Pinback-Team · ose0221 · Mar 10, 2026 · Mar 1, 2026 · Mar 1, 2026 · Mar 9, 2026
diff --git a/api/src/main/java/com/pinback/api/auth/controller/AuthControllerV3.java b/api/src/main/java/com/pinback/api/auth/controller/AuthControllerV3.java
@@ -0,0 +1,49 @@
+package com.pinback.api.auth.controller;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseCookie;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CookieValue;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.pinback.application.auth.dto.SignUpResponseV3;
+import com.pinback.application.auth.dto.TokenResponse;
+import com.pinback.application.auth.usecase.AuthUsecase;
+import com.pinback.shared.dto.ResponseDto;
+
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.RequiredArgsConstructor;
+
+@RestController
+@RequestMapping("/api/v3/auth")
+@RequiredArgsConstructor
+@Tag(name = "Authentication V3", description = "인증 관리 API V3")
+public class AuthControllerV3 {
+	private final AuthUsecase authUsecase;
+
+	@Value("${jwt.refreshExpirationPeriod}")
+	private long refreshTokenExpirationPeriod;
+
+	@PostMapping("/reissue")
+	public ResponseEntity<ResponseDto<TokenResponse>> reissueAccessToken(
+		@CookieValue(name = "refreshToken") String refreshToken
+	) {
+		SignUpResponseV3 response = authUsecase.getNewToken(refreshToken);
+
+		ResponseCookie cookie = ResponseCookie.from("refreshToken", response.refreshToken())
+			.httpOnly(true)
+			.secure(true)
+			.path("/")
+			.maxAge(refreshTokenExpirationPeriod / 1000)
+			.sameSite("None")
+			.build();
+
+		return ResponseEntity.ok()
+			.header(HttpHeaders.SET_COOKIE, cookie.toString())
+			.body(ResponseDto.ok(TokenResponse.of(response.accessToken())));
+	}
+
+}
diff --git a/api/src/main/java/com/pinback/api/config/cors/CorsConfig.java b/api/src/main/java/com/pinback/api/config/cors/CorsConfig.java
@@ -46,7 +46,7 @@ public CorsConfigurationSource corsConfigurationSource() {
 			""
 		));
 
-		configuration.setAllowCredentials(false);
+		configuration.setAllowCredentials(true);
 
 		configuration.setExposedHeaders(Arrays.asList(
 			"Access-Control-Allow-Origin",

diff --git a/api/src/main/java/com/pinback/api/config/filter/JwtAuthenticationFilter.java b/api/src/main/java/com/pinback/api/config/filter/JwtAuthenticationFilter.java
@@ -104,7 +104,8 @@ protected boolean shouldNotFilter(HttpServletRequest request) throws ServletExce
 				path.startsWith("/api/v2/auth/signup") ||
 				path.startsWith("/api/v3/auth/signup") ||
 				path.startsWith("/api/v3/auth/google") ||
-				path.startsWith("/api/v3/enums/jobs")
+				path.startsWith("/api/v3/enums/jobs") ||
+				path.startsWith("/api/v3/auth/reissue")
 			;
 	}
 }
diff --git a/api/src/main/java/com/pinback/api/config/security/SecurityConfig.java b/api/src/main/java/com/pinback/api/config/security/SecurityConfig.java
@@ -56,7 +56,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 					"/api/v2/auth/google",
 					"/api/v2/auth/signup",
 					"/api/v3/auth/signup",
-					"/api/v3/auth/google"
+					"/api/v3/auth/google",
+					"/api/v3/auth/reissue"
 				).permitAll()
 
 				.requestMatchers(

diff --git a/api/src/main/java/com/pinback/api/google/controller/GoogleLoginControllerV3.java b/api/src/main/java/com/pinback/api/google/controller/GoogleLoginControllerV3.java
@@ -1,5 +1,9 @@
 package com.pinback.api.google.controller;
 
