Merge pull request #504 from meowzip/reese

refactor: 인증 API 및 쿠키 처리 로직 개선

Author: reeseo3o

src/app/api/auth/[...nextauth]/route.ts

@@ -35,8 +35,6 @@ const handler = NextAuth({
   },
   callbacks: {
     async signIn({ user, account }) {
-      console.log('🔍 Apple 로그인 응답:', { user, account });
-
       try {
         const [signInInfo, signInResult] = await Promise.all([
           checkMembershipByEmail(user.email || ''),
@@ -70,12 +68,6 @@ const handler = NextAuth({
       const isMember = cookieList.get('Authorization');
       return isMember ? '/diary' : '/signin';
     }
-  },
-  events: {
-    async signOut() {
-      cookies().delete('Authorization');
-      cookies().delete('Authorization-Refresh');
-    }
   }
 });
 

src/app/api/auth/login/route.ts

@@ -0,0 +1,87 @@
+import { fetchPublicJson } from '@/utils/fetch';
+import { NextRequest, NextResponse } from 'next/server';
+
+const extractCookieValue = (
+  setCookieHeader: string,
+  cookieName: string
+): string | null => {
+  const cookieMatch = setCookieHeader.match(
+    new RegExp(`${cookieName}=([^;]+)`)
+  );
+  return cookieMatch ? cookieMatch[1] : null;
+};
+
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json();
+    const { email, password, fcmToken } = body;
+
+    const requestOptions = {
+      method: 'POST',
+      body: { email, password, fcmToken },
+      credentials: 'include' as RequestCredentials
+    };
+
+    const response = await fetchPublicJson('/members/login', requestOptions);
+
+    if (!response.ok) {
+      const errorData = (await response.body) as any;
+      return NextResponse.json(
+        { error: errorData.message || '로그인 실패' },
+        { status: response.status }
+      );
+    }
+
+    const accessToken = response.headers.get('Authorization');
+
+    const setCookieHeader = response.headers.get('set-cookie');
+    const refreshToken = setCookieHeader
+      ? extractCookieValue(setCookieHeader, 'Authorization-Refresh')
+      : null;
+
+    if (!accessToken || !refreshToken) {
+      return NextResponse.json(
+        { error: '토큰을 받을 수 없습니다' },
+        { status: 500 }
+      );
+    }
+
+    const successResponse = NextResponse.json(
+      {
+        success: true,
+        message: '로그인 성공',
+        redirectTo: '/diary'
+      },
+      { status: 200 }
+    );
+
+    const isProduction = process.env.NODE_ENV === 'production';
+
+    const baseCookieOptions = {
+      secure: isProduction,
+      path: '/',
+      sameSite: 'lax' as const,
+      ...(isProduction ? {} : { domain: 'localhost' })
+    };
+
+    successResponse.cookies.set('Authorization', accessToken, {
+      ...baseCookieOptions,
+      maxAge: 60 * 60 * 2,
+      httpOnly: false
+    });
+
+    successResponse.cookies.set('Authorization-Refresh', refreshToken, {
+      ...baseCookieOptions,
+      maxAge: 60 * 60 * 24 * 7,
+      httpOnly: true
+    });
+
+    return successResponse;
+  } catch (error) {
+    console.error('Login API Error:', error);
+    return NextResponse.json(
+      { error: '로그인 처리 중 오류 발생' },
+      { status: 500 }
+    );
+  }
+}

src/app/api/auth/logout/route.ts

@@ -0,0 +1,49 @@
+import { NextResponse } from 'next/server';
+
+export async function POST() {
+  const response = NextResponse.json({ success: true });
+
+  const isProduction = process.env.NODE_ENV === 'production';
+  const isLocalhost = !isProduction;
+
+  const baseConfig = {
+    secure: isProduction,
+    path: '/',
+    ...(isLocalhost && { domain: 'localhost' })
+  };
+
+  const cookieConfigs = {
+    Authorization: {
+      ...baseConfig,
+      secure: true
+    },
+    'Authorization-Refresh': {
+      ...baseConfig,
+      secure: true
+    },
+
+    'next-auth.session-token': {
+      ...baseConfig,
+      sameSite: 'lax' as const
+    },
+    'next-auth.pkce.code_verifier': {
+      ...baseConfig,
+      sameSite: 'none' as const,
+      secure: true // PKCE는 항상 secure=true (NextAuth 내부 설정)
+    },
+    'next-auth.state': {
+      ...baseConfig,
+      sameSite: 'lax' as const
+    }
+  };
+
+  Object.entries(cookieConfigs).forEach(([name, config]) => {
+    response.cookies.set(name, '', {
+      ...config,
+      maxAge: 0,
+      expires: new Date(0)
+    });
+  });
+
+  return response;
+}

