Skip to content

fix: 로그아웃 시, 익스텐션 토큰 제거 #246

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jllee000 merged 3 commits into from
Jan 18, 2026
Merged

fix: 로그아웃 시, 익스텐션 토큰 제거 #246

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a148d6c
fix: 이미지 변경 및 토큰 삭제 로직 제거
jllee000 Jan 18, 2026
b93502a
fix: 클라 공통 도메인 수정
jllee000 Jan 18, 2026
0578a8b
fix: 대시보드 로그아웃 시, 크롬스토리지 토큰 삭제
jllee000 Jan 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions apps/client/public/assets/onBoarding/story/macNotice.svg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file removed apps/client/public/assets/onBoarding/story/macNotice.webp
View file
Open in desktop
Binary file not shown.
4 changes: 2 additions & 2 deletions apps/client/public/firebase-messaging-sw.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ firebase.initializeApp(firebaseConfig);
const messaging = firebase.messaging();

messaging.onBackgroundMessage((payload) => {
const url = payload.data?.url || 'https://www.pinback.today';
const url = payload.data?.url || 'https://pinback.today';
const notificationTitle = payload.notification?.title || 'pinback';
const notificationOptions = {
body: payload.notification?.body || '저장한 북마크를 확인해 보세요!',
Expand All @@ -48,7 +48,7 @@ messaging.onBackgroundMessage((payload) => {
});

self.addEventListener('notificationclick', (event) => {
const targetUrl = event.notification.data?.url || 'https://www.pinback.today';
const targetUrl = event.notification.data?.url || 'https://pinback.today';

fetch(
`https://www.google-analytics.com/mp/collect?measurement_id=G-847ZNSCC3J&api_secret=1hei57fPTKyGX5Cw73rwgA`,
Expand Down
2 changes: 1 addition & 1 deletion apps/client/src/pages/onBoarding/components/funnel/step/MacStep.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import MacNotice from '/assets/onBoarding/story/macNotice.webp';
import MacNotice from '/assets/onBoarding/story/macNotice.svg';
import dotori from '/assets/onBoarding/icons/dotori.svg';
const MacStep = () => {
return (
Expand Down
2 changes: 1 addition & 1 deletion apps/client/src/shared/apis/setting/axiosInstance.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ apiRequest.interceptors.response.use(
) {
originalRequest._retry = true;

localStorage.removeItem('token');
// localStorage.removeItem('token');
window.location.href = '/onboarding?step=SOCIAL_LOGIN';

return Promise.reject(error);
Comment on lines +49 to 52
Copy link

@coderabbitai coderabbitai bot Jan 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

401/403 에러 시 토큰 제거 로직 비활성화에 대한 검토가 필요합니다.

인증 에러(401/403) 발생 시 토큰을 제거하지 않고 온보딩 페이지로 리다이렉트만 하는 것은 다음과 같은 문제를 야기할 수 있습니다:

  1. 무효한 토큰 잔존: 만료되거나 유효하지 않은 토큰이 localStorage에 남아 후속 요청에서 반복적으로 401/403 에러를 발생시킬 수 있습니다.
  2. 인증 루프 가능성: 리다이렉트 후에도 토큰이 남아있어 의도치 않은 동작을 유발할 수 있습니다.
  3. 상태 불일치: 서버에서는 토큰이 유효하지 않다고 판단했지만, 클라이언트에는 토큰이 남아있는 불일치 상태가 됩니다.

이 변경의 의도가 있다면 주석으로 사유를 명시하거나, 토큰 제거 로직을 유지하는 것을 권장합니다.

