fix(admin): 인증 라이프사이클 및 사이드바 동작 안정화 (#501)

Author: manNomi

apps/admin/src/components/layout/AdminLayout.tsx

@@ -1,8 +1,25 @@
+import { useNavigate } from "@tanstack/react-router";
+import { LogOut } from "lucide-react";
+import { toast } from "sonner";
+import { clearSession } from "@/lib/auth/session";
+import { type ActiveAdminMenu, AdminSidebar } from "./AdminSidebar";
+
 interface AdminLayoutProps {
 	children: React.ReactNode;
+	activeMenu: ActiveAdminMenu;
+	title: string;
+	description?: string;
 }
 
-export function AdminLayout({ children }: AdminLayoutProps) {
+export function AdminLayout({ children, activeMenu, title, description }: AdminLayoutProps) {
+	const navigate = useNavigate();
+
+	const handleLogout = () => {
+		clearSession();
+		toast.success("로그아웃되었습니다.");
+		void navigate({ to: "/auth/login" });
+	};
+
 	return (
 		<div className="min-h-screen bg-[radial-gradient(circle_at_top,_#eef2ff_0%,_#fafafa_48%,_#f5f5f5_100%)] text-k-800">
 			<div className="mx-auto flex min-h-screen w-full max-w-[1440px] flex-col px-3 py-4 sm:px-4 sm:py-6 lg:px-8">
@@ -16,9 +33,29 @@ export function AdminLayout({ children }: AdminLayoutProps) {
 							<h1 className="typo-sb-7 text-k-900">Admin</h1>
 						</div>
 					</div>
-					<p className="hidden rounded-full bg-bg-50 px-3 py-1 typo-medium-4 text-k-600 sm:block">운영 콘솔</p>
+					<div className="flex items-center gap-2">
+						<p className="hidden rounded-full bg-bg-50 px-3 py-1 typo-medium-4 text-k-600 sm:block">운영 콘솔</p>
+						<button
+							type="button"
+							onClick={handleLogout}
+							className="inline-flex items-center gap-1 rounded-md border border-k-200 px-3 py-1.5 text-k-700 typo-medium-4 hover:bg-k-50"
+						>
+							<LogOut className="h-4 w-4" />
+							로그아웃
+						</button>
+					</div>
 				</header>
-				<main className="flex-1">{children}</main>
+
+				<div className="flex min-h-[calc(100vh-96px)] overflow-hidden rounded-[24px] border border-k-100 bg-k-0 shadow-sdw-a">
+					<AdminSidebar activeMenu={activeMenu} />
+					<section className="flex-1 bg-bg-50 p-4 sm:p-6 lg:p-7">
+						<div className="h-full rounded-2xl border border-k-100 bg-k-0 p-4 shadow-[0_8px_24px_-22px_rgba(26,31,39,0.45)] sm:p-6">
+							<h1 className="typo-bold-1 text-k-900">{title}</h1>
+							{description ? <p className="mt-1 typo-regular-4 text-k-500">{description}</p> : null}
+							{children}
+						</div>
+					</section>
+				</div>
 			</div>
 		</div>
 	);

apps/admin/src/components/layout/AdminSidebar.tsx

@@ -1,19 +1,19 @@
-import { Building2, FileText, FlaskConical, MessageSquare, UserCircle2 } from "lucide-react";
+import { Link } from "@tanstack/react-router";
+import { FileText, FlaskConical, MessageSquare } from "lucide-react";
 import { cn } from "@/lib/utils";
 
-interface AdminSidebarProps {
-	activeMenu: "scores" | "bruno" | "chatSocket";
-}
+export type ActiveAdminMenu = "scores" | "bruno" | "chatSocket";
 
 const sideMenus = [
-	{ key: "university", label: "대학 관리", icon: Building2 },
-	{ key: "mentor", label: "멘토 관리", icon: UserCircle2 },
-	{ key: "user", label: "유저 관리", icon: UserCircle2 },
 	{ key: "scores", label: "성적 관리", icon: FileText, to: "/scores" as const },
 	{ key: "bruno", label: "Bruno API", icon: FlaskConical, to: "/bruno" as const },
 	{ key: "chatSocket", label: "채팅 소켓", icon: MessageSquare, to: "/chat-socket" as const },
 ] as const;
 
+interface AdminSidebarProps {
+	activeMenu: ActiveAdminMenu;
+}
+
 export function AdminSidebar({ activeMenu }: AdminSidebarProps) {
 	return (
 		<aside className="flex w-[212px] flex-col border-r border-k-100 bg-bg-100 px-5 py-7">
@@ -35,20 +35,11 @@ export function AdminSidebar({ activeMenu }: AdminSidebarProps) {
 						isActive ? "bg-primary-100 text-primary" : "text-k-400 hover:bg-k-0 hover:text-k-700",
 					);
 
