Pinit-Scheduler · GoGradually · Dec 27, 2025 · Dec 27, 2025 · Copilot · Dec 27, 2025
diff --git a/src/main/java/me/gg/pinit/infrastructure/jwt/TokenCookieFactory.java b/src/main/java/me/gg/pinit/infrastructure/jwt/TokenCookieFactory.java
@@ -17,7 +17,17 @@ public TokenCookieFactory(CookieProperties cookieProperties) {
     }
 
     public ResponseCookie refreshTokenCookie(String refreshToken) {
-        ResponseCookie.ResponseCookieBuilder builder = ResponseCookie.from("refresh_token", refreshToken)
+        return refreshTokenCookieBuilder(refreshToken).build();
+    }
+
+    public ResponseCookie deleteRefreshTokenCookie() {
+        return refreshTokenCookieBuilder("")
+                .maxAge(0)
+                .build();
+    }
+
+    private ResponseCookie.ResponseCookieBuilder refreshTokenCookieBuilder(String value) {
+        ResponseCookie.ResponseCookieBuilder builder = ResponseCookie.from("refresh_token", value)
                 .httpOnly(true)
                 .path("/")
                 .secure(cookieProperties.isSecure());
@@ -29,6 +39,6 @@ public ResponseCookie refreshTokenCookie(String refreshToken) {
             builder.sameSite(cookieProperties.getSameSite());
         }
 
-        return builder.build();
+        return builder;
     }
 }
diff --git a/src/main/java/me/gg/pinit/interfaces/member/MemberController.java b/src/main/java/me/gg/pinit/interfaces/member/MemberController.java
@@ -17,6 +17,7 @@
 import me.gg.pinit.interfaces.member.dto.LoginResponse;
 import me.gg.pinit.interfaces.member.dto.SignupRequest;
 import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -109,6 +110,21 @@ public ResponseEntity<LoginResponse> refresh(HttpServletRequest request) {
                 .body(new LoginResponse(newAccessToken));
     }
 
+    @PostMapping("/logout")
+    @Operation(
+            summary = "로그아웃",
+            description = "refresh_token 쿠키를 만료시켜 로그아웃 처리합니다."
+    )
+    @ApiResponses({
+            @ApiResponse(responseCode = "200", description = "로그아웃 성공")
+    })
+    public ResponseEntity<Void> logout() {
+        ResponseCookie expiredCookie = tokenCookieFactory.deleteRefreshTokenCookie();
+        return ResponseEntity.ok()
+                .header(HttpHeaders.SET_COOKIE, expiredCookie.toString())
+                .build();
+    }
+
     @GetMapping("/me")
     @Operation(
             summary = "로그인 확인",