[FEATURE] 액세스 토큰 리프레시 (#352)

m-a-king · web-flow · commit 7d0723112d93 · 2025-02-04T16:17:43.000+09:00
* feat(token): 엑세스 토큰 요청 DTO 추가

* refactor(token): 코드 가독성 개선

* feat(token): 액세스 토큰 리프레시 컨트롤러 추가

* feat(token): 전역 예외 추가

* refactor(token): 패키지 이동

* refactor(token): 클래스명 수정

* feat(token): prefix 관리
diff --git a/src/main/java/com/somemore/global/auth/jwt/controller/TokenController.java b/src/main/java/com/somemore/global/auth/jwt/controller/TokenController.java
@@ -1,14 +1,18 @@
 package com.somemore.global.auth.jwt.controller;
 
-import com.somemore.global.auth.annotation.CurrentUser;
 import com.somemore.global.auth.annotation.UserId;
 import com.somemore.global.auth.jwt.domain.EncodedToken;
+import com.somemore.global.auth.jwt.dto.AccessTokenRequestDto;
 import com.somemore.global.auth.jwt.manager.TokenManager;
+import com.somemore.global.auth.jwt.usecase.JwtUseCase;
 import com.somemore.global.common.response.ApiResponse;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -17,10 +21,11 @@
 @RestController
 @RequiredArgsConstructor
 @RequestMapping("/api/auth/token")
-@Tag(name = "Token Exchange API", description = "SignInToken을 AccessToken으로 교환하는 API")
-public class TokenExchangeController {
+@Tag(name = "Token API", description = "JWT 관련 API")
+public class TokenController {
 
     private final TokenManager tokenManager;
+    private final JwtUseCase jwtUseCase;
 
     @GetMapping("/exchange")
     public ApiResponse<String> exchangeToken(
@@ -30,6 +35,19 @@ public ApiResponse<String> exchangeToken(
 
         return ApiResponse.ok(HttpStatus.OK.value(),
                 accessToken.getValueWithPrefix(),
-                "액세스 토큰 응답 성공");
+                "액세스 토큰 교환 성공");
+    }
+
+    @PostMapping("/refresh")
+    public ApiResponse<String> refreshAccessToken(
+            @Valid @RequestBody AccessTokenRequestDto accessTokenRequestDto
+    ) {
+        EncodedToken accessToken = EncodedToken.from(accessTokenRequestDto.accessToken())
+                .removePrefix();
+        EncodedToken newAccessToken = jwtUseCase.refreshAccessToken(accessToken);
+
+        return ApiResponse.ok(HttpStatus.OK.value(),
+                newAccessToken.getValueWithPrefix(),
+                "액세스 토큰 갱신 성공");
     }
 }
diff --git a/src/main/java/com/somemore/global/auth/jwt/domain/EncodedToken.java b/src/main/java/com/somemore/global/auth/jwt/domain/EncodedToken.java
@@ -19,9 +19,9 @@ public boolean isUninitialized() {
                 || value.equals(UNINITIALIZED);
     }
 
-    public EncodedToken removePrefix(String prefix) {
-        if (this.value.startsWith(prefix)) {
-            return new EncodedToken(this.value.substring(prefix.length()));
+    public EncodedToken removePrefix() {
+        if (this.value.startsWith(PREFIX)) {
+            return new EncodedToken(this.value.substring(PREFIX.length()));
         }
         return this;
     }
diff --git a/src/main/java/com/somemore/global/auth/jwt/dto/AccessTokenRequestDto.java b/src/main/java/com/somemore/global/auth/jwt/dto/AccessTokenRequestDto.java
@@ -0,0 +1,15 @@
+package com.somemore.global.auth.jwt.dto;
+
+import com.fasterxml.jackson.databind.PropertyNamingStrategies;
+import com.fasterxml.jackson.databind.annotation.JsonNaming;
+import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.NotBlank;
+
+@JsonNaming(PropertyNamingStrategies.SnakeCaseStrategy.class)
+public record AccessTokenRequestDto(
+
+        @Schema(description = "액세스 토큰", example = "액세스 토큰 문자열")
+        @NotBlank(message = "액세스 토큰 문자열")
+        String accessToken
+) {
+}
diff --git a/src/main/java/com/somemore/global/auth/jwt/filter/JwtAuthFilter.java b/src/main/java/com/somemore/global/auth/jwt/filter/JwtAuthFilter.java
@@ -46,7 +46,7 @@ protected void doFilterInternal(HttpServletRequest request,
                                     FilterChain filterChain) throws ServletException, IOException {
 
         EncodedToken accessToken = getAccessToken(request);
-        jwtUseCase.processAccessToken(accessToken, response);
+        jwtUseCase.validateAccessToken(accessToken, response);
 
