Header logic
sangcci Mar 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions src/main/java/com/backend/allreva/auth/application/AuthService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,4 +110,18 @@ public UserInfoResponse reissueAccessToken(final String refreshToken) {
.profileImageUrl(member.getMemberInfo().getProfileImageUrl())
.build();
}

/**
* Redis에 저장된 Refresh Token을 제거합니다.
*/
public void logout(final String refreshToken) {
if (refreshToken == null) {
throw new TokenEmptyException();
}

// redis refresh token은 따로 만료기간이 없어서 영구 저장됨 -> 없다면 문제 있는거.
jwtService.validRefreshTokenExistInRedis(refreshToken);

jwtService.deleteRefreshTokenInRedis(refreshToken);
}
}
21 changes: 20 additions & 1 deletion src/main/java/com/backend/allreva/auth/application/CookieService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

import com.backend.allreva.common.util.CookieUtils;
import jakarta.servlet.http.HttpServletResponse;
import java.net.MalformedURLException;
import java.net.URL;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

Expand All @@ -27,7 +29,24 @@ public void addRefreshTokenCookie(
);
}

public void deleteRefreshTokenCookie(
final HttpServletResponse response,
final String domainName
) {
CookieUtils.deleteCookie(
response,
isLocalhost(domainName) ? null : prodDomainName,
"refreshToken"
);
}

private static boolean isLocalhost(String domain) {
return domain.contains("localhost");
try {
URL url = new URL(domain);
String host = url.getHost();
return host.contains("localhost") || host.contains("127.0.0.1");
} catch (MalformedURLException e) {
return false;
}
}
}
9 changes: 9 additions & 0 deletions src/main/java/com/backend/allreva/auth/application/JwtService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,4 +165,13 @@ public void validRefreshTokenExistInRedis(final String refreshToken) {
throw new TokenNotMatchException();
}
}

/**
* Refresh Token을 Redis에서 삭제합니다.
* @param refreshToken Cookie에 저장되있던 Refresh Token
*/
public void deleteRefreshTokenInRedis(final String refreshToken) {
Optional<RefreshToken> refreshTokenFromRedis = refreshTokenRepository.findRefreshTokenByToken(refreshToken);
refreshTokenFromRedis.ifPresent(refreshTokenRepository::delete);
}
}
12 changes: 12 additions & 0 deletions src/main/java/com/backend/allreva/auth/ui/AuthController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,4 +62,16 @@ public Response<UserInfoResponse> loginCheck(
response.addHeader("Authorization", "Bearer " + userInfoResponse.accessToken());
return Response.onSuccess(userInfoResponse);
}

@GetMapping("/logout")
public Response<Void> logout(
@CookieValue(name = "refreshToken", required = false) final String refreshToken,
final HttpServletRequest request,
final HttpServletResponse response
) {
String domainName = DomainUtils.getDomainName(request);
authService.logout(refreshToken);
cookieService.deleteRefreshTokenCookie(response, domainName);
return Response.onSuccess();
}
}
7 changes: 7 additions & 0 deletions src/main/java/com/backend/allreva/auth/ui/AuthControllerSwagger.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,11 @@ Response<UserInfoResponse> loginCheck(
HttpServletRequest request,
HttpServletResponse response
);

@Operation(summary = "로그아웃", description = "refresh token을 삭제함으로써 로그아웃합니다.")
Response<Void> logout(
final String refreshToken,
final HttpServletRequest request,
final HttpServletResponse response
);
}
18 changes: 18 additions & 0 deletions src/main/java/com/backend/allreva/common/util/CookieUtils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,22 @@ public static void addCookie(

response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
}

// 쿠키 제거
public static void deleteCookie(
final HttpServletResponse response,
final String cookieDomain,
final String name
) {
ResponseCookie cookie = ResponseCookie.from(name, "")
.domain(cookieDomain)
.path("/")
.maxAge(0) // maxAge 0
.httpOnly(true)
.secure(true)
.sameSite("None")
.build();

response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
}
}
5 changes: 4 additions & 1 deletion src/main/java/com/backend/allreva/common/util/DomainUtils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@ public final class DomainUtils {
public static String getDomainName(HttpServletRequest request) {
// ️Nginx 프록시를 고려하여 `Origin` 헤더 확인
String domainName = request.getHeader("Origin");
log.info("Origin: {}", domainName);
if (domainName == null) {
domainName = request.getHeader("Referer");
}
log.info("DomainName: {}", domainName);

return domainName;
}
Expand Down