From 339ccf8c867af96d7b41eff417a74164ef64e1f5 Mon Sep 17 00:00:00 2001 From: leejongwook2 <34103253+leejongwook2@users.noreply.github.com> Date: Sat, 28 Dec 2024 02:52:27 +0900 Subject: [PATCH 1/4] =?UTF-8?q?HEADER=5FAUTHORIZATION,=20REFRESH=5FTOKEN?= =?UTF-8?q?=5FKEY=20=EA=B3=B5=ED=86=B5=20=EB=B3=80=EC=88=98=EB=A1=9C=20?= =?UTF-8?q?=EC=B6=94=EC=B6=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../myteam/server/auth/controller/ReIssueController.java | 6 ++---- .../org/myteam/server/auth/service/ReIssueService.java | 4 +--- .../server/global/security/config/SecurityConfig.java | 6 ++++-- .../global/security/filter/JwtAuthenticationFilter.java | 7 ++----- .../global/security/filter/TokenAuthenticationFilter.java | 3 +-- .../global/security/handler/LogoutSuccessHandler.java | 2 +- .../myteam/server/global/security/jwt/JwtProvider.java | 1 + .../myteam/server/member/controller/MyInfoController.java | 8 ++------ src/main/java/org/myteam/server/member/entity/Member.java | 3 ++- .../server/oauth2/handler/CustomOauth2SuccessHandler.java | 2 -- 10 files changed, 16 insertions(+), 26 deletions(-) diff --git a/src/main/java/org/myteam/server/auth/controller/ReIssueController.java b/src/main/java/org/myteam/server/auth/controller/ReIssueController.java index 0e8640c0..e01fa6cc 100644 --- a/src/main/java/org/myteam/server/auth/controller/ReIssueController.java +++ b/src/main/java/org/myteam/server/auth/controller/ReIssueController.java @@ -15,7 +15,7 @@ import java.nio.charset.StandardCharsets; import static org.myteam.server.global.exception.ErrorCode.INTERNAL_SERVER_ERROR; -import static org.myteam.server.global.security.jwt.JwtProvider.TOKEN_PREFIX; +import static org.myteam.server.global.security.jwt.JwtProvider.*; import static org.myteam.server.util.cookie.CookieUtil.createCookie; /** @@ -25,8 +25,6 @@ @RestController public class ReIssueController { private final ReIssueService reIssueService; - private static final String ACCESS_TOKEN_KEY = "Authorization"; - private static final String REFRESH_TOKEN_KEY = "X-Refresh-Token"; public final static String TOKEN_REISSUE_PATH = "/reissue"; public final static String LOGOUT_PATH = "/logout"; @@ -44,7 +42,7 @@ public ResponseEntity reissue(HttpServletRequest request, HttpServletResponse Tokens tokens = reIssueService.reissueTokens(request); // Access Token 응답 헤더 추가 - response.addHeader(ACCESS_TOKEN_KEY, TOKEN_PREFIX + tokens.getAccessToken()); + response.addHeader(HEADER_AUTHORIZATION, TOKEN_PREFIX + tokens.getAccessToken()); // Refresh Token 쿠키 추가 response.addCookie(createCookie( diff --git a/src/main/java/org/myteam/server/auth/service/ReIssueService.java b/src/main/java/org/myteam/server/auth/service/ReIssueService.java index 25af000d..b2428946 100644 --- a/src/main/java/org/myteam/server/auth/service/ReIssueService.java +++ b/src/main/java/org/myteam/server/auth/service/ReIssueService.java @@ -20,8 +20,7 @@ import java.util.UUID; import static org.myteam.server.global.exception.ErrorCode.*; -import static org.myteam.server.global.security.jwt.JwtProvider.TOKEN_CATEGORY_ACCESS; -import static org.myteam.server.global.security.jwt.JwtProvider.TOKEN_CATEGORY_REFRESH; +import static org.myteam.server.global.security.jwt.JwtProvider.*; import static org.myteam.server.util.cookie.CookieUtil.getCookie; @Slf4j @@ -30,7 +29,6 @@ public class ReIssueService { private final JwtProvider jwtProvider; private final RefreshJpaRepository refreshJpaRepository; - private static final String REFRESH_TOKEN_KEY = "X-Refresh-Token"; /** * Refresh Token 검증 diff --git a/src/main/java/org/myteam/server/global/security/config/SecurityConfig.java b/src/main/java/org/myteam/server/global/security/config/SecurityConfig.java index 71843dc3..cbc569f2 100644 --- a/src/main/java/org/myteam/server/global/security/config/SecurityConfig.java +++ b/src/main/java/org/myteam/server/global/security/config/SecurityConfig.java @@ -35,6 +35,8 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import static