From a787073f8fbd086bddefeadb9ca5a634b3dc9c34 Mon Sep 17 00:00:00 2001
From: dainnida <dain0928@g.hongik.ac.kr>
Date: Sun, 16 Feb 2025 15:58:14 +0900
Subject: [PATCH] =?UTF-8?q?Fix:=20refresh=20token=20=EC=A0=95=EC=B1=85=20?=
 =?UTF-8?q?=EB=B3=80=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../domain/user/service/UserService.java      | 21 +++++++------
 .../mercury/global/config/SecurityConfig.java |  2 +-
 .../cmc/mercury/global/config/WebConfig.java  |  2 +-
 .../global/controller/AuthController.java     | 31 +++++++++----------
 .../oauth/handler/OAuth2SuccessHandler.java   | 23 ++++++++------
 5 files changed, 41 insertions(+), 38 deletions(-)

diff --git a/src/main/java/com/cmc/mercury/domain/user/service/UserService.java b/src/main/java/com/cmc/mercury/domain/user/service/UserService.java
index 84cc852..77eb862 100644
--- a/src/main/java/com/cmc/mercury/domain/user/service/UserService.java
+++ b/src/main/java/com/cmc/mercury/domain/user/service/UserService.java
@@ -94,16 +94,17 @@ private void setTestUserTokens(User user, boolean isShortLivedAccessToken) {
 
         // 토큰 설정
         response.setHeader("Authorization", "Bearer " + accessToken);
-
-        // Refresh Token 쿠키 설정
-        Cookie refreshTokenCookie = new Cookie("refresh_token", refreshToken);
-        refreshTokenCookie.setHttpOnly(true);
-        refreshTokenCookie.setSecure(true);
-        refreshTokenCookie.setPath("/");
-        refreshTokenCookie.setDomain("mercuryplanet.co.kr");
-        refreshTokenCookie.setAttribute("SameSite", "None");
-        refreshTokenCookie.setMaxAge((int) refreshTokenValidity / 1000);
-        response.addCookie(refreshTokenCookie);
+        response.setHeader("Refresh-Token", refreshToken);
+
+//        // Refresh Token 쿠키 설정
+//        Cookie refreshTokenCookie = new Cookie("refresh_token", refreshToken);
+//        refreshTokenCookie.setHttpOnly(true);
+//        refreshTokenCookie.setSecure(true);
+//        refreshTokenCookie.setPath("/");
+//        refreshTokenCookie.setDomain("mercuryplanet.co.kr");
+//        refreshTokenCookie.setAttribute("SameSite", "None");
+//        refreshTokenCookie.setMaxAge((int) refreshTokenValidity / 1000);
+//        response.addCookie(refreshTokenCookie);
     }
 
     public User getUser(String accessToken) {
diff --git a/src/main/java/com/cmc/mercury/global/config/SecurityConfig.java b/src/main/java/com/cmc/mercury/global/config/SecurityConfig.java
index b9a3ef4..1c177dd 100644
--- a/src/main/java/com/cmc/mercury/global/config/SecurityConfig.java
+++ b/src/main/java/com/cmc/mercury/global/config/SecurityConfig.java
@@ -92,7 +92,7 @@ public CorsConfigurationSource corsConfigurationSource() {
         configuration.setAllowedOriginPatterns(Collections.singletonList("*"));
         configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
         configuration.setAllowedHeaders(Collections.singletonList("*"));
-        configuration.setExposedHeaders(Collections.singletonList("Authorization"));
+        configuration.setExposedHeaders(Arrays.asList("Authorization", "Refresh-Token"));
         configuration.setAllowCredentials(true);
         configuration.setMaxAge(3600L);
 
diff --git a/src/main/java/com/cmc/mercury/global/config/WebConfig.java b/src/main/java/com/cmc/mercury/global/config/WebConfig.java
index a989d4d..d983135 100644
--- a/src/main/java/com/cmc/mercury/global/config/WebConfig.java
+++ b/src/main/java/com/cmc/mercury/global/config/WebConfig.java
@@ -13,7 +13,7 @@ public void addCorsMappings(CorsRegistry registry) {
                 .allowedOriginPatterns("*")
                 .allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")
                 .allowedHeaders("*")
-                .exposedHeaders("Authorization")  // Authorization 헤더 노출
+                .exposedHeaders("Authorization", "Refresh-Token")  // Authorization, refresh token 헤더 노출
                 .allowCredentials(true)  // 쿠키 허용을 위해 필요
                 .maxAge(3600);
     }
diff --git a/src/main/java/com/cmc/mercury/global/controller/AuthController.java b/src/main/java/com/cmc/mercury/global/controller/AuthController.java
index 926eb7c..70f6763 100644
--- a/src/main/java/com/cmc/mercury/global/controller/AuthController.java
+++ b/src/main/java/com/cmc/mercury/global/controller/AuthController.java
@@ -1,8 +1,6 @@
 package com.cmc.mercury.global.controller;
 
 import com.cmc.mercury.domain.user.entity.User;
-import com.cmc.mercury.global.exception.CustomException;
-import com.cmc.mercury.global.exception.ErrorCode;
 import com.cmc.mercury.global.jwt.JwtProvider;
 import com.cmc.mercury.global.response.SuccessResponse;
 import io.swagger.v3.oas.annotations.Operation;
@@ -12,11 +10,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.util.StringUtils;
-import org.springframework.web.bind.annotation.CookieValue;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 import java.util.HashMap;
 
