Merge pull request #38 from Dalguring/feature/ming/user-1

민지 | 2026-01-29 | 로그인 토큰 값 쿠키 저장 로직 추가 및 API 문서 응답 메시지 수정

Author: for-ming

src/main/java/com/rentify/rentify_api/category/controller/CategoryApiDocs.java

@@ -25,7 +25,7 @@ public interface CategoryApiDocs {
                         {
                             "success": true,
                             "code": "SUCCESS",
-                            "message": "요청이 성공했습니다.",
+                            "message": "요청이 성공적으로 처리되었습니다.",
                             "data": {
                                 "categories": [
                                     {

src/main/java/com/rentify/rentify_api/common/response/ApiResponse.java

@@ -14,15 +14,15 @@ public class ApiResponse<T> {
 
     // success
     public static <T> ApiResponse<T> success(T data) {
-        return new ApiResponse<>(true, "SUCCESS", "요청이 성공했습니다.", data);
+        return new ApiResponse<>(true, "SUCCESS", "요청이 성공적으로 처리되었습니다.", data);
     }
 
     public static <T> ApiResponse<T> success(String message, T data) {
         return new ApiResponse<>(true, "SUCCESS", message, data);
     }
 
     public static ApiResponse<Void> success() {
-        return new ApiResponse<>(true, "SUCCESS", "요청이 성공했습니다.", null);
+        return new ApiResponse<>(true, "SUCCESS", "요청이 성공적으로 처리되었습니다.", null);
     }
 
     public static ApiResponse<Void> success(String message) {

src/main/java/com/rentify/rentify_api/post/controller/PostApiDocs.java

@@ -50,7 +50,7 @@ ResponseEntity<com.rentify.rentify_api.common.response.ApiResponse<Void>> getPos
                         {
                             "success": true,
                             "code": "SUCCESS",
-                            "message": "요청이 성공했습니다.",
+                            "message": "요청이 성공적으로 처리되었습니다.",
                             "data": {
                                 "categoryName": "갤럭시 울트라",
                                 "createAt": "2026-01-28T20:55:58.522954",

src/main/java/com/rentify/rentify_api/user/controller/AuthApi.java

@@ -0,0 +1,46 @@
+package com.rentify.rentify_api.user.controller;
+
+import com.rentify.rentify_api.user.dto.AuthMeResponse;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.web.bind.annotation.GetMapping;
+
+@Tag(name = "Auth", description = "인증 API")
+public interface AuthApiDocs {
+
+    @Operation(
+        summary = "내 정보 조회",
+        description = "쿠키에 저장된 JWT accessToken으로 현재 로그인한 사용자 정보를 조회합니다."
+    )
+    @ApiResponses({
+        @ApiResponse(
+            responseCode = "200",
+            description = "인증 성공 - 사용자 정보 반환 (userId, email, name)",
+            content = @Content(
+                mediaType = "application/json",
+                schema = @Schema(implementation = com.rentify.rentify_api.common.response.ApiResponse.class),
+                examples = @io.swagger.v3.oas.annotations.media.ExampleObject(
+                    value = "{\"success\": true, \"code\": \"SUCCESS\", \"message\": \"요청이 성공적으로 처리되었습니다.\", \"data\": {\"userId\": 1, \"email\": \"[email protected]\", \"name\": \"홍길동\"}}"
+                )
+            )
+        ),
+        @ApiResponse(
+            responseCode = "403",
+            description = "인증 실패 - 토큰이 없거나 유효하지 않음",
+            content = @Content(
+                mediaType = "application/json",
+                examples = @io.swagger.v3.oas.annotations.media.ExampleObject(
+                    value = ""
+                )
+            )
+        )
+    })
+    @GetMapping("/me")
+    ResponseEntity<com.rentify.rentify_api.common.response.ApiResponse<AuthMeResponse>> me(@AuthenticationPrincipal Long userId);
+}

src/main/java/com/rentify/rentify_api/user/controller/AuthApiDocs.java

@@ -3,9 +3,7 @@
 
 import com.rentify.rentify_api.common.response.ApiResponse;
 import com.rentify.rentify_api.user.dto.AuthMeResponse;
-import com.rentify.rentify_api.user.dto.UserResponse;
 import com.rentify.rentify_api.user.service.AuthService;
-import com.rentify.rentify_api.user.service.UserService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -16,18 +14,14 @@
 @RestController
 @RequiredArgsConstructor
 @RequestMapping("/auth")
-public class AuthController implements AuthApi {
+public class AuthController implements AuthApiDocs {
 
     private final AuthService authService;
 