-					if ("to" in menu) {
-						return (
-							<a key={menu.label} href={menu.to} className={menuClassName}>
-								<menu.icon className="h-4 w-4" />
-								{menu.label}
-							</a>
-						);
-					}
-
 					return (
-						<button key={menu.label} type="button" className={menuClassName} disabled>
+						<Link key={menu.label} to={menu.to} preload="intent" className={menuClassName}>
 							<menu.icon className="h-4 w-4" />
 							{menu.label}
-						</button>
+						</Link>
 					);
 				})}
 			</nav>

apps/admin/src/lib/api/auth.ts

@@ -1,15 +1,19 @@
-import type { AxiosResponse } from "axios";
-import { publicAxiosInstance } from "@/lib/api/client";
+import axios, { type AxiosResponse } from "axios";
 import type { AdminSignInResponse, ReissueAccessTokenResponse } from "@/types/auth";
 
+const API_SERVER_URL = import.meta.env.VITE_API_SERVER_URL?.trim();
+
+if (!API_SERVER_URL) {
+	throw new Error("[admin] VITE_API_SERVER_URL is required. Configure it in your environment.");
+}
+
+const authAxiosInstance = axios.create({
+	baseURL: API_SERVER_URL,
+	withCredentials: true,
+});
+
 export const adminSignInApi = (email: string, password: string): Promise<AxiosResponse<AdminSignInResponse>> =>
-	publicAxiosInstance.post("/auth/email/sign-in", { email, password });
-
-export const reissueAccessTokenApi = (refreshToken: string): Promise<AxiosResponse<ReissueAccessTokenResponse>> =>
-	publicAxiosInstance.post(
-		"/admin/auth/reissue",
-		{},
-		{
-			headers: { Authorization: `Bearer ${refreshToken}` },
-		},
-	);
+	authAxiosInstance.post("/auth/email/sign-in", { email, password });
+
+export const reissueAccessTokenApi = (): Promise<AxiosResponse<ReissueAccessTokenResponse>> =>
+	authAxiosInstance.post("/auth/reissue");

apps/admin/src/lib/api/client.ts

@@ -1,13 +1,5 @@
-import axios, { type AxiosInstance } from "axios";
-import { reissueAccessTokenApi } from "@/lib/api/auth";
-import { isTokenExpired } from "@/lib/utils/jwtUtils";
-import {
-	loadAccessToken,
-	loadRefreshToken,
-	removeAccessToken,
-	removeRefreshToken,
-	saveAccessToken,
-} from "@/lib/utils/localStorage";
+import axios, { type AxiosInstance, type InternalAxiosRequestConfig } from "axios";
+import { clearSession, ensureSessionToken, reissueAccessTokenIfPossible } from "@/lib/auth/session";
 
 const convertToBearer = (token: string) => `Bearer ${token}`;
 
@@ -22,34 +14,24 @@ export const axiosInstance: AxiosInstance = axios.create({
 	withCredentials: true,
 });
 
+const redirectToLogin = () => {
+	if (typeof window !== "undefined" && window.location.pathname !== "/auth/login") {
+		window.location.replace("/auth/login");
+	}
+};
+
 axiosInstance.interceptors.request.use(
 	async (config) => {
 		const newConfig = { ...config };
-		let accessToken: string | null = loadAccessToken();
-
-		if (accessToken === null || isTokenExpired(accessToken)) {
-			const refreshToken = loadRefreshToken();
-			if (refreshToken === null || isTokenExpired(refreshToken)) {
-				removeAccessToken();
-				removeRefreshToken();
-				return config;
-			}
+		const accessToken = await ensureSessionToken();
 
-			await reissueAccessTokenApi(refreshToken)
-				.then((res) => {
-					accessToken = res.data.accessToken;
-					saveAccessToken(accessToken);
-				})
-				.catch((err) => {
-					removeAccessToken();
-					removeRefreshToken();
-					console.error("인증 토큰 갱신중 오류가 발생했습니다", err);
-				});
+		if (!accessToken) {
+			clearSession();
+			redirectToLogin();
+			return Promise.reject(new Error("로그인이 필요합니다."));
 		}
 
-		if (accessToken !== null) {
-			newConfig.headers.Authorization = convertToBearer(accessToken);
-		}
+		newConfig.headers.Authorization = convertToBearer(accessToken);
 		return newConfig;
 	},
 	(error) => Promise.reject(error),
@@ -58,37 +40,25 @@ axiosInstance.interceptors.request.use(
 axiosInstance.interceptors.response.use(
 	(response) => response,
 	async (error) => {
-		const newError = { ...error };
-		if (error.response?.status === 401 || error.response?.status === 403) {
-			const refreshToken = loadRefreshToken();
-
-			if (refreshToken === null || isTokenExpired(refreshToken)) {
-				removeAccessToken();
-				removeRefreshToken();
-				throw newError;
-			}
-
-			try {
-				const newAccessToken = await reissueAccessTokenApi(refreshToken).then((res) => res.data.accessToken);
-				saveAccessToken(newAccessToken);
+		const status = error.response?.status;
+		const originalRequest = error.config as (InternalAxiosRequestConfig & { _retry?: boolean }) | undefined;
 