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseCookie;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -8,7 +12,7 @@
 
 import com.pinback.api.auth.dto.request.SignUpRequestV3;
 import com.pinback.api.google.dto.request.GoogleLoginRequestV3;
-import com.pinback.application.auth.dto.SignUpResponse;
+import com.pinback.application.auth.dto.SignUpResponseV3;
 import com.pinback.application.auth.usecase.AuthUsecase;
 import com.pinback.application.google.dto.response.GoogleLoginResponseV3;
 import com.pinback.application.google.usecase.GoogleUsecase;
@@ -27,28 +31,51 @@
 public class GoogleLoginControllerV3 {
 	private final GoogleUsecase googleUsecase;
 	private final AuthUsecase authUsecase;
+	@Value("${jwt.refreshExpirationPeriod}")
+	private long refreshTokenExpirationPeriod;
 
 	@Operation(summary = "구글 소셜 로그인 V3", description = "구글 소셜 로그인을 진행하며, 응답에 직무 선택 여부를 포함합니다.")
 	@PostMapping("/google")
-	public Mono<ResponseDto<GoogleLoginResponseV3>> googleLogin(
+	public Mono<ResponseEntity<ResponseDto<GoogleLoginResponseV3>>> googleLogin(
 		@Valid @RequestBody GoogleLoginRequestV3 request
 	) {
 		return googleUsecase.getUserInfoV3(request.toCommand())
 			.flatMap(googleResponse -> {
 				return authUsecase.getInfoAndTokenV3(googleResponse.email(), googleResponse.pictureUrl(),
 						googleResponse.name())
 					.map(loginResponse -> {
-						return ResponseDto.ok(loginResponse);
+						ResponseCookie cookie = ResponseCookie.from("refreshToken", loginResponse.refreshToken())
+							.httpOnly(true)
+							.secure(true)
+							.path("/")
+							.maxAge(refreshTokenExpirationPeriod / 1000)
+							.sameSite("None")
+							.build();
+
+						return ResponseEntity.ok()
+							.header(HttpHeaders.SET_COOKIE, cookie.toString())
+							.body(ResponseDto.ok(loginResponse));
-						ResponseCookie cookie = ResponseCookie.from("refreshToken", loginResponse.refreshToken())
-							.httpOnly(true)
-							.secure(true)
-							.path("/")
-							.maxAge(refreshTokenExpirationPeriod / 1000)
-							.sameSite("None")
-							.build();
-
-						return ResponseEntity.ok()
-							.header(HttpHeaders.SET_COOKIE, cookie.toString())
-							.body(ResponseDto.ok(loginResponse));
+					.map(loginResponse -> {
+						ResponseCookie cookie = loginResponse.refreshToken() == null
+							? ResponseCookie.from("refreshToken", "")
+								.httpOnly(true)
+								.secure(true)
+								.path("/")
+								.maxAge(0)
+								.sameSite("None")
+								.build()
+							: ResponseCookie.from("refreshToken", loginResponse.refreshToken())
+								.httpOnly(true)
+								.secure(true)
+								.path("/")
+								.maxAge(refreshTokenExpirationPeriod / 1000)
+								.sameSite("None")
+								.build();
+
+						return ResponseEntity.ok()
+							.header(HttpHeaders.SET_COOKIE, cookie.toString())
+							.body(ResponseDto.ok(loginResponse));
+					});
-						ResponseCookie cookie = ResponseCookie.from("refreshToken", loginResponse.refreshToken())
-							.httpOnly(true)
-							.secure(true)
-							.path("/")
-							.maxAge(refreshTokenExpirationPeriod / 1000)
-							.sameSite("None")
-							.build();
-
-						return ResponseEntity.ok()
-							.header(HttpHeaders.SET_COOKIE, cookie.toString())
-							.body(ResponseDto.ok(loginResponse));
+					.map(loginResponse -> {
+						ResponseCookie cookie = loginResponse.refreshToken() == null
+							? ResponseCookie.from("refreshToken", "")
+								.httpOnly(true)
+								.secure(true)
+								.path("/")
+								.maxAge(0)
+								.sameSite("None")
+								.build()
+							: ResponseCookie.from("refreshToken", loginResponse.refreshToken())
+								.httpOnly(true)
+								.secure(true)
+								.path("/")
+								.maxAge(refreshTokenExpirationPeriod / 1000)
+								.sameSite("None")
+								.build();
+
+						return ResponseEntity.ok()
+							.header(HttpHeaders.SET_COOKIE, cookie.toString())
+							.body(ResponseDto.ok(loginResponse));
+					});
 					});
 			});
 	}
 
