Merge pull request #18 from BusanHackathon/refactor/#7-login-temp

yangjunsik · web-flow · commit a35c8bd35d17 · 2025-08-22T02:29:59.000+09:00
refactor: 로그인 티켓 방식으로 변경
diff --git a/src/main/java/com/busan/config/security/oauth/OAuth2SuccessHandler.java b/src/main/java/com/busan/config/security/oauth/OAuth2SuccessHandler.java
@@ -12,6 +12,7 @@
 import org.springframework.stereotype.Component;
 
 import java.io.IOException;
+import java.util.UUID;
 
 @Component
 @RequiredArgsConstructor
@@ -37,22 +38,13 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
         System.out.println("[OAuth2SuccessHandler] called for user: " + userDetails.getUsername());
 
         String refreshToken = jwtService.generateRefreshToken(userDetails);
-        ResponseCookie refreshCookie = createRefreshTokenCookie(refreshToken);
+        String ticket = UUID.randomUUID().toString();
 
-        response.addHeader("Set-Cookie", refreshCookie.toString());
+        // 임시 저장 (간단하게 static Map 사용)
+        TempTokenStore.put(ticket, refreshToken);
 
-        String target = "dev".equalsIgnoreCase(appEnv) ? redirectDev : redirectLocal;
-        response.sendRedirect(target);
-    }
-
-    private ResponseCookie createRefreshTokenCookie(String refreshToken) {
-        return ResponseCookie.from("refreshToken", refreshToken)
-                .httpOnly(true)
-                .secure(true)
-                .sameSite("None")
-                .path("/")
-                .maxAge(60 * 60 * 24 * 7)
-                .build();
+        String base = "dev".equalsIgnoreCase(appEnv) ? redirectDev : redirectLocal;
+        response.sendRedirect(base + "?ticket=" + ticket);
     }
 }
 
diff --git a/src/main/java/com/busan/config/security/oauth/TempTokenStore.java b/src/main/java/com/busan/config/security/oauth/TempTokenStore.java
@@ -0,0 +1,16 @@
+package com.busan.config.security.oauth;
+
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+public class TempTokenStore {
+    private static final Map<String, String> store = new ConcurrentHashMap<>();
+
+    public static void put(String ticket, String refreshToken) {
+        store.put(ticket, refreshToken);
+    }
+
+    public static String consume(String ticket) {
+        return store.remove(ticket); // 한번 쓰면 바로 삭제
+    }
+}
diff --git a/src/main/java/com/busan/controller/AuthController.java b/src/main/java/com/busan/controller/AuthController.java
@@ -1,5 +1,6 @@
 package com.busan.controller;
 
+import com.busan.config.security.oauth.TempTokenStore;
 import com.busan.dto.RefreshResponseDTO;
 import com.busan.dto.common.Response;
 import com.busan.service.AuthService;
@@ -9,6 +10,8 @@
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
+import java.util.Map;
+
 @Tag(name = "auth-controller", description = "로그인 API")
 @RestController
 @RequestMapping("/api/auth")
@@ -27,4 +30,20 @@ public ResponseEntity<Response<RefreshResponseDTO>> refresh(
     ) {
         return ResponseEntity.ok(Response.success(authService.refresh(refreshToken)));
     }
+
+    @Operation(
+            summary = "티켓 발급",
+            description = "헤커톤을 위한 최소한의 보안절차로 프론트는 url에서 ticket을 추출하고 이걸로" +
+                    "refreshToken을 교환한다." +
+                    "그후 access 발급 api를 호출하면 된다" +
+                    "물론 추후에는 당연히 쿠키방식으로 변경하는게 맞으나 헤커톤을 위한 최소한의 보안장치이다"
+    )
+    @GetMapping("/ticket")
+    public ResponseEntity<?> consume(@RequestParam String ticket) {
+        String refreshToken = TempTokenStore.consume(ticket);
+        if (refreshToken == null) {
+            return ResponseEntity.badRequest().body("invalid ticket");
+        }
+        return ResponseEntity.ok(Map.of("refreshToken", refreshToken));
+    }
 }
