PAW-KEY · seokki2 · Jan 12, 2026 · Dec 6, 2025 · Dec 6, 2025 · Dec 6, 2025
diff --git a/DOKI.xcodeproj/project.pbxproj b/DOKI.xcodeproj/project.pbxproj
@@ -18,7 +18,7 @@
 /* End PBXFileReference section */
 
 /* Begin PBXFileSystemSynchronizedBuildFileExceptionSet section */
-		00232BF72EB4E32E00F26249 /* Exceptions for "DOKI" folder in "DOKI" target */ = {
+		007D0E9E2F123D5600BCD675 /* Exceptions for "DOKI" folder in "DOKI" target */ = {
 			isa = PBXFileSystemSynchronizedBuildFileExceptionSet;
 			membershipExceptions = (
 				Info.plist,
@@ -31,7 +31,7 @@
 		76ECCDEF2E05AFCC0056CAF7 /* DOKI */ = {
 			isa = PBXFileSystemSynchronizedRootGroup;
 			exceptions = (
-				00232BF72EB4E32E00F26249 /* Exceptions for "DOKI" folder in "DOKI" target */,
+				007D0E9E2F123D5600BCD675 /* Exceptions for "DOKI" folder in "DOKI" target */,
 			);
 			path = DOKI;
 			sourceTree = "<group>";
@@ -166,7 +166,6 @@
 			buildSettings = {
 				ALWAYS_SEARCH_USER_PATHS = NO;
 				ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES;
-				BASE_URL = "";
 				CLANG_ANALYZER_NONNULL = YES;
 				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
@@ -232,7 +231,6 @@
 			buildSettings = {
 				ALWAYS_SEARCH_USER_PATHS = NO;
 				ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES;
-				BASE_URL = "";
 				CLANG_ANALYZER_NONNULL = YES;
 				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
@@ -286,10 +284,13 @@
 		};
 		76ECCDF92E05AFCC0056CAF7 /* Debug */ = {
 			isa = XCBuildConfiguration;
+			baseConfigurationReferenceAnchor = 76ECCDEF2E05AFCC0056CAF7 /* DOKI */;
+			baseConfigurationReferenceRelativePath = Config.xcconfig;
 			buildSettings = {
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
 				BASE_URL = "";
+				CODE_SIGN_ENTITLEMENTS = DOKI/DOKI.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 1;
 				DEVELOPMENT_TEAM = Z9PQC69UPK;
@@ -321,10 +322,13 @@
 		};
 		76ECCDFA2E05AFCC0056CAF7 /* Release */ = {
 			isa = XCBuildConfiguration;
+			baseConfigurationReferenceAnchor = 76ECCDEF2E05AFCC0056CAF7 /* DOKI */;
+			baseConfigurationReferenceRelativePath = Config.xcconfig;
 			buildSettings = {
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
 				BASE_URL = "";
+				CODE_SIGN_ENTITLEMENTS = DOKI/DOKI.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 1;
 				DEVELOPMENT_TEAM = Z9PQC69UPK;

diff --git a/DOKI/Application/DOKIApp.swift b/DOKI/Application/DOKIApp.swift
@@ -10,13 +10,17 @@ import SwiftUI
 @main
 struct DOKIApp: App {
     @StateObject var appDIContainer = AppDIContainer()
-    @StateObject var authManager = AuthManager()
+    @StateObject var authManager = AuthManager.shared
 
     var body: some Scene {
         WindowGroup {
             RootView()
                 .environmentObject(authManager)
                 .environmentObject(appDIContainer)
+                .onAppear {
+                    try? KeychainManager.delete(.accessToken)
+                    try? KeychainManager.delete(.refreshToken)
+                }
         }
     }
 }
diff --git a/DOKI/DOKI.entitlements b/DOKI/DOKI.entitlements
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.developer.applesignin</key>
+	<array>
+		<string>Default</string>
+	</array>
+</dict>
+</plist>
diff --git a/DOKI/Global/Manager/AuthManager.swift b/DOKI/Global/Manager/AuthManager.swift
@@ -7,20 +7,82 @@
 
 import SwiftUI
 
+import Moya
+
 enum AuthState: String, CaseIterable {
     case loggedIn
     case loggedOut
     case loading
 }
 
 class AuthManager: ObservableObject {
+    static let shared = AuthManager()
+
     @Published var authStatus: AuthState = .loading
+    @Published var isNewUser: Bool = false
+
+    private(set) var accessToken: String?
+    private(set) var refreshToken: String?
+
+    private let provider = MoyaProvider<LoginAPI>(plugins: [NetworkLoggerPlugin()])
+
+    private init() {}
 
     func checkLogin() {
-        authStatus = .loggedIn
+        do {
+            self.accessToken = try KeychainManager.read(.accessToken)
+            self.refreshToken = try KeychainManager.read(.refreshToken)
+            authStatus = .loggedIn            
+        } catch {
+            authStatus = .loggedOut
+            print(error.localizedDescription)
+        }
     }
 
