[Fix] 토큰 재발급 미동작 해결 및 로직 전면 리팩토링 (#453)

* refactor: preserve token reissue failure reason

* fix: make refresh flow resilient in authenticator

* fix: reissue token during auto-login when access token expired

* fix: serialize token reissue with coroutine mutex

* fix: avoid duplicate Authorization headers

* refactor: simplify auth events and drop unused token error state

* refactor: centralize token reissue and persistence

* chore: remove unused authenticator import

* fix: keep session on transient reissue failure and retry

* refactor: limit splash to health check only

* feat: 토큰 만료/부재 원인 구분 로깅 추가 (LogoutReason)

* fix: ApiResultCall JSON 파싱 에러 수정 (Lenient parsing 적용)

* chore: clean import

* Refactor token reissue logic to use ReissueTokenResult

Author: HI-JIN2

app/src/main/java/com/eatssu/android/App.kt

@@ -3,9 +3,6 @@ package com.eatssu.android
 import android.app.Application
 import androidx.hilt.work.HiltWorkerFactory
 import androidx.work.Configuration
-import com.eatssu.android.domain.model.TokenState
-import com.eatssu.android.domain.model.TokenStateManager
-import com.eatssu.android.presentation.base.TokenEventBus
 import com.google.firebase.FirebaseApp
 import com.google.firebase.analytics.ktx.analytics
 import com.google.firebase.crashlytics.FirebaseCrashlytics
@@ -14,22 +11,13 @@ import com.kakao.sdk.common.KakaoSdk
 import com.posthog.android.PostHogAndroid
 import com.posthog.android.PostHogAndroidConfig
 import dagger.hilt.android.HiltAndroidApp
-import kotlinx.coroutines.CoroutineScope
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.SupervisorJob
-import kotlinx.coroutines.launch
 import timber.log.Timber
 import javax.inject.Inject
 
 /** App: 앱이 살아있는 동안 공통 리소스 관리를 위한 클래스 */
 @HiltAndroidApp
 class App : Application(), Configuration.Provider {
 
-    /** 앱 전체에서 사용할 수 있는 CoroutineScope(독립적인 공간을 만들어 안정성 높임)
-     *  자식 CoroutineScope가 취소되더라도 부모 CoroutineScope는 취소되지 않음
-     * */
-    private val appScope = CoroutineScope(SupervisorJob() + Dispatchers.Main)
-
     @Inject
     lateinit var workerFactory: HiltWorkerFactory
 
@@ -48,23 +36,9 @@ class App : Application(), Configuration.Provider {
             Firebase.analytics.setAnalyticsCollectionEnabled(true)
         }
 
-        collectTokenState()
         setupPostHog()
     }
 
-    /** 토큰 상태를 application에서 감지하여 TokenEventBus에 전달 */
-    private fun collectTokenState() {
-        appScope.launch {
-            TokenStateManager.state.collect { state ->
-                if (state == TokenState.EXPIRED) {
-                    TokenEventBus.notifyTokenExpired()
-                } else if (state == TokenState.ERROR) {
-                    TokenEventBus.notifyServerError()
-                }
-            }
-        }
-    }
-
     private fun setupPostHog() {
         // Create a PostHog Config with the given API key and host
         val config = PostHogAndroidConfig(
@@ -88,4 +62,4 @@ class App : Application(), Configuration.Provider {
         get() = Configuration.Builder()
             .setWorkerFactory(workerFactory)
             .build()
-}
+}

app/src/main/java/com/eatssu/android/data/remote/repository/OauthRepositoryImpl.kt

