로그인 시 JWT를 Cookie에 담아서 발행

Author: LimByeongSu

.idea/encodings.xml

@@ -1,5 +1,3 @@
-import org.gradle.kotlin.dsl.implementation
-
 plugins {
 	java
 	id("org.springframework.boot") version "3.5.6"
@@ -48,6 +46,11 @@ dependencies {
     implementation("org.springframework.boot:spring-boot-starter-validation")
     implementation("org.springframework.boot:spring-boot-starter-mail")
     implementation("org.springframework.boot:spring-boot-starter-data-redis")
+
+    implementation("io.jsonwebtoken:jjwt-api:0.13.0")
+    implementation("io.jsonwebtoken:jjwt-impl:0.13.0")
+    implementation("io.jsonwebtoken:jjwt-jackson:0.13.0")
+    implementation("org.springframework.boot:spring-boot-starter-security")
 }
 
 tasks.withType<Test> {

.idea/gradle.xml

@@ -1,20 +1,29 @@
 package com.backend.domain.user.controller;
 
 import com.backend.domain.user.service.EmailService;
+import com.backend.domain.user.service.JwtService;
 import com.backend.global.exception.ErrorCode;
 import com.backend.global.response.ApiResponse;
 import jakarta.mail.MessagingException;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotBlank;
 import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
 @RequiredArgsConstructor
 public class AuthController {
     private final EmailService emailService;
+    private final JwtService jwtService;
 
+    @Value("${jwt.access-token-expiration-in-milliseconds}")
+    private int tokenValidityMilliSeconds;
 
     /**
      * 입력받은 이메일에 인증코드를 보냅니다.
@@ -54,4 +63,39 @@ public ApiResponse<String> verifyAuthCode(@RequestBody VerifyRequest request)
 
     }
 
+
+    /**
+     * 로그인
+     */
+    record LoginRequest(
+            @NotBlank(message = "이메일은 필수 입력값 입니다.")
+            @Email(message = "이메일 형식이 아닙니다.")
+            String email,
+
+            @NotBlank(message = "비밀번호는 필수 입력값 입니다.")
+            String password
+    ){
+
+    }
+
+
+
+    @PostMapping("/api/login")
+    public ApiResponse<String> login(
+            @Valid @RequestBody LoginRequest loginRequest,
+            HttpServletResponse response
+    ){
+        String token = jwtService.login(loginRequest.email, loginRequest.password);
+
+        Cookie cookie = new Cookie("token", token);
+        cookie.setHttpOnly(true); // JavaScript 접근 방지 (XSS 공격 방어)
+        cookie.setSecure(true); //HTTPS 통신에서만 전송
+        cookie.setPath("/");
+
+        cookie.setMaxAge(tokenValidityMilliSeconds);
+
+        response.addCookie(cookie); //응답에 쿠키 추가
+
+        return ApiResponse.success("success");
+    }
 }

.idea/modules.xml

@@ -4,12 +4,10 @@
 import com.backend.domain.user.entity.User;
 import com.backend.domain.user.service.UserService;
 import com.backend.global.response.ApiResponse;
-import com.backend.global.response.ResponseCode;
 import jakarta.mail.MessagingException;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.Email;
 import jakarta.validation.constraints.NotBlank;
-import jakarta.validation.constraints.NotNull;
 import lombok.RequiredArgsConstructor;
 import org.springframework.web.bind.annotation.*;
 
@@ -163,31 +161,4 @@ public ApiResponse<RestoreResponse> restoreUser(
         return ApiResponse.success(new RestoreResponse(new UserDto(user)));
     }
 
-/*
-    *//**
-     * 로그인
-     *//*
-    record LoginRequest(
-        @NotBlank(message = "이메일은 필수 입력값 입니다.")
-        @Email(message = "이메일 형식이 아닙니다.")
-        String email,
-
-        @NotBlank(message = "비밀번호는 필수 입력값 입니다.")
-        String password
-    ){
-
-    }
-
-    record LoginResponse(
-
-    ){
-
-    }
-
-    @PostMapping("/api/user/login")
-    public ApiResponse<LoginResponse> login(
-            @Valid @RequestBody LoginRequest loginRequest
-    ){
-
-    }*/
 }

