Feat: AccessToken 쿠키에 저장되도록 수정 #55
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Caution Review failedThe pull request is closed. Walkthrough인증 시스템의 토큰 전달 방식을 HTTP 응답 본문에서 쿠키 기반 방식으로 변경합니다. AuthController의 login과 refreshToken 메서드는 ResponseEntity를 반환하도록 수정되고, JWT 필터는 Authorization 헤더 대신 쿠키에서 토큰을 추출합니다. OAuthController는 리다이렉트 응답 반환 타입을 업데이트합니다. Changes
Sequence Diagram(s)sequenceDiagram
participant Client
participant AuthController
participant JwtService
participant Response as HTTP Response
Client->>AuthController: POST /login (credentials)
AuthController->>JwtService: generateTokens()
JwtService-->>AuthController: TokenPair(accessToken, refreshToken)
AuthController->>Response: setHeader(Set-Cookie: accessToken=...)
AuthController->>Response: setHeader(Set-Cookie: refreshToken=...)
AuthController-->>Client: ResponseEntity<Void> (200 OK)
Note over Client,Response: Token is now in HTTP-Only Cookie,<br/>not in response body
sequenceDiagram
participant Client
participant JwtAuthenticationFilter
participant SecurityContext
participant Controller
Client->>JwtAuthenticationFilter: Request with Cookie: accessToken=...
JwtAuthenticationFilter->>JwtAuthenticationFilter: extractToken() from cookies
JwtAuthenticationFilter->>JwtAuthenticationFilter: validateAndParseToken()
alt Token Valid
JwtAuthenticationFilter->>SecurityContext: setAuthentication(userAuth)
JwtAuthenticationFilter->>Controller: doFilter (pass through)
Controller-->>Client: Response
else Token Invalid
JwtAuthenticationFilter-->>Client: 401 Unauthorized
end
Note over JwtAuthenticationFilter: Previously extracted from<br/>Authorization: Bearer ... header
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes
Possibly related PRs
Suggested reviewers
Poem
✨ Finishing touches
🧪 Generate unit tests (beta)
📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: CHILL Plan: Pro 📒 Files selected for processing (6)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
📝 변경 내용
✅ 체크리스트
💬 기타 참고 사항
Summary by CodeRabbit
릴리즈 노트
✏️ Tip: You can customize this high-level summary in your review settings.