@@ -1,5 +1,7 @@
 package com.eatssu.android.data.remote.repository
 
+import com.eatssu.android.data.model.ApiResult
+import com.eatssu.android.domain.model.ReissueTokenResult
 import com.eatssu.android.data.model.map
 import com.eatssu.android.data.model.orElse
 import com.eatssu.android.data.model.orNull
@@ -14,8 +16,19 @@ import javax.inject.Inject
 
 class OauthRepositoryImpl @Inject constructor(private val oauthService: OauthService) :
     OauthRepository {
-    override suspend fun reissueToken(refreshToken: String): Token? =
-        oauthService.getNewToken(refreshToken).map { it.toDomain() }.orNull()
+    override suspend fun reissueToken(refreshToken: String): ReissueTokenResult {
+        val headerValue = refreshToken.asAuthorizationHeaderValue()
+        return when (val result = oauthService.getNewToken(headerValue)) {
+            is ApiResult.Success -> ReissueTokenResult.Success(result.data.toDomain())
+            is ApiResult.Failure -> ReissueTokenResult.Failure(
+                responseCode = result.responseCode,
+                message = result.message
+            )
+
+            is ApiResult.NetworkError -> ReissueTokenResult.Failure(throwable = result.exception)
+            is ApiResult.UnknownError -> ReissueTokenResult.Failure(throwable = result.exception)
+        }
+    }
 
     override suspend fun login(
         email: String,
@@ -33,3 +46,6 @@ class OauthRepositoryImpl @Inject constructor(private val oauthService: OauthSer
     override suspend fun checkValidToken(body: CheckValidTokenRequest): Boolean =
         oauthService.checkValidToken(body).orElse(false)
 }
+
+private fun String.asAuthorizationHeaderValue(): String =
+    if (startsWith("Bearer ")) this else "Bearer $this"

app/src/main/java/com/eatssu/android/di/NetworkModule.kt

@@ -6,11 +6,9 @@ import com.eatssu.android.BuildConfig.BASE_URL
 import com.eatssu.android.di.network.ApiResultCallAdapterFactory
 import com.eatssu.android.di.network.TokenAuthenticator
 import com.eatssu.android.di.network.TokenInterceptor
-import com.eatssu.android.domain.usecase.auth.GetRefreshTokenUseCase
+import com.eatssu.android.domain.usecase.auth.GetAccessTokenUseCase
 import com.eatssu.android.domain.usecase.auth.LogoutUseCase
-import com.eatssu.android.domain.usecase.auth.ReissueTokenUseCase
-import com.eatssu.android.domain.usecase.auth.SetAccessTokenUseCase
-import com.eatssu.android.domain.usecase.auth.SetRefreshTokenUseCase
+import com.eatssu.android.domain.usecase.auth.ReissueAndStoreTokenUseCase
 import dagger.Module
 import dagger.Provides
 import dagger.hilt.InstallIn
@@ -125,18 +123,14 @@ object NetworkModule {
     @Provides
     @Singleton
     fun provideTokenAuthenticator(
-        getRefreshTokenUseCase: GetRefreshTokenUseCase,
-        setAccessTokenUseCase: SetAccessTokenUseCase,
-        setRefreshTokenUseCase: SetRefreshTokenUseCase,
-        reissueTokenUseCase: ReissueTokenUseCase,
+        getAccessTokenUseCase: GetAccessTokenUseCase,
+        reissueAndStoreTokenUseCase: ReissueAndStoreTokenUseCase,
         logoutUseCase: LogoutUseCase,
     ): TokenAuthenticator {
         return TokenAuthenticator(
-            getRefreshTokenUseCase,
-            setAccessTokenUseCase,
-            setRefreshTokenUseCase,
-            reissueTokenUseCase,
+            getAccessTokenUseCase,
+            reissueAndStoreTokenUseCase,
             logoutUseCase,
         )
     }
-}
+}

app/src/main/java/com/eatssu/android/di/network/ApiResultCall.kt

@@ -65,7 +65,9 @@ class ApiResultCall<T : Any>(
             // errorBody를 JSON으로 파싱 시도
             if (!errorBodyString.isNullOrEmpty()) {
                 try {
-                    val errorResponse = gson.fromJson(errorBodyString, BaseResponse::class.java)
+                    val reader = com.google.gson.stream.JsonReader(java.io.StringReader(errorBodyString))
+                    reader.isLenient = true
+                    val errorResponse = gson.fromJson<BaseResponse<*>>(reader, BaseResponse::class.java)
 
