RAC-98 fix : RefreshToken 로직 수정

WE-ARE-RACCOONS · Oct 31, 2023 · 877595e · 877595e
1 parent fed623c
commit 877595e
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 13 deletions.
diff --git a/src/main/java/com/postgraduate/domain/auth/application/usecase/jwt/JwtUseCase.java b/src/main/java/com/postgraduate/domain/auth/application/usecase/jwt/JwtUseCase.java
@@ -5,6 +5,7 @@
 import com.postgraduate.global.auth.AuthDetails;
 import com.postgraduate.global.config.security.util.SecurityUtils;
 import com.postgraduate.global.jwt.JwtProvider;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 
@@ -18,9 +19,9 @@ public JwtTokenResponse signIn(User user) {
         return generateToken(user);
     }
 
-    public JwtTokenResponse regenerateToken(AuthDetails authDetails) {
+    public JwtTokenResponse regenerateToken(AuthDetails authDetails, HttpServletRequest request) {
         User user = securityUtils.getLoggedInUser(authDetails);
-        jwtProvider.checkRedis(user.getUserId());
+        jwtProvider.checkRedis(user.getUserId(), request);
         return generateToken(user);
     }
 

diff --git a/src/main/java/com/postgraduate/domain/auth/presentation/AuthController.java b/src/main/java/com/postgraduate/domain/auth/presentation/AuthController.java
@@ -10,6 +10,7 @@
 import com.postgraduate.global.dto.ResponseDto;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -18,7 +19,6 @@
 import org.springframework.web.bind.annotation.RestController;
 
 import static com.postgraduate.domain.auth.presentation.contant.AuthResponseMessage.*;
-import static org.springframework.http.HttpStatus.NOT_FOUND;
 import static org.springframework.http.HttpStatus.OK;
 
 @RestController
@@ -50,8 +50,8 @@ public ResponseDto<JwtTokenResponse> signUpUser(@RequestBody SignUpRequest reque
 
     @PostMapping("/refresh")
     @Operation(summary = "토큰 재발급", description = "refreshToken 으로 토큰 재발급")
-    public ResponseDto<JwtTokenResponse> refresh(@AuthenticationPrincipal AuthDetails authDetails) {
-        JwtTokenResponse jwtToken = jwtUseCase.regenerateToken(authDetails);
+    public ResponseDto<JwtTokenResponse> refresh(@AuthenticationPrincipal AuthDetails authDetails, HttpServletRequest request) {
+        JwtTokenResponse jwtToken = jwtUseCase.regenerateToken(authDetails, request);
         return ResponseDto.create(OK.value(), SUCCESS_REGENERATE_TOKEN_MESSAGE.getMessage(), jwtToken);
     }
 }
diff --git a/src/main/java/com/postgraduate/global/jwt/JwtFilter.java b/src/main/java/com/postgraduate/global/jwt/JwtFilter.java
@@ -15,8 +15,8 @@
 @RequiredArgsConstructor
 public class JwtFilter extends OncePerRequestFilter {
     private final JwtProvider jwtProvider;
-    private static final String AUTHORIZATION = "Authorization";
-    private static final String BEARER = "Bearer";
+    private final String AUTHORIZATION = "Authorization";
+    private final String BEARER = "Bearer";
 
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {

diff --git a/src/main/java/com/postgraduate/global/jwt/JwtProvider.java b/src/main/java/com/postgraduate/global/jwt/JwtProvider.java
@@ -5,8 +5,8 @@
 import com.postgraduate.global.auth.AuthDetailsService;
 import com.postgraduate.global.config.redis.RedisRepository;
 import io.jsonwebtoken.*;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -30,6 +30,7 @@ public class JwtProvider {
     @Value("${jwt.secret-key}")
     private String secret;
     private final String REFRESH = "refresh";
+    private final String AUTHORIZATION = "Authorization";
 
     public String generateAccessToken(Long id, Role role) {
         Instant accessDate = LocalDateTime.now().plusHours(6).atZone(ZoneId.systemDefault()).toInstant();
@@ -60,9 +61,6 @@ public Authentication getAuthentication(String token) {
     }
 
     private AuthDetails getDetails(Claims claims) {
-        if (claims.get("role").equals(Role.USER)) {
-            return this.authDetailsService.loadUserByUsername(claims.getSubject());
-        }
         return this.authDetailsService.loadUserByUsername(claims.getSubject());
     }
 
@@ -76,8 +74,11 @@ public void validateToken(String token) {
         }
     }
 
-    public void checkRedis(Long id) {
-        redisRepository.getValues(REFRESH + id).orElseThrow(); //TODO: 예외처리
+    public void checkRedis(Long id, HttpServletRequest request) {
+        String refreshToken = request.getHeader(AUTHORIZATION).split(" ")[1];
+        String redisToken = redisRepository.getValues(REFRESH + id).orElseThrow();//TODO: 예외처리
+        if (!redisToken.equals(refreshToken))
+            throw new IllegalArgumentException(); //TODO: 예외처리
     }
 
     public Claims parseClaims(String token) {