Skip to content

feat/로그아웃 기능 구현 #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
GoGradually merged 1 commit into from
Dec 27, 2025
Merged

feat/로그아웃 기능 구현 #8

GoGradually merged 1 commit into from
Dec 27, 2025

Conversation

@GoGradually
Copy link
Collaborator

@GoGradually GoGradually commented Dec 27, 2025

변경된 점

  • 로그아웃 시 refresh 토큰 쿠키를 지우는 로직 작성

Copilot AI review requested due to automatic review settings December 27, 2025 09:02
Copilot AI reviewed Dec 27, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

이 PR은 로그아웃 기능을 구현하여 사용자가 refresh token 쿠키를 만료시켜 세션을 종료할 수 있도록 합니다.

  • /logout POST 엔드포인트 추가
  • TokenCookieFactory에 쿠키 삭제 메서드 추가 및 코드 리팩토링

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
src/main/java/me/gg/pinit/interfaces/member/MemberController.java refresh_token 쿠키를 만료시키는 /logout 엔드포인트 추가
src/main/java/me/gg/pinit/infrastructure/jwt/TokenCookieFactory.java 쿠키 삭제를 위한 deleteRefreshTokenCookie() 메서드 추가 및 공통 빌더 로직을 refreshTokenCookieBuilder()로 추출하여 중복 제거

src/main/java/me/gg/pinit/interfaces/member/MemberController.java
Comment on lines +113 to +121
@PostMapping("/logout")
@Operation(
summary = "로그아웃",
description = "refresh_token 쿠키를 만료시켜 로그아웃 처리합니다."
)
@ApiResponses({
@ApiResponse(responseCode = "200", description = "로그아웃 성공")
})
public ResponseEntity<Void> logout() {
Copy link

Copilot AI Dec 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

문제점: 로그아웃 엔드포인트에 인증이 요구되지 않습니다. 현재 누구나 이 엔드포인트를 호출하여 다른 사용자의 refresh_token 쿠키를 삭제할 수 있습니다.

영향: 공격자가 임의로 사용자의 로그아웃을 유발할 수 있어 가용성(availability) 측면의 보안 문제가 발생할 수 있습니다.

수정 제안: /me 엔드포인트처럼 @securityrequirement 애노테이션을 추가하여 Bearer 토큰을 통한 인증을 요구하거나, 또는 refresh_token 쿠키의 존재 여부를 검증하는 로직을 추가해야 합니다.

Copilot uses AI. Check for mistakes.
@GoGradually GoGradually merged commit e78c20a into master Dec 27, 2025
7 checks passed
@GoGradually GoGradually deleted the feat/로그아웃-기능-구현 branch December 27, 2025 12:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@GoGradually