hotfix: 비즈니스 로직 흐름에 맞게 수정

비즈니스 로직 흐름에 맞게 수정
- 쿠키 값 확인 및 유효성 체크
- 쿠키 설정 및 자동 로그인
- 메인 페이지 리다이렉션

Author: Jihyun3478

src/controllers/qr.controller.ts

@@ -3,12 +3,36 @@ import logger from '@/configs/logger.config';
 import { QRLoginTokenService } from "@/services/qr.service";
 import { QRLoginTokenResponseDto } from "@/types/dto/responses/qrResponse.type";
 import { InvalidTokenError, TokenExpiredError } from '@/exception/token.exception';
+import { UserService } from '@/services/user.service';
+import { NotFoundError } from '@/exception';
+import { CookieOptions } from 'express';
 
 // TODO: randomUUID() 기반으로 길이 36
 type Token32 = string & { __lengthBrand: 32 };
 
 export class QRLoginController {
-  constructor(private qrService: QRLoginTokenService) {}
+  constructor(
+    private qrService: QRLoginTokenService,
+    private userService: UserService
+  ) {}
+
+  private cookieOption(): CookieOptions {
+    const isProd = process.env.NODE_ENV === 'production';
+
+    const baseOptions: CookieOptions = {
+      httpOnly: isProd,
+      secure: isProd,
+    };
+
+    if (isProd) {
+      baseOptions.sameSite = 'lax';
+      baseOptions.domain = "velog-dashboard.kro.kr";
+    } else {
+      baseOptions.domain = 'localhost';
+    }
+
+    return baseOptions;
+  }
 
   createToken: RequestHandler = async (
     req: Request,
@@ -21,7 +45,6 @@ export class QRLoginController {
       const userAgent = req.headers['user-agent'] || '';
 
       const token = await this.qrService.create(user.id, ip, userAgent);
-
       const typedToken = token as Token32;
 
       const response = new QRLoginTokenResponseDto(
@@ -32,28 +55,41 @@ export class QRLoginController {
       );
       res.status(200).json(response);
     } catch (error) {
-      logger.error('생성 실패:', error);
+      logger.error('QR 토큰 생성 실패:', error);
       next(error);
     }
   };
 
-  getToken: RequestHandler = async (req, res, next) => {
+  getToken: RequestHandler = async (req: Request, res: Response, next: NextFunction) => {
     try {
       const token = req.query.token as string;
-
       if (!token) {
         throw new InvalidTokenError('토큰이 필요합니다.');
       }
 
-      const found = await this.qrService.getByToken(token);
-
+      const found = await this.qrService.useToken(token);
       if (!found) {
         throw new TokenExpiredError();
       }
 
-      res.status(200).json({ success: true, message: '유효한 QR 토큰입니다.', token: found });
+      const user = await this.userService.findByVelogUUID(found.user.toString());
+      if (!user) throw new NotFoundError('유저를 찾을 수 없습니다.');
+
+      const { decryptedAccessToken, decryptedRefreshToken } = this.userService['decryptTokens'](
+        user.group_id,
+        user.access_token,
+        user.refresh_token
+      );
+
+      res.clearCookie('access_token', this.cookieOption());
+      res.clearCookie('refresh_token', this.cookieOption());
+
+      res.cookie('access_token', decryptedAccessToken, this.cookieOption());
+      res.cookie('refresh_token', decryptedRefreshToken, this.cookieOption());
+
+      res.redirect('/main');
     } catch (error) {
-      logger.error('QR 토큰 조회 실패', error);
+      logger.error('QR 토큰 로그인 처리 실패', error);
       next(error);
     }
   };

src/repositories/__test__/qr.repo.test.ts

@@ -59,4 +59,22 @@ describe('QRLoginTokenRepository', () => {
       await expect(repo.findQRLoginToken('token')).rejects.toThrow(DBError);
     });
   });
+
+  describe('markTokenUsed', () => {
+    it('토큰을 사용 처리해야 한다', async () => {
+      (mockPool.query as jest.Mock).mockResolvedValueOnce(undefined);
+
+      await expect(repo.markTokenUsed('token')).resolves.not.toThrow();
+      expect(mockPool.query).toHaveBeenCalledWith(
+        expect.stringContaining('UPDATE qr_login_tokens SET is_used = true'),
+        ['token']
+      );
+    });
+
+    it('토큰 사용 처리 중 오류 발생 시 DBError를 던져야 한다', async () => {
+      (mockPool.query as jest.Mock).mockRejectedValueOnce(new Error('fail'));
+
+      await expect(repo.markTokenUsed('token')).rejects.toThrow(DBError);
+    });
+  });
 });