-				if (error?.config.headers === undefined) {
-					newError.config.headers = {};
-				}
-				newError.config.headers.Authorization = convertToBearer(newAccessToken);
+		if ((status === 401 || status === 403) && originalRequest && !originalRequest._retry) {
+			originalRequest._retry = true;
 
-				return await axios.request(newError.config);
-			} catch (_err) {
-				removeAccessToken();
-				removeRefreshToken();
-				throw Error("로그인이 필요합니다");
+			const reissuedAccessToken = await reissueAccessTokenIfPossible();
+			if (reissuedAccessToken) {
+				originalRequest.headers = originalRequest.headers ?? {};
+				originalRequest.headers.Authorization = convertToBearer(reissuedAccessToken);
+				return axiosInstance(originalRequest);
 			}
-		} else {
-			throw newError;
 		}
+
+		if (status === 401 || status === 403) {
+			clearSession();
+			redirectToLogin();
+		}
+
+		return Promise.reject(error);
 	},
 );
-
-export const publicAxiosInstance: AxiosInstance = axios.create({
-	baseURL: API_SERVER_URL,
-});

apps/admin/src/lib/auth/session.ts

@@ -0,0 +1,77 @@
+import { redirect } from "@tanstack/react-router";
+import { reissueAccessTokenApi } from "@/lib/api/auth";
+import { isTokenExpired } from "@/lib/utils/jwtUtils";
+import { loadAccessToken, removeAccessToken, saveAccessToken } from "@/lib/utils/localStorage";
+
+let reissuePromise: Promise<string | null> | null = null;
+
+const getValidAccessToken = (): string | null => {
+	const accessToken = loadAccessToken();
+	if (!accessToken) {
+		return null;
+	}
+
+	if (isTokenExpired(accessToken)) {
+		removeAccessToken();
+		return null;
+	}
+
+	return accessToken;
+};
+
+export const clearSession = () => {
+	removeAccessToken();
+};
+
+export const reissueAccessTokenIfPossible = async (): Promise<string | null> => {
+	if (reissuePromise) {
+		return reissuePromise;
+	}
+
+	reissuePromise = (async () => {
+		try {
+			const response = await reissueAccessTokenApi();
+			const nextAccessToken = response.data.accessToken;
+
+			if (!nextAccessToken) {
+				clearSession();
+				return null;
+			}
+
+			saveAccessToken(nextAccessToken);
+			return nextAccessToken;
+		} catch {
+			clearSession();
+			return null;
+		} finally {
+			reissuePromise = null;
+		}
+	})();
+
+	return reissuePromise;
+};
+
+export const ensureSessionToken = async (): Promise<string | null> => {
+	const validAccessToken = getValidAccessToken();
+	if (validAccessToken) {
+		return validAccessToken;
+	}
+
+	return reissueAccessTokenIfPossible();
+};
+
+export const requireAdminSession = async (): Promise<string> => {
+	const token = await ensureSessionToken();
+	if (!token) {
+		throw redirect({ to: "/auth/login" });
+	}
+
+	return token;
+};
+
+export const redirectIfAuthenticated = async () => {
+	const token = await ensureSessionToken();
+	if (token) {
+		throw redirect({ to: "/scores" });
+	}
+};

apps/admin/src/lib/utils/localStorage.ts

@@ -1,28 +1,3 @@
-export const loadRefreshToken = () => {
-	try {
-		return localStorage.getItem("refreshToken");
-	} catch (err) {
-		console.error("Could not load refresh token", err);
-		return null;
-	}
-};
-
-export const saveRefreshToken = (token: string) => {
-	try {
-		localStorage.setItem("refreshToken", token);
-	} catch (err) {
-		console.error("Could not save refresh token", err);
-	}
-};
-
-export const removeRefreshToken = () => {
-	try {
-		localStorage.removeItem("refreshToken");
-	} catch (err) {
-		console.error("Could not remove refresh token", err);
-	}
-};
-
 export const loadAccessToken = () => {
 	try {
 		return localStorage.getItem("accessToken");

apps/admin/src/routes/auth/login.tsx

@@ -7,9 +7,13 @@ import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "@/com
 import { Input } from "@/components/ui/input";
 import { Label } from "@/components/ui/label";
 import { adminSignInApi } from "@/lib/api/auth";
-import { saveAccessToken, saveRefreshToken } from "@/lib/utils/localStorage";
+import { redirectIfAuthenticated } from "@/lib/auth/session";
+import { saveAccessToken } from "@/lib/utils/localStorage";
 
 export const Route = createFileRoute("/auth/login")({
+	beforeLoad: async () => {
+		await redirectIfAuthenticated();
+	},
 	component: LoginPage,
 });
 
@@ -32,10 +36,9 @@ function LoginPage() {
 
 		try {
 			const response = await signInMutation.mutateAsync({ nextEmail: email, nextPassword: password });
-			const { accessToken, refreshToken } = response.data;
+			const { accessToken } = response.data;
 
 			saveAccessToken(accessToken);
-			saveRefreshToken(refreshToken);
 
 			toast("로그인 성공", {
 				description: "관리자 페이지로 이동합니다.",