[FIX] 소셜 로그인 쿠키 관련 로직 수정

Author: lehojun

src/main/java/com/example/be/apiPayload/exception/handler/OAuthLoginSuccessHandler.java

@@ -9,7 +9,6 @@
 import com.example.be.repository.redis.RedisRefreshTokenRepository;
 import com.example.be.repository.UserRepository;
 import com.example.be.service.JwtUtilServiceImpl;
-import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
@@ -21,7 +20,6 @@
 import org.springframework.stereotype.Component;
 
 import java.io.IOException;
-import java.net.URLEncoder;
 import java.time.LocalDateTime;
 import java.util.Map;
 import java.util.UUID;
@@ -113,25 +111,15 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
         // 액세스 토큰 발급
         String accessToken = jwtUtil.generateAccessToken(user.getUserId(), ACCESS_TOKEN_EXPIRATION_TIME);
 
-        // 쿠키에 액세스 토큰 추가
-        Cookie accessTokenCookie = new Cookie("accessToken", accessToken);
-        accessTokenCookie.setHttpOnly(true);  // JavaScript에서 접근 불가능하게 설정
-        accessTokenCookie.setSecure(true);    // HTTPS에서만 전송되도록 설정
-        accessTokenCookie.setPath("/");       // 모든 경로에서 쿠키 접근 가능
-        accessTokenCookie.setDomain(".studylink.store");  // 서브도메인 간 쿠키 공유
-        accessTokenCookie.setMaxAge((int) (ACCESS_TOKEN_EXPIRATION_TIME / 1000));  // 밀리초를 초로 변환
-        response.addCookie(accessTokenCookie);
-
-
-        // 쿠키에 리프레시 토큰 추가
-        Cookie refreshTokenCookie = new Cookie("refreshToken", refreshToken);
-        refreshTokenCookie.setHttpOnly(true);
-        refreshTokenCookie.setSecure(true);
-        refreshTokenCookie.setPath("/");
-        refreshTokenCookie.setDomain(".studylink.store");  // 서브도메인 간 쿠키 공유
-        refreshTokenCookie.setMaxAge((int) (REFRESH_TOKEN_EXPIRATION_TIME / 1000));
-        response.addCookie(refreshTokenCookie);
-        response.sendRedirect(REDIRECT_URI+provider);
+        // Set-Cookie 헤더로 쿠키 설정 (Domain, SameSite 포함)
+        response.addHeader("Set-Cookie",
+                String.format("accessToken=%s; Path=/; Domain=.studylink.store; Max-Age=%d; HttpOnly; Secure; SameSite=None",
+                        accessToken, (int) (ACCESS_TOKEN_EXPIRATION_TIME / 1000)));
+        response.addHeader("Set-Cookie",
+                String.format("refreshToken=%s; Path=/; Domain=.studylink.store; Max-Age=%d; HttpOnly; Secure; SameSite=None",
+                        refreshToken, (int) (REFRESH_TOKEN_EXPIRATION_TIME / 1000)));
+
+        response.sendRedirect(REDIRECT_URI + provider);
 
 //        // 이름, 액세스 토큰, 리프레쉬 토큰을 담아 리다이렉트
 //        String encodedName = URLEncoder.encode(name, "UTF-8");

src/main/java/com/example/be/service/TokenServiceImpl.java

@@ -6,9 +6,9 @@
 import com.example.be.domain.redis.RedisRefreshToken;
 import com.example.be.repository.redis.RedisRefreshTokenRepository;
 import com.example.be.web.dto.TokenResponseDTO;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.security.core.token.TokenService;
 import org.springframework.stereotype.Service;
 
 import java.util.UUID;
@@ -24,8 +24,12 @@ public class TokenServiceImpl{
 
 
     //액세스 토큰 재발급
-    public TokenResponseDTO reissueAccessToken(String authorizationHeader) {
-        String refreshToken = jwtUtil.getTokenFromHeader(authorizationHeader);
+    public TokenResponseDTO reissueAccessToken(HttpServletRequest request) {
+        // 쿠키에서 refreshToken 추출
+        String refreshToken = jwtUtil.extractTokenFromCookie(request, "refreshToken");
+        if (refreshToken == null) {
+            throw new TokenException(TokenErrorResult.INVALID_REFRESH_TOKEN);
+        }
         String userId = jwtUtil.getUserIdFromToken(refreshToken);
 
         // Redis에서 RefreshToken 조회

src/main/java/com/example/be/service/UserServiceImpl.java

@@ -149,9 +149,9 @@ public CommonDTO.IsSuccessDTO logout(HttpServletResponse response, HttpServletRe
             throw new UserHandler(ErrorStatus._NOT_FOUND_COOKIE);
         }
             response.addHeader("Set-Cookie",
-                    "accessToken=; Path=/; Domain=.studylink.store; Max-Age=0; HttpOnly; Secure; SameSite=None");
+                    "accessToken=; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=None");
             response.addHeader("Set-Cookie",
-                    "refreshToken=; Path=/; Domain=.studylink.store; Max-Age=0; HttpOnly; Secure; SameSite=None");
+                    "refreshToken=; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=None");
 
         return CommonDTO.IsSuccessDTO.builder().isSuccess(true).build();
     }

src/main/java/com/example/be/web/controller/TokenController.java

@@ -6,11 +6,10 @@
 import com.example.be.service.TokenServiceImpl;
 import com.example.be.web.dto.TokenResponseDTO;
 import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.Parameter;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -25,10 +24,8 @@ public class TokenController {
     // 액세스 토큰을 재발행하는 API
     @GetMapping("/reissue/access-token")
     @Operation(summary = "액세스 토큰 재발행 API")
-    public ResponseEntity<ApiResponse<Object>> reissueAccessToken(
-            @Parameter(hidden = true) @RequestHeader("Authorization") String authorizationHeader) {
-
-        TokenResponseDTO accessToken = authService.reissueAccessToken(authorizationHeader);
+    public ResponseEntity<ApiResponse<Object>> reissueAccessToken(HttpServletRequest request) {
+        TokenResponseDTO accessToken = authService.reissueAccessToken(request);
         return ApiResponse.onSuccess(SuccessStatus._CREATED_ACCESS_TOKEN, accessToken);
     }
 }