                     // BaseResponse 형태인지 확인 (isSuccess가 false이고 code와 message가 있는 경우)
                     if (errorResponse?.isSuccess == false &&

app/src/main/java/com/eatssu/android/di/network/TokenAuthenticator.kt

@@ -1,12 +1,14 @@
 package com.eatssu.android.di.network
 
-import com.eatssu.android.domain.model.TokenStateManager
-import com.eatssu.android.domain.usecase.auth.GetRefreshTokenUseCase
+import com.eatssu.android.domain.usecase.auth.GetAccessTokenUseCase
 import com.eatssu.android.domain.usecase.auth.LogoutUseCase
-import com.eatssu.android.domain.usecase.auth.ReissueTokenUseCase
-import com.eatssu.android.domain.usecase.auth.SetAccessTokenUseCase
-import com.eatssu.android.domain.usecase.auth.SetRefreshTokenUseCase
+import com.eatssu.android.domain.usecase.auth.ReissueAndStoreResult
+import com.eatssu.android.domain.usecase.auth.ReissueAndStoreTokenUseCase
+import com.eatssu.android.presentation.base.LogoutReason
+import com.eatssu.android.presentation.base.TokenEventBus
 import kotlinx.coroutines.runBlocking
+import kotlinx.coroutines.sync.Mutex
+import kotlinx.coroutines.sync.withLock
 import okhttp3.Authenticator
 import okhttp3.Request
 import okhttp3.Response
@@ -20,13 +22,15 @@ import javax.inject.Inject
  * 원래 요청을 새 토큰으로 다시 보내주는 클래스  - 백그라운드 스레드에서 실행
  * */
 class TokenAuthenticator @Inject constructor(
-    private val getRefreshTokenUseCase: GetRefreshTokenUseCase,
-    private val setAccessTokenUseCase: SetAccessTokenUseCase,
-    private val setRefreshTokenUseCase: SetRefreshTokenUseCase,
-    private val reissueTokenUseCase: ReissueTokenUseCase,
+    private val getAccessTokenUseCase: GetAccessTokenUseCase,
+    private val reissueAndStoreTokenUseCase: ReissueAndStoreTokenUseCase,
     private val logoutUseCase: LogoutUseCase,
 ) : Authenticator {
 
+    private companion object {
+        val mutex = Mutex()
+    }
+
     /**
      * 401 Unauthorized 응답을 받았을 때 호출되는 메서드
      * @param route : 요청한 경로
@@ -41,31 +45,49 @@ class TokenAuthenticator @Inject constructor(
         }
 
         return runBlocking {
-            Timber.d("TokenAuthenticator → refreshToken으로 재발급 시도")
+            mutex.withLock {
+                val currentAccessToken = getAccessTokenUseCase()
+                val requestAuthHeader = response.request.header("Authorization")
 
-            val expiredRefreshToken = getRefreshTokenUseCase()
-            val newToken = reissueTokenUseCase(expiredRefreshToken)
+                // 이미 다른 요청이 토큰을 재발급/저장한 경우, 저장된 토큰으로만 재시도
+                if (!requestAuthHeader.isNullOrBlank() && requestAuthHeader != "Bearer $currentAccessToken") {
+                    Timber.d("TokenAuthenticator → token already refreshed by another call; retrying with stored token")
+                    return@withLock response.request.newBuilder()
+                        .header("Authorization", "Bearer $currentAccessToken")
+                        .build()
+                }
 
-            val newAccessToken = newToken?.accessToken
-            val newRefreshToken = newToken?.refreshToken
+                Timber.d("TokenAuthenticator → attempting token reissue")
+                when (val result = reissueAndStoreTokenUseCase()) {
+                    is ReissueAndStoreResult.Success -> response.request.newBuilder()
+                        .header("Authorization", "Bearer ${result.accessToken}")
+                        .build()
 
