Merge pull request #293 from boostcampwm-2024/develop-be-#278

JWT 인증방식 쿠키로 변경

Author: github-actions[bot]

apps/backend/package.json

@@ -38,6 +38,7 @@
     "@types/multer": "^1.4.12",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.1",
+    "cookie-parser": "^1.4.7",
     "lib0": "^0.2.98",
     "passport": "^0.7.0",
     "passport-kakao": "^1.0.1",

apps/backend/src/auth/auth.controller.spec.ts

@@ -1,22 +1,18 @@
 import { Test, TestingModule } from '@nestjs/testing';
 import { AuthController } from './auth.controller';
 import { AuthService } from './auth.service';
-import { JwtService } from '@nestjs/jwt';
-import { InvalidTokenException } from '../exception/invalid.exception';
-// import { LoginRequiredException } from '../exception/login.exception';
+import { JwtAuthGuard } from './guards/jwt-auth.guard';
+import { TokenService } from './token/token.service';
+import { LoginRequiredException } from '../exception/login.exception';
 
-// TODO: 테스트 코드 개선
 describe('AuthController', () => {
   let authController: AuthController;
-  // let authService: AuthService;
-  let jwtService: JwtService;
+  let authService: AuthService;
 
   beforeEach(async () => {
     const module: TestingModule = await Test.createTestingModule({
       controllers: [AuthController],
       providers: [
-        AuthService,
-        JwtService,
         {
           provide: AuthService,
           useValue: {
@@ -26,23 +22,23 @@ describe('AuthController', () => {
           },
         },
         {
-          provide: JwtService,
+          provide: TokenService,
           useValue: {
-            sign: jest.fn().mockReturnValue('test-token'),
-            verify: jest.fn((token: string) => {
-              if (token === 'invalid-token') {
-                throw new InvalidTokenException();
-              }
-              return { sub: 1, provider: 'naver' };
-            }),
+            generateAccessToken: jest.fn(() => 'mockedAccessToken'),
+            generateRefreshToken: jest.fn(() => 'mockedRefreshToken'),
+            refreshAccessToken: jest.fn(() => 'mockedAccessToken'),
           },
         },
       ],
-    }).compile();
+    })
+      .overrideGuard(JwtAuthGuard)
+      .useValue({
+        canActivate: jest.fn(() => true),
+      })
+      .compile();
 
     authController = module.get<AuthController>(AuthController);
-    // authService = module.get<AuthService>(AuthService);
-    jwtService = module.get<JwtService>(JwtService);
+    authService = module.get<AuthService>(AuthService);
   });
 
   it('컨트롤러 클래스가 정상적으로 인스턴스화된다.', () => {
@@ -61,47 +57,13 @@ describe('AuthController', () => {
       });
     });
 
-    // it('JWT 토큰이 유효가지 않은 경우 InvalidTokenException을 throw한다.', async () => {
-    //   const req = {
-    //     headers: { authorization: 'Bearer invalid-token' },
-    //     user: undefined,
-    //   } as any;
-    //   try {
-    //     await authController.getProfile(req);
-    //   } catch (error) {
-    //     expect(error).toBeInstanceOf(InvalidTokenException);
-    //   }
-    // });
-
-    // it('JWT 토큰이 없는 경우 LoginRequiredException을 throw한다.', async () => {
-    //   const req = { headers: {}, user: undefined } as any;
-    //   try {
-    //     await authController.getProfile(req);
-    //   } catch (error) {
-    //     expect(error).toBeInstanceOf(LoginRequiredException);
-    //   }
-    // });
-  });
-
-  describe('refreshAccessToken', () => {
-    it('refresh token이 유효한 경우 access token을 성공적으로 발급한다.', async () => {
-      jest
-        .spyOn(jwtService, 'verify')
-        .mockReturnValue({ sub: 1, provider: 'naver' });
-      const req = { body: { refreshToken: 'valid-refresh-token' } } as any;
-      const res = {
-        cookie: jest.fn(),
-        json: jest.fn(),
-      } as any;
-
-      await authController.refreshAccessToken(req, res);
-      expect(res.cookie).toHaveBeenCalledWith('accessToken', 'test-token', {
-        httpOnly: true,
-        maxAge: 3600000,
-      });
-      expect(res.json).toHaveBeenCalledWith({
-        message: '새로운 Access Token 발급 성공',
-      });
+    it('JWT 토큰이 없는 경우 예외를 던진다.', async () => {
+      const req = {} as any;
+      try {
+        authController.getProfile(req);
+      } catch (error) {
+        expect(error).toBeInstanceOf(LoginRequiredException);
+      }
     });
   });
 });

