Feat: 로그아웃 API 구현

joyewon0705 · joyewon0705 · commit d0d53f0564c0 · 2025-09-25T14:12:01.000+09:00
diff --git a/src/main/java/com/back/domain/user/controller/AuthController.java b/src/main/java/com/back/domain/user/controller/AuthController.java
@@ -8,6 +8,7 @@
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
@@ -66,4 +67,24 @@ public ResponseEntity<RsData<UserResponse>> login(
                         loginResponse
                 ));
     }
+
+    @PostMapping("/logout")
+    @Operation(summary = "로그아웃", description = "Refresh Token을 무효화합니다.")
+    @ApiResponses({
+            @ApiResponse(responseCode = "200", description = "로그아웃 성공"),
+            @ApiResponse(responseCode = "400", description = "잘못된 요청"),
+            @ApiResponse(responseCode = "401", description = "이미 만료되었거나 유효하지 않은 토큰"),
+            @ApiResponse(responseCode = "500", description = "서버 내부 오류")
+    })
+    public ResponseEntity<RsData<Void>> logout(
+            HttpServletRequest request,
+            HttpServletResponse response
+    ) {
+        userService.logout(request, response);
+        return ResponseEntity
+                .ok(RsData.success(
+                        "로그아웃 되었습니다.",
+                        null
+                ));
+    }
 }
diff --git a/src/main/java/com/back/domain/user/service/UserService.java b/src/main/java/com/back/domain/user/service/UserService.java
@@ -135,6 +135,28 @@ public UserResponse login(LoginRequest request, HttpServletResponse response) {
         return UserResponse.from(user, user.getUserProfile());
     }
 
+    public void logout(HttpServletRequest request, HttpServletResponse response) {
+        // 쿠키에서 Refresh Token 추출
+        String refreshToken = resolveRefreshToken(request);
+
+        // 토큰 검증
+        if (refreshToken == null || !jwtTokenProvider.validateToken(refreshToken)) {
+            throw new CustomException(ErrorCode.INVALID_TOKEN);
+        }
+
+        // DB에서 Refresh Token 삭제
+        userTokenRepository.deleteByRefreshToken(refreshToken);
+
+        // TODO: 중복 코드 -> 리팩토링 필요
+        // 쿠키 삭제
+        Cookie cookie = new Cookie("refreshToken", null);
+        cookie.setHttpOnly(true);
+        cookie.setSecure(true);
+        cookie.setPath("/api/auth/refresh");
+        cookie.setMaxAge(0);
+        response.addCookie(cookie);
+    }
+
     /**
      * 회원가입 시 중복 검증
      * - username, email, nickname
@@ -162,4 +184,18 @@ private void validatePasswordPolicy(String password) {
             throw new CustomException(ErrorCode.INVALID_PASSWORD);
         }
     }
+
+    /**
+     * 쿠키에서 Refresh Token 추출
+     */
+    private String resolveRefreshToken(HttpServletRequest request) {
+        if (request.getCookies() != null) {
+            for (Cookie cookie : request.getCookies()) {
+                if ("refreshToken".equals(cookie.getName())) {
+                    return cookie.getValue();
+                }
+            }
+        }
+        return null;
+    }
 }
