depromeet · sejoon00 · Aug 14, 2024 · Aug 13, 2024 · Aug 13, 2024 · Aug 13, 2024
diff --git a/.gitignore b/.gitignore
@@ -43,4 +43,4 @@ out/
 /.nb-gradle/
 
 ### VS Code ###
-.vscode/
+.vscode/
diff --git a/src/main/java/com/server/bbo_gak/domain/auth/controller/AuthController.java b/src/main/java/com/server/bbo_gak/domain/auth/controller/AuthController.java
@@ -1,12 +1,14 @@
 package com.server.bbo_gak.domain.auth.controller;
 
 import com.server.bbo_gak.domain.auth.dto.request.LoginRequest;
+import com.server.bbo_gak.domain.auth.dto.request.RefreshTokenRequest;
 import com.server.bbo_gak.domain.auth.service.AuthService;
 import com.server.bbo_gak.domain.user.entity.User;
 import com.server.bbo_gak.global.annotation.AuthUser;
 import com.server.bbo_gak.global.security.jwt.dto.TokenDto;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -24,7 +26,12 @@ public ResponseEntity<TokenDto> login(@RequestBody LoginRequest request) {
         return ResponseEntity.ok(authService.login(request));
     }
 
-    @PostMapping("/test/logout")
+    @PostMapping("/refreshToken")
+    public ResponseEntity<TokenDto> validateRefreshToken(@RequestBody RefreshTokenRequest request) {
+        return ResponseEntity.ok(authService.validateRefreshToken(request));
+    }
+
+    @GetMapping("/logout")
     public ResponseEntity<Void> logout(@AuthUser User user) {
         authService.logout(user);
         return ResponseEntity.ok().body(null);

diff --git a/src/main/java/com/server/bbo_gak/domain/auth/dto/request/RefreshTokenRequest.java b/src/main/java/com/server/bbo_gak/domain/auth/dto/request/RefreshTokenRequest.java
@@ -0,0 +1,7 @@
+package com.server.bbo_gak.domain.auth.dto.request;
+
+public record RefreshTokenRequest(
+    String refreshToken
+) {
+
+}
diff --git a/src/main/java/com/server/bbo_gak/domain/auth/service/AuthService.java b/src/main/java/com/server/bbo_gak/domain/auth/service/AuthService.java
@@ -1,6 +1,7 @@
 package com.server.bbo_gak.domain.auth.service;
 
 import com.server.bbo_gak.domain.auth.dto.request.LoginRequest;
+import com.server.bbo_gak.domain.auth.dto.request.RefreshTokenRequest;
 import com.server.bbo_gak.domain.user.entity.User;
 import com.server.bbo_gak.global.security.jwt.dto.TokenDto;
 import org.springframework.stereotype.Service;
@@ -10,6 +11,8 @@ public interface AuthService {
 
     TokenDto login(LoginRequest request);
 
+    TokenDto validateRefreshToken(RefreshTokenRequest request);
+
     void logout(User user);
 
 }
diff --git a/src/main/java/com/server/bbo_gak/domain/auth/service/AuthServiceImpl.java b/src/main/java/com/server/bbo_gak/domain/auth/service/AuthServiceImpl.java
@@ -1,15 +1,18 @@
 package com.server.bbo_gak.domain.auth.service;
 
 import com.server.bbo_gak.domain.auth.dto.request.LoginRequest;
+import com.server.bbo_gak.domain.auth.dto.request.RefreshTokenRequest;
 import com.server.bbo_gak.domain.auth.entity.AuthTestUser;
 import com.server.bbo_gak.domain.auth.entity.AuthTestUserRepository;
 import com.server.bbo_gak.domain.user.entity.User;
 import com.server.bbo_gak.global.error.exception.BusinessException;
 import com.server.bbo_gak.global.error.exception.ErrorCode;
 import com.server.bbo_gak.global.error.exception.NotFoundException;
+import com.server.bbo_gak.global.security.jwt.dto.AccessTokenDto;
 import com.server.bbo_gak.global.security.jwt.dto.TokenDto;
 import com.server.bbo_gak.global.security.jwt.entity.RefreshTokenRepository;
 import com.server.bbo_gak.global.security.jwt.service.JwtTokenService;
+import io.jsonwebtoken.JwtException;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -20,7 +23,7 @@ public class AuthServiceImpl implements AuthService {
 
     private final AuthTestUserRepository authTestUserRepository;
     private final RefreshTokenRepository refreshTokenRepository;
-    private final JwtTokenService tokenService;
+    private final JwtTokenService jwtTokenService;
 