apps/backend/src/auth/auth.controller.ts

@@ -1,18 +1,21 @@
 import { Controller, Get, UseGuards, Req, Res, Post } from '@nestjs/common';
 import { AuthGuard } from '@nestjs/passport';
 import { AuthService } from './auth.service';
-import { JwtService } from '@nestjs/jwt';
 import { JwtAuthGuard } from './guards/jwt-auth.guard';
 import { Response } from 'express';
+import { MessageResponseDto } from './dtos/messageResponse.dto';
+import { ApiOperation, ApiResponse } from '@nestjs/swagger';
+import { TokenService } from './token/token.service';
 
-const HOUR = 60 * 60 * 1000;
-const WEEK = 7 * 24 * 60 * 60 * 1000;
+export enum AuthResponseMessage {
+  AUTH_LOGGED_OUT = '로그아웃하였습니다.',
+}
 
 @Controller('auth')
 export class AuthController {
   constructor(
     private readonly authService: AuthService,
-    private readonly jwtService: JwtService,
+    private readonly tokenService: TokenService,
   ) {}
 
   @Get('naver')
@@ -27,17 +30,17 @@ export class AuthController {
   async naverCallback(@Req() req, @Res() res: Response) {
     // 네이버 인증 후 사용자 정보 반환
     const user = req.user;
-    // TODO: 후에 권한 (workspace 조회, 편집 기능)도 payload에 추가
-    const payload = { sub: user.id, provider: user.provider };
-    const accessToken = this.jwtService.sign(payload, { expiresIn: '1h' });
-    const refreshToken = this.jwtService.sign(payload, { expiresIn: '7d' });
+
+    // primary Key인 id 포함 payload 생성함
+    // TODO: 여기서 권한 추가해야함
+    const payload = { sub: user.id };
+    const accessToken = this.tokenService.generateAccessToken(payload);
+    const refreshToken = this.tokenService.generateRefreshToken(payload);
 
     // 토큰을 쿠키에 담아서 메인 페이지로 리디렉션
-    res.cookie('accessToken', accessToken, { httpOnly: true, maxAge: HOUR });
-    res.cookie('refreshToken', refreshToken, {
-      httpOnly: true,
-      maxAge: WEEK,
-    });
+    this.tokenService.setAccessTokenCookie(res, accessToken);
+    this.tokenService.setRefreshTokenCookie(res, refreshToken);
+
     res.redirect(302, '/');
   }
 
@@ -51,37 +54,31 @@ export class AuthController {
   @Get('kakao/callback')
   @UseGuards(AuthGuard('kakao'))
   async kakaoCallback(@Req() req, @Res() res: Response) {
-    // 카카오 인증 후 사용자 정보 반환
+    /// 카카오 인증 후 사용자 정보 반환
     const user = req.user;
-    // TODO: 후에 권한 (workspace 조회, 편집 기능)도 payload에 추가
-    const payload = { sub: user.id, provider: user.provider };
-    const accessToken = this.jwtService.sign(payload, { expiresIn: '1h' });
-    const refreshToken = this.jwtService.sign(payload, { expiresIn: '7d' });
+
+    // primary Key인 id 포함 payload 생성함
+    // TODO: 여기서 권한 추가해야함
+    const payload = { sub: user.id };
+    const accessToken = this.tokenService.generateAccessToken(payload);
+    const refreshToken = this.tokenService.generateRefreshToken(payload);
 
