[EC-236] feat: 로그인 성능 개선 (#246)

* [EC-236] feat: 로그인 성능 개선

* [EC-236] feat: 이메일 예외처리

Author: ysc13245

api/src/main/java/org/example/educheck/domain/member/service/AuthService.java

@@ -5,6 +5,7 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.example.educheck.domain.course.entity.Course;
 import org.example.educheck.domain.course.repository.CourseRepository;
 import org.example.educheck.domain.member.dto.EmailCheckResponseDto;
@@ -37,6 +38,7 @@
 import java.time.LocalDateTime;
 import java.util.Optional;
 
+@Slf4j
 @Service
 @Transactional(readOnly = true)
 @RequiredArgsConstructor
@@ -83,22 +85,18 @@ public RegisteredMemberResponseDto signUp(SignUpRequestDto requestDto) {
 
     }
 
+
     @Transactional
     public LoginResponseDto login(LoginRequestDto requestDto, HttpServletResponse response) {
 
-        Authentication authenticate = authenticationManager.authenticate(
+        Authentication authentication = authenticationManager.authenticate(
                 new UsernamePasswordAuthenticationToken(
                         requestDto.getEmail(), requestDto.getPassword()
                 )
         );
-
-        Member member = memberRepository.findByEmail(requestDto.getEmail())
-                .orElseThrow(() -> new IllegalArgumentException("존재하지 않는 회원입니다.")
-                );
-
-        setTokensInResponse(authenticate, response);
+        Member member = (Member) authentication.getPrincipal();
+        setTokensInResponse(authentication, response);
         LoginResponseDto loginResponseDto = roleBasedLogin(member);
-
         member.setLastLoginDateTime(LocalDateTime.now());
 
         return loginResponseDto;

api/src/main/java/org/example/educheck/domain/member/service/MyService.java

@@ -9,7 +9,6 @@
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -55,7 +54,7 @@ public void updateMyProfile(Member member, UpdateMyProfileRequestDto requestDto)
                             member.getEmail(), requestDto.getCurrentPassword())
             );
 
-            SecurityContextHolder.getContext().setAuthentication(authentication); //TODO: 삭제?
+//            SecurityContextHolder.getContext().setAuthentication(authentication); //TODO: 삭제?
 
         }
         memberRepository.save(member);

api/src/main/java/org/example/educheck/global/common/exception/ErrorCode.java

@@ -9,6 +9,7 @@
 public enum ErrorCode {
 
     //0000 회원
+    EMAIL_NOT_FOUND(HttpStatus.UNAUTHORIZED, "0000", "인증 정보를 찾을 수 없습니다."),
     //1000 예약
     RESERVATION_CONFLICT(HttpStatus.CONFLICT, "1000", "해당 시간에는 이미 예약이 있습니다. 다른 시간을 선택해주세요."),
 

api/src/main/java/org/example/educheck/global/common/exception/custom/auth/EmailNotFoundException.java

@@ -0,0 +1,14 @@
+package org.example.educheck.global.common.exception.custom.auth;
+
+import org.example.educheck.global.common.exception.ErrorCode;
+import org.example.educheck.global.common.exception.custom.common.GlobalException;
+
+public class EmailNotFoundException extends GlobalException {
+    public EmailNotFoundException() {
+        super(ErrorCode.EMAIL_NOT_FOUND);
+    }
+
+    public EmailNotFoundException(String customMessage) {
+        super(ErrorCode.EMAIL_NOT_FOUND, customMessage);
+    }
+}

api/src/main/java/org/example/educheck/global/common/exception/handler/GlobalExceptionHandler.java

@@ -4,6 +4,7 @@
 import org.example.educheck.global.common.dto.ApiResponse;
 import org.example.educheck.global.common.exception.ErrorCode;
 import org.example.educheck.global.common.exception.custom.LoginValidationException;
+import org.example.educheck.global.common.exception.custom.auth.EmailNotFoundException;
 import org.example.educheck.global.common.exception.custom.common.GlobalException;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -118,4 +119,12 @@ public ResponseEntity<ApiResponse<Object>> handleNoResourceFoundException(NoReso
                 .body(ApiResponse.error(ErrorCode.RESOURCE_NOT_FOUND.getMessage(),
                         ErrorCode.RESOURCE_NOT_FOUND.getCode()));
     }
+
+    @ExceptionHandler(EmailNotFoundException.class)
+    public ResponseEntity<ApiResponse<Object>> handleEmailNotFoundException(EmailNotFoundException ex) {
+        return ResponseEntity
+                .status(ErrorCode.EMAIL_NOT_FOUND.getStatus())
+                .body(ApiResponse.error(ErrorCode.EMAIL_NOT_FOUND.getMessage(),
+                        ErrorCode.EMAIL_NOT_FOUND.getCode()));
+    }
 }

api/src/main/java/org/example/educheck/global/security/CustomUserDetailsService.java

