feat: jwt 토큰 decode 후 access 허용

Author: summersummerwhy

apps/backend/src/auth/auth.module.ts

@@ -5,9 +5,30 @@ import { AuthService } from './auth.service';
 import { AuthController } from './auth.controller';
 import { NaverStrategy } from './strategies/naver.strategy';
 import { KakaoStrategy } from './strategies/kakao.strategy';
+import { JwtModule } from '@nestjs/jwt';
+import { JwtAuthGuard } from './guards/jwt-auth.guard';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+
 @Module({
-  imports: [UserModule],
+  imports: [
+    UserModule,
+    ConfigModule.forRoot({ isGlobal: true }),
+    JwtModule.registerAsync({
+      imports: [ConfigModule],
+      inject: [ConfigService],
+      useFactory: async (configService: ConfigService) => ({
+        secret: configService.get<string>('JWT_SECRET'),
+        signOptions: { expiresIn: '1h' },
+      }),
+    }),
+  ],
   controllers: [AuthController],
-  providers: [AuthService, NaverStrategy, KakaoStrategy, UserRepository],
+  providers: [
+    AuthService,
+    NaverStrategy,
+    KakaoStrategy,
+    UserRepository,
+    JwtAuthGuard,
+  ],
 })
 export class AuthModule {}

apps/backend/src/auth/guards/jwt-auth.guard.ts

@@ -0,0 +1,32 @@
+import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import { LoginRequiredException } from '../../exception/login.exception';
+import { InvalidTokenException } from 'src/exception/invalid.exception';
+
+@Injectable()
+export class JwtAuthGuard implements CanActivate {
+  constructor(private readonly jwtService: JwtService) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const request = context.switchToHttp().getRequest();
+    const authorizationHeader = request.headers['authorization'];
+
+    if (!authorizationHeader) {
+      console.log('Authorization header missing');
+      throw new LoginRequiredException();
+    }
+
+    const token = authorizationHeader.split(' ')[1];
+
+    try {
+      const decodedToken = this.jwtService.verify(token, {
+        secret: process.env.JWT_SECRET,
+      });
+      request.user = decodedToken;
+      return true;
+    } catch (error) {
+      console.log('Invalid token');
+      throw new InvalidTokenException();
+    }
+  }
+}

apps/backend/src/auth/guards/jwtauth.guards.ts

@@ -0,0 +1,7 @@
+import { ForbiddenException } from '@nestjs/common';
+
+export class InvalidTokenException extends ForbiddenException {
+  constructor() {
+    super(`유효하지 않은 JWT 토큰입니다.`);
+  }
+}

apps/backend/src/exception/invalid.exception.ts

@@ -0,0 +1,7 @@
+import { ForbiddenException } from '@nestjs/common';
+
+export class LoginRequiredException extends ForbiddenException {
+  constructor() {
+    super(`로그인이 필요한 서비스입니다.`);
+  }
+}