🔒 토큰 제거 로직 복원 제안 
-      // localStorage.removeItem('token');
+      localStorage.removeItem('token');
       window.location.href = '/onboarding?step=SOCIAL_LOGIN';
🤖 Prompt for AI Agents 
In `@apps/client/src/shared/apis/setting/axiosInstance.ts` around lines 49 - 52,
On 401/403 handling in the axios error interceptor (the block that currently
calls window.location.href = '/onboarding?step=SOCIAL_LOGIN' and returns
Promise.reject(error)), restore the token removal logic by removing the stored
auth token (undo the commented out localStorage.removeItem('token')) before
redirecting; if the removal was intentionally disabled, add a clear comment
above this block explaining why the token must persist and what other mechanism
will clear it, referencing the axios error interceptor where
window.location.href and Promise.reject(error) are used so reviewers can find
the change.

Expand Down
9 changes: 9 additions & 0 deletions apps/client/src/shared/components/profilePopup/ProfilePopup.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,15 @@ export default function ProfilePopup({
const handleLogout = () => {
localStorage.removeItem('token');
localStorage.removeItem('email');
const sendExtensionLogout = () => {
window.postMessage(
{
type: 'Extension-Logout',
},
window.location.origin
);
};
sendExtensionLogout();
navigate('/login');
};

Expand Down
Binary file added apps/extension/dist.zip
View file
Open in desktop
Binary file not shown.
2 changes: 1 addition & 1 deletion apps/extension/src/App.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ const App = () => {
};

const handleDuplicateRightClick = () => {
chrome.tabs.create({ url: 'https://www.pinback.today/' });
chrome.tabs.create({ url: 'https://pinback.today/' });
};

return (
Expand Down
10 changes: 9 additions & 1 deletion apps/extension/src/background.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
if (details.reason === 'install') {
chrome.identity.getProfileUserInfo(function (info) {
chrome.storage.local.set({ email: info.email }, () => {
console.log('User email saved:');

Check warning on line 5 in apps/extension/src/background.ts

View workflow job for this annotation

GitHub Actions / lint 

Unexpected console statement
});
setTimeout(() => {
chrome.tabs.create({
url: `https://www.pinback.today/onboarding?email=${info.email}`,
url: `https://pinback.today/onboarding?email=${info.email}`,
});
}, 1000);
});
Expand All @@ -16,7 +16,15 @@
chrome.runtime.onMessage.addListener((message) => {
if (message.type === 'SET_TOKEN') {
chrome.storage.local.set({ token: message.token }, () => {
console.log('Token saved!');

Check warning on line 19 in apps/extension/src/background.ts

View workflow job for this annotation

GitHub Actions / lint 

Unexpected console statement
});
}
});

chrome.runtime.onMessage.addListener((message) => {
if (message.type === 'Extension-Logout') {
chrome.storage.local.remove('token', () => {
console.log('Token removed!');

Check warning on line 27 in apps/extension/src/background.ts

View workflow job for this annotation

GitHub Actions / lint 

Unexpected console statement
});
}
});
Comment on lines +24 to +30
Copy link

@coderabbitai coderabbitai bot Jan 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

rg -n "Extension-Logout" --type ts -C 5

Repository: Pinback-Team/pinback-client

Length of output: 2307

background.ts의 Extension-Logout 리스너는 실제로 호출되지 않습니다.

ProfilePopup.tsx에서 window.postMessage로 'Extension-Logout' 메시지를 전송하고, content.tswindow.addEventListener('message') 리스너가 이를 받아 직접 처리합니다. 따라서 chrome.runtime.onMessage를 사용하는 background.ts의 리스너(lines 24-30)는 절대 호출되지 않습니다.

이 리스너는 제거하거나, content.ts의 처리 로직을 background.ts로 이동하면서 chrome.runtime.sendMessage를 사용하도록 메시지 패싱 방식을 통일해야 합니다.

🧰 Tools
🪛 GitHub Check: lint

[warning] 27-27:
Unexpected console statement

🤖 Prompt for AI Agents 
In `@apps/extension/src/background.ts` around lines 24 - 30, The background.ts
chrome.runtime.onMessage listener for 'Extension-Logout' is never called because
ProfilePopup.tsx uses window.postMessage and content.ts handles it via
window.addEventListener('message'); either remove the unused
chrome.runtime.onMessage handler from background.ts, or change messaging to
centralize logout in background.ts by updating ProfilePopup.tsx (or content.ts)
to call chrome.runtime.sendMessage({ type: 'Extension-Logout' }) and ensure
content.ts forwards the window message to the background with
chrome.runtime.sendMessage; then keep the existing chrome.runtime.onMessage
handler in background.ts to remove the token from chrome.storage.local.