@@ -2,6 +2,7 @@
 
 import lombok.RequiredArgsConstructor;
 import org.example.educheck.domain.member.repository.MemberRepository;
+import org.example.educheck.global.common.exception.custom.auth.EmailNotFoundException;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -21,7 +22,6 @@ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundEx
     public UserDetails loadUserByEmail(String email) throws UsernameNotFoundException {
 
         return memberRepository.findByEmail(email)
-//                .orElseThrow(() -> new EmailNotFoundException("사용자를 찾을 수 없습니다.")); // TODO: Exception
-                .orElseThrow(() -> new IllegalArgumentException("사용자를 찾을 수 없습니다."));
+                .orElseThrow(() -> new EmailNotFoundException("사용자를 찾을 수 없습니다."));
     }
 }

api/src/main/java/org/example/educheck/global/security/config/SecurityConfig.java

@@ -36,11 +36,10 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .sessionManagement(session -> session
                         .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(auth -> auth
-                                .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
-                                .requestMatchers(HttpMethod.POST, SecurityPathConfig.PUBLIC_POST_URLS).permitAll()
-                                .requestMatchers(HttpMethod.GET, SecurityPathConfig.PUBLIC_GET_URLS).permitAll()
-                                .anyRequest().authenticated()
-                        // TODO: 인증 엔드포인트 수정
+                        .requestMatchers(HttpMethod.OPTIONS).permitAll()
+                        .requestMatchers(HttpMethod.POST, SecurityPathConfig.PUBLIC_POST_URLS).permitAll()
+                        .requestMatchers(HttpMethod.GET, SecurityPathConfig.PUBLIC_GET_URLS).permitAll()
+                        .anyRequest().authenticated()
                 )
                 // TODO: 비밀번호 예외처리
                 .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)

api/src/main/java/org/example/educheck/global/security/jwt/JwtTokenUtil.java

@@ -7,13 +7,12 @@
 import io.jsonwebtoken.security.Keys;
 import jakarta.annotation.PostConstruct;
 import lombok.extern.slf4j.Slf4j;
-import org.example.educheck.global.common.exception.custom.LoginValidationException;
+import org.example.educheck.domain.member.entity.Member;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Component;
 
-import java.lang.reflect.Field;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -24,7 +23,7 @@
 @Component
 public class JwtTokenUtil {
     public static final long REFRESH_TOKEN_VALIDITY_MILLISECONDS = 1000L * 60 * 60 * 24 * 30;
-    private static final long ACCESS_TOKEN_VALIDITY_MILLISECONDS = 1000L * 60 * 60 * 24 * 7; // TODO: 개발 후 줄이기
+    private static final long ACCESS_TOKEN_VALIDITY_MILLISECONDS = 1000L * 60 * 30;
     @Value("${JWT_SECRET}")
     private String secretKey;
 
@@ -42,17 +41,18 @@ protected void init() {
 
     private String createToken(Authentication authentication, long validityMilliSeconds) {
 
-        log.info("authentication: {}", authentication.getAuthorities());
-        String email = null;
+
+/*        String email = null;
         try {
             Object principal = authentication.getPrincipal();
             Field field = principal.getClass().getDeclaredField("email");
             field.setAccessible(true);
             email = field.get(principal).toString();
         } catch (NoSuchFieldException | IllegalAccessException e) {
             throw new LoginValidationException();
-        }
-        Claims claims = Jwts.claims().setSubject(email);
+        }*/
+        Member member = (Member) authentication.getPrincipal();
+        Claims claims = Jwts.claims().setSubject(member.getEmail());
         claims.put("roles", authentication.getAuthorities()
                 .stream()
                 .map(GrantedAuthority::getAuthority)