-    func login() {
-        authStatus = .loggedIn
+    /// AppleLogin API
+    func loginWithApple(_ idToken: String, deviceId: String) async {
+        do {
+            let appleLoginReqDto = AppleLoginRequestDTO(authorizationCode: idToken, deviceId: deviceId)
+            let response: AppleLoginResponseDTO = try await provider.async.request(.appleLogin(appleLoginReqDto: appleLoginReqDto))
+
+            try KeychainManager.create(.accessToken, response.accessToken)
+            try KeychainManager.create(.refreshToken, response.refreshToken)
+            self.accessToken = response.accessToken
+            self.refreshToken = response.refreshToken
+
+            DispatchQueue.main.async { [weak self] in
+                guard let self else { return }
+                isNewUser = response.isNewUser
+
+                if !isNewUser {
+                    authStatus = .loggedIn
+                }
+            }
+        } catch {
+            print(error.localizedDescription)
+        }
+    }
+
+    func logout() {
+        do {
+            try KeychainManager.delete(.accessToken)
+            try KeychainManager.delete(.refreshToken)
+            authStatus = .loggedOut
+        } catch {
+            print(error.localizedDescription)
+        }
+    }
+
+    func reissueToken(accessToken: String, refreshToken: String) {
+        do {
+            try KeychainManager.create(.accessToken, accessToken)
+            try KeychainManager.create(.refreshToken, refreshToken)
+            self.accessToken = accessToken
+            self.refreshToken = refreshToken
+        } catch {
+            print(error.localizedDescription)
+        }
     }
 }
+
+
diff --git a/DOKI/Global/Manager/KeychainManager.swift b/DOKI/Global/Manager/KeychainManager.swift
@@ -0,0 +1,81 @@
+//
+//  KeychainManager.swift
+//  DOKI
+//
+//  Created by a on 12/7/25.
+//
+
+import Foundation
+
+enum KeychainError: Error {
+    case noPassword
+    case unhandledError(status: OSStatus)
+    case unexpectedPasswordData
+
+    var message: String {
+        switch self {
+        case .noPassword: return "No password available."
+        case .unexpectedPasswordData: return "Expected data, but found none."
+        case .unhandledError(let status): return "Unhandled error with status: \(status)"
+        }
+    }
+}
+
+enum KeychainName: String {
+    case accessToken
+    case refreshToken
+}
+
+struct KeychainManager {
+
+    /// Keychain 저장소에서 key에 해당하는 값을 추가
+    static func create<T: Codable>(_ key: KeychainName, _ value: T) throws {
+        do {
+            let valueData = try JSONEncoder().encode(value)
+            let query: NSDictionary = [
+                kSecClass: kSecClassGenericPassword,
+                kSecAttrAccount: key.rawValue,
+                kSecValueData: valueData
+            ]
+            SecItemDelete(query)
+
+            let status = SecItemAdd(query, nil)
+            guard status == errSecSuccess else { throw KeychainError.unhandledError(status: status) }
+        } catch {
+            throw KeychainError.unexpectedPasswordData
+        }
+    }
+
+    /// Keychain 저장소에서 key에 해당하는 값을 검색
+    @discardableResult
+    static func read(_ key: KeychainName) throws -> String? {
+        let query: NSDictionary = [kSecClass: kSecClassGenericPassword,
+                             kSecAttrAccount: key.rawValue,
+                              kSecMatchLimit: kSecMatchLimitOne,
+                              kSecReturnData: true]
+        var item: CFTypeRef?
+        let status = SecItemCopyMatching(query as CFDictionary, &item)
+        guard status != errSecItemNotFound else { throw KeychainError.noPassword }
+        if status == errSecSuccess {
+            if let retrievedItem = item as? Data {
+                let returnValue = String(data: retrievedItem, encoding: String.Encoding.utf8)
+                return returnValue
+            } else {
+                return nil
+            }
+        } else {
+            throw KeychainError.unexpectedPasswordData
+        }
+    }
+
+    /// key에 해당하는 값을 삭제
+    static func delete(_ key: KeychainName) throws {
+        let query: NSDictionary = [
+            kSecClass: kSecClassGenericPassword,
+            kSecAttrAccount: key.rawValue
+        ]
+        let status = SecItemDelete(query)
+        guard status == errSecSuccess else { throw KeychainError.unhandledError(status: status) }
