Skip to content

Commit 8609e80

Browse files
summersummerwhysummersummerwhy
committed
refactor: 쿠키 생성도 token으로 분리
1 parent cf40147 commit 8609e80

File tree

3 files changed

+30
-50
lines changed

3 files changed

+30
-50
lines changed

apps/backend/src/auth/auth.controller.ts

Lines changed: 5 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,6 @@ import { MessageResponseDto } from './dtos/messageResponse.dto';
77
import { ApiOperation, ApiResponse } from '@nestjs/swagger';
88
import { TokenService } from './token/token.service';
99

10-
const HALF_YEAR = 6 * 30 * 24 * 60 * 60 * 1000;
11-
1210
export enum AuthResponseMessage {
1311
AUTH_LOGGED_OUT = '로그아웃하였습니다.',
1412
}
@@ -40,21 +38,8 @@ export class AuthController {
4038
const refreshToken = this.tokenService.generateRefreshToken(payload);
4139

4240
// 토큰을 쿠키에 담아서 메인 페이지로 리디렉션
43-
res.cookie('accessToken', accessToken, {
44-
httpOnly: true,
45-
secure: true,
46-
sameSite: 'strict', // CSRF 방지
47-
maxAge: HALF_YEAR,
48-
expires: new Date(Date.now() + HALF_YEAR),
49-
});
50-
51-
res.cookie('refreshToken', refreshToken, {
52-
httpOnly: true,
53-
secure: true,
54-
sameSite: 'strict', // CSRF 방지
55-
maxAge: HALF_YEAR,
56-
expires: new Date(Date.now() + HALF_YEAR),
57-
});
41+
this.tokenService.setAccessTokenCookie(res, accessToken);
42+
this.tokenService.setRefreshTokenCookie(res, refreshToken);
5843

5944
res.redirect(302, '/');
6045
}
@@ -79,21 +64,8 @@ export class AuthController {
7964
const refreshToken = this.tokenService.generateRefreshToken(payload);
8065

8166
// 토큰을 쿠키에 담아서 메인 페이지로 리디렉션
82-
res.cookie('accessToken', accessToken, {
83-
httpOnly: true,
84-
secure: true,
85-
sameSite: 'strict', // CSRF 방지
86-
maxAge: HALF_YEAR,
87-
expires: new Date(Date.now() + HALF_YEAR),
88-
});
89-
90-
res.cookie('refreshToken', refreshToken, {
91-
httpOnly: true,
92-
secure: true,
93-
sameSite: 'strict', // CSRF 방지
94-
maxAge: HALF_YEAR,
95-
expires: new Date(Date.now() + HALF_YEAR),
96-
});
67+
this.tokenService.setAccessTokenCookie(res, accessToken);
68+
this.tokenService.setRefreshTokenCookie(res, refreshToken);
9769

9870
res.redirect(302, '/');
9971
}
@@ -103,16 +75,7 @@ export class AuthController {
10375
@Post('logout')
10476
logout(@Res() res: Response) {
10577
// 쿠키 삭제 (옵션이 일치해야 삭제됨)
106-
res.clearCookie('access_token', {
107-
httpOnly: true,
108-
secure: true,
109-
sameSite: 'strict',
110-
});
111-
res.clearCookie('refresh_token', {
112-
httpOnly: true,
113-
secure: true,
114-
sameSite: 'strict',
115-
});
78+
this.tokenService.clearCookies(res);
11679
return res.status(200).json({
11780
message: AuthResponseMessage.AUTH_LOGGED_OUT,
11881
});

apps/backend/src/auth/guards/jwt-auth.guard.ts

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@ export class JwtAuthGuard implements CanActivate {
2121

2222
// 쿠키가 아예 없는 경우는 로그인 안 된 상태로 간주
2323
if (!cookies || !cookies.accessToken || !cookies.refreshToken) {
24+
// 관련된 쿠키 비워주기
25+
this.tokenService.clearCookies(response);
2426
throw new LoginRequiredException();
2527
}
2628

@@ -44,13 +46,7 @@ export class JwtAuthGuard implements CanActivate {
4446
await this.tokenService.refreshAccessToken(refreshToken);
4547

4648
// 쿠키 업데이트
47-
response.cookie('accessToken', newAccessToken, {
48-
httpOnly: true,
49-
secure: true,
50-
sameSite: 'strict',
51-
maxAge: 60 * 60 * 1000, // 1시간 (ms 단위)
52-
expires: new Date(Date.now() + 60 * 60 * 1000), // 1시간 후 (Date 객체로 설정)
53-
});
49+
this.tokenService.setAccessTokenCookie(response, newAccessToken);
5450

5551
// 요청 객체에 사용자 정보 추가
5652
const decodedNewToken = this.jwtService.verify(newAccessToken, {

apps/backend/src/auth/token/token.service.ts

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ import { Response } from 'express';
44

55
const HOUR = 60 * 60;
66
const FIVE_MONTHS = 5 * 30 * 24 * 60 * 60;
7+
const MS_HALF_YEAR = 6 * 30 * 24 * 60 * 60 * 1000;
78

89
@Injectable()
910
export class TokenService {
@@ -27,7 +28,7 @@ export class TokenService {
2728
try {
2829
// refreshToken을 검증한다
2930
const decoded = this.jwtService.verify(refreshToken, {
30-
secret: process.env.JWT_REFRESH_SECRET,
31+
secret: process.env.JWT_SECRET,
3132
});
3233

3334
// 새로운 accessToken을 발급한다
@@ -37,6 +38,26 @@ export class TokenService {
3738
}
3839
}
3940

41+
setAccessTokenCookie(response: Response, accessToken: string): void {
42+
response.cookie('accessToken', accessToken, {
43+
httpOnly: true,
44+
secure: true,
45+
sameSite: 'strict',
46+
maxAge: MS_HALF_YEAR,
47+
expires: new Date(Date.now() + MS_HALF_YEAR),
48+
});
49+
}
50+
51+
setRefreshTokenCookie(response: Response, refreshToken: string): void {
52+
response.cookie('refreshToken', refreshToken, {
53+
httpOnly: true,
54+
secure: true,
55+
sameSite: 'strict',
56+
maxAge: MS_HALF_YEAR,
57+
expires: new Date(Date.now() + MS_HALF_YEAR),
58+
});
59+
}
60+
4061
clearCookies(response: Response) {
4162
response.clearCookie('accessToken', {
4263
httpOnly: true,

0 commit comments

Comments
 (0)