sprint-19-part4-1team · aahreum · Jan 1, 2026 · Jan 1, 2026 · Jan 1, 2026 · Jan 1, 2026
diff --git a/src/app/api/auth/logout/route.ts b/src/app/api/auth/logout/route.ts
@@ -0,0 +1,39 @@
+import { NextResponse } from 'next/server';
+import { clearAuthTokens } from '@/shared/utils/authCookies';
+
+type LogoutResponseBody = {
+  message: string;
+};
+
+/**
+ * ## 로그아웃 API (BFF)
+ *
+ * @description
+ * - 인증된 사용자의 로그아웃을 처리하는 API입니다.
+ * - 서버에서 HttpOnly Cookie에 저장된 인증 토큰(accessToken, refreshToken)을 삭제합니다.
+ *
+ * @returns
+ * - 200: 로그아웃 성공
+ * - 500: 로그아웃 처리 중 서버 오류 발생
+ *
+ * @example
+ * ```http
+ * POST /api/auth/logout
+ *
+ * Response 200
+ * {
+ *   "message": "로그아웃 되었습니다."
+ * }
+ * ```
+ */
+export async function POST(): Promise<NextResponse<LogoutResponseBody>> {
+  try {
+    await clearAuthTokens();
+
+    return NextResponse.json({ message: '로그아웃 되었습니다.' });
+  } catch (error) {
+    // eslint-disable-next-line no-console
+    console.error(error);
+    return NextResponse.json({ message: '로그아웃에 실패했습니다.' }, { status: 500 });
+  }
+}
diff --git a/src/shared/utils/authCookies.ts b/src/shared/utils/authCookies.ts
@@ -24,6 +24,17 @@ export const getAuthToken = async (token: AuthToken): Promise<string | undefined
 export const clearAuthTokens = async () => {
   const cookieStore = await cookies();
 
-  cookieStore.delete('accessToken');
-  cookieStore.delete('refreshToken');
+  cookieStore.set({
+    name: 'accessToken',
+    value: '',
+    path: '/',
+    maxAge: 0,
+  });
+
+  cookieStore.set({
+    name: 'refreshToken',
+    value: '',
+    path: '/',
+    maxAge: 0,
+  });
 };