[fix] : jwt.secret 키 수정 #36

Author: Hyeromon

src/main/java/org/dfbf/soundlink/SoundLinkJavaApplication.java

@@ -4,7 +4,7 @@
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 
-@SpringBootApplication(exclude= SecurityAutoConfiguration.class)
+@SpringBootApplication
 public class SoundLinkJavaApplication {
 
     public static void main(String[] args) {

src/main/java/org/dfbf/soundlink/global/auth/JwtProvider.java

@@ -1,6 +1,7 @@
 package org.dfbf.soundlink.global.auth;
 
 import io.jsonwebtoken.security.Keys;
+import jakarta.annotation.PostConstruct;
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -10,6 +11,7 @@
 import io.jsonwebtoken.*;
 
 import javax.crypto.SecretKey;
+import java.util.Base64;
 import java.util.Date;
 import java.util.concurrent.TimeUnit;
 
@@ -24,7 +26,17 @@ public class JwtProvider {
     private long REFRESH_EXPIRATION_TIME;
 
     //시크릿 키
-    private final SecretKey SECRET_KEY = Keys.secretKeyFor(SignatureAlgorithm.HS256);
+    @Value("${jwt.secret}")
+    private String secretKey;
+    private SecretKey SECRET_KEY;
+
+    @PostConstruct
+    public void init(){
+        byte[] keyBytes = Base64.getDecoder().decode(secretKey); //인코딩된 문자열 ->바이트 배열로 변환
+        this.SECRET_KEY = Keys.hmacShaKeyFor(keyBytes); //안전한 HMAC 키로 변환
+        System.out.println("Decoded secretKey: " + secretKey);  // 디버깅용
+        System.out.println("Generated SECRET_KEY: " + SECRET_KEY);  // 디버깅용
+    }
 
     @Autowired
     private RedisTemplate<String, String> redisTemplate;
@@ -38,6 +50,7 @@ public String createAccessToken(long userId) {
                 .setClaims(claims)
                 .setIssuedAt(now)
                 .setExpiration(new Date(now.getTime()+ACCESS_EXPIRATION_TIME))
+                .setHeaderParam("typ", "JWT")
                 .signWith(SECRET_KEY, SignatureAlgorithm.HS256)
                 .compact();
     }
@@ -50,6 +63,7 @@ public String createRefreshToken(long userId) {
                 .setClaims(claims)
                 .setIssuedAt(now)
                 .setExpiration(new Date(now.getTime()+REFRESH_EXPIRATION_TIME))
+                .setHeaderParam("typ", "JWT")
                 .signWith(SECRET_KEY, SignatureAlgorithm.HS256)
                 .compact();
         try {

src/test/java/org/dfbf/soundlink/domain/user/CreateJwtTest.java

@@ -0,0 +1,36 @@
+package org.dfbf.soundlink.domain.user;
+
+import io.jsonwebtoken.security.Keys;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.context.SpringBootTest;
+
+import javax.crypto.SecretKey;
+import java.util.Base64;
+
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+
+@SpringBootTest
+public class CreateJwtTest {
+
+    @Value("${jwt.secret}")
+    private String secretKeyPlain;
+
+    @Test
+    void secretKeyValid(){
+        assertThat(secretKeyPlain).isNotNull();
+    }
+
+    @Test
+//    @DisplayName("secretKey 원문으로 hmac 암호화 알고리즘에 맞는 SecretKey 객체를 만들 수 있다.")
+    void t2() {
+        // secretKeyPlain이 Base64 인코딩된 상태라면 디코딩하여 사용해야 함
+        byte[] keyBytes = Base64.getDecoder().decode(secretKeyPlain);
+
+        // HMAC 서명용 SecretKey 생성
+        SecretKey secretKey = Keys.hmacShaKeyFor(keyBytes);
+
+        assertThat(secretKey).isNotNull();
+    }
+}