fix: accessToken 인증을 쿠키 기반 조회로 변경

[sudhdkso]

#️⃣연관된 이슈

X

🔀반영 브랜치

fix/login -> develop

🔧변경 사항

accessToken 인증 방식을 쿠키 기반 조회로 변경했습니다.

• JWT 인증 시 Authorization 헤더보다 accessToken 쿠키를 우선 조회하도록 수정했습니다.
• 전환 과정의 호환성을 위해 기존 헤더 기반 조회는 fallback으로 유지했습니다.
• JWT 설정에 accessToken 쿠키 이름 설정을 추가했습니다.
• JwtUtil 테스트를 추가해 쿠키 우선 조회와 헤더 fallback 동작을 검증했습니다.
• 정산 문서에서 인증 방식을 쿠키 기준으로 수정했습니다.

💬리뷰 요구사항(선택)

리뷰어가 특별히 봐주었으면 하는 부분이 있다면 작성해주세요
ex) 메서드 XXX의 이름을 더 잘 짓고 싶은데 혹시 좋은 명칭이 있을까요

Summary by CodeRabbit

릴리스 노트

• 새로운 기능

  • 인증 토큰을 쿠키 기반으로 전달할 수 있는 기능 추가

• 문서

  • 모임 생성 시 인증 방식 표현 명확화 (인증 쿠키 사용 명시)

• 테스트

  • 토큰 검증 로직에 대한 테스트 케이스 추가

[coderabbitai]

Warning

Rate limit exceeded

@sudhdkso has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 52 minutes and 4 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 52 minutes and 4 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 7e65a5ec-b6d5-469c-9ccf-085ea98e15d9

📥 Commits

Reviewing files that changed from the base of the PR and between 0a6977a and d9993ed.

📒 Files selected for processing (2)

• src/main/java/com/dnd/moddo/auth/infrastructure/security/JwtUtil.java
• src/test/java/com/dnd/moddo/domain/auth/service/JwtUtilTest.java

Walkthrough

쿠키 기반 토큰 해석 기능을 추가했습니다. JwtProperties에 accessCookieName 필드를 추가하고, JwtUtil의 resolveToken 메서드를 업데이트하여 HTTP 요청에서 쿠키를 우선적으로 확인한 후 헤더에서 토큰을 가져오도록 변경했습니다.

Changes

Cohort / File(s)	Summary
문서 및 설정 src/docs/asciidoc/settlement.adoc, src/main/resources/config, src/test/resources/application.yml	문서에서 인증 토큰 표현을 "인증 쿠키(accessToken)"로 명확히 변경, 새 JWT 설정 access-cookie-name 추가, 서브모듈 커밋 해시 업데이트
JWT 인증 기반 src/main/java/com/dnd/moddo/auth/infrastructure/security/JwtProperties.java, src/main/java/com/dnd/moddo/auth/infrastructure/security/JwtUtil.java	JwtProperties에 accessCookieName 필드 추가 및 생성자 시그니처 변경, JwtUtil에서 HTTP 요청 쿠키를 우선적으로 확인하는 로직 추가
테스트 src/test/java/com/dnd/moddo/domain/auth/service/JwtUtilTest.java	쿠키와 헤더에서의 토큰 해석 동작을 검증하는 JUnit 5 테스트 클래스 추가 (2개 테스트 케이스)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• choyeseol

Poem

🐰 쿠키 구름에 토큰을 숨겨두고,
헤더 길을 따라 찾아나가네
먹고 싶은 당신의 인증을 위해
두 가지 경로를 마련했으니,
어느 길을 택하든 환영입니다 🍪✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	풀 리퀘스트 제목이 변경 내용의 핵심을 정확하게 반영하고 있습니다. accessToken 인증을 쿠키 기반으로 변경한다는 주요 변경 사항을 명확하고 간결하게 설명합니다.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/login

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

📝 테스트 커버리지 리포트입니다!

There is no coverage information present for the Files changed

Total Project Coverage	70.33%	❌

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/test/java/com/dnd/moddo/domain/auth/service/JwtUtilTest.java (1)

13-52: 테스트 커버리지 보강 제안 (선택 사항)

현재 2개 케이스로 핵심 우선순위 동작은 검증되지만, 다음 엣지 케이스를 추가하면 회귀 방지에 도움이 됩니다.

• 쿠키와 헤더가 모두 없을 때 null 반환
• accessToken 쿠키 값이 빈 문자열일 때의 동작(위 JwtUtil 코멘트의 정책 확정 후)
• 다른 이름의 쿠키만 존재할 때 헤더로 fallback되는지
• 헤더가 Bearer prefix 없이 전달되었을 때 null 반환

또한 패키지 경로(com.dnd.moddo.domain.auth.service)와 테스트 대상 클래스의 실제 패키지(com.dnd.moddo.auth.infrastructure.security)가 일치하지 않는데, 프로젝트의 다른 테스트 클래스들과 위치 규칙이 맞는지 확인해 주세요.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/test/java/com/dnd/moddo/domain/auth/service/JwtUtilTest.java` around
lines 13 - 52, Add edge-case unit tests to JwtUtilTest targeting
JwtUtil.resolveToken: add tests for (1) request with neither cookie nor
Authorization header returns null, (2) accessToken cookie present but empty
string behavior (assert null or defined policy), (3) only a differently-named
cookie exists and Authorization header is used as fallback, and (4)
Authorization header without the "Bearer " prefix returns null; also ensure the
test class package matches the JwtUtil implementation package
(com.dnd.moddo.auth.infrastructure.security) or move the test to the canonical
test package to match project conventions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/main/java/com/dnd/moddo/auth/infrastructure/security/JwtUtil.java`:
- Around line 22-45: resolveTokenFromCookie currently returns cookie values even
when they are empty or whitespace, causing resolveToken to treat empty strings
as valid tokens; update resolveTokenFromCookie (used by resolveToken and
referencing jwtProperties.getAccessCookieName) to trim the cookie value and
return null when the value is null, empty, or only whitespace so that
resolveToken falls back to header parsing (i.e., check StringUtils/trim and
isEmpty or use value.trim().isEmpty() and return null for such cases).

---

Nitpick comments:
In `@src/test/java/com/dnd/moddo/domain/auth/service/JwtUtilTest.java`:
- Around line 13-52: Add edge-case unit tests to JwtUtilTest targeting
JwtUtil.resolveToken: add tests for (1) request with neither cookie nor
Authorization header returns null, (2) accessToken cookie present but empty
string behavior (assert null or defined policy), (3) only a differently-named
cookie exists and Authorization header is used as fallback, and (4)
Authorization header without the "Bearer " prefix returns null; also ensure the
test class package matches the JwtUtil implementation package
(com.dnd.moddo.auth.infrastructure.security) or move the test to the canonical
test package to match project conventions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: f8045b20-c852-48e1-821c-b6f96591e049

📥 Commits

Reviewing files that changed from the base of the PR and between 9885d32 and 0a6977a.

📒 Files selected for processing (6)

• src/docs/asciidoc/settlement.adoc
• src/main/java/com/dnd/moddo/auth/infrastructure/security/JwtProperties.java
• src/main/java/com/dnd/moddo/auth/infrastructure/security/JwtUtil.java
• src/main/resources/config
• src/test/java/com/dnd/moddo/domain/auth/service/JwtUtilTest.java
• src/test/resources/application.yml

[github-actions]

📝 테스트 커버리지 리포트입니다!

There is no coverage information present for the Files changed

Total Project Coverage	70.43%	❌