fix: 로그인 redirect 파라미터 의존 로직 제거 (#444)

manNomi · manNomi · commit 466cdf2f1772 · 2026-02-22T17:39:22.000+09:00
diff --git a/apps/web/src/apis/Auth/postAppleAuth.ts b/apps/web/src/apis/Auth/postAppleAuth.ts
@@ -1,18 +1,16 @@
 import { useMutation } from "@tanstack/react-query";
 
 import type { AxiosError } from "axios";
-import { useRouter, useSearchParams } from "next/navigation";
+import { useRouter } from "next/navigation";
 import useAuthStore from "@/lib/zustand/useAuthStore";
 import { toast } from "@/lib/zustand/useToastStore";
-import { validateSafeRedirect } from "@/utils/authUtils";
 import { type AppleAuthRequest, type AppleAuthResponse, authApi } from "./api";
 
 /**
  * @description 애플 로그인을 위한 useMutation 커스텀 훅
  */
 const usePostAppleAuth = () => {
   const router = useRouter();
-  const searchParams = useSearchParams();
 
   return useMutation<AppleAuthResponse, AxiosError, AppleAuthRequest>({
     mutationFn: (data) => authApi.postAppleAuth(data),
@@ -22,14 +20,10 @@ const usePostAppleAuth = () => {
         // refreshToken은 서버에서 HTTP-only 쿠키로 자동 설정됨
         useAuthStore.getState().setAccessToken(data.accessToken);
 
-        // 안전한 리다이렉트 처리 - 오픈 리다이렉트 방지
-        const redirectParam = searchParams.get("redirect");
-        const safeRedirect = validateSafeRedirect(redirectParam);
-
         toast.success("로그인에 성공했습니다.");
 
         setTimeout(() => {
-          router.push(safeRedirect);
+          router.push("/");
         }, 100);
       } else {
         // 새로운 회원일 시 - 회원가입 페이지로 이동
diff --git a/apps/web/src/apis/Auth/postEmailLogin.ts b/apps/web/src/apis/Auth/postEmailLogin.ts
@@ -1,18 +1,16 @@
 import { useMutation } from "@tanstack/react-query";
 
 import type { AxiosError } from "axios";
-import { useRouter, useSearchParams } from "next/navigation";
+import { useRouter } from "next/navigation";
 import useAuthStore from "@/lib/zustand/useAuthStore";
 import { toast } from "@/lib/zustand/useToastStore";
-import { validateSafeRedirect } from "@/utils/authUtils";
 import { authApi, type EmailLoginRequest, type EmailLoginResponse } from "./api";
 
 /**
  * @description 이메일 로그인을 위한 useMutation 커스텀 훅
  */
 const usePostEmailAuth = () => {
   const { setAccessToken } = useAuthStore();
-  const searchParams = useSearchParams();
   const router = useRouter();
 
   return useMutation<EmailLoginResponse, AxiosError, EmailLoginRequest>({
@@ -24,16 +22,12 @@ const usePostEmailAuth = () => {
       // refreshToken은 서버에서 HTTP-only 쿠키로 자동 설정됨
       setAccessToken(accessToken);
 
-      // 안전한 리다이렉트 처리 - 오픈 리다이렉트 방지
-      const redirectParam = searchParams.get("redirect");
-      const safeRedirect = validateSafeRedirect(redirectParam);
-
       toast.success("로그인에 성공했습니다.");
 
       // Zustand persist middleware가 localStorage에 저장할 시간을 보장
       // 토큰 저장 후 리다이렉트하여 타이밍 이슈 방지
       setTimeout(() => {
-        router.push(safeRedirect);
+        router.push("/");
       }, 100);
     },
   });
diff --git a/apps/web/src/apis/Auth/postKakaoAuth.ts b/apps/web/src/apis/Auth/postKakaoAuth.ts
@@ -1,10 +1,9 @@
 import { useMutation } from "@tanstack/react-query";
 
 import type { AxiosError } from "axios";
-import { useRouter, useSearchParams } from "next/navigation";
+import { useRouter } from "next/navigation";
 import useAuthStore from "@/lib/zustand/useAuthStore";
 import { toast } from "@/lib/zustand/useToastStore";
-import { validateSafeRedirect } from "@/utils/authUtils";
 import { authApi, type KakaoAuthRequest, type KakaoAuthResponse } from "./api";
 
