Merge pull request #22 from WE-ARE-RACCOONS/RAC-98

RAC-98 fix : RefreshToken 로직 수정 및 만료 시간 추가

src/main/java/com/postgraduate/domain/auth/application/dto/res/JwtTokenResponse.java

@@ -1,17 +1,16 @@
 package com.postgraduate.domain.auth.application.dto.res;
 
 import com.postgraduate.domain.user.domain.entity.constant.Role;
-import lombok.AllArgsConstructor;
-import lombok.Builder;
-import lombok.Getter;
-import lombok.NoArgsConstructor;
+import lombok.*;
 
 @Builder
 @Getter
 @NoArgsConstructor
 @AllArgsConstructor
 public class JwtTokenResponse {
     private String accessToken;
+    private int accessExpiration;
     private String refreshToken;
+    private int refreshExpiration;
     private Role role;
 }

src/main/java/com/postgraduate/domain/auth/application/usecase/jwt/JwtUseCase.java

@@ -5,28 +5,34 @@
 import com.postgraduate.global.auth.AuthDetails;
 import com.postgraduate.global.config.security.util.SecurityUtils;
 import com.postgraduate.global.jwt.JwtProvider;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
 @RequiredArgsConstructor
 @Service
 public class JwtUseCase {
     private final JwtProvider jwtProvider;
     private final SecurityUtils securityUtils;
+    @Value("${jwt.refreshExpiration}")
+    private int refreshExpiration;
+    @Value("${jwt.accessExpiration}")
+    private int accessExpiration;
 
     public JwtTokenResponse signIn(User user) {
         return generateToken(user);
     }
 
-    public JwtTokenResponse regenerateToken(AuthDetails authDetails) {
+    public JwtTokenResponse regenerateToken(AuthDetails authDetails, HttpServletRequest request) {
         User user = securityUtils.getLoggedInUser(authDetails);
-        jwtProvider.checkRedis(user.getUserId());
+        jwtProvider.checkRedis(user.getUserId(), request);
         return generateToken(user);
     }
 
     private JwtTokenResponse generateToken(User user) {
         String accessToken = jwtProvider.generateAccessToken(user.getUserId(), user.getRole());
         String refreshToken = jwtProvider.generateRefreshToken(user.getUserId(), user.getRole());
-        return new JwtTokenResponse(accessToken, refreshToken, user.getRole());
+        return new JwtTokenResponse(accessToken, accessExpiration, refreshToken, refreshExpiration, user.getRole());
     }
 }

src/main/java/com/postgraduate/domain/auth/presentation/AuthController.java

@@ -10,6 +10,7 @@
 import com.postgraduate.global.dto.ResponseDto;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -18,7 +19,6 @@
 import org.springframework.web.bind.annotation.RestController;
 
 import static com.postgraduate.domain.auth.presentation.contant.AuthResponseMessage.*;
-import static org.springframework.http.HttpStatus.NOT_FOUND;
 import static org.springframework.http.HttpStatus.OK;
 
 @RestController
@@ -50,8 +50,8 @@ public ResponseDto<JwtTokenResponse> signUpUser(@RequestBody SignUpRequest reque
 
     @PostMapping("/refresh")
     @Operation(summary = "토큰 재발급", description = "refreshToken 으로 토큰 재발급")
-    public ResponseDto<JwtTokenResponse> refresh(@AuthenticationPrincipal AuthDetails authDetails) {
-        JwtTokenResponse jwtToken = jwtUseCase.regenerateToken(authDetails);
+    public ResponseDto<JwtTokenResponse> refresh(@AuthenticationPrincipal AuthDetails authDetails, HttpServletRequest request) {
+        JwtTokenResponse jwtToken = jwtUseCase.regenerateToken(authDetails, request);
         return ResponseDto.create(OK.value(), SUCCESS_REGENERATE_TOKEN_MESSAGE.getMessage(), jwtToken);
     }
 }

src/main/java/com/postgraduate/global/exception/GlobalExceptionHandler.java

@@ -8,5 +8,4 @@
 @RestControllerAdvice
 @RequiredArgsConstructor
 public class GlobalExceptionHandler {
-
 }

src/main/java/com/postgraduate/global/jwt/JwtFilter.java

@@ -15,8 +15,8 @@
 @RequiredArgsConstructor
 public class JwtFilter extends OncePerRequestFilter {
     private final JwtProvider jwtProvider;
-    private static final String AUTHORIZATION = "Authorization";
-    private static final String BEARER = "Bearer";
+    private final String AUTHORIZATION = "Authorization";
+    private final String BEARER = "Bearer";
 
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {

src/main/java/com/postgraduate/global/jwt/JwtProvider.java

@@ -5,8 +5,8 @@
 import com.postgraduate.global.auth.AuthDetailsService;
 import com.postgraduate.global.config.redis.RedisRepository;
 import io.jsonwebtoken.*;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -29,10 +29,15 @@ public class JwtProvider {
     private final RedisRepository redisRepository;
     @Value("${jwt.secret-key}")
     private String secret;
+    @Value("${jwt.refreshExpiration}")
+    private int refreshExpiration;
+    @Value("${jwt.accessExpiration}")
+    private int accessExpiration;
     private final String REFRESH = "refresh";
+    private final String AUTHORIZATION = "Authorization";
 
     public String generateAccessToken(Long id, Role role) {
-        Instant accessDate = LocalDateTime.now().plusHours(6).atZone(ZoneId.systemDefault()).toInstant();
+        Instant accessDate = LocalDateTime.now().plusSeconds(accessExpiration).atZone(ZoneId.systemDefault()).toInstant();
         return Jwts.builder()
                 .claim("role", role)
                 .setSubject(String.valueOf(id))
@@ -42,7 +47,7 @@ public String generateAccessToken(Long id, Role role) {
     }
 
     public String generateRefreshToken(Long id, Role role) {
-        Instant refreshDate = LocalDateTime.now().plusDays(30).atZone(ZoneId.systemDefault()).toInstant();
+        Instant refreshDate = LocalDateTime.now().plusSeconds(refreshExpiration).atZone(ZoneId.systemDefault()).toInstant();
         String refreshToken = Jwts.builder()
                 .claim("role", role)
                 .setSubject(String.valueOf(id))
@@ -60,9 +65,6 @@ public Authentication getAuthentication(String token) {
     }
 
     private AuthDetails getDetails(Claims claims) {
-        if (claims.get("role").equals(Role.USER)) {
-            return this.authDetailsService.loadUserByUsername(claims.getSubject());
-        }
         return this.authDetailsService.loadUserByUsername(claims.getSubject());
     }
 
@@ -76,8 +78,11 @@ public void validateToken(String token) {
         }
     }
 
-    public void checkRedis(Long id) {
-        redisRepository.getValues(REFRESH + id).orElseThrow(); //TODO: 예외처리
+    public void checkRedis(Long id, HttpServletRequest request) {
+        String refreshToken = request.getHeader(AUTHORIZATION).split(" ")[1];
+        String redisToken = redisRepository.getValues(REFRESH + id).orElseThrow();//TODO: 예외처리
+        if (!redisToken.equals(refreshToken))
+            throw new IllegalArgumentException(); //TODO: 예외처리
     }
 
     public Claims parseClaims(String token) {