+    }
+}
+
diff --git a/DOKI/Network/Base/AuthInterceptor.swift b/DOKI/Network/Base/AuthInterceptor.swift
@@ -0,0 +1,88 @@
+//
+//  AuthInterceptor.swift
+//  DOKI
+//
+//  Created by a on 12/9/25.
+//
+
+import Foundation
+
+import Moya
+import Alamofire
+
+final class AuthInterceptor: RequestInterceptor {
+    static let shared = AuthInterceptor()
+
+    private init() {}
+
+    // 네트워크 요청하기전 헤더에 accessToken 추가
+    func adapt(_ urlRequest: URLRequest, for session: Session, completion: @escaping (Result<URLRequest, any Error>) -> Void) {
+        var request = urlRequest
+
+           if request.url?.absoluteString.contains("auth/refresh") == true {
+               completion(.success(request))
+               return
+           }
+           if let accessToken = AuthManager.shared.accessToken {
+               request.addValue("Bearer \(accessToken)", forHTTPHeaderField: "Authorization")
+           }
+
+           completion(.success(request))
+    }
+
+    func retry(_ request: Request, for session: Session, dueTo error: any Error, completion: @escaping (RetryResult) -> Void) {
+        // 401인 경우가 아니라면 종료
+        guard let response = request.task?.response as? HTTPURLResponse, response.statusCode == 401 else {
+            completion(.doNotRetryWithError(error))
+            return
+        }
+
+        // refreshToken 가져오기 없다면 종료
+        guard let refreshToken = AuthManager.shared.refreshToken?.replacingOccurrences(of: "\"", with: "") else {
+            completion(.doNotRetry)
+            AuthManager.shared.logout()
+            return
+        }
+
+        // 토큰 재발급 API 호출 & 토큰 교체
+        var refreshRequest = URLRequest(url: URL(string: Config.baseURL + "auth/refresh")!)
+        refreshRequest.httpMethod = "POST"
+        refreshRequest.addValue("application/json", forHTTPHeaderField: "Content-Type")
+
+        let requestBody = try? JSONSerialization.data(withJSONObject: ["refreshToken": refreshToken, "deviceId": "doki-service"])
+        refreshRequest.httpBody = requestBody
+        let defaultSession = URLSession(configuration: .default)
+
+        defaultSession.dataTask(with: refreshRequest) { (data: Data?, response: URLResponse?, error: Error?) in
+            // 에러 발생시 재요청x
+            guard error == nil else {
+                completion(.doNotRetry)
+                AuthManager.shared.logout()
+                return
+            }
+
+            guard let data, let response = response as? HTTPURLResponse, (200..<300) ~= response.statusCode else {
+                completion(.doNotRetry)
+                AuthManager.shared.logout()
+                return
+            }
+
+            // 토큰 재발급 요청 성공
+            do {
+                let response = try JSONDecoder().decode(AppleLoginResponseDTO.self, from: data)
+                // 토큰 재발급
+                AuthManager.shared.reissueToken(
+                    accessToken: response.accessToken,
+                    refreshToken: response.refreshToken
+                )
+                // 재요청
+                print("토큰 재발급 성공 - 재요청")
+                completion(.retry)
+            } catch {
+                print("토큰 재발급 실패 - 로그아웃")
+                completion(.doNotRetryWithError(error))
+                AuthManager.shared.logout()
+            }
+        }.resume()
+    }
+}
diff --git a/DOKI/Network/Base/BaseTargetType.swift b/DOKI/Network/Base/BaseTargetType.swift
@@ -10,8 +10,7 @@ import Foundation
 import Moya
 
 enum HeaderType {
-    case noneHeader
-    case userHeader(userId: Int)
+    case defaultHeader
 }
 
 protocol BaseTargetType: TargetType {
@@ -28,13 +27,8 @@ extension BaseTargetType {
 
     var headers: [String: String]? {
         switch headerType {
-        case .noneHeader:
-            return nil
-        case .userHeader(let userId):
-            return [
-                "Content-Type": "application/json",
-                "X-USER-ID": String(userId),
-            ]
+        case .defaultHeader:
+            return ["Content-Type": "application/json"]    
         }
     }
 }
diff --git a/DOKI/Network/Login/DTOs/AppleLoginRequestDTO.swift b/DOKI/Network/Login/DTOs/AppleLoginRequestDTO.swift
@@ -0,0 +1,13 @@
+//
+//  AppleLoginRequestDTO.swift
+//  DOKI
+//
+//  Created by a on 12/7/25.
+//
+
+import Foundation
+
+struct AppleLoginRequestDTO: Encodable {
+    let authorizationCode: String
+    let deviceId: String
+}