 /**
@@ -13,7 +12,6 @@ import { authApi, type KakaoAuthRequest, type KakaoAuthResponse } from "./api";
 const usePostKakaoAuth = () => {
   const { setAccessToken } = useAuthStore();
   const router = useRouter();
-  const searchParams = useSearchParams();
 
   return useMutation<KakaoAuthResponse, AxiosError, KakaoAuthRequest>({
     mutationFn: (data) => authApi.postKakaoAuth(data),
@@ -23,14 +21,10 @@ const usePostKakaoAuth = () => {
         // refreshToken은 서버에서 HTTP-only 쿠키로 자동 설정됨
         setAccessToken(data.accessToken);
 
-        // 안전한 리다이렉트 처리 - 오픈 리다이렉트 방지
-        const redirectParam = searchParams.get("redirect");
-        const safeRedirect = validateSafeRedirect(redirectParam);
-
         toast.success("로그인에 성공했습니다.");
 
         setTimeout(() => {
-          router.push(safeRedirect);
+          router.push("/");
         }, 100);
       } else {
         // 새로운 회원일 시 - 회원가입 페이지로 이동
diff --git a/apps/web/src/app/login/LoginContent.tsx b/apps/web/src/app/login/LoginContent.tsx
@@ -2,12 +2,10 @@
 
 import { zodResolver } from "@hookform/resolvers/zod";
 import Link from "next/link";
-import { useRouter, useSearchParams } from "next/navigation";
-import { useEffect } from "react";
+import { useRouter } from "next/navigation";
 import { useForm } from "react-hook-form";
 import { z } from "zod";
 import { usePostEmailAuth } from "@/apis/Auth";
-import { toast } from "@/lib/zustand/useToastStore";
 import { IconSolidConnectionFullBlackLogo } from "@/public/svgs";
 import { IconAppleLogo, IconEmailIcon, IconKakaoLogo } from "@/public/svgs/auth";
 import { appleLogin, kakaoLogin } from "@/utils/authUtils";
@@ -23,7 +21,6 @@ type LoginFormData = z.infer<typeof loginSchema>;
 
 const LoginContent = () => {
   const router = useRouter();
-  const searchParams = useSearchParams();
 
   const { mutate: postEmailAuth, isPending } = usePostEmailAuth();
   const { showPasswordField, handleEmailChange } = useInputHandler();
@@ -40,14 +37,6 @@ const LoginContent = () => {
     },
   });
 
-  // redirect 파라미터가 있으면 로그인 필요 토스트 표시
-  useEffect(() => {
-    const redirect = searchParams.get("redirect");
-    if (redirect) {
-      toast.info("로그인이 필요합니다.");
-    }
-  }, [searchParams]);
-
   const onSubmit = async (data: LoginFormData) => {
     postEmailAuth(data, {});
   };
diff --git a/apps/web/src/app/mentor/_ui/MentorClient/index.tsx b/apps/web/src/app/mentor/_ui/MentorClient/index.tsx
@@ -42,7 +42,7 @@ const MentorClient = () => {
       } catch {
         // 재발급 실패 시 로그인 페이지로 리다이렉트
         setRefreshStatus("failed");
-        router.push("/login?redirect=/mentor");
+        router.push("/login");
       } finally {
         setIsRefreshing(false);
       }
diff --git a/apps/web/src/middleware.ts b/apps/web/src/middleware.ts
@@ -32,9 +32,6 @@ export function middleware(request: NextRequest) {
 
   if (needLogin && !refreshToken) {
     url.pathname = "/login";
-    // 전체 URL(pathname + search) 보존하여 리다이렉트 파라미터에 설정
-    const redirectUrl = request.nextUrl.pathname + request.nextUrl.search;
-    url.searchParams.set("redirect", redirectUrl);
     return NextResponse.redirect(url);
   }
 
diff --git a/apps/web/src/utils/authUtils.ts b/apps/web/src/utils/authUtils.ts
@@ -1,20 +1,6 @@
 import { toast } from "@/lib/zustand/useToastStore";
 import type { appleOAuth2CodeResponse } from "@/types/auth";
 