         Claims claims = jwtUseCase.getClaims(accessToken);
         JwtAuthenticationToken auth = createAuthenticationToken(claims, accessToken);
@@ -66,8 +66,7 @@ private EncodedToken getAccessToken(HttpServletRequest request) {
             throw new JwtException(JwtErrorType.MISSING_TOKEN);
         }
 
-        String prefix = "Bearer ";
-        return accessToken.removePrefix(prefix);
+        return accessToken.removePrefix();
     }
 
     private static EncodedToken findAccessTokenFromHeader(HttpServletRequest request) {
diff --git a/src/main/java/com/somemore/global/auth/jwt/refresher/DefaultJwtRefresher.java b/src/main/java/com/somemore/global/auth/jwt/refresher/DefaultJwtRefresher.java
@@ -30,7 +30,8 @@ public EncodedToken refreshAccessToken(EncodedToken accessToken) {
         jwtValidator.validateToken(refreshTokenValue);
 
         Claims claims = jwtParser.parseToken(refreshTokenValue);
-        refreshToken.updateAccessToken(generateAccessToken(claims));
+        EncodedToken newAccessToken = generateAccessToken(claims);
+        refreshToken.updateAccessToken(newAccessToken);
         tokenManager.save(refreshToken);
 
         return EncodedToken.from(refreshToken.getAccessToken());
diff --git a/src/main/java/com/somemore/global/auth/jwt/service/JwtService.java b/src/main/java/com/somemore/global/auth/jwt/service/JwtService.java
@@ -3,8 +3,6 @@
 import com.somemore.global.auth.authentication.UserIdentity;
 import com.somemore.global.auth.jwt.domain.EncodedToken;
 import com.somemore.global.auth.jwt.domain.TokenType;
-import com.somemore.global.auth.jwt.exception.JwtErrorType;
-import com.somemore.global.auth.jwt.exception.JwtException;
 import com.somemore.global.auth.jwt.generator.JwtGenerator;
 import com.somemore.global.auth.jwt.parser.JwtParser;
 import com.somemore.global.auth.jwt.refresher.JwtRefresher;
@@ -31,25 +29,17 @@ public EncodedToken generateToken(UserIdentity userIdentity, TokenType tokenType
     }
 
     @Override
-    public void processAccessToken(EncodedToken accessToken, HttpServletResponse response) {
-        try {
-            jwtValidator.validateToken(accessToken);
-        } catch (JwtException e) {
-            handleJwtExpiredException(e, accessToken, response);
-        }
+    public void validateAccessToken(EncodedToken accessToken, HttpServletResponse response) {
+        jwtValidator.validateToken(accessToken);
     }
 
     @Override
-    public Claims getClaims(EncodedToken token) {
-        return jwtParser.parseToken(token);
+    public Claims getClaims(EncodedToken accessToken) {
+        return jwtParser.parseToken(accessToken);
     }
 
-    private void handleJwtExpiredException(JwtException e, EncodedToken accessToken, HttpServletResponse response) {
-        if (e.getErrorType() == JwtErrorType.EXPIRED_TOKEN) {
-            EncodedToken refreshedToken = jwtRefresher.refreshAccessToken(accessToken);
-            // TODO 프론트엔드와 협의 : 만료된 액세스 토큰 관리 방법
-            return;
-        }
-        throw e;
+    @Override
+    public EncodedToken refreshAccessToken(EncodedToken accessToken) {
+        return jwtRefresher.refreshAccessToken(accessToken);
     }
 }
diff --git a/src/main/java/com/somemore/global/auth/jwt/usecase/JwtUseCase.java b/src/main/java/com/somemore/global/auth/jwt/usecase/JwtUseCase.java
@@ -10,7 +10,9 @@ public interface JwtUseCase {
 
     EncodedToken generateToken(UserIdentity userIdentity, TokenType tokenType);
 
-    void processAccessToken(EncodedToken token, HttpServletResponse response);
+    void validateAccessToken(EncodedToken accessToken, HttpServletResponse response);
 
-    Claims getClaims(EncodedToken token);
+    Claims getClaims(EncodedToken accessToken);
+
+    EncodedToken refreshAccessToken(EncodedToken accessToken);
 }
diff --git a/src/main/java/com/somemore/global/exception/handler/GlobalExceptionHandler.java b/src/main/java/com/somemore/global/exception/handler/GlobalExceptionHandler.java
@@ -1,5 +1,6 @@
 package com.somemore.global.exception.handler;
 
+import com.somemore.global.auth.jwt.exception.JwtException;
 import com.somemore.global.exception.BadRequestException;
 import com.somemore.global.exception.DuplicateException;
 import com.somemore.global.exception.ImageUploadException;
@@ -81,4 +82,16 @@ ProblemDetail handleInvalidAuthenticationException(InvalidAuthenticationExceptio
         return problemDetail;
     }
 