org.myteam.server.auth.controller.ReIssueController.TOKEN_REISSUE_PATH; +import static org.myteam.server.global.security.jwt.JwtProvider.HEADER_AUTHORIZATION; +import static org.myteam.server.global.security.jwt.JwtProvider.REFRESH_TOKEN_KEY; @Slf4j @Configuration @@ -168,8 +170,8 @@ public CorsConfigurationSource configurationSource() { configuration.addAllowedMethod("*"); configuration.addAllowedOrigin(frontUrl); // TODO_ 추후 변경 해야함 배포시 configuration.setAllowCredentials(true); - configuration.addExposedHeader("Authorization"); - configuration.addExposedHeader("X-Refresh-Token"); + configuration.addExposedHeader(HEADER_AUTHORIZATION); + configuration.addExposedHeader(REFRESH_TOKEN_KEY); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; diff --git a/src/main/java/org/myteam/server/global/security/filter/JwtAuthenticationFilter.java b/src/main/java/org/myteam/server/global/security/filter/JwtAuthenticationFilter.java index b9528eec..a6269346 100644 --- a/src/main/java/org/myteam/server/global/security/filter/JwtAuthenticationFilter.java +++ b/src/main/java/org/myteam/server/global/security/filter/JwtAuthenticationFilter.java @@ -27,15 +27,12 @@ import static org.myteam.server.auth.controller.ReIssueController.LOGOUT_PATH; import static org.myteam.server.auth.controller.ReIssueController.TOKEN_REISSUE_PATH; -import static org.myteam.server.global.security.jwt.JwtProvider.TOKEN_CATEGORY_ACCESS; -import static org.myteam.server.global.security.jwt.JwtProvider.TOKEN_CATEGORY_REFRESH; +import static org.myteam.server.global.security.jwt.JwtProvider.*; import static org.myteam.server.member.domain.MemberStatus.*; import static org.myteam.server.util.cookie.CookieUtil.createCookie; @Slf4j public class JwtAuthenticationFilter extends UsernamePasswordAuthenticationFilter { - private static final String ACCESS_TOKEN_KEY = "Authorization"; - private static final String REFRESH_TOKEN_KEY = "X-Refresh-Token"; private final AuthenticationManager authenticationManager; private final JwtProvider jwtProvider; private final RefreshJpaRepository refreshJpaRepository; @@ -123,7 +120,7 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR //Refresh 토큰 저장 addRefreshEntity(publicId, refreshToken, Duration.ofHours(24)); - response.addHeader(ACCESS_TOKEN_KEY, "Bearer " + accessToken); + response.addHeader(HEADER_AUTHORIZATION, "Bearer " + accessToken); response.addCookie(createCookie(REFRESH_TOKEN_KEY, cookieValue, TOKEN_REISSUE_PATH, 24 * 60 * 60, true)); response.addCookie(createCookie(REFRESH_TOKEN_KEY, cookieValue, LOGOUT_PATH, 24 * 60 * 60, true)); response.setStatus(HttpStatus.OK.value()); diff --git a/src/main/java/org/myteam/server/global/security/filter/TokenAuthenticationFilter.java b/src/main/java/org/myteam/server/global/security/filter/TokenAuthenticationFilter.java index 786ab874..4b30e83c 100644 --- a/src/main/java/org/myteam/server/global/security/filter/TokenAuthenticationFilter.java +++ b/src/main/java/org/myteam/server/global/security/filter/TokenAuthenticationFilter.java @@ -22,13 +22,12 @@ import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.filter.OncePerRequestFilter; -import static org.myteam.server.global.exception.ErrorCode.*; +import static org.myteam.server.global.security.jwt.JwtProvider.HEADER_AUTHORIZATION; import static org.myteam.server.global.security.jwt.JwtProvider.TOKEN_CATEGORY_ACCESS; @Slf4j @RequiredArgsConstructor public class TokenAuthenticationFilter extends OncePerRequestFilter { - private final static String HEADER_AUTHORIZATION = "Authorization"; private final JwtProvider jwtProvider; @Override diff --git a/src/main/java/org/myteam/server/global/security/handler/LogoutSuccessHandler.java b/src/main/java/org/myteam/server/global/security/handler/LogoutSuccessHandler.java index 967c7a68..2c5ce0da 100644 --- a/src/main/java/org/myteam/server/global/security/handler/LogoutSuccessHandler.java +++ b/src/main/java/org/myteam/server/global/security/handler/LogoutSuccessHandler.java @@ -18,11 +18,11 @@ import java.util.UUID; import static org.myteam.server.global.exception.ErrorCode.