feat/로그아웃 기능 구현#8
Merged
GoGradually merged 1 commit intomasterfrom Dec 27, 2025
Hidden character warning
The head ref may contain hidden characters: "feat/\ub85c\uadf8\uc544\uc6c3-\uae30\ub2a5-\uad6c\ud604"
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
이 PR은 로그아웃 기능을 구현하여 사용자가 refresh token 쿠키를 만료시켜 세션을 종료할 수 있도록 합니다.
/logoutPOST 엔드포인트 추가TokenCookieFactory에 쿠키 삭제 메서드 추가 및 코드 리팩토링
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
src/main/java/me/gg/pinit/interfaces/member/MemberController.java |
refresh_token 쿠키를 만료시키는 /logout 엔드포인트 추가 |
src/main/java/me/gg/pinit/infrastructure/jwt/TokenCookieFactory.java |
쿠키 삭제를 위한 deleteRefreshTokenCookie() 메서드 추가 및 공통 빌더 로직을 refreshTokenCookieBuilder()로 추출하여 중복 제거 |
Comment on lines
+113
to
+121
| @PostMapping("/logout") | ||
| @Operation( | ||
| summary = "로그아웃", | ||
| description = "refresh_token 쿠키를 만료시켜 로그아웃 처리합니다." | ||
| ) | ||
| @ApiResponses({ | ||
| @ApiResponse(responseCode = "200", description = "로그아웃 성공") | ||
| }) | ||
| public ResponseEntity<Void> logout() { |
There was a problem hiding this comment.
문제점: 로그아웃 엔드포인트에 인증이 요구되지 않습니다. 현재 누구나 이 엔드포인트를 호출하여 다른 사용자의 refresh_token 쿠키를 삭제할 수 있습니다.
영향: 공격자가 임의로 사용자의 로그아웃을 유발할 수 있어 가용성(availability) 측면의 보안 문제가 발생할 수 있습니다.
수정 제안: /me 엔드포인트처럼 @securityrequirement 애노테이션을 추가하여 Bearer 토큰을 통한 인증을 요구하거나, 또는 refresh_token 쿠키의 존재 여부를 검증하는 로직을 추가해야 합니다.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
변경된 점