+    @ExceptionHandler(JwtException.class)
+    ProblemDetail handleJwtException(JwtException e) {
+
+        ProblemDetail problemDetail = ProblemDetail.forStatusAndDetail(HttpStatus.BAD_REQUEST, e.getMessage());
+        problemDetail.setTitle("토큰 문제");
+        problemDetail.setDetail("토큰 처리에 문제가 발생했습니다.");
+
+        log.warn("JwtException: {}", e.getMessage());
+
+        return problemDetail;
+    }
+
 }
diff --git a/src/test/java/com/somemore/global/auth/jwt/service/JwtServiceTest.java b/src/test/java/com/somemore/global/auth/jwt/service/JwtServiceTest.java
@@ -132,7 +132,7 @@ void throwExceptionWhenRefreshTokenIsInvalid() {
         // then
         MockHttpServletResponse mockResponse = new MockHttpServletResponse();
 
-        assertThatThrownBy(() -> jwtService.processAccessToken(expiredAccessToken, mockResponse))
+        assertThatThrownBy(() -> jwtService.validateAccessToken(expiredAccessToken, mockResponse))
                 .isInstanceOf(JwtException.class)
                 .hasMessage(JwtErrorType.EXPIRED_TOKEN.getMessage());
     }
@@ -149,7 +149,7 @@ void throwExceptionWhenRefreshTokenIsMissing() {
         // then
         MockHttpServletResponse mockResponse = new MockHttpServletResponse();
 
-        assertThatThrownBy(() -> jwtService.processAccessToken(expiredAccessToken, mockResponse))
+        assertThatThrownBy(() -> jwtService.validateAccessToken(expiredAccessToken, mockResponse))
                 .isInstanceOf(JwtException.class)
                 .hasMessage(JwtErrorType.EXPIRED_TOKEN.getMessage());
     }
@@ -217,7 +217,7 @@ void refreshTokenNotFoundThrowsJwtException() {
 
         // when
         // then
-        assertThatThrownBy(() -> jwtService.processAccessToken(expiredAccessToken, new MockHttpServletResponse()))
+        assertThatThrownBy(() -> jwtService.validateAccessToken(expiredAccessToken, new MockHttpServletResponse()))
                 .isInstanceOf(JwtException.class)
                 .hasMessage(JwtErrorType.EXPIRED_TOKEN.getMessage());
     }

Original file line number	Diff line number	Diff line change
`@@ -19,9 +19,9 @@ public boolean isUninitialized() {`
`19`	`19`	`\|\| value.equals(UNINITIALIZED);`
`20`	`20`	`}`
`21`	`21`
`22`		`- public EncodedToken removePrefix(String prefix) {`
`23`		`- if (this.value.startsWith(prefix)) {`
`24`		`- return new EncodedToken(this.value.substring(prefix.length()));`
	`22`	`+ public EncodedToken removePrefix() {`
	`23`	`+ if (this.value.startsWith(PREFIX)) {`
	`24`	`+ return new EncodedToken(this.value.substring(PREFIX.length()));`
`25`	`25`	`}`
`26`	`26`	`return this;`
`27`	`27`	`}`
Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ protected void doFilterInternal(HttpServletRequest request,`
`46`	`46`	`FilterChain filterChain) throws ServletException, IOException {`
`47`	`47`
`48`	`48`	`EncodedToken accessToken = getAccessToken(request);`
`49`		`- jwtUseCase.processAccessToken(accessToken, response);`
	`49`	`+ jwtUseCase.validateAccessToken(accessToken, response);`
`50`	`50`
`51`	`51`	`Claims claims = jwtUseCase.getClaims(accessToken);`
`52`	`52`	`JwtAuthenticationToken auth = createAuthenticationToken(claims, accessToken);`
`@@ -66,8 +66,7 @@ private EncodedToken getAccessToken(HttpServletRequest request) {`
`66`	`66`	`throw new JwtException(JwtErrorType.MISSING_TOKEN);`
`67`	`67`	`}`
`68`	`68`
`69`		`- String prefix = "Bearer ";`
`70`		`- return accessToken.removePrefix(prefix);`
	`69`	`+ return accessToken.removePrefix();`
`71`	`70`	`}`
`72`	`71`
`73`	`72`	`private static EncodedToken findAccessTokenFromHeader(HttpServletRequest request) {`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,9 @@ public interface JwtUseCase {`
`10`	`10`
`11`	`11`	`EncodedToken generateToken(UserIdentity userIdentity, TokenType tokenType);`
`12`	`12`
`13`		`- void processAccessToken(EncodedToken token, HttpServletResponse response);`
	`13`	`+ void validateAccessToken(EncodedToken accessToken, HttpServletResponse response);`
`14`	`14`
`15`		`- Claims getClaims(EncodedToken token);`
	`15`	`+ Claims getClaims(EncodedToken accessToken);`
	`16`	`+`
	`17`	`+ EncodedToken refreshAccessToken(EncodedToken accessToken);`
`16`	`18`	`}`