*; +import static org.myteam.server.global.security.jwt.JwtProvider.REFRESH_TOKEN_KEY; import static org.myteam.server.global.security.jwt.JwtProvider.TOKEN_CATEGORY_REFRESH; import static org.springframework.http.HttpMethod.POST; public class LogoutSuccessHandler implements org.springframework.security.web.authentication.logout.LogoutSuccessHandler { - private static final String REFRESH_TOKEN_KEY = "X-Refresh-Token"; private Logger logger = LoggerFactory.getLogger(this.getClass()); final JwtProvider jwtProvider; final RefreshJpaRepository refreshJpaRepository; diff --git a/src/main/java/org/myteam/server/global/security/jwt/JwtProvider.java b/src/main/java/org/myteam/server/global/security/jwt/JwtProvider.java index c8f6baed..23be854c 100644 --- a/src/main/java/org/myteam/server/global/security/jwt/JwtProvider.java +++ b/src/main/java/org/myteam/server/global/security/jwt/JwtProvider.java @@ -23,6 +23,7 @@ public class JwtProvider { public final static String TOKEN_CATEGORY_ACCESS = "access"; // 어세스 토큰 카테고리 public final static String TOKEN_CATEGORY_REFRESH = "refresh"; // 리프레시 토큰 카테고리 public final static String HEADER_AUTHORIZATION = "Authorization"; + public static final String REFRESH_TOKEN_KEY = "X-Refresh-Token"; public final static String TOKEN_PREFIX = "Bearer "; private final JwtProperties jwtProperties; diff --git a/src/main/java/org/myteam/server/member/controller/MyInfoController.java b/src/main/java/org/myteam/server/member/controller/MyInfoController.java index e0f0c1de..26fc6fc3 100644 --- a/src/main/java/org/myteam/server/member/controller/MyInfoController.java +++ b/src/main/java/org/myteam/server/member/controller/MyInfoController.java @@ -23,8 +23,7 @@ import static org.myteam.server.auth.controller.ReIssueController.LOGOUT_PATH; import static org.myteam.server.auth.controller.ReIssueController.TOKEN_REISSUE_PATH; -import static org.myteam.server.global.security.jwt.JwtProvider.TOKEN_CATEGORY_ACCESS; -import static org.myteam.server.global.security.jwt.JwtProvider.TOKEN_CATEGORY_REFRESH; +import static org.myteam.server.global.security.jwt.JwtProvider.*; import static org.myteam.server.global.web.response.ResponseStatus.SUCCESS; import static org.myteam.server.util.cookie.CookieUtil.createCookie; @@ -36,9 +35,6 @@ public class MyInfoController { private final MemberService memberService; private final JwtProvider jwtProvider; - private static final String ACCESS_TOKEN_KEY = "Authorization"; - private static final String REFRESH_TOKEN_KEY = "X-Refresh-Token"; - @PostMapping("/create") public ResponseEntity create(@RequestBody @Valid MemberSaveRequest memberSaveRequest, BindingResult bindingResult, @@ -55,7 +51,7 @@ public ResponseEntity create(@RequestBody @Valid MemberSaveRequest memberSave String cookieValue = URLEncoder.encode("Bearer " + refreshToken, StandardCharsets.UTF_8); // 응답 헤더 설정 - httpServletResponse.addHeader(ACCESS_TOKEN_KEY, "Bearer " + accessToken); + httpServletResponse.addHeader(HEADER_AUTHORIZATION, "Bearer " + accessToken); httpServletResponse.addCookie(createCookie(REFRESH_TOKEN_KEY, cookieValue, TOKEN_REISSUE_PATH, 24 * 60 * 60, true)); httpServletResponse.addCookie(createCookie(REFRESH_TOKEN_KEY, cookieValue, LOGOUT_PATH, 24 * 60 * 60, true)); return new ResponseEntity<>(new ResponseDto<>(SUCCESS.name(), "회원가입 성공", response), HttpStatus.CREATED); diff --git a/src/main/java/org/myteam/server/member/entity/Member.java b/src/main/java/org/myteam/server/member/entity/Member.java index 84fdc638..94fa20d5 100644 --- a/src/main/java/org/myteam/server/member/entity/Member.java +++ b/src/main/java/org/myteam/server/member/entity/Member.java @@ -7,6 +7,7 @@ import lombok.