     @GetMapping("/me")
+    @Override
     public ResponseEntity<ApiResponse<AuthMeResponse>> me(@AuthenticationPrincipal Long userId) {
         AuthMeResponse response = authService.getMe(userId);
         return ResponseEntity.ok(ApiResponse.success(response));
     }
-
-    @Override
-    public ResponseEntity<AuthMeResponse> me() {
-        return null;
-    }
 }

src/main/java/com/rentify/rentify_api/user/controller/AuthController.java

@@ -1,6 +1,7 @@
 package com.rentify.rentify_api.user.controller;
 
 import com.rentify.rentify_api.user.dto.CreateUserRequest;
+import com.rentify.rentify_api.user.dto.LoginRequest;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.enums.ParameterIn;
@@ -12,6 +13,7 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.servlet.http.HttpServletResponse;
 import jakarta.validation.Valid;
 import java.util.UUID;
 import org.springframework.http.HttpHeaders;
@@ -92,4 +94,66 @@ ResponseEntity<com.rentify.rentify_api.common.response.ApiResponse<Void>> create
         )
         @Valid CreateUserRequest request
     );
+
+    @Operation(summary = "로그인", description = "이메일과 비밀번호로 로그인하여 JWT 토큰을 쿠키로 발급받습니다.")
+    @ApiResponses(value = {
+        @ApiResponse(
+            responseCode = "200",
+            description = "로그인 성공 (JWT 토큰이 쿠키에 설정됨)",
+            headers = @Header(
+                name = "Set-Cookie",
+                description = "accessToken (HttpOnly, 24시간 유효)",
+                schema = @Schema(type = "string", example = "accessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...; Path=/; Max-Age=86400; HttpOnly")
+            ),
+            content = @Content(
+                mediaType = "application/json",
+                examples = @ExampleObject(
+                    value = "{\"success\": true, \"code\": \"SUCCESS\", \"message\": \"로그인 성공\", \"data\": null}"
+                )
+            )
+        ),
+        @ApiResponse(
+            responseCode = "401",
+            description = "인증 실패",
+            content = @Content(
+                mediaType = "application/json",
+                examples = {
+                    @ExampleObject(
+                        name = "비밀번호 불일치",
+                        value = "{\"success\": false, \"code\": \"INVALID_PASSWORD\", \"message\": \"비밀번호가 일치하지 않습니다.\", \"data\": null}"
+                    ),
+                    @ExampleObject(
+                        name = "비활성화된 계정",
+                        value = "{\"success\": false, \"code\": \"ACCOUNT_DEACTIVATED\", \"message\": \"비활성화된 계정입니다.\", \"data\": null}"
+                    )
+                }
+            )
+        ),
+        @ApiResponse(
+            responseCode = "404",
+            description = "사용자를 찾을 수 없음",
+            content = @Content(
+                mediaType = "application/json",
+                examples = @ExampleObject(
+                    value = "{\"success\": false, \"code\": \"NOT_FOUND\", \"message\": \"존재하지 않는 사용자입니다.\", \"data\": null}"
+                )
+            )
+        )
+    })
+    @PostMapping("/login")
+    ResponseEntity<com.rentify.rentify_api.common.response.ApiResponse<Void>> login(
+        @RequestBody(
+            description = "로그인 요청 데이터",
+            required = true,
+            content = @Content(
+                mediaType = "application/json",
+                schema = @Schema(implementation = LoginRequest.class),
+                examples = @ExampleObject(
+                    value = "{\"email\": \"[email protected]\", \"password\": \"1234\"}"
+                )
+            )
+        )
+        @org.springframework.web.bind.annotation.RequestBody LoginRequest request,
+        HttpServletResponse httpResponse
+    );
 }

src/main/java/com/rentify/rentify_api/user/controller/UserApiDocs.java

@@ -6,6 +6,8 @@
 import com.rentify.rentify_api.user.dto.UserResponse;
 import com.rentify.rentify_api.user.entity.LoginResponse;
 import com.rentify.rentify_api.user.service.UserService;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
 import jakarta.validation.Valid;
 import java.net.URI;
 import java.util.UUID;
@@ -47,10 +49,19 @@ public ResponseEntity<ApiResponse<UserResponse>> getUserById(@PathVariable Long
     }
 
     @PostMapping("/login")
-    public ResponseEntity<ApiResponse<LoginResponse>> login(@RequestBody LoginRequest request) {
+    @Override
+    public ResponseEntity<ApiResponse<Void>> login(@RequestBody LoginRequest request, HttpServletResponse httpResponse) {
         LoginResponse response = userService.login(request);
 
-        return ResponseEntity.ok(ApiResponse.success(response));
+        // JWT 토큰 쿠키 설정
+        Cookie cookie = new Cookie("accessToken", response.getAccessToken());
+        cookie.setHttpOnly(true);    // XSS 공격 방지
+        //cookie.setSecure(true);    // HTTPS에서만 전송
+        cookie.setPath("/");
+        cookie.setMaxAge(24 * 60 * 60);  // 24시간 (초 단위)
+        httpResponse.addCookie(cookie);
+
+        return ResponseEntity.ok(ApiResponse.success("로그인 성공"));
     }
 
     @PostMapping("/logout")