diff --git a/src/main/java/com/postgraduate/domain/auth/application/usecase/jwt/JwtUseCase.java b/src/main/java/com/postgraduate/domain/auth/application/usecase/jwt/JwtUseCase.java index 2d813901..34bb9771 100644 --- a/src/main/java/com/postgraduate/domain/auth/application/usecase/jwt/JwtUseCase.java +++ b/src/main/java/com/postgraduate/domain/auth/application/usecase/jwt/JwtUseCase.java @@ -5,6 +5,7 @@ import com.postgraduate.global.auth.AuthDetails; import com.postgraduate.global.config.security.util.SecurityUtils; import com.postgraduate.global.jwt.JwtProvider; +import jakarta.servlet.http.HttpServletRequest; import lombok.RequiredArgsConstructor; import org.springframework.stereotype.Service; @@ -18,9 +19,9 @@ public JwtTokenResponse signIn(User user) { return generateToken(user); } - public JwtTokenResponse regenerateToken(AuthDetails authDetails) { + public JwtTokenResponse regenerateToken(AuthDetails authDetails, HttpServletRequest request) { User user = securityUtils.getLoggedInUser(authDetails); - jwtProvider.checkRedis(user.getUserId()); + jwtProvider.checkRedis(user.getUserId(), request); return generateToken(user); } diff --git a/src/main/java/com/postgraduate/domain/auth/presentation/AuthController.java b/src/main/java/com/postgraduate/domain/auth/presentation/AuthController.java index 640b55be..93561169 100644 --- a/src/main/java/com/postgraduate/domain/auth/presentation/AuthController.java +++ b/src/main/java/com/postgraduate/domain/auth/presentation/AuthController.java @@ -10,6 +10,7 @@ import com.postgraduate.global.dto.ResponseDto; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import jakarta.servlet.http.HttpServletRequest; import lombok.RequiredArgsConstructor; import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.web.bind.annotation.PostMapping; @@ -18,7 +19,6 @@ import org.springframework.web.bind.annotation.RestController; import static com.postgraduate.domain.auth.presentation.contant.AuthResponseMessage.*; -import static org.springframework.http.HttpStatus.NOT_FOUND; import static org.springframework.http.HttpStatus.OK; @RestController @@ -50,8 +50,8 @@ public ResponseDto signUpUser(@RequestBody SignUpRequest reque @PostMapping("/refresh") @Operation(summary = "토큰 재발급", description = "refreshToken 으로 토큰 재발급") - public ResponseDto refresh(@AuthenticationPrincipal AuthDetails authDetails) { - JwtTokenResponse jwtToken = jwtUseCase.regenerateToken(authDetails); + public ResponseDto refresh(@AuthenticationPrincipal AuthDetails authDetails, HttpServletRequest request) { + JwtTokenResponse jwtToken = jwtUseCase.regenerateToken(authDetails, request); return ResponseDto.create(OK.value(), SUCCESS_REGENERATE_TOKEN_MESSAGE.getMessage(), jwtToken); } } diff --git a/src/main/java/com/postgraduate/global/jwt/JwtFilter.java b/src/main/java/com/postgraduate/global/jwt/JwtFilter.java index 96da306e..bedb2157 100644 --- a/src/main/java/com/postgraduate/global/jwt/JwtFilter.java +++ b/src/main/java/com/postgraduate/global/jwt/JwtFilter.java @@ -15,8 +15,8 @@ @RequiredArgsConstructor public class JwtFilter extends OncePerRequestFilter { private final JwtProvider jwtProvider; - private static final String AUTHORIZATION = "Authorization"; - private static final String BEARER = "Bearer"; + private final String AUTHORIZATION = "Authorization"; + private final String BEARER = "Bearer"; @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { diff --git a/src/main/java/com/postgraduate/global/jwt/JwtProvider.java b/src/main/java/com/postgraduate/global/jwt/JwtProvider.java index e674b4ad..5c00de1c 100644 --- a/src/main/java/com/postgraduate/global/jwt/JwtProvider.java +++ b/src/main/java/com/postgraduate/global/jwt/JwtProvider.java @@ -5,8 +5,8 @@ import com.postgraduate.global.auth.AuthDetailsService; import com.postgraduate.global.config.redis.RedisRepository; import io.jsonwebtoken.*; +import jakarta.servlet.http.HttpServletRequest; import lombok.RequiredArgsConstructor; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; @@ -30,6 +30,7 @@ public class JwtProvider { @Value("${jwt.secret-key}") private String secret; private final String REFRESH = "refresh"; + private final String AUTHORIZATION = "Authorization"; public String generateAccessToken(Long id, Role role) { Instant accessDate = LocalDateTime.now().plusHours(6).atZone(ZoneId.systemDefault()).toInstant(); @@ -60,9 +61,6 @@ public Authentication getAuthentication(String token) { } private AuthDetails getDetails(Claims claims) { - if (claims.get("role").equals(Role.USER)) { - return this.authDetailsService.loadUserByUsername(claims.getSubject()); - } return this.authDetailsService.loadUserByUsername(claims.getSubject()); } @@ -76,8 +74,11 @@ public void validateToken(String token) { } } - public void checkRedis(Long id) { - redisRepository.getValues(REFRESH + id).orElseThrow(); //TODO: 예외처리 + public void checkRedis(Long id, HttpServletRequest request) { + String refreshToken = request.getHeader(AUTHORIZATION).split(" ")[1]; + String redisToken = redisRepository.getValues(REFRESH + id).orElseThrow();//TODO: 예외처리 + if (!redisToken.equals(refreshToken)) + throw new IllegalArgumentException(); //TODO: 예외처리 } public Claims parseClaims(String token) {