Merge branch 'develop' into refactor-be-#357

Tolerblanc · web-flow · commit e0c2dd5372d2 · 2024-12-02T18:28:35.000+09:00
diff --git a/apps/backend/package.json b/apps/backend/package.json
@@ -55,6 +55,7 @@
     "socket.io": "^4.8.1",
     "sqlite3": "^5.1.7",
     "typeorm": "^0.3.20",
+    "uuid": "^11.0.3",
     "ws": "^8.14.2",
     "y-prosemirror": "^1.2.12",
     "y-protocols": "^1.0.6",
diff --git a/apps/backend/src/auth/auth.controller.ts b/apps/backend/src/auth/auth.controller.ts
@@ -41,11 +41,11 @@ export class AuthController {
     // 네이버 인증 후 사용자 정보 반환
     const user = req.user;
 
-    // primary Key인 id 포함 payload 생성함
-    // TODO: 여기서 권한 추가해야함
-    const payload = { sub: user.id };
-    const accessToken = this.tokenService.generateAccessToken(payload);
-    const refreshToken = this.tokenService.generateRefreshToken(payload);
+    // access token 만들기
+    const accessToken = this.tokenService.generateAccessToken(user.id);
+
+    // refresh token 만들어서 db에도 저장
+    const refreshToken = await this.tokenService.generateRefreshToken(user.id);
 
     // 토큰을 쿠키에 담아서 메인 페이지로 리디렉션
     this.tokenService.setAccessTokenCookie(res, accessToken);
@@ -67,11 +67,11 @@ export class AuthController {
     /// 카카오 인증 후 사용자 정보 반환
     const user = req.user;
 
-    // primary Key인 id 포함 payload 생성함
-    // TODO: 여기서 권한 추가해야함
-    const payload = { sub: user.id };
-    const accessToken = this.tokenService.generateAccessToken(payload);
-    const refreshToken = this.tokenService.generateRefreshToken(payload);
+    // access token 만들기
+    const accessToken = this.tokenService.generateAccessToken(user.id);
+
+    // refresh token 만들어서 db에도 저장
+    const refreshToken = await this.tokenService.generateRefreshToken(user.id);
 
     // 토큰을 쿠키에 담아서 메인 페이지로 리디렉션
     this.tokenService.setAccessTokenCookie(res, accessToken);
@@ -84,17 +84,18 @@ export class AuthController {
   @ApiOperation({ summary: '사용자가 로그아웃합니다.' })
   @Post('logout')
   @UseGuards(JwtAuthGuard) // JWT 인증 검사
-  logout(@Res() res: Response) {
+  logout(@Req() req, @Res() res: Response) {
     // 쿠키 삭제 (옵션이 일치해야 삭제됨)
     this.tokenService.clearCookies(res);
+    // 현재 자동로그인에 사용되는 refresh Token db에서 삭제
+    this.tokenService.deleteRefreshToken(req.user.sub);
     return res.status(200).json({
       message: AuthResponseMessage.AUTH_LOGGED_OUT,
     });
   }
 
   // 클라이언트가 사용자의 외부 id(snowflakeId) + 이름을 알 수 있는 엔드포인트
   // auth/profile
-  // TODO: 사용자 지정 닉네임 + 프로필 이미지도 return하게 확장
   @Get('profile')
   @UseGuards(JwtAuthGuard) // JWT 인증 검사
   async getProfile(@Req() req) {
diff --git a/apps/backend/src/auth/auth.service.ts b/apps/backend/src/auth/auth.service.ts
@@ -45,4 +45,20 @@ export class AuthService {
     const newPage = Object.assign({}, findUser, dto);
     await this.userRepository.save(newPage);
   }
+
+  async compareStoredRefreshToken(
+    id: number,
+    refreshToken: string,
+  ): Promise<boolean> {
+    // 유저를 찾는다.
+    const user = await this.userRepository.findOneBy({ id });
+
+    // 유저가 없으면 오류
+    if (!user) {
+      throw new UserNotFoundException();
+    }
+
+    // DB에 있는 값과 일치하는지 비교한다
+    return user.refreshToken === refreshToken;
+  }
 }
diff --git a/apps/backend/src/auth/token/token.module.ts b/apps/backend/src/auth/token/token.module.ts
@@ -2,9 +2,11 @@ import { Module } from '@nestjs/common';
 import { JwtModule } from '@nestjs/jwt';
 import { TokenService } from './token.service';
 import { ConfigModule, ConfigService } from '@nestjs/config';
+import { UserModule } from '../../user/user.module';
 