.idea/modules/backend.main.iml

@@ -0,0 +1,26 @@
+package com.backend.domain.user.service;
+
+import com.backend.domain.user.entity.User;
+import com.backend.domain.user.repository.UserRepository;
+import com.backend.domain.user.util.JwtUtil;
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotBlank;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+
+@Service
+@RequiredArgsConstructor
+public class JwtService {
+    private final UserRepository userRepository;
+    private final JwtUtil jwtUtil;
+
+    public String login(@NotBlank(message = "이메일은 필수 입력값 입니다.") @Email(message = "이메일 형식이 아닙니다.") String email, @NotBlank(message = "비밀번호는 필수 입력값 입니다.") String password) {
+        User user = userRepository.findByEmail(email).orElse(null);
+        if(user.getPassword().equals(password)) {
+            //email에 대응하는 비밀번호가 맞다면 jwt토큰 발급
+            return jwtUtil.createToken(user.getEmail(), user.getName());
+        }else{
+            return  null;
+        }
+    }
+}

backend/build.gradle.kts

@@ -0,0 +1,53 @@
+package com.backend.domain.user.util;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
+import jakarta.annotation.PostConstruct;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import java.nio.charset.StandardCharsets;
+import java.security.Key;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+@Component
+public class JwtUtil {
+    @Value("${jwt.secret}")
+    private String secretKey;
+
+    @Value("${jwt.access-token-expiration-in-milliseconds}")
+    private int tokenValidityMilliSeconds;
+
+    //SecretKey를 Base64로 인코딩하여 Key객체로 변환
+    private Key key;
+
+    //key값 초기화
+    @PostConstruct  //의존성 주입이 될때 딱 1번만 실행되기 때문에 key값은 이후로 변하지 않음
+    public void init() {
+        this.key = Keys.hmacShaKeyFor(secretKey.getBytes(StandardCharsets.UTF_8));
+        System.out.println(key);
+    }
+
+    //
+    public String createToken(String email, String name) {
+        Map<String, Object> claims = new HashMap<>();
+        claims.put(Claims.SUBJECT, email); //Claims.SUBJECT = "sub"이다.
+        claims.put("name", name);
+
+        Date now = new Date();
+        System.out.println("now : "+now.getTime());
+        Date expiration = new Date(now.getTime() + tokenValidityMilliSeconds);
+        System.out.println("expiration : "+expiration.getTime());
+        return Jwts.builder()
+                .claims(claims)
+                .issuedAt(now)
+                .expiration(expiration)
+                .signWith(key, SignatureAlgorithm.HS256)
+                .compact();
+    }
+
+}

backend/src/main/java/com/backend/domain/user/controller/AuthController.java

@@ -1,11 +1,12 @@
 spring:
   datasource:
-    #url: jdbc:mysql://localhost:3306/my_project_db?serverTimezone=Asia/Seoul&characterEncoding=UTF-8
-    #username: user
-    #password: 1234
     url: ${DB_URL}
     username: ${DB_USERNAME}
     password: ${DB_PASSWORD}
+    driver-class-name: org.h2.Driver
+    #url: jdbc:mysql://localhost:3306/my_project_db?serverTimezone=Asia/Seoul&characterEncoding=UTF-8
+    #username: user
+    #password: 1234
   mail:
     host: smtp.gmail.com         # ✅ Gmail SMTP 서버 주소 (고정)
     port: 587                    # ✅ TLS/STARTTLS를 위한 포트 (고정)
@@ -25,4 +26,13 @@ spring:
 
   jpa:
     hibernate:
-      ddl-auto: update
+      ddl-auto: update
+    properties:
+      hibernate:
+        # 🚨 H2 Dialect를 명시적으로 설정 🚨
+        dialect: org.hibernate.dialect.H2Dialect
+
+  h2:
+    console:
+      enabled: true
+      path: /h2-console