From e3500d7819f457c3ad1a2054849b102751ebe02b Mon Sep 17 00:00:00 2001
From: jjikky <kok5417@skuniv.ac.kr>
Date: Sat, 29 Jun 2024 18:10:08 +0900
Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20cookie=20secure=EC=84=A4?=
 =?UTF-8?q?=EC=A0=95=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/routes/user/user.controller.js | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/src/routes/user/user.controller.js b/src/routes/user/user.controller.js
index fec39f2..668d103 100755
--- a/src/routes/user/user.controller.js
+++ b/src/routes/user/user.controller.js
@@ -102,8 +102,18 @@ exports.localLogin = async (req, res, next) => {
             const refreshToken = generateRefreshToken(user);
 
             // production 환경에서는 secure 필요 혹은 LAX로 변경, 쿠키와 토큰 주기 변경
-            res.cookie('accessToken', accessToken, { httpOnly: false, maxAge: 10 * 60 * 1000, sameSite: 'None' });
-            res.cookie('refreshToken', refreshToken, { httpOnly: true, maxAge: 24 * 60 * 60 * 1000, sameSite: 'None' });
+            res.cookie('accessToken', accessToken, {
+                httpOnly: false,
+                maxAge: 10 * 60 * 1000,
+                sameSite: 'None',
+                secure: true,
+            });
+            res.cookie('refreshToken', refreshToken, {
+                httpOnly: true,
+                maxAge: 24 * 60 * 60 * 1000,
+                sameSite: 'None',
+                secure: true,
+            });
 
             return sendResponse.ok(res, {
                 message: SucesssMessage.LOGIN_SUCCESSS,
@@ -132,8 +142,18 @@ exports.kakaoLogin = async (req, res) => {
 
         const accessToken = generateAccessToken(user);
         const refreshToken = generateRefreshToken(user);
-        res.cookie('accessToken', accessToken, { httpOnly: false, maxAge: 10 * 60 * 1000, sameSite: 'None' });
-        res.cookie('refreshToken', refreshToken, { httpOnly: true, maxAge: 24 * 60 * 60 * 1000, sameSite: 'None' });
+        res.cookie('accessToken', accessToken, {
+            httpOnly: false,
+            maxAge: 10 * 60 * 1000,
+            sameSite: 'None',
+            secure: true,
+        });
+        res.cookie('refreshToken', refreshToken, {
+            httpOnly: true,
+            maxAge: 24 * 60 * 60 * 1000,
+            sameSite: 'None',
+            secure: true,
+        });
 
         sendResponse.ok(res, {
             message: SucesssMessage.LOGIN_SUCCESSS,