Merge pull request #35 from classic-daramg/feature/34

Feature/34

Author: hyobin-yang

.github/workflows/ci.yml

@@ -11,7 +11,16 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: write
-
+    services:
+      redis:
+        image: redis:latest
+        ports:
+          - 6379:6379
+        options: >-
+          --health-cmd "redis-cli ping | grep PONG || exit 1"
+          --health-interval 5s
+          --health-timeout 3s
+          --health-retries 5
     steps:
     - uses: actions/checkout@v4
     - name: Set up JDK 22
@@ -24,6 +33,10 @@ jobs:
       uses: gradle/actions/setup-gradle@v3
 
     - name: Test with CI Profile
+      env:
+        JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }}
+        SPRING_MAIL_USERNAME: ${{ secrets.SPRING_MAIL_USERNAME }}
+        SPRING_MAIL_PASSWORD: ${{ secrets.SPRING_MAIL_PASSWORD }}
       run: ./gradlew build -Dspring.profiles.active=ci
 
     - name: Submit Dependency Graph

build.gradle

@@ -67,6 +67,9 @@ dependencies {
 
 	// 코틀린
 	testImplementation 'org.jetbrains.kotlin:kotlin-test-junit5'
+
+	// jwt
+	implementation 'com.auth0:java-jwt:4.4.0'
 }
 
 test {

src/main/java/com/daramg/server/ServerApplication.java

@@ -3,12 +3,9 @@
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.flyway.FlywayAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 
-// 프로젝트 초기 임시설정
 @SpringBootApplication(exclude = {
-		FlywayAutoConfiguration.class,
-		SecurityAutoConfiguration.class
+		FlywayAutoConfiguration.class
 })
 public class ServerApplication {
 	public static void main(String[] args) {

src/main/java/com/daramg/server/auth/application/AuthService.java

@@ -1,24 +1,39 @@
 package com.daramg.server.auth.application;
 
+import com.daramg.server.auth.dto.TokenResponseDto;
+import com.daramg.server.auth.exception.AuthErrorStatus;
+import com.daramg.server.auth.util.JwtUtil;
 import com.daramg.server.common.exception.BusinessException;
 import com.daramg.server.domain.user.domain.User;
 import com.daramg.server.auth.domain.SignupVo;
-import com.daramg.server.auth.dto.LoginDto;
-import com.daramg.server.auth.dto.PasswordDto;
-import com.daramg.server.auth.dto.SignupDto;
+import com.daramg.server.auth.dto.LoginRequestDto;
+import com.daramg.server.auth.dto.PasswordRequestDto;
+import com.daramg.server.auth.dto.SignupRequestDto;
 import com.daramg.server.domain.user.repository.UserRepository;
 import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.util.concurrent.TimeUnit;
+
 @Service
 @Transactional
 @RequiredArgsConstructor
 public class AuthService {
 
+    @Value("${jwt.refresh-time}")
+    private long REFRESH_TOKEN_VALID_TIME;
+
     private final UserRepository userRepository;
+    private final JwtUtil jwtTokenProvider;
+    private final PasswordEncoder passwordEncoder;
+    private final RedisTemplate<String, String> redisTemplate;
 
-    public void signup(SignupDto dto){
+    public void signup(SignupRequestDto dto){
         if (userRepository.existsByEmail(dto.getEmail())) {
             throw new BusinessException("중복된 이메일입니다.");
         }
@@ -39,10 +54,54 @@ public void signup(SignupDto dto){
         userRepository.save(user);
     }
 
-    public void login(LoginDto dto){
+    public TokenResponseDto login(LoginRequestDto dto){
+        User user = userRepository.findByEmail(dto.getEmail())
+                .filter(u -> passwordEncoder.matches(dto.getPassword(), u.getPassword()))
+                .orElseThrow(() -> new BusinessException(AuthErrorStatus.USER_NOT_FOUND_EXCEPTION));
+
+        TokenResponseDto tokens = jwtTokenProvider.generateTokens(user);
+        redisTemplate.opsForValue().set(
+                user.getEmail(),
+                tokens.getRefreshToken(),
+                REFRESH_TOKEN_VALID_TIME,
+                TimeUnit.MILLISECONDS
+        );
+        return tokens;
     }
 