 	@Operation(summary = "신규 회원 온보딩 V3", description = "신규 회원의 기본 정보(직무 포함)를 등록합니다.")
 	@PatchMapping("/signup")
-	public ResponseDto<SignUpResponse> signUpV3(
+	public ResponseEntity<ResponseDto<SignUpResponseV3>> signUpV3(
 		@Valid @RequestBody SignUpRequestV3 request
 	) {
-		SignUpResponse response = authUsecase.signUpV3(request.toCommand());
-		return ResponseDto.ok(response);
+		SignUpResponseV3 response = authUsecase.signUpV3(request.toCommand());
+
+		ResponseCookie cookie = ResponseCookie.from("refreshToken", response.refreshToken())
+			.httpOnly(true)
+			.secure(true)
+			.path("/")
+			.maxAge(refreshTokenExpirationPeriod / 1000)
+			.sameSite("None")
+			.build();
+
+		return ResponseEntity.ok()
+			.header(HttpHeaders.SET_COOKIE, cookie.toString())
+			.body(ResponseDto.ok(response));
 	}
 }
diff --git a/api/src/main/resources/application.yml b/api/src/main/resources/application.yml
@@ -24,6 +24,7 @@ springdoc:
 jwt:
   secret-key: ${SECRET_KEY}
   accessExpirationPeriod: ${EXPIRATION_PERIOD}
+  refreshExpirationPeriod: ${REFRESH_EXPIRATION_PERIOD}
   issuer: ${ISSUER}
 
 fcm: ${FCM_JSON}

diff --git a/application/build.gradle b/application/build.gradle
@@ -17,4 +17,6 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-webflux'
 
     annotationProcessor 'org.springframework.boot:spring-boot-configuration-processor'
+
+    implementation 'org.springframework.boot:spring-boot-starter-data-redis'
 }
diff --git a/...n/src/main/java/com/pinback/application/article/usecase/command/CreateArticleUsecase.java b/...n/src/main/java/com/pinback/application/article/usecase/command/CreateArticleUsecase.java
@@ -79,7 +79,7 @@ private void validateArticleCreation(User user, ArticleCreateCommand command) {
 			throw new ArticleAlreadyExistException();
 		}
 
-		if (TextUtil.countGraphemeClusters(command.memo()) >= MEMO_LIMIT_LENGTH) {
+		if (TextUtil.countGraphemeClusters(command.memo()) > MEMO_LIMIT_LENGTH) {
 			throw new MemoLengthLimitException();
 		}
 	}

diff --git a/...n/src/main/java/com/pinback/application/article/usecase/command/UpdateArticleUsecase.java b/...n/src/main/java/com/pinback/application/article/usecase/command/UpdateArticleUsecase.java
@@ -48,7 +48,7 @@ public void updateArticle(User user, long articleId, ArticleUpdateCommand comman
 	}
 
 	private void validateMemoLength(String memo) {
-		if (TextUtil.countGraphemeClusters(memo) >= MEMO_LIMIT_LENGTH) {
+		if (TextUtil.countGraphemeClusters(memo) > MEMO_LIMIT_LENGTH) {
 			throw new MemoLengthLimitException();
 		}
 	}

diff --git a/application/src/main/java/com/pinback/application/auth/dto/SignUpResponseV3.java b/application/src/main/java/com/pinback/application/auth/dto/SignUpResponseV3.java
@@ -0,0 +1,10 @@
+package com.pinback.application.auth.dto;
+
+public record SignUpResponseV3(
+	String accessToken,
+	String refreshToken
+) {
+	public static SignUpResponseV3 from(String accessToken, String refreshToken) {
+		return new SignUpResponseV3(accessToken, refreshToken);
+	}
+}
diff --git a/application/src/main/java/com/pinback/application/auth/dto/TokenResponse.java b/application/src/main/java/com/pinback/application/auth/dto/TokenResponse.java
@@ -3,4 +3,7 @@
 public record TokenResponse(
 	String token
 ) {
+	public static TokenResponse of(String token) {
+		return new TokenResponse(token);
+	}
 }
diff --git a/application/src/main/java/com/pinback/application/auth/service/JwtProvider.java b/application/src/main/java/com/pinback/application/auth/service/JwtProvider.java
@@ -8,4 +8,6 @@ public interface JwtProvider {
 	boolean validateToken(String token);
 
