-
Notifications
You must be signed in to change notification settings - Fork 1
Feature: 페이지 접근 보호 시스템 구축 및 레이아웃 통일 #13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: develop
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| import type { ReactNode } from 'react'; | ||
| import { Navigate } from 'react-router-dom'; | ||
|
|
||
| interface PrivateRouteProps { | ||
| children: ReactNode; | ||
| } | ||
|
|
||
| export const PrivateRoute = ({ children }: PrivateRouteProps) => { | ||
| // TODO: 현재 백엔드에서 로그인 응답을 sessionId로 제공하고 있어 | ||
| // 임시로 session_id로 인증 체크 중. 추후 access_token으로 통일 예정 | ||
| const token = localStorage.getItem('session_id'); | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 인증 토큰의 키로 사용된 별도의 상수 파일(예: 개선 예시: // src/constants/auth.ts
export const AUTH_TOKEN_KEY = 'session_id';
// src/components/auth/PrivateRoute.tsx
import { AUTH_TOKEN_KEY } from '@/constants/auth';
// ...
const token = localStorage.getItem(AUTH_TOKEN_KEY); |
||
|
|
||
| return token ? <>{children}</> : <Navigate to="/login" replace />; | ||
| }; | ||
|
Comment on lines
+8
to
+14
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 프로젝트 스타일 가이드에 따르면 모든 코드에 자동화된 테스트가 필요합니다.1 아래와 같은 시나리오에 대한 테스트 케이스를 추가하는 것을 권장합니다.
Style Guide ReferencesFootnotes |
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -25,6 +25,7 @@ const queryClient = new QueryClient({ | |
| }); | ||
| import { OnboardingPage } from "./pages/onboarding/OnboardingPage.tsx"; | ||
| import { PostDetailPage } from "./pages/community/PostDetailPage.tsx"; | ||
| import { PrivateRoute } from "./components/auth/PrivateRoute.tsx"; | ||
|
|
||
| async function enableMocking() { | ||
| if (import.meta.env.DEV) { | ||
|
|
@@ -36,7 +37,11 @@ async function enableMocking() { | |
| const router = createBrowserRouter([ | ||
| { | ||
| path: "/", | ||
| element: <App />, | ||
| element: ( | ||
| <PrivateRoute> | ||
| <App /> | ||
| </PrivateRoute> | ||
| ), | ||
| children: [ | ||
| { | ||
| index: true, | ||
|
|
@@ -62,20 +67,20 @@ const router = createBrowserRouter([ | |
| path: "community", | ||
| element: <PostDetailPage />, | ||
| }, | ||
| { | ||
| path: "login", | ||
| element: <LoginPage />, | ||
| }, | ||
| { | ||
| path: "onboarding", | ||
| element: <OnboardingPage />, | ||
| }, | ||
| ], | ||
| }, | ||
| { | ||
| path: "/login", | ||
| element: <LoginPage />, | ||
| }, | ||
| { | ||
| path: "/callback", | ||
| element: <AuthCallbackPage />, | ||
| }, | ||
| { | ||
| path: "/onboarding", | ||
| element: <OnboardingPage />, | ||
| }, | ||
|
Comment on lines
+72
to
+83
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
| ]); | ||
|
|
||
| enableMocking().then(() => { | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
보안 상
localStorage에 세션 ID와 같은 민감한 데이터를 저장하는 것은 XSS(Cross-Site Scripting) 공격에 취약점을 노출할 수 있습니다.localStorage는 JavaScript를 통해 쉽게 접근할 수 있어, 악성 스크립트가 주입될 경우 토큰이 탈취될 위험이 있습니다.권장 사항:
httpOnly속성을 적용한 쿠키를 사용하여 토큰을 관리하는 것을 강력히 권장합니다.httpOnly쿠키는 JavaScript로 접근할 수 없기 때문에 XSS 공격으로부터 토큰을 효과적으로 보호할 수 있습니다.