src/app/api/auth/refresh-token/route.ts

@@ -0,0 +1,110 @@
+import { fetchPublicJson } from '@/utils/fetch';
+import { NextRequest, NextResponse } from 'next/server';
+
+const extractCookieValue = (
+  setCookieHeader: string,
+  cookieName: string
+): string | null => {
+  const cookieMatch = setCookieHeader.match(
+    new RegExp(`${cookieName}=([^;]+)`)
+  );
+  return cookieMatch ? cookieMatch[1] : null;
+};
+
+const clearPreviousTokens = (response: NextResponse) => {
+  const isProduction = process.env.NODE_ENV === 'production';
+
+  const clearConfig = {
+    path: '/',
+    maxAge: 0,
+    secure: isProduction,
+    ...(isProduction ? {} : { domain: 'localhost' })
+  };
+
+  response.cookies.set('Authorization', '', clearConfig);
+  response.cookies.set('Authorization-Refresh', '', {
+    ...clearConfig,
+    httpOnly: true
+  });
+};
+
+export async function POST(request: NextRequest) {
+  try {
+    const refreshToken = request.cookies.get('Authorization-Refresh')?.value;
+
+    if (!refreshToken) {
+      return NextResponse.json(
+        { error: 'Refresh token이 없습니다' },
+        { status: 401 }
+      );
+    }
+
+    const requestOptions = {
+      method: 'POST',
+      headers: {
+        Cookie: `Authorization-Refresh=${refreshToken}`
+      }
+    };
+
+    const response = await fetchPublicJson('/tokens/refresh', requestOptions);
+
+    if (!response.ok) {
+      return NextResponse.json(
+        { error: '토큰 새로고침 실패' },
+        { status: response.status }
+      );
+    }
+
+    const newAccessToken = response.headers.get('Authorization');
+
+    const setCookieHeader = response.headers.get('set-cookie');
+    const newRefreshToken = setCookieHeader
+      ? extractCookieValue(setCookieHeader, 'Authorization-Refresh')
+      : null;
+
+    if (!newAccessToken) {
+      return NextResponse.json(
+        { error: '새로운 토큰을 받을 수 없습니다' },
+        { status: 500 }
+      );
+    }
+
+    const successResponse = NextResponse.json(
+      { success: true, accessToken: newAccessToken },
+      { status: 200 }
+    );
+
+    clearPreviousTokens(successResponse);
+
+    const isProduction = process.env.NODE_ENV === 'production';
+
+    const baseCookieOptions = {
+      secure: isProduction,
+      path: '/',
+      sameSite: 'lax' as const,
+      ...(isProduction ? {} : { domain: 'localhost' })
+    };
+
+    successResponse.cookies.set('Authorization', newAccessToken, {
+      ...baseCookieOptions,
+      maxAge: 60 * 60 * 2,
+      httpOnly: false
+    });
+
+    if (newRefreshToken) {
+      successResponse.cookies.set('Authorization-Refresh', newRefreshToken, {
+        ...baseCookieOptions,
+        maxAge: 60 * 60 * 24 * 7,
+        httpOnly: true
+      });
+    }
+
+    return successResponse;
+  } catch (error) {
+    console.error('Refresh Token API Error:', error);
+    return NextResponse.json(
+      { error: '토큰 새로고침 처리 중 오류 발생' },
+      { status: 500 }
+    );
+  }
+}

src/app/profile/setting/page.tsx

@@ -51,6 +51,7 @@ const SettingPage = () => {
       }
     }
   });
+
   useEffect(() => {
     if (
       isSuccess &&
@@ -86,17 +87,14 @@ const SettingPage = () => {
 
   const logOut = async () => {
     try {
-      document.cookie =
-        'Authorization-Refresh=; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
-
-      setTimeout(() => {
-        document.cookie =
-          'Authorization=; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
-        signOut({ redirect: true });
-        window.location.href = '/signin';
-      }, 100);
+      await fetch('/api/auth/logout', {
+        method: 'POST',
+        credentials: 'include'
+      });
+      window.location.href = '/signin';
     } catch (error) {
-      console.error('로그아웃 중 오류 발생:', error);
+      console.error('로그아웃 중 오류:', error);
+      window.location.href = '/signin';
     }
   };
 

src/components/signin/Password.tsx

@@ -45,8 +45,11 @@ export default function Password() {
       return signInOnServer(reqObj);
     },
     onSuccess: (response: any) => {
-      if (response.status === 200) {
-        router.replace('/diary');
+      if (response.ok) {
+        const { body } = response;
+        const redirectTo = body?.redirectTo || '/diary';
+
+        window.location.href = redirectTo;
       } else {
         router.replace('/signin');
       }