*; import lombok.extern.slf4j.Slf4j; +import org.myteam.server.global.domain.Base; import org.myteam.server.member.domain.GenderType; import org.myteam.server.member.domain.MemberRole; import org.myteam.server.member.domain.MemberStatus; @@ -26,7 +27,7 @@ @Getter @Table(name = "p_members") @NoArgsConstructor(access = AccessLevel.PROTECTED) -public class Member { +public class Member extends Base { @Id @GeneratedValue(strategy = GenerationType.IDENTITY) private Long id; diff --git a/src/main/java/org/myteam/server/oauth2/handler/CustomOauth2SuccessHandler.java b/src/main/java/org/myteam/server/oauth2/handler/CustomOauth2SuccessHandler.java index e2b18049..28e90c8c 100644 --- a/src/main/java/org/myteam/server/oauth2/handler/CustomOauth2SuccessHandler.java +++ b/src/main/java/org/myteam/server/oauth2/handler/CustomOauth2SuccessHandler.java @@ -32,8 +32,6 @@ public class CustomOauth2SuccessHandler extends SimpleUrlAuthenticationSuccessHandler { @Value("${FRONT_URL:http://localhost:3000}") private String frontUrl; - private static final String ACCESS_TOKEN_KEY = "Authorization"; - private static final String REFRESH_TOKEN_KEY = "X-Refresh-Token"; private final JwtProvider jwtProvider; private final MemberJpaRepository memberJpaRepository; From 0cd9b6d9b8c8dbeaded35ff3b0f62606c970b9fd Mon Sep 17 00:00:00 2001 From: leejongwook2 <34103253+leejongwook2@users.noreply.github.com> Date: Sat, 28 Dec 2024 02:55:54 +0900 Subject: [PATCH 2/4] =?UTF-8?q?TOKEN=5FPREFIX=20("Bearer=20")=20=EA=B3=B5?= =?UTF-8?q?=ED=86=B5=20=EB=B3=80=EC=88=98=EB=A1=9C=20=EC=B6=94=EC=B6=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../global/security/filter/JwtAuthenticationFilter.java | 6 +++--- .../myteam/server/member/controller/MyInfoController.java | 4 ++-- .../org/myteam/server/member/service/MemberService.java | 3 ++- .../server/oauth2/handler/CustomOauth2SuccessHandler.java | 6 +++--- .../oauth2/unlink/controller/OAuth2UnlinkController.java | 6 ++++-- 5 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/main/java/org/myteam/server/global/security/filter/JwtAuthenticationFilter.java b/src/main/java/org/myteam/server/global/security/filter/JwtAuthenticationFilter.java index a6269346..666a3dd5 100644 --- a/src/main/java/org/myteam/server/global/security/filter/JwtAuthenticationFilter.java +++ b/src/main/java/org/myteam/server/global/security/filter/JwtAuthenticationFilter.java @@ -88,7 +88,7 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR log.warn("PENDING 상태인 경우 로그인이 불가능합니다"); // X-Refresh-Token String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofHours(24), publicId, auth.getAuthority(), status); - String cookieValue = URLEncoder.encode("Bearer " + refreshToken, StandardCharsets.UTF_8); + String cookieValue = URLEncoder.encode(TOKEN_PREFIX + refreshToken, StandardCharsets.UTF_8); response.addCookie(createCookie(REFRESH_TOKEN_KEY, cookieValue, TOKEN_REISSUE_PATH, 5 * 60, true)); sendErrorResponse(response, HttpStatus.LOCKED, "PENDING 상태인 경우 로그인이 불가능합니다"); @@ -111,7 +111,7 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR // X-Refresh-Token String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofHours(24), publicId, role, status); // URLEncoder.encode: 공백을 %2B 로 처리 - String cookieValue = URLEncoder.encode("Bearer " + refreshToken, StandardCharsets.UTF_8); + String cookieValue = URLEncoder.encode(TOKEN_PREFIX + refreshToken, StandardCharsets.UTF_8); log.debug("print accessToken: {}", accessToken); log.debug("print refreshToken: {}", refreshToken); @@ -120,7 +120,7 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR //Refresh 토큰 저장 addRefreshEntity(publicId, refreshToken, Duration.ofHours(24)); - response.addHeader(HEADER_AUTHORIZATION, "Bearer " + accessToken); + response.addHeader(HEADER_AUTHORIZATION, TOKEN_PREFIX + accessToken); response.addCookie(createCookie(REFRESH_TOKEN_KEY, cookieValue, TOKEN_REISSUE_PATH, 24 * 60 * 60, true)); response.addCookie(createCookie(REFRESH_TOKEN_KEY, cookieValue, LOGOUT_PATH, 24 * 60 * 60, true)); response.setStatus(HttpStatus.OK.value()); diff --git a/src/main/java/org/myteam/server/member/controller/MyInfoController.java b/src/main/java/org/myteam/server/member/controller/MyInfoController.java index 26fc6fc3..68b30090 100644 --- a/src/main/java/org/myteam/server/member/controller/MyInfoController.java +++ b/src/main/java/org/myteam/server/member/controller/MyInfoController.java @@ -48,10 +48,10 @@ public ResponseEntity create(@RequestBody @Valid MemberSaveRequest memberSave // X-Refresh-Token String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofHours(24), response.getPublicId(), response.getRole().name(), response.getStatus().name()); // URLEncoder.encode: 공백을 %2B 로 처리 - String cookieValue = URLEncoder.encode("Bearer " + refreshToken, StandardCharsets.UTF_8); + String cookieValue = URLEncoder.encode(TOKEN_PREFIX + refreshToken, StandardCharsets.UTF_8); // 응답 헤더 설정 - httpServletResponse.addHeader(HEADER_AUTHORIZATION, "Bearer " + accessToken); + httpServletResponse.addHeader(HEADER_AUTHORIZATION, TOKEN_PREFIX + accessToken); httpServletResponse.addCookie(createCookie(REFRESH_TOKEN_KEY, cookieValue, TOKEN_REISSUE_PATH, 24 * 60 * 60, true)); httpServletResponse.addCookie(createCookie(REFRESH_TOKEN_KEY, cookieValue, LOGOUT_PATH, 24 * 60 * 60, true)); return new ResponseEntity<>(new ResponseDto<>(SUCCESS.name(), "회원가입 성공", response), HttpStatus.CREATED); diff --git a/src/main/java/org/myteam/server/member/service/MemberService.java b/src/main/java/org/myteam/server/member/service/MemberService.java index cdeb0daa..b703fbaa 100644 --- a/src/main/java/org/myteam/server/member/service/MemberService.java +++ b/src/main/java/org/myteam/server/member/service/MemberService.java @@ -23,6 +23,7 @@ import static org.myteam.server.global.domain.PlayHiveValidator.validate; import static org.myteam.server.global.exception.ErrorCode.*; +import static org.myteam.server.global.security.jwt.JwtProvider.TOKEN_PREFIX; @Slf4j @Service @@ -220,7 +221,7 @@ public String getCurrentLoginUserEmail(UUID publicId) { * @return */ public MemberResponse getAuthenticatedMember(String authorizationHeader) { - if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) { + if (authorizationHeader == null || !authorizationHeader.startsWith(TOKEN_PREFIX)) { throw new PlayHiveException(NO_PERMISSION); } diff --git a/src/main/java/org/myteam/server/oauth2/handler/CustomOauth2SuccessHandler.java b/src/main/java/org/myteam/server/oauth2/handler/CustomOauth2SuccessHandler.java index 28e90c8c..a465cc47 100644 --- a/src/main/java/org/myteam/server/oauth2/handler/CustomOauth2SuccessHandler.java +++ b/src/main/java/org/myteam/server/oauth2/handler/CustomOauth2SuccessHandler.java @@ -66,7 +66,7 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo // sendErrorResponse(response, HttpStatus.FORBIDDEN, "PENDING 상태인 경우 로그인이 불가능합니다"); // X-Refresh-Token String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofDays(7), member.getPublicId(), member.getRole().name(), member.getStatus().name()); - String cookieValue = URLEncoder.encode("Bearer " + refreshToken, StandardCharsets.UTF_8); + String cookieValue = URLEncoder.encode(TOKEN_PREFIX + refreshToken, StandardCharsets.UTF_8); response.addCookie(createCookie(REFRESH_TOKEN_KEY, cookieValue, TOKEN_REISSUE_PATH, 5 * 60, true)); response.sendRedirect(frontUrl + "?status=" + status); @@ -87,10 +87,10 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo String accessToken = jwtProvider.generateToken(TOKEN_CATEGORY_ACCESS, Duration.ofHours(1), member.getPublicId(), member.getRole().name(), member.getStatus().name()); // X-Refresh-Token String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofDays(7), member.getPublicId(), member.getRole().name(), member.getStatus().name()); - String cookieValue = URLEncoder.encode("Bearer " + refreshToken, StandardCharsets.UTF_8); + String cookieValue = URLEncoder.encode(TOKEN_PREFIX + refreshToken, StandardCharsets.UTF_8); // redirect 순간 Header 값 날아감 - // response.addHeader(ACCESS_TOKEN_KEY, "Bearer " + accessToken); + // response.addHeader(ACCESS_TOKEN_KEY, TOKEN_PREFIX + accessToken); response.addCookie(createCookie(REFRESH_TOKEN_KEY, cookieValue, TOKEN_REISSUE_PATH, 24 * 60 * 60, true)); response.addCookie(createCookie(REFRESH_TOKEN_KEY, cookieValue, LOGOUT_PATH, 24 * 60 * 60, true)); diff --git a/src/main/java/org/myteam/server/oauth2/unlink/controller/OAuth2UnlinkController.java b/src/main/java/org/myteam/server/oauth2/unlink/controller/OAuth2UnlinkController.java index 48127d88..59838c54 100644 --- a/src/main/java/org/myteam/server/oauth2/unlink/controller/OAuth2UnlinkController.java +++ b/src/main/java/org/myteam/server/oauth2/unlink/controller/OAuth2UnlinkController.java @@ -14,6 +14,8 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; +import static org.myteam.server.global.security.jwt.JwtProvider.TOKEN_PREFIX; + /** * 기능 미구현 상태. 