     // 토큰을 쿠키에 담아서 메인 페이지로 리디렉션
-    res.cookie('accessToken', accessToken, { httpOnly: true, maxAge: HOUR });
-    res.cookie('refreshToken', refreshToken, {
-      httpOnly: true,
-      maxAge: WEEK,
-    });
+    this.tokenService.setAccessTokenCookie(res, accessToken);
+    this.tokenService.setRefreshTokenCookie(res, refreshToken);
+
     res.redirect(302, '/');
   }
 
-  @Post('refresh')
-  async refreshAccessToken(@Req() req, @Res() res: Response) {
-    const { refreshToken } = req.body;
-
-    const decoded = this.jwtService.verify(refreshToken, {
-      secret: process.env.JWT_SECRET,
-    });
-    const payload = { sub: decoded.sub, provider: decoded.provider };
-    const newAccessToken = this.jwtService.sign(payload, { expiresIn: '1h' });
-    res.cookie('accessToken', newAccessToken, {
-      httpOnly: true,
-      maxAge: HOUR,
-    });
-    return res.json({
-      message: '새로운 Access Token 발급 성공',
+  @ApiResponse({ type: MessageResponseDto })
+  @ApiOperation({ summary: '사용자가 로그아웃합니다.' })
+  @Post('logout')
+  @UseGuards(JwtAuthGuard) // JWT 인증 검사
+  logout(@Res() res: Response) {
+    // 쿠키 삭제 (옵션이 일치해야 삭제됨)
+    this.tokenService.clearCookies(res);
+    return res.status(200).json({
+      message: AuthResponseMessage.AUTH_LOGGED_OUT,
     });
   }
 

apps/backend/src/auth/auth.module.ts

@@ -5,22 +5,11 @@ import { AuthService } from './auth.service';
 import { AuthController } from './auth.controller';
 import { NaverStrategy } from './strategies/naver.strategy';
 import { KakaoStrategy } from './strategies/kakao.strategy';
-import { JwtModule } from '@nestjs/jwt';
 import { JwtAuthGuard } from './guards/jwt-auth.guard';
-import { ConfigModule, ConfigService } from '@nestjs/config';
+import { TokenModule } from './token/token.module';
 
 @Module({
-  imports: [
-    UserModule,
-    ConfigModule.forRoot({ isGlobal: true }),
-    JwtModule.registerAsync({
-      imports: [ConfigModule],
-      inject: [ConfigService],
-      useFactory: async (configService: ConfigService) => ({
-        secret: configService.get<string>('JWT_SECRET'),
-      }),
-    }),
-  ],
+  imports: [UserModule, TokenModule],
   controllers: [AuthController],
   providers: [
     AuthService,

apps/backend/src/auth/auth.service.spec.ts

@@ -1,7 +1,7 @@
 import { Test, TestingModule } from '@nestjs/testing';
 import { AuthService } from './auth.service';
 import { UserRepository } from '../user/user.repository';
-import { SignUpDto } from './dto/signUp.dto';
+import { SignUpDto } from './dtos/signUp.dto';
 import { User } from '../user/user.entity';
 
 describe('AuthService', () => {

apps/backend/src/auth/auth.service.ts

@@ -1,7 +1,7 @@
 import { Injectable } from '@nestjs/common';
 import { UserRepository } from '../user/user.repository';
 import { User } from '../user/user.entity';
-import { SignUpDto } from './dto/signUp.dto';
+import { SignUpDto } from './dtos/signUp.dto';
 