-            if (newAccessToken.isNullOrEmpty() ||
-                newRefreshToken.isNullOrEmpty()
-            ) {
-                Timber.e("TokenAuthenticator → 새 토큰 발급 실패")
-                logoutUseCase() // 로그아웃 처리
-                TokenStateManager.setTokenError()
-                return@runBlocking null
-            }
+                    is ReissueAndStoreResult.MissingRefreshToken -> {
+                        Timber.e("TokenAuthenticator → refreshToken is blank; forcing logout")
+                        logoutUseCase()
+                        TokenEventBus.notifyTokenExpired(LogoutReason.MISSING_REFRESH_TOKEN)
+                        null
+                    }
 
-            Timber.d("TokenAuthenticator → 새 토큰 발급 성공")
-            setAccessTokenUseCase(newAccessToken)
-            setRefreshTokenUseCase(newRefreshToken)
+                    is ReissueAndStoreResult.RefreshInvalid -> {
+                        Timber.e(
+                            "TokenAuthenticator → refresh invalid: code=${result.responseCode}, message=${result.message}"
+                        )
+                        logoutUseCase()
+                        TokenEventBus.notifyTokenExpired(LogoutReason.REFRESH_TOKEN_EXPIRED)
+                        null
+                    }
 
-            Timber.d("TokenAuthenticator → 새 토큰 저장 및 기존 API 재요청")
-            response.request.newBuilder()
-                .header("Authorization", "Bearer $newAccessToken")
-                .build()
+                    is ReissueAndStoreResult.TransientFailure -> {
+                        Timber.w(
+                            result.throwable,
+                            "TokenAuthenticator → transient reissue failure: code=${result.responseCode}, message=${result.message}"
+                        )
+                        null
+                    }
+                }
+            }
         }
     }
 

app/src/main/java/com/eatssu/android/di/network/TokenInterceptor.kt

@@ -23,11 +23,13 @@ class TokenInterceptor @Inject constructor(
         val accessToken = runBlocking { getAccessTokenUseCase() }
         val originalRequest = chain.request()
 
-        val request = originalRequest.newBuilder()
-            .addHeader(HEADER_CONTENT_TYPE, "application/json")
-            .addHeader(HEADER_AUTHORIZATION, "Bearer $accessToken")
-            .build()
+        val requestBuilder = originalRequest.newBuilder()
+            .header(HEADER_CONTENT_TYPE, "application/json")
 
-        return chain.proceed(request)
+        if (accessToken.isNotBlank()) {
+            requestBuilder.header(HEADER_AUTHORIZATION, "Bearer $accessToken")
+        }
+
+        return chain.proceed(requestBuilder.build())
     }
-}
+}

app/src/main/java/com/eatssu/android/domain/model/ReissueTokenResult.kt

@@ -0,0 +1,11 @@
+package com.eatssu.android.domain.model
+
+sealed interface ReissueTokenResult {
+    data class Success(val token: Token) : ReissueTokenResult
+
+    data class Failure(
+        val responseCode: Int? = null,
+        val message: String? = null,
+        val throwable: Throwable? = null
+    ) : ReissueTokenResult
+}

app/src/main/java/com/eatssu/android/domain/model/TokenState.kt

@@ -1,13 +1,14 @@
 package com.eatssu.android.domain.repository
 
+import com.eatssu.android.domain.model.ReissueTokenResult
 import com.eatssu.android.data.remote.dto.request.CheckValidTokenRequest
 import com.eatssu.android.domain.model.Token
 import com.eatssu.common.enums.DeviceType
 
 interface OauthRepository {
     suspend fun reissueToken(
         refreshToken: String,
-    ): Token?
+    ): ReissueTokenResult
 
     suspend fun login(
         email: String,
@@ -17,4 +18,3 @@ interface OauthRepository {
 
     suspend fun checkValidToken(body: CheckValidTokenRequest): Boolean
 }
-