 @Module({
   imports: [
+    UserModule,
     ConfigModule, // ConfigModule 등록
     JwtModule.registerAsync({
       imports: [ConfigModule], // ConfigModule에서 환경 변수 로드
diff --git a/apps/backend/src/auth/token/token.service.ts b/apps/backend/src/auth/token/token.service.ts
@@ -1,6 +1,10 @@
 import { Injectable } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import { Response } from 'express';
+import { v4 as uuidv4 } from 'uuid';
+import { UserRepository } from '../../user/user.repository';
+import { UserNotFoundException } from '../../exception/user.exception';
+import { InvalidTokenException } from '../../exception/invalid.exception';
 
 const HOUR = 60 * 60;
 const DAY = 24 * 60 * 60;
@@ -9,18 +13,28 @@ const MS_HALF_YEAR = 6 * 30 * 24 * 60 * 60 * 1000;
 
 @Injectable()
 export class TokenService {
-  constructor(private readonly jwtService: JwtService) {}
+  constructor(
+    private readonly jwtService: JwtService,
+    private readonly userRepository: UserRepository,
+  ) {}
 
-  generateAccessToken(payload: any): string {
+  generateAccessToken(userId: number): string {
+    const payload = { sub: userId };
     return this.jwtService.sign(payload, {
       expiresIn: HOUR,
     });
   }
 
-  generateRefreshToken(payload: any): string {
-    return this.jwtService.sign(payload, {
+  async generateRefreshToken(userId: number): Promise<string> {
+    // 보안성을 높이기 위해 랜덤한 tokenId인 jti를 생성한다
+    const payload = { sub: userId, jti: uuidv4() };
+    const refreshToken = this.jwtService.sign(payload, {
       expiresIn: FIVE_MONTHS,
     });
+
+    await this.updateRefreshToken(userId, refreshToken);
+
+    return refreshToken;
   }
 
   generateInviteToken(workspaceId: number, role: string): string {
@@ -40,13 +54,23 @@ export class TokenService {
   }
 
   async refreshAccessToken(refreshToken: string): Promise<string> {
-    // refreshToken을 검증한다
+    // refreshToken 1차 검증
     const decoded = this.jwtService.verify(refreshToken, {
       secret: process.env.JWT_SECRET,
     });
 
+    // 검증된 토큰에서 사용자 ID 추출
+    const userId = decoded.sub;
+
+    // refreshToken 2차 검증
+    // DB에 저장된 refreshToken과 비교
+    const isValid = await this.compareStoredRefreshToken(userId, refreshToken);
+    if (!isValid) {
+      throw new InvalidTokenException();
+    }
+
     // 새로운 accessToken을 발급한다
-    return this.generateAccessToken({ sub: decoded.sub });
+    return this.generateAccessToken(decoded.sub);
   }
 
   setAccessTokenCookie(response: Response, accessToken: string): void {
@@ -82,4 +106,48 @@ export class TokenService {
       sameSite: 'strict',
     });
   }
+
+  private async compareStoredRefreshToken(
+    id: number,
+    refreshToken: string,
+  ): Promise<boolean> {
+    // 유저를 찾는다.
+    const user = await this.userRepository.findOneBy({ id });
+
+    // 유저가 없으면 오류
+    if (!user) {
+      throw new UserNotFoundException();
+    }
+
+    // DB에 있는 값과 일치하는지 비교한다
+    return user.refreshToken === refreshToken;
+  }
+
+  private async updateRefreshToken(id: number, refreshToken: string) {
+    // 유저를 찾는다.
+    const user = await this.userRepository.findOneBy({ id });
+
+    // 유저가 없으면 오류
+    if (!user) {
+      throw new UserNotFoundException();
+    }
+
+    // 유저의 현재 REFRESH TOKEN 갱신
+    user.refreshToken = refreshToken;
+    await this.userRepository.save(user);
+  }
+
+  async deleteRefreshToken(id: number) {
+    // 유저를 찾는다.
+    const user = await this.userRepository.findOneBy({ id });
+
+    // 유저가 없으면 오류
+    if (!user) {
+      throw new UserNotFoundException();
+    }
+
+    // 유저의 현재 REFRESH TOKEN 삭제
+    user.refreshToken = null;
+    await this.userRepository.save(user);
+  }
 }
diff --git a/apps/backend/src/user/user.entity.ts b/apps/backend/src/user/user.entity.ts
@@ -36,6 +36,9 @@ export class User {
   @Column({ nullable: true })
   profileImage: string;
 