@@ -35,7 +29,7 @@ public class AuthController {
     @PostMapping("/refresh")
     @Operation(summary = "refresh token 재발급", description = "access token 만료 시 refresh token을 통해 재발급을 요청합니다.")
     public SuccessResponse<?> refreshAccessToken(
-            @CookieValue(value = "refresh_token", required = false) String refreshToken, HttpServletResponse response) {
+            @RequestHeader(value = "Refresh-Token", required = false) String refreshToken, HttpServletResponse response) {
 
         log.info("Refresh Token을 이용한 Access Token 갱신 요청");
 
@@ -49,15 +43,18 @@ public SuccessResponse<?> refreshAccessToken(
         // 새로운 Access Token을 헤더에 추가
         response.setHeader("Authorization", "Bearer " + newAccessToken);
 
-        // 새로운 Refresh Token을 쿠키에 설정
-        Cookie refreshTokenCookie = new Cookie("refresh_token", newRefreshToken);
-        refreshTokenCookie.setHttpOnly(true); // JavaScript에서 접근 방지
-        refreshTokenCookie.setSecure(true); // HTTPS만 허용
-        refreshTokenCookie.setPath("/"); // 모든 경로에서 접근 가능
-        refreshTokenCookie.setDomain("mercuryplanet.co.kr");  // 도메인 간 쿠키 공유
-        refreshTokenCookie.setAttribute("SameSite", "None");
-        refreshTokenCookie.setMaxAge((int) refreshTokenValidity / 1000); // ms를 초 단위로 변환
-        response.addCookie(refreshTokenCookie);
+//        // 새로운 Refresh Token을 쿠키에 설정
+//        Cookie refreshTokenCookie = new Cookie("refresh_token", newRefreshToken);
+//        refreshTokenCookie.setHttpOnly(true); // JavaScript에서 접근 방지
+//        refreshTokenCookie.setSecure(true); // HTTPS만 허용
+//        refreshTokenCookie.setPath("/"); // 모든 경로에서 접근 가능
+//        refreshTokenCookie.setDomain("mercuryplanet.co.kr");  // 도메인 간 쿠키 공유
+//        refreshTokenCookie.setAttribute("SameSite", "None");
+//        refreshTokenCookie.setMaxAge((int) refreshTokenValidity / 1000); // ms를 초 단위로 변환
+//        response.addCookie(refreshTokenCookie);
+
+        // 새로운 Refresh Token을 헤더에 추가
+        response.setHeader("Refresh-Token", newRefreshToken);
 
         return SuccessResponse.ok(new HashMap<>());
     }
diff --git a/src/main/java/com/cmc/mercury/global/oauth/handler/OAuth2SuccessHandler.java b/src/main/java/com/cmc/mercury/global/oauth/handler/OAuth2SuccessHandler.java
index ae2634c..e46bb78 100644
--- a/src/main/java/com/cmc/mercury/global/oauth/handler/OAuth2SuccessHandler.java
+++ b/src/main/java/com/cmc/mercury/global/oauth/handler/OAuth2SuccessHandler.java
@@ -52,19 +52,24 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
         response.setHeader("Authorization", "Bearer " + accessToken);
         log.info("Header에 설정은 성공");
 
-        // Refresh Token은 보안을 위해 HttpOnly 쿠키로 설정
-        Cookie refreshTokenCookie = new Cookie("refresh_token", refreshToken);
-        refreshTokenCookie.setHttpOnly(true); // JavaScript에서 접근 방지
-        refreshTokenCookie.setSecure(true); // HTTPS만 허용
-        refreshTokenCookie.setPath("/"); // 모든 경로에서 접근 가능
-        refreshTokenCookie.setDomain("mercuryplanet.co.kr");  // 도메인 간 쿠키 공유
-        refreshTokenCookie.setAttribute("SameSite", "None");
-        refreshTokenCookie.setMaxAge((int) refreshTokenValidity / 1000); // ms를 초 단위로 변환
-        response.addCookie(refreshTokenCookie);
+//        // Refresh Token은 보안을 위해 HttpOnly 쿠키로 설정
+//        Cookie refreshTokenCookie = new Cookie("refresh_token", refreshToken);
+//        refreshTokenCookie.setHttpOnly(true); // JavaScript에서 접근 방지
+//        refreshTokenCookie.setSecure(true); // HTTPS만 허용
+//        refreshTokenCookie.setPath("/"); // 모든 경로에서 접근 가능
+//        refreshTokenCookie.setDomain("mercuryplanet.co.kr");  // 도메인 간 쿠키 공유
+//        refreshTokenCookie.setAttribute("SameSite", "None");
+//        refreshTokenCookie.setMaxAge((int) refreshTokenValidity / 1000); // ms를 초 단위로 변환
+//        response.addCookie(refreshTokenCookie);
+
+        // Refresh Token을 헤더에 추가
+        response.setHeader("Refresh-Token", refreshToken);
+
 
         // 리다이렉트 URL에 토큰 포함하여 이동
         String targetUrl = UriComponentsBuilder.fromUriString("https://www.mercuryplanet.co.kr/login/success")
                 .queryParam("access_token", accessToken)
+                .queryParam("refresh_token", refreshToken)
                 .queryParam("isNewUser", isNewUser)
                 .build(true).toUriString();