 @Injectable()
 export class AuthService {

apps/backend/src/auth/dtos/messageResponse.dto.ts

@@ -0,0 +1,11 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsString } from 'class-validator';
+
+export class MessageResponseDto {
+  @ApiProperty({
+    example: 'OO 생성에 성공했습니다.',
+    description: 'api 요청 결과 메시지',
+  })
+  @IsString()
+  message: string;
+}

apps/backend/src/auth/dto/signUp.dto.ts apps/backend/src/auth/dtos/signUp.dto.tsapps/backend/src/auth/dto/signUp.dto.ts renamed to apps/backend/src/auth/dtos/signUp.dto.ts

@@ -2,31 +2,69 @@ import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import { LoginRequiredException } from '../../exception/login.exception';
 import { InvalidTokenException } from '../../exception/invalid.exception';
+import { TokenExpiredError } from 'jsonwebtoken';
+import { TokenService } from '../token/token.service';
+import { Response } from 'express';
 
 @Injectable()
 export class JwtAuthGuard implements CanActivate {
-  constructor(private readonly jwtService: JwtService) {}
+  constructor(
+    private readonly jwtService: JwtService,
+    private readonly tokenService: TokenService,
+  ) {}
 
   async canActivate(context: ExecutionContext): Promise<boolean> {
     const request = context.switchToHttp().getRequest();
-    const authorizationHeader = request.headers['authorization'];
+    const response = context.switchToHttp().getResponse<Response>();
 
-    if (!authorizationHeader) {
-      //   console.log('Authorization header missing');
+    const cookies = request.cookies; // 쿠키에서 가져오기
+
+    // 쿠키가 아예 없는 경우는 로그인 안 된 상태로 간주
+    if (!cookies || !cookies.accessToken || !cookies.refreshToken) {
+      // 관련된 쿠키 비워주기
+      this.tokenService.clearCookies(response);
       throw new LoginRequiredException();
     }
 
-    const token = authorizationHeader.split(' ')[1];
+    const { accessToken, refreshToken } = cookies;
 
     try {
-      const decodedToken = this.jwtService.verify(token, {
+      // JWT 검증
+      const decodedToken = this.jwtService.verify(accessToken, {
         secret: process.env.JWT_SECRET,
       });
+
+      // 유효한 토큰이면 요청 객체에 사용자 정보를 추가
       request.user = decodedToken;
       return true;
     } catch (error) {
-      //   console.log('Invalid token');
-      throw new InvalidTokenException();
+      // accessToken이 만료된 경우
+      if (error instanceof TokenExpiredError) {
+        try {
+          // 새로운 accessToken 발급받기
+          const newAccessToken =
+            await this.tokenService.refreshAccessToken(refreshToken);
+
+          // 쿠키 업데이트
+          this.tokenService.setAccessTokenCookie(response, newAccessToken);
+
+          // 요청 객체에 사용자 정보 추가
+          const decodedNewToken = this.jwtService.verify(newAccessToken, {
+            secret: process.env.JWT_SECRET,
+          });
+          request.user = decodedNewToken;
+
+          return true;
+        } catch (refreshError) {
+          // refreshToken 디코딩 실패 시 처리 쿠키 비워줌
+          this.tokenService.clearCookies(response);
+          throw new InvalidTokenException();
+        }
+      } else {
+        // accessToken 디코딩(만료가 아닌 이유로) 실패 시 처리 쿠키 비워줌
+        this.tokenService.clearCookies(response);
+        throw new InvalidTokenException();
+      }
     }
   }
 }

apps/backend/src/auth/guards/jwt-auth.guard.ts

@@ -3,7 +3,7 @@ import { Injectable } from '@nestjs/common';
 import { PassportStrategy } from '@nestjs/passport';
 import { Profile, Strategy } from 'passport-kakao';
 import { AuthService } from '../auth.service';
-import { SignUpDto } from '../dto/signUp.dto';
+import { SignUpDto } from '../dtos/signUp.dto';
 
 @Injectable()
 export class KakaoStrategy extends PassportStrategy(Strategy, 'kakao') {