From fbb89e042ed31b086acd1d3d367387203b3079c8 Mon Sep 17 00:00:00 2001
From: yonghwankim-dev <dragonbead95@naver.com>
Date: Wed, 16 Oct 2024 16:58:29 +0900
Subject: [PATCH] =?UTF-8?q?feat:=20=EC=BF=A0=ED=82=A4=20=EB=A7=8C=EB=A3=8C?=
 =?UTF-8?q?=20=EA=B8=B0=EB=8A=A5=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../domain/member/service/MemberService.java  | 12 ++++++++++
 .../global/security/factory/TokenFactory.java | 24 +++++++++++++++++++
 .../api/global/security/oauth/dto/Token.java  |  4 ++++
 3 files changed, 40 insertions(+)

diff --git a/src/main/java/co/fineants/api/domain/member/service/MemberService.java b/src/main/java/co/fineants/api/domain/member/service/MemberService.java
index fdb01bff..2fa4e5b2 100644
--- a/src/main/java/co/fineants/api/domain/member/service/MemberService.java
+++ b/src/main/java/co/fineants/api/domain/member/service/MemberService.java
@@ -6,6 +6,7 @@
 import java.util.Optional;
 import java.util.regex.Pattern;
 
+import org.springframework.http.ResponseCookie;
 import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -54,6 +55,7 @@
 import co.fineants.api.global.errors.exception.BadRequestException;
 import co.fineants.api.global.errors.exception.FineAntsException;
 import co.fineants.api.global.errors.exception.NotFoundResourceException;
+import co.fineants.api.global.security.factory.TokenFactory;
 import co.fineants.api.global.security.oauth.dto.Token;
 import co.fineants.api.global.security.oauth.service.TokenService;
 import co.fineants.api.global.util.CookieUtils;
@@ -93,6 +95,7 @@ public class MemberService {
 	private final TokenService tokenService;
 	private final OauthMemberRedisService oauthMemberRedisService;
 	private final RoleRepository roleRepository;
+	private final TokenFactory tokenFactory;
 
 	public void logout(HttpServletRequest request, HttpServletResponse response) {
 		// clear Authentication
@@ -112,6 +115,15 @@ public void logout(HttpServletRequest request, HttpServletResponse response) {
 		if (refreshToken != null) {
 			oauthMemberRedisService.banRefreshToken(refreshToken);
 		}
+
+		expiredCookies(response);
+	}
+
+	private void expiredCookies(HttpServletResponse response) {
+		ResponseCookie expiredAccessTokenCookie = tokenFactory.createExpiredAccessTokenCookie(Token.empty());
+		CookieUtils.setCookie(response, expiredAccessTokenCookie);
+		ResponseCookie expiredRefreshTokenCookie = tokenFactory.createExpiredRefreshTokenCookie(Token.empty());
+		CookieUtils.setCookie(response, expiredRefreshTokenCookie);
 	}
 
 	@Transactional
diff --git a/src/main/java/co/fineants/api/global/security/factory/TokenFactory.java b/src/main/java/co/fineants/api/global/security/factory/TokenFactory.java
index c1cf0032..7d2adcb7 100644
--- a/src/main/java/co/fineants/api/global/security/factory/TokenFactory.java
+++ b/src/main/java/co/fineants/api/global/security/factory/TokenFactory.java
@@ -1,5 +1,7 @@
 package co.fineants.api.global.security.factory;
 
+import java.time.Duration;
+
 import org.springframework.http.ResponseCookie;
 import org.springframework.stereotype.Component;
 
@@ -33,4 +35,26 @@ public ResponseCookie createRefreshTokenCookie(Token token) {
 			.httpOnly(true)
 			.build();
 	}
+
+	public ResponseCookie createExpiredAccessTokenCookie(Token token) {
+		return token.createAccessTokenCookie()
+			.domain(provider.domain())
+			.sameSite("None")
+			.path("/")
+			.secure(true)
+			.httpOnly(true)
+			.maxAge(Duration.ZERO)
+			.build();
+	}
+
+	public ResponseCookie createExpiredRefreshTokenCookie(Token token) {
+		return token.createRefreshTokenCookie()
+			.domain(provider.domain())
+			.sameSite("None")
+			.path("/")
+			.secure(true)
+			.httpOnly(true)
+			.maxAge(Duration.ZERO)
+			.build();
+	}
 }
diff --git a/src/main/java/co/fineants/api/global/security/oauth/dto/Token.java b/src/main/java/co/fineants/api/global/security/oauth/dto/Token.java
index ced8a306..4667ac24 100644
--- a/src/main/java/co/fineants/api/global/security/oauth/dto/Token.java
+++ b/src/main/java/co/fineants/api/global/security/oauth/dto/Token.java
@@ -14,6 +14,10 @@ public class Token {
 	private final String accessToken;
 	private final String refreshToken;
 
+	public static Token empty() {
+		return new Token(null, null);
+	}
+
 	public static Token create(String accessToken, String refreshToken) {
 		return new Token(accessToken, refreshToken);
 	}