 	UUID getUserIdFromToken(String token);
+
+	String createRefreshToken(UUID userId);
 }
diff --git a/application/src/main/java/com/pinback/application/auth/usecase/AuthUsecase.java b/application/src/main/java/com/pinback/application/auth/usecase/AuthUsecase.java
@@ -1,15 +1,20 @@
 package com.pinback.application.auth.usecase;
 
 import java.time.LocalTime;
+import java.util.UUID;
 
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
 import com.pinback.application.auth.dto.SignUpCommand;
 import com.pinback.application.auth.dto.SignUpCommandV3;
 import com.pinback.application.auth.dto.SignUpResponse;
+import com.pinback.application.auth.dto.SignUpResponseV3;
 import com.pinback.application.auth.dto.TokenResponse;
 import com.pinback.application.auth.service.JwtProvider;
+import com.pinback.application.common.exception.InvalidTokenException;
 import com.pinback.application.config.ProfileImageConfig;
 import com.pinback.application.google.dto.response.GoogleLoginResponse;
 import com.pinback.application.google.dto.response.GoogleLoginResponseV3;
@@ -30,6 +35,7 @@
 @Service
 @RequiredArgsConstructor
 public class AuthUsecase {
+	private static final String REDIS_REFRESH_TOKEN_PREFIX = "RT:";
 
 	private final UserValidateServicePort userValidateServicePort;
 	private final UserSaveServicePort userSaveServicePort;
@@ -40,6 +46,10 @@ public class AuthUsecase {
 	private final UserUpdateServicePort userUpdateServicePort;
 	private final UserOAuthUsecase userOAuthUsecase;
 	private final ProfileImageConfig profileImageConfig;
+	private final StringRedisTemplate stringRedisTemplate;
+
+	@Value("${jwt.refreshExpirationPeriod}")
+	private long refreshTokenExpirationPeriod;
 
 	@Transactional
 	public SignUpResponse signUp(SignUpCommand signUpCommand) {
@@ -123,9 +133,11 @@ public SignUpResponse signUpV2(SignUpCommand signUpCommand) {
 	}
 
 	@Transactional
-	public SignUpResponse signUpV3(SignUpCommandV3 signUpCommand) {
+	public SignUpResponseV3 signUpV3(SignUpCommandV3 signUpCommand) {
 		User user = userGetServicePort.findByEmail(signUpCommand.email());
 		String accessToken = jwtProvider.createAccessToken(user.getId());
+		String refreshToken = jwtProvider.createRefreshToken(user.getId());
+		saveRefreshTokenToRedis(user.getId(), refreshToken);
 		userUpdateServicePort.updateRemindDefault(user.getId(), signUpCommand.remindDefault());
 
 		savePushSubscriptionPort.savePushSubscription(user, signUpCommand.fcmToken());
@@ -135,7 +147,7 @@ public SignUpResponse signUpV3(SignUpCommandV3 signUpCommand) {
 		Job job = Job.from(signUpCommand.job());
 		userUpdateServicePort.updateJob(user.getId(), job);
 
-		return SignUpResponse.from(accessToken);
+		return SignUpResponseV3.from(accessToken, refreshToken);
 	}
 
 	@Transactional
@@ -149,11 +161,15 @@ public Mono<GoogleLoginResponseV3> getInfoAndTokenV3(String email, String pictur
 						if (updatedUser.getRemindDefault() != null && updatedUser.getProfileImage() != null) {
 							log.info("기존 사용자 로그인 성공: User ID {}", updatedUser.getId());
 
-							//Access Token 발급
+							//Access Token & Refresh Token 발급
 							String accessToken = jwtProvider.createAccessToken(updatedUser.getId());
+							String refreshToken = jwtProvider.createRefreshToken(updatedUser.getId());
+
+							saveRefreshTokenToRedis(updatedUser.getId(), refreshToken);
 
 							return Mono.just(GoogleLoginResponseV3.loggedIn(
-								updatedUser.hasJob(), updatedUser.getId(), updatedUser.getEmail(), accessToken
+								updatedUser.hasJob(), updatedUser.getId(), updatedUser.getEmail(), accessToken,
+								refreshToken
 							));
 						} else {
 							log.info("기존 사용자 - 온보딩 미완료 유저 처리: User ID {}", updatedUser.getId());
@@ -185,6 +201,25 @@ public Mono<GoogleLoginResponseV3> getInfoAndTokenV3(String email, String pictur
 			}));
 	}
 