추후 구현 계획이 확실해 지면 그 때 추가 계발 계획 예정 */ @@ -41,8 +43,8 @@ public ResponseEntity logout( // Authorization 헤더에서 값 추출 String authorizationHeader = httpServletRequest.getHeader("Authorization"); - if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) { - String accessToken = authorizationHeader.replace("Bearer ", ""); + if (authorizationHeader != null && authorizationHeader.startsWith(TOKEN_PREFIX)) { + String accessToken = authorizationHeader.replace(TOKEN_PREFIX, ""); oAuth2UnlinkHelper.revokeToken(OAuth2ServiceProvider.NAVER, accessToken); } else { return ResponseEntity.status(HttpStatus.BAD_REQUEST) From f6b5912c12c4706d58c1f0fd6a57e16fe720fffd Mon Sep 17 00:00:00 2001 From: leejongwook2 <34103253+leejongwook2@users.noreply.github.com> Date: Sat, 28 Dec 2024 05:04:39 +0900 Subject: [PATCH 3/4] =?UTF-8?q?UserValidator=20->=20MemberValidator=20?= =?UTF-8?q?=EB=A1=9C=20=EC=9D=B4=EB=A6=84=20=EB=B3=80=EA=B2=BD=20=EB=B0=8F?= =?UTF-8?q?=20=ED=8C=A8=ED=82=A4=EC=A7=80=20=EC=9D=B4=EB=8F=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../domain/validator/MemberValidator.java} | 4 ++-- .../java/org/myteam/server/oauth2/response/KakaoResponse.java | 4 ++-- .../java/org/myteam/server/oauth2/response/NaverResponse.java | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) rename src/main/java/org/myteam/server/{util/validator/UserValidator.java => member/domain/validator/MemberValidator.java} (80%) diff --git a/src/main/java/org/myteam/server/util/validator/UserValidator.java b/src/main/java/org/myteam/server/member/domain/validator/MemberValidator.java similarity index 80% rename from src/main/java/org/myteam/server/util/validator/UserValidator.java rename to src/main/java/org/myteam/server/member/domain/validator/MemberValidator.java index 3c2b47fc..b3693bac 100644 --- a/src/main/java/org/myteam/server/util/validator/UserValidator.java +++ b/src/main/java/org/myteam/server/member/domain/validator/MemberValidator.java @@ -1,8 +1,8 @@ -package org.myteam.server.util.validator; +package org.myteam.server.member.domain.validator; import java.util.regex.Pattern; -public class UserValidator { +public class MemberValidator { private static final String TEL_PATTERN = "^010[0-9]{8}$"; public static String validateTel(String tel) { diff --git a/src/main/java/org/myteam/server/oauth2/response/KakaoResponse.java b/src/main/java/org/myteam/server/oauth2/response/KakaoResponse.java index 66f729c0..ce36e01d 100644 --- a/src/main/java/org/myteam/server/oauth2/response/KakaoResponse.java +++ b/src/main/java/org/myteam/server/oauth2/response/KakaoResponse.java @@ -2,7 +2,7 @@ import org.apache.commons.lang3.StringUtils; import org.myteam.server.member.domain.GenderType; -import org.myteam.server.util.validator.UserValidator; +import org.myteam.server.member.domain.validator.MemberValidator; import java.time.LocalDate; import java.util.Collections; @@ -85,7 +85,7 @@ public String getTel() { .replace("-", "") // 하이픈 제거 .replace(" ", ""); // 공백 제거 - return UserValidator.validateTel(phoneNumber); + return MemberValidator.validateTel(phoneNumber); } /** diff --git a/src/main/java/org/myteam/server/oauth2/response/NaverResponse.java b/src/main/java/org/myteam/server/oauth2/response/NaverResponse.java index 8ca7eccb..f7f842ef 100644 --- a/src/main/java/org/myteam/server/oauth2/response/NaverResponse.java +++ b/src/main/java/org/myteam/server/oauth2/response/NaverResponse.java @@ -3,7 +3,7 @@ import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.myteam.server.member.domain.GenderType; -import