fix: auth 리디렉션 정책 단순화 및 로그인 후 메인 이동 통일

[manNomi]

변경 사항

• NEXT_PUBLIC_COOKIE_LOGIN_ENABLED 플래그 분기 제거
• 미들웨어 로그인 보호 경로를 /mentor, /my로 한정
• 보호 경로에서 refreshToken 쿠키가 없으면 /login으로 리디렉션
• 로그인 성공 시(이메일/카카오/애플) 라우팅을 모두 메인(/)으로 통일

상세

• middleware.ts
  • 플래그 기반 early return 제거
  • /community 보호/reason 파라미터 처리 제거
• postKakaoAuth.ts, postAppleAuth.ts
  • 소셜 로그인 성공 분기에서 회원가입 페이지 이동 제거
  • 성공 시 공통적으로 메인 페이지 이동

검증

• pnpm --filter @solid-connect/web run ci:check 통과
• pre-push 훅의 ci:check + build 통과

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
solid-connection-web	Ready	Preview, Comment	Mar 14, 2026 11:22am

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
solid-connect-web-admin	Skipped		Mar 14, 2026 11:22am

[coderabbitai]

워크스루

이 변경사항은 카카오 인증 및 미들웨어의 커뮤니티 관련 로직을 정리하는 작업입니다.

1. postKakaoAuth.ts에서 포매팅 개선

   • 사용자 등록된 경우의 onSuccess 브랜치 내 불필요한 빈 줄 제거

2. middleware.ts에서 커뮤니티 로그인 로직 제거

   • COMMUNITY_LOGIN_REASON 상수 및 관련 로직 완전 삭제
   • 서버 측 인증 활성화 게이트 제거로 항상 인증 적용
   • /community 경로에 대한 특별 처리 제거 및 needLogin 핸들링 단순화

예상 코드 리뷰 노력

🎯 2 (Simple) | ⏱️ ~12분

제안 검토자

• wibaek
• enunsnv
• khwww

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	PR 설명은 변경 사항, 상세 내용, 검증 결과를 포함하고 있으나 필수 템플릿 섹션(관련 이슈, 특이 사항, 리뷰 요구사항)이 누락되었습니다.	필수 템플릿 섹션인 '관련 이슈'와 '특이 사항' 섹션을 추가하여 PR 설명을 완성해주세요.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	PR 제목은 주요 변경사항인 인증 리디렉션 정책 단순화 및 로그인 후 메인 이동 통일을 명확하게 요약합니다.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/auth-redirect-main-login

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: cccda51d26

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Preserve signup redirect for unregistered social logins

This success path now runs even when data.isRegistered is false, but the unregistered social auth responses only carry signUpToken (not an access token) per apps/web/src/apis/Auth/api.ts, so first-time Kakao users are sent to / as if login succeeded and cannot continue onboarding via /sign-up?token=.... That breaks new social-user registration flow and leaves users in a pseudo-logged-out state; please keep the unregistered branch redirect to signup (the same regression appears in the Apple hook).

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5fc96d489d

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Restore signup redirect for unregistered Apple auth

When data.isRegistered is false, this success path still shows a login-success toast and redirects to /, which skips onboarding for first-time Apple users. The unregistered Apple response type only provides signUpToken (no accessToken) in apps/web/src/apis/Auth/api.ts, so these users cannot become authenticated on / and lose the only token needed to continue via /sign-up?token=....

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9fc30e9d70

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Honor cookie-login flag before enforcing route redirects

The middleware now always enforces refreshToken cookie checks, but this repo still defines NEXT_PUBLIC_COOKIE_LOGIN_ENABLED=false for development (apps/web/.env.development), which is the mode documented for localStorage-based debugging; in that configuration, protected routes like /mentor, /my, and /community will redirect to /login even after client-side login because no HTTP-only cookie is expected. Please keep the flag gate (or remove the false-mode config/docs in the same change) so development auth flow does not break.

Useful? React with 👍 / 👎.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

apps/web/src/middleware.ts (1)

4-4: ⚠️ Potential issue | 🟠 Major

1) 보호 경로 정책이 PR 목표와 아직 불일치합니다.

• Line 4의 loginNeedPages에 "/community"가 남아 있어, 비로그인 사용자는 지금도 /community 접근 시 /login으로 리다이렉트됩니다.
• 이번 PR 목표가 “보호 경로를 /mentor, /my로 제한”이라면 현재 동작은 목표와 어긋납니다.

수정 제안 diff

-const loginNeedPages = ["/mentor", "/my", "/community"]; // 로그인 필요페이지
+const loginNeedPages = ["/mentor", "/my"]; // 로그인 필요페이지

Also applies to: 22-25

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/web/src/middleware.ts` at line 4, The loginNeedPages array in
middleware.ts still contains "/community", causing non-authenticated users to be
redirected to /login contrary to the PR goal to protect only "/mentor" and
"/my"; remove "/community" from the loginNeedPages constant (leave only
"/mentor" and "/my") and update any code that references or iterates over
loginNeedPages (the redirect/check logic in this file) so it only enforces
protection for those two paths.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@apps/web/src/middleware.ts`:
- Line 4: The loginNeedPages array in middleware.ts still contains "/community",
causing non-authenticated users to be redirected to /login contrary to the PR
goal to protect only "/mentor" and "/my"; remove "/community" from the
loginNeedPages constant (leave only "/mentor" and "/my") and update any code
that references or iterates over loginNeedPages (the redirect/check logic in
this file) so it only enforces protection for those two paths.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: ec4e94ed-5dad-44cf-8d61-42540b2f4e93

📥 Commits

Reviewing files that changed from the base of the PR and between 527556c and 9fc30e9.

📒 Files selected for processing (2)

• apps/web/src/apis/Auth/postKakaoAuth.ts
• apps/web/src/middleware.ts

💤 Files with no reviewable changes (1)

• apps/web/src/apis/Auth/postKakaoAuth.ts