-    public void resetPassword(PasswordDto dto, User user){
+    public TokenResponseDto refreshAccessToken(String refreshToken) {
+        if (!jwtTokenProvider.validateRefreshToken(refreshToken)) {
+            throw new BusinessException(AuthErrorStatus.INVALID_TOKEN_EXCEPTION);
+        }
+
+        String userEmail = jwtTokenProvider.getUserEmail(refreshToken);
+        String originRefreshToken = redisTemplate.opsForValue().get(userEmail);
+
+        if (originRefreshToken == null || !originRefreshToken.equals(refreshToken)) {
+            throw new BusinessException(AuthErrorStatus.INVALID_TOKEN_EXCEPTION);
+        }
+
+        User user = userRepository.findByEmail(userEmail)
+                .orElseThrow(() -> new BusinessException(AuthErrorStatus.USER_NOT_FOUND_EXCEPTION));
+
+        String newAccessToken = jwtTokenProvider.createAccessToken(user);
+        return new TokenResponseDto(newAccessToken, refreshToken);
+    }
+
+    public void logout(User user){
+        redisTemplate.delete(user.getEmail());
+    }
+
+    public void resetPassword(PasswordRequestDto dto){
+        User user = userRepository.findByEmail(dto.getEmail())
+                .orElseThrow(() -> new BusinessException(AuthErrorStatus.USER_NOT_FOUND_EXCEPTION));
+
         user.changePassword(dto.getPassword());
+        logout(user);
+    }
+
+    public User loadUserByEmail(String email) throws UsernameNotFoundException {
+        return userRepository.findByEmail(email)
+                .orElseThrow(() -> new BusinessException("(email: " + email + ")", AuthErrorStatus.USER_NOT_FOUND_EXCEPTION));
     }
 }

src/main/java/com/daramg/server/auth/application/MailVerificationService.java

@@ -1,9 +1,9 @@
 package com.daramg.server.auth.application;
 
-import com.daramg.server.auth.dto.EmailVerificationRequest;
-import com.daramg.server.auth.dto.CodeVerificationRequest;
+import com.daramg.server.auth.dto.EmailVerificationRequestDto;
+import com.daramg.server.auth.dto.CodeVerificationRequestDto;
 
 public interface MailVerificationService {
-    void sendVerificationEmail(EmailVerificationRequest request);
-    void verifyEmailWithCode(CodeVerificationRequest request);
+    void sendVerificationEmail(EmailVerificationRequestDto request);
+    void verifyEmailWithCode(CodeVerificationRequestDto request);
 }

src/main/java/com/daramg/server/auth/application/MailVerificationServiceImpl.java

@@ -1,8 +1,8 @@
 package com.daramg.server.auth.application;
 
-import com.daramg.server.auth.MailMessages;
-import com.daramg.server.auth.dto.EmailVerificationRequest;
-import com.daramg.server.auth.dto.CodeVerificationRequest;
+import com.daramg.server.auth.domain.MailMessages;
+import com.daramg.server.auth.dto.EmailVerificationRequestDto;
+import com.daramg.server.auth.dto.CodeVerificationRequestDto;
 import com.daramg.server.auth.exception.AuthErrorStatus;
 import com.daramg.server.auth.repository.VerificationCodeRepository;
 import com.daramg.server.auth.util.MailContentBuilder;
@@ -26,26 +26,26 @@ public class MailVerificationServiceImpl implements MailVerificationService{
     private final VerificationCodeRepository verificationCodeRepository;
     private final UserRepository userRepository;
 
-    public void sendVerificationEmail(EmailVerificationRequest request) {
+    public void sendVerificationEmail(EmailVerificationRequestDto request) {
         switch (request.getEmailPurpose()) {
             case SIGNUP -> sendForSignup(request);
             case PASSWORD_RESET -> sendForPasswordReset(request);
             default -> throw new BusinessException("지원하지 않는 이메일 발송 목적입니다.");
         }
     }
 
-    private void sendForSignup(EmailVerificationRequest request) {
+    private void sendForSignup(EmailVerificationRequestDto request) {
         sendVerificationCode(request);
     }
 
-    private void sendForPasswordReset(EmailVerificationRequest request) {
+    private void sendForPasswordReset(EmailVerificationRequestDto request) {
         if (!userRepository.existsByEmail(request.getEmail())){
             throw new BusinessException(AuthErrorStatus.EMAIL_NOT_REGISTERED);
         }
         sendVerificationCode(request);
     }
 
