Skip to content

fix: 크로스 오리진 API 인증 시 Bearer 토큰 사용 #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
junotb merged 1 commit into from
Feb 13, 2026
Merged

fix: 크로스 오리진 API 인증 시 Bearer 토큰 사용 #50

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 9 additions & 14 deletions web/src/lib/__tests__/api.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,14 @@
import api from '../api';

jest.mock('@/lib/auth-client', () => ({
authClient: {
getSession: jest.fn().mockResolvedValue({ data: null }),
},
}));

/**
* API Client 단위 테스트
* 쿠키 기반 인증으로 전환 후 Bearer Token 추출 로직이 제거되었는지 확인합니다.
* 프로덕션 크로스 오리진 환경에서 Bearer 토큰으로 인증합니다.
*/
describe('API Client', () => {
describe('Axios 설정', () => {
Expand All @@ -20,20 +26,9 @@ describe('API Client', () => {
});

describe('요청 인터셉터', () => {
it('should not have request interceptors that set Authorization header', () => {
// Bearer Token 추출 로직이 제거되었으므로
// 요청 인터셉터가 없거나 Authorization 헤더를 설정하지 않아야 함
it('should have request interceptor for Bearer token', () => {
const requestInterceptors = api.interceptors.request.handlers;

// 요청 인터셉터가 없거나, Authorization 헤더를 설정하지 않는지 확인
if (requestInterceptors.length > 0) {
// 인터셉터가 있다면 Authorization 헤더를 설정하지 않는지 확인
// 실제로는 인터셉터가 없어야 함 (Bearer Token 로직 제거됨)
expect(requestInterceptors.length).toBe(0);
} else {
// 인터셉터가 없는 것이 정상 (Bearer Token 로직 제거됨)
expect(requestInterceptors.length).toBe(0);
}
expect(requestInterceptors.length).toBeGreaterThan(0);
});
});

Expand Down
15 changes: 12 additions & 3 deletions web/src/lib/api.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import axios, { AxiosError } from "axios";
import type { ApiError, ApiErrorResponse } from "@/types/api";
import { API_URL } from "@/constants/api";
import { authClient } from "@/lib/auth-client";

// 하위 호환성을 위해 타입 re-export
export type { ApiError, ApiErrorResponse } from "@/types/api";
Expand All @@ -10,11 +11,19 @@ const api = axios.create({
headers: {
"Content-Type": "application/json",
},
withCredentials: true, // 쿠키 자동 전송 (Better-Auth 세션 쿠키 포함)
withCredentials: true,
});

// Bearer Token 추출 로직 제거
// 쿠키가 자동으로 전송되므로 추가 작업 불필요
// 프로덕션: Web/API 도메인이 달라 쿠키 미전송 → Bearer 토큰으로 인증
api.interceptors.request.use(async (config) => {
if (typeof window === "undefined") return config;

const { data: session } = await authClient.getSession();
if (session?.session?.token) {
config.headers.Authorization = `Bearer ${session.session.token}`;
}
return config;
});

api.interceptors.response.use(
(response) => response,
Expand Down