feat: 로그아웃 필터 구현

sapiens2000 · sapiens2000 · commit c696e21148a5 · 2025-03-31T02:46:06.000+09:00
diff --git a/src/main/java/com/example/log4u/common/config/SecurityConfig.java b/src/main/java/com/example/log4u/common/config/SecurityConfig.java
@@ -12,12 +12,14 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.logout.LogoutFilter;
 import org.springframework.web.cors.CorsConfiguration;
 
-
 import com.example.log4u.common.oauth2.handler.OAuth2AuthenticationSuccessHandler;
 import com.example.log4u.common.oauth2.jwt.JwtAuthenticationFilter;
+import com.example.log4u.common.oauth2.jwt.JwtLogoutFilter;
 import com.example.log4u.common.oauth2.jwt.JwtUtil;
+import com.example.log4u.common.oauth2.repository.RefreshTokenRepository;
 import com.example.log4u.common.oauth2.service.CustomOAuth2UserService;
 import com.example.log4u.domain.user.service.UserService;
 
@@ -31,6 +33,7 @@ public class SecurityConfig {
 	private final OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler;
 	private final CustomOAuth2UserService customOAuth2UserService;
 	private final UserService userService;
+	private final RefreshTokenRepository refreshTokenRepository;
 
 	@Bean
 	public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws
@@ -43,22 +46,27 @@ public JwtAuthenticationFilter jwtAuthenticationFilter() {
 		return new JwtAuthenticationFilter(jwtUtil, userService);
 	}
 
+	@Bean
+	public JwtLogoutFilter jwtLogoutFilter() {
+		return new JwtLogoutFilter(jwtUtil, refreshTokenRepository);
+	}
+
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			.csrf(AbstractHttpConfigurer::disable)    //csrf 비활성화
 			.formLogin(AbstractHttpConfigurer::disable)    //폼 로그인 방식 disable
 			.httpBasic(AbstractHttpConfigurer::disable);            // HTTP Basic 인증 방식 disable
 
-
 		// oauth2 설정
 		http
 			.oauth2Login(oauth2 -> oauth2
 				.userInfoEndpoint(userInfoEndpointConfig -> userInfoEndpointConfig
 					.userService(customOAuth2UserService))
 				.successHandler(oAuth2AuthenticationSuccessHandler)
 			)
-			.addFilterBefore(new JwtAuthenticationFilter(jwtUtil, userService), OAuth2LoginAuthenticationFilter.class);
+			.addFilterBefore(new JwtAuthenticationFilter(jwtUtil, userService), OAuth2LoginAuthenticationFilter.class)
+			.addFilterBefore(new JwtLogoutFilter(jwtUtil, refreshTokenRepository), LogoutFilter.class);
 
 		//경로별 인가 작업
 		http
diff --git a/src/main/java/com/example/log4u/common/oauth2/jwt/JwtLogoutFilter.java b/src/main/java/com/example/log4u/common/oauth2/jwt/JwtLogoutFilter.java
@@ -0,0 +1,110 @@
+package com.example.log4u.common.oauth2.jwt;
+
+import java.io.IOException;
+
+import org.springframework.web.filter.GenericFilterBean;
+
+import com.example.log4u.common.oauth2.repository.RefreshTokenRepository;
+
+import io.jsonwebtoken.ExpiredJwtException;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+
+@RequiredArgsConstructor
+public class JwtLogoutFilter extends GenericFilterBean {
+
+	private final JwtUtil jwtUtil;
+	private final RefreshTokenRepository refreshTokenRepository;
+
+	@Override
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws
+		IOException,
+		ServletException {
+		doFilter((HttpServletRequest)request, (HttpServletResponse)response, chain);
+	}
+
+	private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws
+		IOException,
+		ServletException {
+
+		// 경로 확인
+		String requestUri = request.getRequestURI();
+		if (!requestUri.matches("^\\/logout$")) {
+			filterChain.doFilter(request, response);
+			return;
+		}
+
+		String requestMethod = request.getMethod();
+		if (!requestMethod.equals("POST")) {
+			filterChain.doFilter(request, response);
+			return;
+		}
+
+		// 리프레시 토큰 추출
+		String refresh = null;
+		Cookie[] cookies = request.getCookies();
+		for (Cookie cookie : cookies) {
+			if (cookie.getName().equals("refresh")) {
+				refresh = cookie.getValue();
+			}
+		}
+
+		// 리프레시 토큰 만료 체크
+		if (refresh == null) {
+			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+			return;
+		}
+
+		// 만료 검사
+		try {
+			jwtUtil.isExpired(refresh);
+		} catch (ExpiredJwtException e) {
+			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+			return;
+		}
+
+		// 토큰이 refresh인지 확인 (발급시 페이로드에 명시)
+		String tokenType = jwtUtil.getTokenType(refresh);
+		if (!tokenType.equals("refresh")) {
+			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+			return;
+		}
+
+		//DB에 저장되어 있는지 확인
+		Boolean isExist = refreshTokenRepository.existsByRefreshToken(refresh);
+		if (Boolean.FALSE.equals(isExist)) {
+			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+			return;
+		}
+
+		// 로그아웃
+		logout(response, refresh);
+	}
+
+	public void logout(HttpServletResponse response, String refresh) {
+		// DB 에서 리프레시 토큰 제거
+		refreshTokenRepository.deleteByRefreshToken(refresh);
+		// 쿠키 제거
+		deleteCookie(response);
+	}
+
+	public void deleteCookie(HttpServletResponse response) {
+		Cookie access = new Cookie("access", null);
+		Cookie refresh = new Cookie("refresh", null);
+
+		access.setMaxAge(0);
+		access.setPath("/");
+		refresh.setMaxAge(0);
+		refresh.setPath("/");
+
+		response.addCookie(access);
+		response.addCookie(refresh);
+		response.setStatus(HttpServletResponse.SC_OK);
+	}
+}