+  @Column({ nullable: true })
+  refreshToken: string;
+
   @CreateDateColumn()
   createdAt: Date;
 }
diff --git a/apps/backend/src/workspace/dtos/getWorkspaceResponse.dto.ts b/apps/backend/src/workspace/dtos/getWorkspaceResponse.dto.ts
@@ -0,0 +1,27 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsString } from 'class-validator';
+import { UserWorkspaceDto } from './userWorkspace.dto';
+
+export class GetWorkspaceResponseDto {
+  @ApiProperty({
+    example: 'OO 생성에 성공했습니다.',
+    description: 'api 요청 결과 메시지',
+  })
+  @IsString()
+  message: string;
+
+  @ApiProperty({
+    example: [
+      {
+        workspaceId: 'snowflake-id-1',
+        title: 'naver-boostcamp-9th',
+        description: '네이버 부스트캠프 9기 워크스페이스입니다',
+        thumbnailUrl: 'https://example.com/image1.png',
+        role: 'guest',
+        visibility: 'private',
+      },
+    ],
+    description: '사용자가 접근하려고 하는 워크스페이스 데이터',
+  })
+  workspace: UserWorkspaceDto;
+}
diff --git a/apps/backend/src/workspace/dtos/userWorkspace.dto.ts b/apps/backend/src/workspace/dtos/userWorkspace.dto.ts
@@ -3,6 +3,6 @@ export class UserWorkspaceDto {
   title: string;
   description: string | null;
   thumbnailUrl: string | null;
-  role: 'owner' | 'guest';
+  role: 'owner' | 'guest' | null;
   visibility: 'public' | 'private';
 }
diff --git a/apps/backend/src/workspace/workspace.controller.spec.ts b/apps/backend/src/workspace/workspace.controller.spec.ts
@@ -26,7 +26,7 @@ describe('WorkspaceController', () => {
             getUserWorkspaces: jest.fn(),
             generateInviteUrl: jest.fn(),
             processInviteUrl: jest.fn(),
-            checkAccess: jest.fn(),
+            getWorkspaceData: jest.fn(),
             updateVisibility: jest.fn(),
           },
         },
@@ -117,13 +117,15 @@ describe('WorkspaceController', () => {
           description: 'Description 1',
           thumbnailUrl: 'http://example.com/image1.png',
           role: 'owner',
+          visibility: 'private',
         },
         {
           workspaceId: 'snowflake-id-2',
           title: 'Workspace 2',
           description: null,
           thumbnailUrl: null,
           role: 'guest',
+          visibility: 'private',
         },
       ] as UserWorkspaceDto[];
 
@@ -188,32 +190,45 @@ describe('WorkspaceController', () => {
     });
   });
 
-  describe('checkWorkspaceAccess', () => {
-    it('워크스페이스에 접근 가능한 경우 메시지를 반환한다.', async () => {
+  describe('getWorkspace', () => {
+    it('워크스페이스에 접근 가능한 경우 워크스페이스 정보를 반환한다.', async () => {
       const workspaceId = 'workspace-snowflake-id';
       const userId = 'user-snowflake-id';
 
-      jest.spyOn(service, 'checkAccess').mockResolvedValue(undefined);
+      const mockWorkspace = {
+        workspaceId: 'snowflake-id-1',
+        title: 'Workspace 1',
+        description: 'Description 1',
+        thumbnailUrl: 'http://example.com/image1.png',
+        role: 'owner',
+        visibility: 'public',
+      } as UserWorkspaceDto;
 
-      const result = await controller.checkWorkspaceAccess(workspaceId, userId);
+      jest.spyOn(service, 'getWorkspaceData').mockResolvedValue(mockWorkspace);
 
