From ed039b600fc79f25171cc54e9642199cd270c138 Mon Sep 17 00:00:00 2001
From: Jihun Kim <zh1229@naver.com>
Date: Fri, 5 Sep 2025 18:52:37 +0900
Subject: [PATCH] =?UTF-8?q?refactor:=20=ED=86=A0=ED=81=B0=20=EC=9E=AC?=
 =?UTF-8?q?=EB=B0=9C=EA=B8=89=20=EB=A1=9C=EC=A7=81=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../token/dto/NewAccessTokenResponse.java     | 15 +++++++++++++
 .../user/controller/UserController.java       | 14 ++++---------
 .../user/dto/UserUpdateRequest.java           |  3 ++-
 .../user/service/UserService.java             | 21 ++++++-------------
 4 files changed, 27 insertions(+), 26 deletions(-)
 create mode 100644 nowait-app-user-api/src/main/java/com/nowait/applicationuser/token/dto/NewAccessTokenResponse.java

diff --git a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/token/dto/NewAccessTokenResponse.java b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/token/dto/NewAccessTokenResponse.java
new file mode 100644
index 00000000..f42e7979
--- /dev/null
+++ b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/token/dto/NewAccessTokenResponse.java
@@ -0,0 +1,15 @@
+package com.nowait.applicationuser.token.dto;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import lombok.ToString;
+
+@RequiredArgsConstructor
+@Getter
+@ToString(exclude = {"accessToken"}) // 로깅 시 토큰 노출 방지
+public class NewAccessTokenResponse {
+    @JsonProperty("access_token")
+    private final String accessToken;
+}
diff --git a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/user/controller/UserController.java b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/user/controller/UserController.java
index dadb571e..b0179d21 100644
--- a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/user/controller/UserController.java
+++ b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/user/controller/UserController.java
@@ -2,7 +2,6 @@
 
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.CookieValue;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -10,10 +9,10 @@
 import org.springframework.web.bind.annotation.RestController;
 
 import com.nowait.applicationuser.token.dto.AuthenticationResponse;
+import com.nowait.applicationuser.token.dto.NewAccessTokenResponse;
 import com.nowait.applicationuser.user.dto.UserUpdateRequest;
 import com.nowait.applicationuser.user.service.UserService;
 import com.nowait.common.api.ApiUtils;
-import com.nowait.domainuserrdb.oauth.dto.CustomOAuth2User;
 
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
@@ -27,21 +26,16 @@ public class UserController {
 
 	@PutMapping("/optional-info")
 	public ResponseEntity<?> putOptional(
-		@CookieValue(value = "refreshToken", required = false) String refreshToken,
 		@Valid @RequestBody UserUpdateRequest req) {
 
-		if (refreshToken == null) {
-			return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("accessToken not found in cookies");
-		}
-
-		AuthenticationResponse authenticationResponse = userService.putOptional(refreshToken, req.phoneNumber(),
-			Boolean.TRUE.equals(req.consent()));
+		NewAccessTokenResponse newAccessTokenResponse = userService.putOptional(req.phoneNumber(),
+			Boolean.TRUE.equals(req.consent()), req.accessToken());
 
 		return ResponseEntity
 			.status(HttpStatus.OK)
 			.body(
 				ApiUtils.success(
-					authenticationResponse
+					newAccessTokenResponse
 				)
 			);
 	}
diff --git a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/user/dto/UserUpdateRequest.java b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/user/dto/UserUpdateRequest.java
index f9993f19..e5dd48fa 100644
--- a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/user/dto/UserUpdateRequest.java
+++ b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/user/dto/UserUpdateRequest.java
@@ -7,4 +7,5 @@ public record UserUpdateRequest(
 	@NotBlank
 	@Pattern(regexp = "^010-\\d{4}-\\d{4}$", message = "휴대폰 번호는 010-0000-0000 형식이어야 합니다.")
 	String phoneNumber,
-	boolean consent) { }
+	boolean consent,
+	String accessToken) { }
diff --git a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/user/service/UserService.java b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/user/service/UserService.java
index 9b202e09..38496b9f 100644
--- a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/user/service/UserService.java
+++ b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/user/service/UserService.java
@@ -2,14 +2,12 @@
 
 import java.time.LocalDateTime;
 
-import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
-import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
 import com.nowait.applicationuser.security.jwt.JwtUtil;
 import com.nowait.applicationuser.token.dto.AuthenticationResponse;
+import com.nowait.applicationuser.token.dto.NewAccessTokenResponse;
 import com.nowait.applicationuser.token.service.TokenService;
 import com.nowait.domaincorerdb.user.entity.User;
 import com.nowait.domaincorerdb.user.exception.UserNotFoundException;
@@ -26,10 +24,10 @@ public class UserService {
 	private final JwtUtil jwtUtil;
 
 	@Transactional
-	public AuthenticationResponse putOptional(String refreshToken, String phoneNumber, boolean consent) {
+	public NewAccessTokenResponse putOptional(String phoneNumber, boolean consent, String accessToken) {
 
-		Long userId = jwtUtil.getUserId(refreshToken);;
-		String role = jwtUtil.getRole(refreshToken);
+		Long userId = jwtUtil.getUserId(accessToken);;
+		String role = jwtUtil.getRole(accessToken);
 		AuthenticationResponse authenticationResponse;
 
 		User user = userRepository.findById(userId).orElseThrow(UserNotFoundException::new);
@@ -49,16 +47,9 @@ public AuthenticationResponse putOptional(String refreshToken, String phoneNumbe
 			Boolean.TRUE.equals(user.getIsMarketingAgree()),
 			60 * 60 * 1000L
 		);
-		String newRefreshToken = jwtUtil.createRefreshToken(
-			"refreshToken",
-			userId,
-			60 * 60 * 1000L
-		);
-
-		tokenService.updateRefreshToken(userId, refreshToken, newRefreshToken);
 
-		authenticationResponse = new AuthenticationResponse(newAccessToken, newRefreshToken);
+		NewAccessTokenResponse newAccessTokenResponse = new NewAccessTokenResponse(newAccessToken);
 
-		return authenticationResponse;
+		return newAccessTokenResponse;
 	}
 }