Skip to content

fix: auth 리디렉션 정책 단순화 및 로그인 후 메인 이동 통일 #476

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
manNomi merged 3 commits into from
Mar 14, 2026
Merged

fix: auth 리디렉션 정책 단순화 및 로그인 후 메인 이동 통일 #476

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cccda51
fix(web): simplify auth redirects and route login success to home
manNomi Mar 14, 2026
5fc96d4
fix(web): restore kakao signup redirect and protect community routes
manNomi Mar 14, 2026
9fc30e9
fix(web): rollback postAppleAuth to main behavior
manNomi Mar 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 5 additions & 8 deletions apps/web/src/apis/Auth/postAppleAuth.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,16 +19,13 @@ const usePostAppleAuth = () => {
// 기존 회원일 시 - Zustand persist가 자동으로 localStorage에 저장
// refreshToken은 서버에서 HTTP-only 쿠키로 자동 설정됨
useAuthStore.getState().setAccessToken(data.accessToken);
}

toast.success("로그인에 성공했습니다.");
toast.success("로그인에 성공했습니다.");

setTimeout(() => {
router.push("/");
}, 100);
} else {
// 새로운 회원일 시 - 회원가입 페이지로 이동
router.push(`/sign-up?token=${data.signUpToken}`);
}
setTimeout(() => {
router.push("/");
}, 100);
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Mar 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Restore signup redirect for unregistered Apple auth

When data.isRegistered is false, this success path still shows a login-success toast and redirects to /, which skips onboarding for first-time Apple users. The unregistered Apple response type only provides signUpToken (no accessToken) in apps/web/src/apis/Auth/api.ts, so these users cannot become authenticated on / and lose the only token needed to continue via /sign-up?token=....

Useful? React with 👍 / 👎.

},
onError: () => {
toast.error("애플 로그인 중 오류가 발생했습니다. 다시 시도해주세요.");
Expand Down
1 change: 0 additions & 1 deletion apps/web/src/apis/Auth/postKakaoAuth.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ const usePostKakaoAuth = () => {
setAccessToken(data.accessToken);

toast.success("로그인에 성공했습니다.");

setTimeout(() => {
router.push("/");
}, 100);
Expand Down
15 changes: 1 addition & 14 deletions apps/web/src/middleware.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ import type { NextRequest } from "next/server";
import { NextResponse } from "next/server";

const loginNeedPages = ["/mentor", "/my", "/community"]; // 로그인 필요페이지
const COMMUNITY_LOGIN_REASON = "community-members-only";

export function middleware(request: NextRequest) {
const url = request.nextUrl.clone();
Expand All @@ -12,13 +11,6 @@ export function middleware(request: NextRequest) {
// return NextResponse.next();
// }

// 서버 사이드 인증 체크가 활성화된 경우에만 미들웨어 적용
// (RefreshToken은 항상 HTTP-only 쿠키로 관리됨)
const isServerSideAuthEnabled = process.env.NEXT_PUBLIC_COOKIE_LOGIN_ENABLED === "true";
if (!isServerSideAuthEnabled) {
return NextResponse.next();
}

// HTTP-only 쿠키의 refreshToken 확인
const refreshToken = request.cookies.get("refreshToken")?.value;
Comment on lines 14 to 15
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Mar 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Honor cookie-login flag before enforcing route redirects

The middleware now always enforces refreshToken cookie checks, but this repo still defines NEXT_PUBLIC_COOKIE_LOGIN_ENABLED=false for development (apps/web/.env.development), which is the mode documented for localStorage-based debugging; in that configuration, protected routes like /mentor, /my, and /community will redirect to /login even after client-side login because no HTTP-only cookie is expected. Please keep the flag gate (or remove the false-mode config/docs in the same change) so development auth flow does not break.

Useful? React with 👍 / 👎.


Expand All @@ -28,13 +20,8 @@ export function middleware(request: NextRequest) {
});

if (needLogin && !refreshToken) {
const isCommunityRoute = url.pathname === "/community" || url.pathname.startsWith("/community/");
url.pathname = "/login";
if (isCommunityRoute) {
url.searchParams.set("reason", COMMUNITY_LOGIN_REASON);
} else {
url.searchParams.delete("reason");
}
url.searchParams.delete("reason");
return NextResponse.redirect(url);
}

Expand Down
Loading