+	@Transactional
+	public SignUpResponseV3 getNewToken(String refreshToken) {
+		UUID userId = jwtProvider.getUserIdFromToken(refreshToken);
+
+		String redisKey = REDIS_REFRESH_TOKEN_PREFIX + userId.toString();
+		String savedToken = stringRedisTemplate.opsForValue().get(redisKey);
+		if (savedToken == null || !savedToken.equals(refreshToken)) {
+			stringRedisTemplate.delete(redisKey);
+			throw new InvalidTokenException();
+		}
+
+		String newAccessToken = jwtProvider.createAccessToken(userId);
+		String newRefreshToken = jwtProvider.createRefreshToken(userId);
+
+		saveRefreshTokenToRedis(userId, newRefreshToken);
+
+		return SignUpResponseV3.from(newAccessToken, newRefreshToken);
+	}
+
 	private Mono<User> applyMissingUserInfo(User existingUser, String pictureUrl, String name) {
 		// 1. 이름 업데이트
 		boolean nameUpdated = false;
@@ -224,4 +259,13 @@ private String matchingProfileImage(LocalTime remindDefault) {
 			return "IMAGE3";
 		}
 	}
+
+	private void saveRefreshTokenToRedis(UUID userId, String refreshToken) {
+		stringRedisTemplate.opsForValue().set(
+			"RT:" + userId.toString(),
+			refreshToken,
+			refreshTokenExpirationPeriod,
+			java.util.concurrent.TimeUnit.MILLISECONDS
+		);
+	}
 }
diff --git a/...ication/src/main/java/com/pinback/application/common/exception/InvalidTokenException.java b/...ication/src/main/java/com/pinback/application/common/exception/InvalidTokenException.java
@@ -0,0 +1,10 @@
+package com.pinback.application.common.exception;
+
+import com.pinback.shared.constant.ExceptionCode;
+import com.pinback.shared.exception.ApplicationException;
+
+public class InvalidTokenException extends ApplicationException {
+	public InvalidTokenException() {
+		super(ExceptionCode.INVALID_TOKEN);
+	}
+}
diff --git a/...tion/src/main/java/com/pinback/application/google/dto/response/GoogleLoginResponseV3.java b/...tion/src/main/java/com/pinback/application/google/dto/response/GoogleLoginResponseV3.java
@@ -7,13 +7,15 @@ public record GoogleLoginResponseV3(
 	boolean hasJob,
 	UUID userId,
 	String email,
-	String accessToken
+	String accessToken,
+	String refreshToken
 ) {
-	public static GoogleLoginResponseV3 loggedIn(boolean hasJob, UUID userId, String email, String accessToken) {
-		return new GoogleLoginResponseV3(true, hasJob, userId, email, accessToken);
+	public static GoogleLoginResponseV3 loggedIn(boolean hasJob, UUID userId, String email, String accessToken,
+		String refreshToken) {
+		return new GoogleLoginResponseV3(true, hasJob, userId, email, accessToken, refreshToken);
 	}
 
 	public static GoogleLoginResponseV3 tempLogin(UUID userId, String email) {
-		return new GoogleLoginResponseV3(false, false, userId, email, null);
+		return new GoogleLoginResponseV3(false, false, userId, email, null, null);
 	}
 }
diff --git a/.../main/java/com/pinback/infrastructure/article/repository/ArticleRepositoryCustomImpl.java b/.../main/java/com/pinback/infrastructure/article/repository/ArticleRepositoryCustomImpl.java
@@ -429,8 +429,12 @@ public ArticleCountInfoV3 findAllCountByCategoryV3(UUID userId, long categoryId)
 	@Override
 	public SharedArticles findTopListByJob(Job job) {
 		List<Article> articles = queryFactory.selectFrom(article)
-			.join(article.user, user)
-			.where(user.job.eq(job))
+			.join(article.user, user).fetchJoin()
+			.join(article.category, category)
+			.where(
+				user.job.eq(job),
+				category.isPublic.isTrue()
+			)
 			.orderBy(article.createdAt.desc())
 			.limit(10)
 			.fetch();