     @Override
     @Transactional
@@ -34,7 +37,27 @@ public TokenDto login(LoginRequest request) {
         if (refreshTokenRepository.existsRefreshTokenByMemberId(authTestUser.getId())) {
             refreshTokenRepository.deleteById(authTestUser.getId());
         }
-        return tokenService.createTokenDto(authTestUser.getId(), authTestUser.getRole());
+        return jwtTokenService.createTokenDto(authTestUser.getId(), authTestUser.getRole());
+    }
+
+    @Override
+    public TokenDto validateRefreshToken(RefreshTokenRequest request) {
+        String refreshToken = request.refreshToken();
+        if (refreshToken == null) {
+            throw new JwtException(ErrorCode.RT_NOT_FOUND.getMessage()); //AT 만료 RT null
+        }
+
+        TokenDto tokenDto = null;
+        if (jwtTokenService.validateRefreshToken(refreshToken)) {
+            // RT 유효
+            tokenDto = jwtTokenService.recreateTokenDtoAtValidate(refreshToken);
+
+            AccessTokenDto accessTokenDto = jwtTokenService.retrieveAccessToken(tokenDto.accessToken());
+            jwtTokenService.setAuthenticationToContext(accessTokenDto.memberId(), accessTokenDto.role());
+
+        }
+
+        return tokenDto;
     }
 
     @Override

diff --git a/src/main/java/com/server/bbo_gak/domain/recruit/entity/RecruitStatus.java b/src/main/java/com/server/bbo_gak/domain/recruit/entity/RecruitStatus.java
@@ -18,5 +18,4 @@ public enum RecruitStatus {
 
 
     private final String value;
-
 }
diff --git a/src/main/java/com/server/bbo_gak/global/config/security/SecurityConfig.java b/src/main/java/com/server/bbo_gak/global/config/security/SecurityConfig.java
@@ -27,7 +27,8 @@
 public class SecurityConfig {
 
     private final JwtTokenService jwtTokenService;
-    private String[] allowUrls = {"/", "/api/v1/users/test/login", "/docs/**", "/v3/**", "/favicon.ico"};
+    private String[] allowUrls = {"/", "/api/v1/users/test/login", "/api/v1/users/refreshToken", "/docs/**", "/v3/**",
+        "/favicon.ico"};
 
     @Bean
     public WebSecurityCustomizer configure() {

diff --git a/src/main/java/com/server/bbo_gak/global/error/GlobalExceptionHandler.java b/src/main/java/com/server/bbo_gak/global/error/GlobalExceptionHandler.java
@@ -3,6 +3,7 @@
 import com.server.bbo_gak.global.error.exception.BusinessException;
 import com.server.bbo_gak.global.error.exception.ErrorCode;
 import com.server.bbo_gak.global.error.exception.NotFoundException;
+import io.jsonwebtoken.JwtException;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -37,4 +38,12 @@ protected ResponseEntity<ErrorResponse> handleException(final Exception exceptio
         final ErrorResponse response = ErrorResponse.from(ErrorCode.INTERNAL_SERVER_ERROR);
         return new ResponseEntity<>(response, response.getStatus());
     }
+
+    @ExceptionHandler(JwtException.class)
+    protected ResponseEntity<ErrorResponse> handleJwtException(final JwtException exception) {
+        log.error("handleEntityNotFoundException", exception);
+        final ErrorCode errorCode = ErrorCode.RT_NOT_FOUND;
+        final ErrorResponse response = ErrorResponse.from(errorCode);
+        return new ResponseEntity<>(response, errorCode.getStatus());
+    }
 }
diff --git a/src/main/java/com/server/bbo_gak/global/error/exception/ErrorCode.java b/src/main/java/com/server/bbo_gak/global/error/exception/ErrorCode.java
@@ -22,6 +22,7 @@ public enum ErrorCode {
     ACCESS_DENIED(HttpStatus.UNAUTHORIZED, "토큰이 없습니다"),
     TOKEN_SUBJECT_FORMAT_ERROR(HttpStatus.UNAUTHORIZED, "Subject 값에 Long 타입이 아닌 다른 타입이 들어있습니다."),
     AT_EXPIRED_AND_RT_NOT_FOUND(HttpStatus.UNAUTHORIZED, "AT는 만료되었고 RT는 비어있습니다."),
+    RT_NOT_FOUND(HttpStatus.UNAUTHORIZED, "RT가 비어있습니다"),
 
     PASSWORD_NOT_MATCHES(HttpStatus.BAD_REQUEST, "비밀번호를 잘못 입력하셨습니다."),
 

diff --git a/src/main/java/com/server/bbo_gak/global/security/jwt/filter/JwtAuthenticationFilter.java b/src/main/java/com/server/bbo_gak/global/security/jwt/filter/JwtAuthenticationFilter.java
@@ -1,24 +1,14 @@
 package com.server.bbo_gak.global.security.jwt.filter;
 