org.myteam.server.util.validator.UserValidator; +import org.myteam.server.member.domain.validator.MemberValidator; import java.time.LocalDate; import java.util.Map; @@ -49,7 +49,7 @@ public String getNickname() { @Override public String getTel() { String phoneNumber = StringUtils.defaultString((String) attribute.get("mobile"), "").replace("-", ""); - return UserValidator.validateTel(phoneNumber); + return MemberValidator.validateTel(phoneNumber); } @Override From 4e6272d5a522d10dc596fdc902d0b0712881f034 Mon Sep 17 00:00:00 2001 From: leejongwook2 <34103253+leejongwook2@users.noreply.github.com> Date: Fri, 3 Jan 2025 18:48:17 +0900 Subject: [PATCH 4/4] =?UTF-8?q?[error]=20=ED=9A=8C=EC=9B=90=EA=B0=80?= =?UTF-8?q?=EC=9E=85=20=EC=8B=9C=EC=97=90=EB=8F=84=20=EB=B0=9C=EA=B8=89?= =?UTF-8?q?=EB=90=98=EB=8A=94=20=EB=A6=AC=ED=94=84=EB=A0=88=EC=8B=9C=20?= =?UTF-8?q?=EC=BF=A0=ED=82=A4=EB=A5=BC=20=EC=82=AC=EC=9A=A9=ED=95=A0?= =?UTF-8?q?=EC=88=98=20=EC=9E=88=EB=8F=84=EB=A1=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../server/auth/service/ReIssueService.java | 2 +- .../{ => global}/util/cookie/CookieUtil.java | 2 +- .../{ => global}/util/date/DateFormatUtil.java | 2 +- .../{ => global}/util/file/MediaUtils.java | 2 +- .../member/controller/MyInfoController.java | 16 ++++++++++------ 5 files changed, 14 insertions(+), 10 deletions(-) rename src/main/java/org/myteam/server/{ => global}/util/cookie/CookieUtil.java (98%) rename src/main/java/org/myteam/server/{ => global}/util/date/DateFormatUtil.java (90%) rename src/main/java/org/myteam/server/{ => global}/util/file/MediaUtils.java (92%) diff --git a/src/main/java/org/myteam/server/auth/service/ReIssueService.java b/src/main/java/org/myteam/server/auth/service/ReIssueService.java index b2428946..a9f5190a 100644 --- a/src/main/java/org/myteam/server/auth/service/ReIssueService.java +++ b/src/main/java/org/myteam/server/auth/service/ReIssueService.java @@ -21,7 +21,7 @@ import static org.myteam.server.global.exception.ErrorCode.*; import static org.myteam.server.global.security.jwt.JwtProvider.*; -import static org.myteam.server.util.cookie.CookieUtil.getCookie; +import static org.myteam.server.global.util.cookie.CookieUtil.getCookie; @Slf4j @Service diff --git a/src/main/java/org/myteam/server/util/cookie/CookieUtil.java b/src/main/java/org/myteam/server/global/util/cookie/CookieUtil.java similarity index 98% rename from src/main/java/org/myteam/server/util/cookie/CookieUtil.java rename to src/main/java/org/myteam/server/global/util/cookie/CookieUtil.java index 6d444183..dd91581b 100644 --- a/src/main/java/org/myteam/server/util/cookie/CookieUtil.java +++ b/src/main/java/org/myteam/server/global/util/cookie/CookieUtil.java @@ -1,4 +1,4 @@ -package org.myteam.server.util.cookie; +package org.myteam.server.global.util.cookie; import jakarta.servlet.http.Cookie; import jakarta.servlet.http.HttpServletRequest; diff --git a/src/main/java/org/myteam/server/util/date/DateFormatUtil.java b/src/main/java/org/myteam/server/global/util/date/DateFormatUtil.java similarity index 90% rename from src/main/java/org/myteam/server/util/date/DateFormatUtil.java rename to src/main/java/org/myteam/server/global/util/date/DateFormatUtil.java index 3f6ef9e1..5eabd8ed 100644 --- a/src/main/java/org/myteam/server/util/date/DateFormatUtil.java +++ b/src/main/java/org/myteam/server/global/util/date/DateFormatUtil.java @@ -1,4 +1,4 @@ -package org.myteam.server.util.date; +package org.myteam.server.global.util.date; import java.sql.Date; import java.sql.Time; diff --git a/src/main/java/org/myteam/server/util/file/MediaUtils.java b/src/main/java/org/myteam/server/global/util/file/MediaUtils.java similarity index 92% rename from src/main/java/org/myteam/server/util/file/MediaUtils.java rename to src/main/java/org/myteam/server/global/util/file/MediaUtils.java index 99ea953d..308a1a6f 100644 --- a/src/main/java/org/myteam/server/util/file/MediaUtils.java +++ b/src/main/java/org/myteam/server/global/util/file/MediaUtils.java @@ -1,4 +1,4 @@ -package org.myteam.server.util.file; +package org.myteam.server.global.util.file; import org.springframework.http.MediaType; diff --git a/src/main/java/org/myteam/server/member/controller/MyInfoController.java b/src/main/java/org/myteam/server/member/controller/MyInfoController.java index 68b30090..518fe0e4 100644 --- a/src/main/java/org/myteam/server/member/controller/MyInfoController.java +++ b/src/main/java/org/myteam/server/member/controller/MyInfoController.java @@ -4,6 +4,7 @@ import jakarta.validation.Valid; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.myteam.server.auth.service.ReIssueService; import org.myteam.server.global.security.dto.CustomUserDetails; import org.myteam.server.global.security.jwt.JwtProvider; import org.myteam.server.global.web.response.ResponseDto; @@ -25,7 +26,7 @@ import static org.myteam.server.auth.controller.ReIssueController.TOKEN_REISSUE_PATH; import static org.myteam.server.global.security.jwt.JwtProvider.*; import static org.myteam.server.global.web.response.ResponseStatus.SUCCESS; -import static org.myteam.server.util.cookie.CookieUtil.createCookie; +import static org.myteam.server.global.util.cookie.CookieUtil.createCookie; @Slf4j @RestController @@ -34,6 +35,7 @@ public class MyInfoController { private final MemberService memberService; private final JwtProvider jwtProvider; + private final ReIssueService reIssueService; @PostMapping("/create") public ResponseEntity create(@RequestBody @Valid MemberSaveRequest memberSaveRequest, @@ -46,10 +48,12 @@ public ResponseEntity create(@RequestBody @Valid MemberSaveRequest memberSave // Authorization String accessToken = jwtProvider.generateToken(TOKEN_CATEGORY_ACCESS, Duration.ofMinutes(10), response.getPublicId(), response.getRole().name(), response.getStatus().name()); // X-Refresh-Token - String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofHours(24), response.getPublicId(), response.getRole().name(), response.getStatus().name()); + String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofDays(1), response.getPublicId(), response.getRole().name(), response.getStatus().name()); // URLEncoder.encode: 공백을 %2B 로 처리 String cookieValue = URLEncoder.encode(TOKEN_PREFIX + refreshToken, StandardCharsets.UTF_8); + reIssueService.addRefreshEntity(response.getPublicId(), refreshToken, Duration.ofDays(1)); + // 응답 헤더 설정 httpServletResponse.addHeader(HEADER_AUTHORIZATION, TOKEN_PREFIX + accessToken); httpServletResponse.addCookie(createCookie(REFRESH_TOKEN_KEY, cookieValue, TOKEN_REISSUE_PATH, 24 * 60 * 60, true)); @@ -72,8 +76,8 @@ public ResponseEntity update(@RequestBody @Valid MemberUpdateRequest memberUp BindingResult bindingResult, @AuthenticationPrincipal CustomUserDetails userDetails) { log.info("MyInfoController update 메서드 실행 : {}", memberUpdateRequest.toString()); - String email = memberService.getCurrentLoginUserEmail(userDetails.getPublicId()); // 현재 로그인한 사용자 이메일 - MemberResponse response = memberService.update(email, memberUpdateRequest); + String loginUserEmail = memberService.getCurrentLoginUserEmail(userDetails.getPublicId()); // 현재 로그인한 사용자 이메일 + MemberResponse response = memberService.update(loginUserEmail, memberUpdateRequest); return new ResponseEntity<>(new ResponseDto<>(SUCCESS.name(), "회원정보 수정 성공", response), HttpStatus.OK); } @@ -92,9 +96,9 @@ public ResponseEntity delete(@RequestBody @Valid MemberDeleteRequest memberDe BindingResult bindingResult, @AuthenticationPrincipal CustomUserDetails userDetails) { log.info("MyInfoController delete 메서드 실행"); - String email = memberService.getCurrentLoginUserEmail(userDetails.getPublicId()); // 현재 로그인한 사용자 이메일 + String loginUserEmail = memberService.getCurrentLoginUserEmail(userDetails.getPublicId()); // 현재 로그인한 사용자 이메일 - memberService.delete(email, memberDeleteRequest.getPassword()); + memberService.delete(memberDeleteRequest.getEmail(), loginUserEmail, memberDeleteRequest.getPassword()); return new ResponseEntity<>(new ResponseDto<>(SUCCESS.name(), "회원 삭제 성공", null), HttpStatus.OK); }