-      expect(service.checkAccess).toHaveBeenCalledWith(userId, workspaceId);
+      const result = await controller.getWorkspace(workspaceId, userId);
+
+      expect(service.getWorkspaceData).toHaveBeenCalledWith(
+        userId,
+        workspaceId,
+      );
       expect(result).toEqual({
-        message: WorkspaceResponseMessage.WORKSPACE_ACCESS_CHECKED,
+        message: WorkspaceResponseMessage.WORKSPACE_DATA_RETURNED,
+        workspace: mockWorkspace,
       });
     });
 
     it('로그인하지 않은 사용자의 경우 null로 처리하고 접근 가능한 경우 메시지를 반환한다.', async () => {
       const workspaceId = 'workspace-snowflake-id';
       const userId = 'null'; // 로그인되지 않은 상태를 나타냄
 
-      jest.spyOn(service, 'checkAccess').mockResolvedValue(undefined);
+      jest.spyOn(service, 'getWorkspaceData').mockResolvedValue(undefined);
 
-      const result = await controller.checkWorkspaceAccess(workspaceId, userId);
+      const result = await controller.getWorkspace(workspaceId, userId);
 
-      expect(service.checkAccess).toHaveBeenCalledWith(null, workspaceId);
+      expect(service.getWorkspaceData).toHaveBeenCalledWith(null, workspaceId);
       expect(result).toEqual({
-        message: WorkspaceResponseMessage.WORKSPACE_ACCESS_CHECKED,
+        message: WorkspaceResponseMessage.WORKSPACE_DATA_RETURNED,
       });
     });
 
@@ -223,14 +238,17 @@ describe('WorkspaceController', () => {
 
       // 권한 없음
       jest
-        .spyOn(service, 'checkAccess')
+        .spyOn(service, 'getWorkspaceData')
         .mockRejectedValue(new ForbiddenAccessException());
 
       await expect(
-        controller.checkWorkspaceAccess(workspaceId, userId),
+        controller.getWorkspace(workspaceId, userId),
       ).rejects.toThrow(ForbiddenAccessException);
 
-      expect(service.checkAccess).toHaveBeenCalledWith(userId, workspaceId);
+      expect(service.getWorkspaceData).toHaveBeenCalledWith(
+        userId,
+        workspaceId,
+      );
     });
 
     it('워크스페이스가 존재하지 않는 경우 WorkspaceNotFoundException을 던진다.', async () => {
@@ -239,14 +257,17 @@ describe('WorkspaceController', () => {
 
       // 워크스페이스 없음
       jest
-        .spyOn(service, 'checkAccess')
+        .spyOn(service, 'getWorkspaceData')
         .mockRejectedValue(new WorkspaceNotFoundException());
 
       await expect(
-        controller.checkWorkspaceAccess(workspaceId, userId),
+        controller.getWorkspace(workspaceId, userId),
       ).rejects.toThrow(WorkspaceNotFoundException);
 
-      expect(service.checkAccess).toHaveBeenCalledWith(userId, workspaceId);
+      expect(service.getWorkspaceData).toHaveBeenCalledWith(
+        userId,
+        workspaceId,
+      );
     });
   });
 });
diff --git a/apps/backend/src/workspace/workspace.controller.ts b/apps/backend/src/workspace/workspace.controller.ts
diff --git a/apps/backend/src/workspace/workspace.service.spec.ts b/apps/backend/src/workspace/workspace.service.spec.ts
diff --git a/apps/backend/src/workspace/workspace.service.ts b/apps/backend/src/workspace/workspace.service.ts
diff --git a/yarn.lock b/yarn.lock

Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,9 @@ export class User {`
`36`	`36`	`@Column({ nullable: true })`
`37`	`37`	`profileImage: string;`
`38`	`38`
	`39`	`+ @Column({ nullable: true })`
	`40`	`+ refreshToken: string;`
	`41`	`+`
`39`	`42`	`@CreateDateColumn()`
`40`	`43`	`createdAt: Date;`
`41`	`44`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,6 @@ export class UserWorkspaceDto {`
`3`	`3`	`title: string;`
`4`	`4`	`description: string \| null;`
`5`	`5`	`thumbnailUrl: string \| null;`
`6`		`- role: 'owner' \| 'guest';`
	`6`	`+ role: 'owner' \| 'guest' \| null;`
`7`	`7`	`visibility: 'public' \| 'private';`
`8`	`8`	`}`