-// 오픈 리다이렉트 공격 방지를 위한 redirect 파라미터 검증
-// 단일 "/"로 시작하고 "//"나 "://"를 포함하지 않는 내부 경로만 허용
-export const validateSafeRedirect = (redirectParam: string | null): string => {
-  if (!redirectParam || typeof redirectParam !== "string") {
-    return "/";
-  }
-
-  if (redirectParam.startsWith("/") && !redirectParam.startsWith("//") && !redirectParam.includes("://")) {
-    return redirectParam;
-  }
-
-  return "/";
-};
-
 export const authProviderName = (provider: "KAKAO" | "APPLE" | "EMAIL"): string => {
   if (provider === "KAKAO") {
     return "카카오";
@@ -29,20 +15,8 @@ export const authProviderName = (provider: "KAKAO" | "APPLE" | "EMAIL"): string
 
 export const kakaoLogin = () => {
   if (window.Kakao?.Auth) {
-    // 현재 URL에서 redirect 파라미터 추출 및 검증
-    const urlParams = new URLSearchParams(window.location.search);
-    const redirectParam = urlParams.get("redirect");
-    const safeRedirect = validateSafeRedirect(redirectParam);
-
-    // 검증된 redirect 파라미터를 callback URL에 전달
-    let redirectUri = `${process.env.NEXT_PUBLIC_WEB_URL}/login/kakao/callback`;
-    // 기본값 "/"가 아닌 경우에만 redirect 파라미터 추가 (기본값이면 생략 가능)
-    if (safeRedirect !== "/") {
-      redirectUri += `?redirect=${encodeURIComponent(safeRedirect)}`;
-    }
-
     window.Kakao.Auth.authorize({
-      redirectUri,
+      redirectUri: `${process.env.NEXT_PUBLIC_WEB_URL}/login/kakao/callback`,
     });
   } else {
     toast.error("Kakao SDK를 불러오는 중입니다. 잠시 후 다시 시도해주세요.");
@@ -55,34 +29,17 @@ export const appleLogin = async () => {
     return;
   }
 
-  // 현재 URL에서 redirect 파라미터 추출 및 검증
-  const urlParams = new URLSearchParams(window.location.search);
-  const redirectParam = urlParams.get("redirect");
-  const safeRedirect = validateSafeRedirect(redirectParam);
-
-  // 검증된 redirect 파라미터를 callback URL에 전달
-  let redirectURI = `${process.env.NEXT_PUBLIC_WEB_URL}/login/apple/callback`;
-  // 기본값 "/"가 아닌 경우에만 redirect 파라미터 추가 (기본값이면 생략 가능)
-  if (safeRedirect !== "/") {
-    redirectURI += `?redirect=${encodeURIComponent(safeRedirect)}`;
-  }
-
   window.AppleID.auth.init({
     clientId: process.env.NEXT_PUBLIC_APPLE_CLIENT_ID,
     scope: process.env.NEXT_PUBLIC_APPLE_SCOPE,
-    redirectURI,
+    redirectURI: `${process.env.NEXT_PUBLIC_WEB_URL}/login/apple/callback`,
     usePopup: true,
   });
 
   try {
     const res = (await window.AppleID.auth.signIn()) as appleOAuth2CodeResponse;
     if (res.authorization) {
-      // 검증된 redirect 파라미터를 callback URL에 전달
-      let callbackUrl = `/login/apple/callback?code=${encodeURIComponent(res.authorization.code)}`;
-      if (safeRedirect !== "/") {
-        callbackUrl += `&redirect=${encodeURIComponent(safeRedirect)}`;
-      }
-      window.location.href = callbackUrl;
+      window.location.href = `/login/apple/callback?code=${encodeURIComponent(res.authorization.code)}`;
     }
   } catch (error) {
     // Log error for developers

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ const MentorClient = () => {`
`42`	`42`	`} catch {`
`43`	`43`	`// 재발급 실패 시 로그인 페이지로 리다이렉트`
`44`	`44`	`setRefreshStatus("failed");`
`45`		`- router.push("/login?redirect=/mentor");`
	`45`	`+ router.push("/login");`
`46`	`46`	`} finally {`
`47`	`47`	`setIsRefreshing(false);`
`48`	`48`	`}`
Original file line number	Diff line number	Diff line change
`@@ -32,9 +32,6 @@ export function middleware(request: NextRequest) {`
`32`	`32`
`33`	`33`	`if (needLogin && !refreshToken) {`
`34`	`34`	`url.pathname = "/login";`
`35`		`- // 전체 URL(pathname + search) 보존하여 리다이렉트 파라미터에 설정`
`36`		`- const redirectUrl = request.nextUrl.pathname + request.nextUrl.search;`
`37`		`- url.searchParams.set("redirect", redirectUrl);`
`38`	`35`	`return NextResponse.redirect(url);`
`39`	`36`	`}`
`40`	`37`