src/repositories/qr.repository.ts

@@ -33,4 +33,16 @@ export class QRLoginTokenRepository {
             throw new DBError('QR 코드 토큰 조회 중 문제가 발생했습니다.');
         }
     }
+
+    async markTokenUsed(token: string): Promise<void> {
+        try {
+          const query = `
+            UPDATE qr_login_tokens SET is_used = true WHERE token = $1;
+          `;
+          await this.pool.query(query, [token]);
+        } catch (error) {
+          logger.error('QRLoginToken Repo mark as used Error : ', error);
+          throw new DBError('QR 코드 사용 처리 중 문제가 발생했습니다.');
+        }
+      }
 }

src/routes/qr.router.ts

@@ -5,12 +5,16 @@ import { authMiddleware } from '@/middlewares/auth.middleware';
 import { QRLoginTokenRepository } from '@/repositories/qr.repository';
 import { QRLoginTokenService } from '@/services/qr.service';
 import { QRLoginController } from '@/controllers/qr.controller';
+import { UserRepository } from '@/repositories/user.repository';
+import { UserService } from '@/services/user.service';
 
 const router: Router = express.Router();
 
 const qrRepository = new QRLoginTokenRepository(pool);
+const userRepository = new UserRepository(pool);
+const userService = new UserService(userRepository);
 const qrService = new QRLoginTokenService(qrRepository);
-const qrController = new QRLoginController(qrService);
+const qrController = new QRLoginController(qrService, userService);
 
 /**
  * @swagger
@@ -30,7 +34,7 @@ router.post('/qr-login', authMiddleware.login, qrController.createToken);
  * @swagger
  * /api/qr-login:
  *   get:
- *     summary: QR 로그인 토큰 조회
+ *     summary: QR 로그인 토큰 조회 및 자동 로그인 처리
  *     tags: [QRLogin]
  *     parameters:
  *       - in: query
@@ -40,10 +44,12 @@ router.post('/qr-login', authMiddleware.login, qrController.createToken);
  *           type: string
  *         description: 조회할 QR 토큰
  *     responses:
- *       200:
- *         description: 유효한 토큰
+ *       302:
+ *         description: 자동 로그인 완료 후 메인 페이지로 리디렉션
+ *       400:
+ *         description: 잘못된 토큰
  *       404:
- *         description: 토큰 없음 or 만료
+ *         description: 만료 또는 존재하지 않는 토큰
  */
 router.get('/qr-login', qrController.getToken);
 

src/services/__test__/qr.service.test.ts

@@ -10,7 +10,7 @@ describe('QRLoginTokenService', () => {
   let repo: jest.Mocked<QRLoginTokenRepository>;
 
   beforeEach(() => {
-    const repoInstance = new QRLoginTokenRepository({} as any)
+    const repoInstance = new QRLoginTokenRepository({} as any);
     repo = repoInstance as jest.Mocked<QRLoginTokenRepository>;
     service = new QRLoginTokenService(repo);
   });
@@ -33,51 +33,80 @@ describe('QRLoginTokenService', () => {
     });
 
     it('QR 토큰 생성 중 오류 발생 시 예외 발생', async () => {
-      const userId = 1;
-      const ip = '127.0.0.1';
-      const userAgent = 'Mozilla';
       repo.createQRLoginToken.mockRejectedValueOnce(new DBError('생성 실패'));
 
