Merge pull request #120 from swm-nodriversomabus/FIX-LOGOUT-LOGIN

fix(BE): Logout Cookie 제거 및 리프레시 토큰 제거 - 개발 서버 반영 후 결과 파악 #114

src/main/java/com/example/api/auth/config/SecurityConfig.java

@@ -78,29 +78,18 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
             oauth2.failureHandler(oAuth2LoginFailureHandler);//핸들러
             oauth2.successHandler(oAUth2LoginSuccessHandler);
         });
-        httpSecurity.logout(logout -> logout
-                .logoutUrl("/logout")
-                .addLogoutHandler(((request, response, authentication) -> {
-                    Cookie[] cookies = request.getCookies();
-                    if(cookies != null) {
-                        for (Cookie cookie : request.getCookies()) {
-                            String cookieName = cookie.getName();
-                            CookieUtils.addCookie(response, cookieName, null, 0);
-                        }
-                    }
-                }))
+        httpSecurity.logout(
+                logout ->
+                        logout
+                                .logoutUrl("/logout")
+                                .clearAuthentication(true)
+                                .addLogoutHandler(((request, response, authentication) -> {
+
+                                }))
+                                .logoutSuccessHandler(myLogoutSuccessHandler)
+                                .permitAll()
+
         );
-//        httpSecurity.logout(
-//                httpSecurityLogoutConfigurer ->
-//                        httpSecurityLogoutConfigurer
-//                                .logoutRequestMatcher(new AntPathRequestMatcher("/auth/logout"))
-//                                .invalidateHttpSession(true)
-//                                .deleteCookies("access_token")
-//                                .clearAuthentication(true)
-//                                .logoutSuccessHandler(myLogoutSuccessHandler)
-//                                .permitAll()
-//
-//        );
 //        httpSecurity.logout(logout -> logout.logoutSuccessUrl("/"));
 
         return httpSecurity

src/main/java/com/example/api/auth/handler/MyLogoutSuccessHandler.java

@@ -1,10 +1,14 @@
 package com.example.api.auth.handler;
 
+import com.example.api.auth.application.port.in.LogoutUsecase;
+import com.example.api.auth.utils.CookieUtils;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import jakarta.servlet.ServletException;
+import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 import org.springframework.stereotype.Component;
@@ -14,11 +18,27 @@
 
 @Component
 @RequiredArgsConstructor
+@Slf4j
 public class MyLogoutSuccessHandler implements LogoutSuccessHandler {
     private final ObjectMapper objectMapper;
+    private final LogoutUsecase logoutUsecase;
+
     @Override
     public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
         //로그 아웃 성공시 ok 보내자
+        Cookie[] cookies = request.getCookies();
+        if(cookies != null) {
+            for (Cookie cookie : request.getCookies()) {
+                String cookieName = cookie.getName();
+                if(cookieName.equals("access_token")){
+                    String accessToken = cookie.getValue();
+                    log.info("access_token : {}", accessToken);
+                    logoutUsecase.removeToken(accessToken);
+                }
+                CookieUtils.addCookie(response, cookieName, null, 0);
+            }
+        }
+
         response.setStatus(HttpServletResponse.SC_OK);
     }
 }