9 changes: 9 additions & 0 deletions apps/extension/src/content.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,16 @@
token: event.data.token,
});
chrome.storage.local.set({ token: event.data.token }, () => {
console.log('Token saved!', event.data.token);

Check warning on line 9 in apps/extension/src/content.ts

View workflow job for this annotation

GitHub Actions / lint 

Unexpected console statement
});
}
});

window.addEventListener('message', (event) => {
if (event.source !== window) return;
if (event.data.type === 'Extension-Logout') {
chrome.storage.local.remove('token', () => {
console.log('Token removed!');

Check warning on line 18 in apps/extension/src/content.ts

View workflow job for this annotation

GitHub Actions / lint 

Unexpected console statement
});
}
});
Comment on lines +14 to +21
Copy link

@coderabbitai coderabbitai bot Jan 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

SET_TOKEN 흐름과 일관성이 없습니다.

SET_TOKENchrome.runtime.sendMessage로 background에 전달하고 로컬에도 저장하지만, Extension-Logout은 로컬에서만 토큰을 제거합니다. background.tsExtension-Logout 리스너가 추가되었지만 이 메시지가 전달되지 않아 해당 리스너는 dead code가 됩니다.

일관성을 위해 background에도 메시지를 전달하거나, background.ts의 해당 리스너를 제거하는 것이 좋습니다.

🔧 background로 메시지 전달 추가 
 window.addEventListener('message', (event) => {
   if (event.source !== window) return;
   if (event.data.type === 'Extension-Logout') {
+    chrome.runtime.sendMessage({ type: 'Extension-Logout' });
     chrome.storage.local.remove('token', () => {
       console.log('Token removed!');
     });
   }
 });
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
window.addEventListener('message', (event) => {
if (event.source !== window) return;
if (event.data.type === 'Extension-Logout') {
chrome.storage.local.remove('token', () => {
console.log('Token removed!');
});
}
});
window.addEventListener('message', (event) => {
if (event.source !== window) return;
if (event.data.type === 'Extension-Logout') {
chrome.runtime.sendMessage({ type: 'Extension-Logout' });
chrome.storage.local.remove('token', () => {
console.log('Token removed!');
});
}
});
🧰 Tools
🪛 GitHub Check: lint

[warning] 18-18:
Unexpected console statement

🤖 Prompt for AI Agents 
In `@apps/extension/src/content.ts` around lines 14 - 21, The logout handler in
the window message listener only removes the token from chrome.storage.local and
never notifies the background script, leaving the background 'Extension-Logout'
listener unused; update the handler in content.ts (the window.addEventListener
callback that checks event.data.type === 'Extension-Logout') to also call
chrome.runtime.sendMessage({ type: 'Extension-Logout' }) (or include any
required payload) after removing the token so the background.ts listener
receives the logout event and can perform its cleanup.

2 changes: 1 addition & 1 deletion apps/extension/src/pages/LogOutPop.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ const LogOutPop = () => {
type="button"
onClick={() => {
chrome.tabs.create({
url: 'https://www.pinback.today/onboarding?step=SOCIAL_LOGIN',
url: 'https://pinback.today/onboarding?step=SOCIAL_LOGIN',
});
}}
>
Expand Down
2 changes: 1 addition & 1 deletion apps/extension/src/shared/components/Header.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ const Header = () => {
onMouseEnter={() => setIsHover(true)}
onMouseLeave={() => setIsHover(false)}
onClick={() => {
chrome.tabs.create({ url: 'https://www.pinback.today/' });
chrome.tabs.create({ url: 'https://pinback.today/' });
}}
/>
<Icon name="main_logo" width={72} height={20} />
Expand Down
Loading