-    private void sendVerificationCode(EmailVerificationRequest request) {
+    private void sendVerificationCode(EmailVerificationRequestDto request) {
         String verificationCode = VerificationCodeGenerator.generate();
         verificationCodeRepository.save(request.getEmail(), verificationCode);
 
@@ -63,7 +63,7 @@ private void sendVerificationCode(EmailVerificationRequest request) {
         }
     }
 
-    public void verifyEmailWithCode(CodeVerificationRequest request) {
+    public void verifyEmailWithCode(CodeVerificationRequestDto request) {
         String storedCode = verificationCodeRepository.findByEmail(request.getEmail())
                 .orElse(null);
 

src/main/java/com/daramg/server/auth/config/SecurityConfig.java

@@ -0,0 +1,45 @@
+package com.daramg.server.auth.config;
+
+import com.daramg.server.auth.filter.JwtAuthorizationFilter;
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@Configuration
+@EnableWebSecurity
+@RequiredArgsConstructor
+public class SecurityConfig {
+
+    private final JwtAuthorizationFilter jwtAuthorizationFilter;
+    private final AuthenticationEntryPoint authEntryPoint;
+
+    @Bean
+    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+                .csrf(AbstractHttpConfigurer::disable)
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authorizeHttpRequests(auth -> auth
+                        // 인증 없이 허용할 경로
+                        .requestMatchers("/auth/email-verifications").permitAll()
+                        .requestMatchers("/auth/verify-email").permitAll()
+                        .requestMatchers("/auth/signup").permitAll()
+                        .requestMatchers("/auth/login").permitAll()
+
+                        .requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
+
+                        // 위에서 등록되지 않은 모든 경로는 인증 필요
+                        .anyRequest().authenticated()
+                )
+                .httpBasic(basic -> basic.authenticationEntryPoint(authEntryPoint))
+                .addFilterBefore(jwtAuthorizationFilter,
+                        UsernamePasswordAuthenticationFilter.class);
+        return http.build();
+    }
+}

…com/daramg/server/auth/MailMessages.java …amg/server/auth/domain/MailMessages.javasrc/main/java/com/daramg/server/auth/MailMessages.java renamed to src/main/java/com/daramg/server/auth/domain/MailMessages.java src/main/java/com/daramg/server/auth/MailMessages.java renamed to src/main/java/com/daramg/server/auth/domain/MailMessages.java

@@ -1,4 +1,4 @@
-package com.daramg.server.auth;
+package com.daramg.server.auth.domain;
 
 public final class MailMessages {
     private MailMessages() {}

…rver/auth/dto/CodeVerificationRequest.kt …r/auth/dto/CodeVerificationRequestDto.ktsrc/main/java/com/daramg/server/auth/dto/CodeVerificationRequest.kt renamed to src/main/java/com/daramg/server/auth/dto/CodeVerificationRequestDto.kt src/main/java/com/daramg/server/auth/dto/CodeVerificationRequest.kt renamed to src/main/java/com/daramg/server/auth/dto/CodeVerificationRequestDto.kt

@@ -4,7 +4,7 @@ import jakarta.validation.constraints.Email
 import jakarta.validation.constraints.NotBlank
 import jakarta.validation.constraints.Pattern
 
-data class CodeVerificationRequest(
+data class CodeVerificationRequestDto(
     @field:NotBlank(message = "AUTH_400_2")
     @field:Email(message = "AUTH_400_3")
     val email: String,

…ver/auth/dto/EmailVerificationRequest.kt …/auth/dto/EmailVerificationRequestDto.ktsrc/main/java/com/daramg/server/auth/dto/EmailVerificationRequest.kt renamed to src/main/java/com/daramg/server/auth/dto/EmailVerificationRequestDto.kt src/main/java/com/daramg/server/auth/dto/EmailVerificationRequest.kt renamed to src/main/java/com/daramg/server/auth/dto/EmailVerificationRequestDto.kt

@@ -5,7 +5,7 @@ import jakarta.validation.constraints.Email
 import jakarta.validation.constraints.NotBlank
 import jakarta.validation.constraints.NotNull
 
-data class EmailVerificationRequest(
+data class EmailVerificationRequestDto(
     @field:NotBlank(message = "AUTH_400_2")
     @field:Email(message = "AUTH_400_3")
     val email: String,