feat(front): 로그인시 백엔드에 필요한 로직들 수정

Author: samuel426

backend/src/main/java/com/backend/domain/user/controller/AuthController.java

@@ -1,9 +1,13 @@
 package com.backend.domain.user.controller;
 
+import com.backend.domain.user.dto.LoginResponse;
+import com.backend.domain.user.dto.UserDto;
 import com.backend.domain.user.service.EmailService;
 import com.backend.domain.user.service.JwtService;
+import com.backend.domain.user.service.UserService;
 import com.backend.global.exception.ErrorCode;
 import com.backend.global.response.ApiResponse;
+import com.backend.global.response.ResponseCode;
 import jakarta.mail.MessagingException;
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletResponse;
@@ -21,6 +25,7 @@
 public class AuthController {
     private final EmailService emailService;
     private final JwtService jwtService;
+    private final UserService userService;
 
     @Value("${jwt.access-token-expiration-in-milliseconds}")
     private int tokenValidityMilliSeconds;
@@ -81,11 +86,15 @@ record LoginRequest(
 
 
     @PostMapping("/api/login")
-    public ApiResponse<String> login(
-            @Valid @RequestBody LoginRequest loginRequest,
+    public ApiResponse<LoginResponse> login(
+            @RequestBody LoginRequest loginRequest,
             HttpServletResponse response
     ){
         String token = jwtService.login(loginRequest.email, loginRequest.password);
+        if (token == null) {
+            // ★ 에러 분기도 LoginResponse로 타입을 고정해서 반환
+            return ApiResponse.<LoginResponse>error(ResponseCode.UNAUTHORIZED);
+        }
 
         Cookie cookie = new Cookie("token", token);
         cookie.setHttpOnly(true); // JavaScript 접근 방지 (XSS 공격 방어)
@@ -95,7 +104,8 @@ public ApiResponse<String> login(
         cookie.setMaxAge(tokenValidityMilliSeconds);
 
         response.addCookie(cookie); //응답에 쿠키 추가
-
-        return ApiResponse.success("success");
+        var user = userService.findByEmail(loginRequest.email);
+        return ApiResponse.success(new LoginResponse(new UserDto(user)));
     }
+
 }

backend/src/main/java/com/backend/domain/user/dto/LoginResponse.java

@@ -1,4 +1,5 @@
 package com.backend.domain.user.dto;
 
-public class LoginResponse {
-}
+import com.backend.domain.user.dto.UserDto;
+
+public record LoginResponse(UserDto user) {}

backend/src/main/java/com/backend/global/config/WebConfig.java

@@ -15,8 +15,10 @@ public void addCorsMappings(CorsRegistry registry) {
                 registry.addMapping("/**")
                         .allowedOrigins("http://localhost:3000")
                         .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH")
-                        .allowCredentials(true);
+                        .allowCredentials(false)  // ← true에서 false로 변경
+                        .allowedHeaders("*")      // ← 추가
+                        .exposedHeaders("Authorization"); // ← 추가
             }
         };
     }
-}
+}

backend/src/main/java/com/backend/global/response/ApiResponse.java

@@ -24,6 +24,10 @@ public static <T> ApiResponse<T> error(ResponseCode code) {
         return new ApiResponse<>(code.getCode(), code.getMessage(), null);
     }
 
+    public static <T> ApiResponse<T> error(ResponseCode code, String message) {
+        return new ApiResponse<>(code.getCode(), message, null);
+    }
+
     public static <T> ApiResponse<T> error(ErrorCode code) {
         return new ApiResponse<>(code.getCode(), code.getMessage(), null);
     }