-      await expect(service.create(userId, ip, userAgent)).rejects.toThrow('생성 실패');
-      expect(repo.createQRLoginToken).toHaveBeenCalled();
+      await expect(service.create(1, 'ip', 'agent')).rejects.toThrow('생성 실패');
     });
   });
 
   describe('getByToken', () => {
-    const mockToken = 'sample-token';
-    const mockQRToken: QRLoginToken = {
-      token: mockToken,
-      user: 1,
-      created_at: new Date(),
-      expires_at: new Date(Date.now() + 1000 * 60 * 5),
-      is_used: false,
-      ip_address: '127.0.0.1',
-      user_agent: 'Chrome',
-    };
-
-    it('유효한 토큰 조회 시 QRLoginToken 반환', async () => {
-      repo.findQRLoginToken.mockResolvedValue(mockQRToken);
-
-      const result = await service.getByToken(mockToken);
-
-      expect(result).toEqual(mockQRToken);
-      expect(repo.findQRLoginToken).toHaveBeenCalledWith(mockToken);
+    it('유효한 토큰 조회 시 반환해야 한다', async () => {
+      const mockToken: QRLoginToken = {
+        token: 'token',
+        user: 1,
+        created_at: new Date(),
+        expires_at: new Date(),
+        is_used: false,
+        ip_address: '127.0.0.1',
+        user_agent: 'Chrome',
+      };
+      repo.findQRLoginToken.mockResolvedValue(mockToken);
+
+      const result = await service.getByToken('token');
+      expect(result).toEqual(mockToken);
     });
 
-    it('토큰이 없을 경우 null 반환', async () => {
+    it('토큰이 없으면 null 반환', async () => {
       repo.findQRLoginToken.mockResolvedValue(null);
-
-      const result = await service.getByToken(mockToken);
-
+      const result = await service.getByToken('token');
       expect(result).toBeNull();
-      expect(repo.findQRLoginToken).toHaveBeenCalledWith(mockToken);
     });
 
-    it('토큰 조회 중 오류 발생 시 예외 발생', async () => {
+    it('조회 중 오류 발생 시 예외 발생', async () => {
       repo.findQRLoginToken.mockRejectedValueOnce(new DBError('조회 실패'));
+      await expect(service.getByToken('token')).rejects.toThrow('조회 실패');
+    });
+  });
+
+  describe('useToken', () => {
+    it('유효한 토큰 사용 처리 후 반환', async () => {
+      const mockToken: QRLoginToken = {
+        token: 'token',
+        user: 1,
+        created_at: new Date(),
+        expires_at: new Date(),
+        is_used: false,
+        ip_address: '127.0.0.1',
+        user_agent: 'Chrome',
+      };
+      repo.findQRLoginToken.mockResolvedValue(mockToken);
+
+      const result = await service.useToken('token');
+
+      expect(result).toEqual(mockToken);
+      expect(repo.markTokenUsed).toHaveBeenCalledWith('token');
+    });
+
+    it('토큰이 존재하지 않으면 null 반환', async () => {
+      repo.findQRLoginToken.mockResolvedValue(null);
+      const result = await service.useToken('token');
+      expect(result).toBeNull();
+    });
 
-      await expect(service.getByToken(mockToken)).rejects.toThrow('조회 실패');
-      expect(repo.findQRLoginToken).toHaveBeenCalledWith(mockToken);
+    it('markTokenUsed 호출 시 예외 발생하면 전파', async () => {
+      const mockToken: QRLoginToken = {
+        token: 'token',
+        user: 1,
+        created_at: new Date(),
+        expires_at: new Date(),
+        is_used: false,
+        ip_address: '127.0.0.1',
+        user_agent: 'Chrome',
+      };
+      repo.findQRLoginToken.mockResolvedValue(mockToken);
+      repo.markTokenUsed.mockRejectedValueOnce(new DBError('사용 처리 실패'));
+
+      await expect(service.useToken('token')).rejects.toThrow('사용 처리 실패');
     });
   });
 });

src/services/qr.service.ts

@@ -14,4 +14,15 @@ export class QRLoginTokenService {
     async getByToken(token: string): Promise<QRLoginToken | null> {
         return await this.qrRepo.findQRLoginToken(token);
     }
+
+    async useToken(token: string): Promise<QRLoginToken | null> {
+        const qrToken = await this.qrRepo.findQRLoginToken(token);
+      
+        if (!qrToken) {
+          return null;
+        }
+      
+        await this.qrRepo.markTokenUsed(token);
+        return qrToken;
+      }
 }