-import com.server.bbo_gak.domain.user.entity.UserRole;
-import com.server.bbo_gak.global.error.exception.ErrorCode;
-import com.server.bbo_gak.global.security.PrincipalDetails;
 import com.server.bbo_gak.global.security.jwt.dto.AccessTokenDto;
-import com.server.bbo_gak.global.security.jwt.dto.TokenDto;
 import com.server.bbo_gak.global.security.jwt.service.JwtTokenService;
-import io.jsonwebtoken.ExpiredJwtException;
-import io.jsonwebtoken.JwtException;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.Optional;
 import lombok.RequiredArgsConstructor;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 @RequiredArgsConstructor
@@ -40,38 +30,15 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
             filterChain.doFilter(request, response); //AT null
         }
 
-        try {
-            if (jwtTokenService.validateAccessToken(accessTokenHeaderValue)) {
-                //AT 유효
-                accessTokenDto = jwtTokenService.retrieveAccessToken(accessTokenHeaderValue);
-                setAuthenticationToContext(accessTokenDto.memberId(), accessTokenDto.role());
-            }
-        } catch (ExpiredJwtException e) {
-            if (refreshTokenHeaderValue == null) {
-                throw new JwtException(ErrorCode.AT_EXPIRED_AND_RT_NOT_FOUND.getMessage()); //AT 만료 RT null
-            }
-
-            if (jwtTokenService.validateRefreshToken(refreshTokenHeaderValue)) {
-                // AT 만료 && RT 유효
-                TokenDto tokenDto = jwtTokenService.recreateTokenDtoAtValidate(refreshTokenHeaderValue);
-
-                //Refresh, Access Token을 헤더에 넣어 전송합니다 (GET 요청시에는 body가 없기 때문에)
-                jwtTokenService.setHeaderAccessToken(response, tokenDto.accessToken());
-                jwtTokenService.setHeaderRefreshToken(response, tokenDto.refreshToken());
-
-                accessTokenDto = jwtTokenService.retrieveAccessToken(tokenDto.accessToken());
-                setAuthenticationToContext(accessTokenDto.memberId(), accessTokenDto.role());
-            }
+        if (jwtTokenService.validateAccessToken(accessTokenHeaderValue)) {
+            //AT 유효
+            accessTokenDto = jwtTokenService.retrieveAccessToken(accessTokenHeaderValue);
+            jwtTokenService.setAuthenticationToContext(accessTokenDto.memberId(), accessTokenDto.role());
         }
+
         filterChain.doFilter(request, response);
     }
 
-    private void setAuthenticationToContext(Long memberId, UserRole role) {
-        UserDetails userDetails = PrincipalDetails.ofJwt(memberId, role);
-        Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, null,
-            userDetails.getAuthorities());
-        SecurityContextHolder.getContext().setAuthentication(authentication);
-    }
 
     private String extractAccessTokenFromHeader(HttpServletRequest request) {
         return Optional.ofNullable(request.getHeader("Authorization"))

diff --git a/src/main/java/com/server/bbo_gak/global/security/jwt/service/JwtTokenService.java b/src/main/java/com/server/bbo_gak/global/security/jwt/service/JwtTokenService.java
@@ -3,6 +3,7 @@
 import com.server.bbo_gak.domain.user.entity.User;
 import com.server.bbo_gak.domain.user.entity.UserRole;
 import com.server.bbo_gak.global.error.exception.ErrorCode;
+import com.server.bbo_gak.global.security.PrincipalDetails;
 import com.server.bbo_gak.global.security.jwt.dto.AccessTokenDto;
 import com.server.bbo_gak.global.security.jwt.dto.TokenDto;
 import com.server.bbo_gak.global.security.jwt.entity.RefreshToken;
@@ -18,6 +19,10 @@
 import java.util.Date;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Service;
 
 @Slf4j
@@ -29,6 +34,13 @@ public class JwtTokenService {
     private final JwtUtil jwtUtil;
     private final RefreshTokenRepository refreshTokenRepository;
 
+    public void setAuthenticationToContext(Long memberId, UserRole role) {
+        UserDetails userDetails = PrincipalDetails.ofJwt(memberId, role);
+        Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, null,
+            userDetails.getAuthorities());
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+    }
+
     /**
      * 클라이언트가 로그인 시 전달할 AT, RT를 생성합니다.
      *

diff --git a/src/main/java/com/server/bbo_gak/global/security/jwt/service/JwtUtil.java b/src/main/java/com/server/bbo_gak/global/security/jwt/service/JwtUtil.java
@@ -25,6 +25,7 @@ public class JwtUtil {
 
     private final JwtProperties jwtProperties;
 
+
     /**
      * AccessToken을 생성합니다.
      *
Original file line number	Diff line number	Diff line change
Expand Up		@@ -18,5 +18,4 @@ public enum RecruitStatus {


		private final String value;

		}
-Original file line number
+Diff line change
@@ Expand Up / @@ -25,6 +25,7 @@ public class JwtUtil { @@
         private final JwtProperties jwtProperties;
         /**
          * AccessToken을 생성합니다.
          *
@@ Expand Down @@