prgrms-web-devcourse-final-project
diff --git a/‎src/main/java/com/back/domain/user/controller/AuthController.java‎
Lines changed: 1 addition & 0 deletions b/‎src/main/java/com/back/domain/user/controller/AuthController.java‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/main/java/com/back/domain/user/controller/AuthControllerDocs.java‎
Lines changed: 22 additions & 12 deletions b/‎src/main/java/com/back/domain/user/controller/AuthControllerDocs.java‎
Lines changed: 22 additions & 12 deletions
diff --git a/‎src/main/java/com/back/domain/user/controller/UserControllerDocs.java‎
Lines changed: 54 additions & 18 deletions b/‎src/main/java/com/back/domain/user/controller/UserControllerDocs.java‎
Lines changed: 54 additions & 18 deletions
diff --git a/‎src/main/java/com/back/domain/user/service/AuthService.java‎
Lines changed: 12 additions & 9 deletions b/‎src/main/java/com/back/domain/user/service/AuthService.java‎
Lines changed: 12 additions & 9 deletions
diff --git a/‎src/main/java/com/back/global/config/WebSocketConfig.java‎
Lines changed: 1 addition & 3 deletions b/‎src/main/java/com/back/global/config/WebSocketConfig.java‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎src/main/java/com/back/global/exception/ErrorCode.java‎
Lines changed: 7 additions & 6 deletions b/‎src/main/java/com/back/global/exception/ErrorCode.java‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎src/main/java/com/back/global/security/JwtAuthenticationEntryPoint.java‎
Lines changed: 15 additions & 7 deletions b/‎src/main/java/com/back/global/security/JwtAuthenticationEntryPoint.java‎
Lines changed: 15 additions & 7 deletions
diff --git a/‎src/main/java/com/back/global/security/JwtAuthenticationFilter.java‎
Lines changed: 27 additions & 11 deletions b/‎src/main/java/com/back/global/security/JwtAuthenticationFilter.java‎
Lines changed: 27 additions & 11 deletions
@@ -12,6 +12,7 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 
@@ -260,17 +260,27 @@ ResponseEntity<RsData<LoginResponse>> login(
             ),
             @ApiResponse(
                     responseCode = "401",
-                    description = "이미 만료되었거나 유효하지 않은 Refresh Token",
+                    description = "만료 또는 유효하지 않은 Refresh Token",
                     content = @Content(
                             mediaType = "application/json",
-                            examples = @ExampleObject(value = """
-                                    {
-                                      "success": false,
-                                      "code": "AUTH_401",
-                                      "message": "이미 만료되었거나 유효하지 않은 토큰입니다.",
-                                      "data": null
-                                    }
-                                    """)
+                            examples = {
+                                    @ExampleObject(name = "만료된 Refresh Token", value = """
+                                            {
+                                              "success": false,
+                                              "code": "AUTH_005",
+                                              "message": "만료된 리프레시 토큰입니다.",
+                                              "data": null
+                                            }
+                                            """),
+                                    @ExampleObject(name = "유효하지 않은 Refresh Token", value = """
+                                            {
+                                              "success": false,
+                                              "code": "AUTH_003",
+                                              "message": "유효하지 않은 리프레시 토큰입니다.",
+                                              "data": null
+                                            }
+                                            """)
+                            }
                     )
             ),
             @ApiResponse(
@@ -356,16 +366,16 @@ ResponseEntity<RsData<Void>> logout(
                                     @ExampleObject(name = "Refresh Token 만료", value = """
                                             {
                                               "success": false,
-                                              "code": "AUTH_401",
+                                              "code": "AUTH_005",
                                               "message": "만료된 리프레시 토큰입니다.",
                                               "data": null
                                             }
                                             """),
                                     @ExampleObject(name = "Refresh Token 위조/무효", value = """
                                             {
                                               "success": false,
-                                              "code": "AUTH_401",
-                                              "message": "유효하지 않은 Refresh Token입니다.",
+                                              "code": "AUTH_003",
+                                              "message": "유효하지 않은 리프레시 토큰입니다.",
                                               "data": null
                                             }
                                             """)
 
@@ -87,17 +87,35 @@ public interface UserControllerDocs {
             ),
             @ApiResponse(
                     responseCode = "401",
-                    description = "인증 실패 (토큰 없음/만료/잘못됨)",
+                    description = "인증 실패 (Access Token 문제)",
                     content = @Content(
                             mediaType = "application/json",
-                            examples = @ExampleObject(value = """
-                                    {
-                                      "success": false,
-                                      "code": "AUTH_401",
-                                      "message": "인증이 필요합니다.",
-                                      "data": null
-                                    }
-                                    """)
+                            examples = {
+                                    @ExampleObject(name = "토큰 없음", value = """
+                                            {
+                                              "success": false,
+                                              "code": "AUTH_001",
+                                              "message": "인증이 필요합니다.",
+                                              "data": null
+                                            }
+                                            """),
+                                    @ExampleObject(name = "유효하지 않은 토큰", value = """
+                                            {
+                                              "success": false,
+                                              "code": "AUTH_002",
+                                              "message": "유효하지 않은 액세스 토큰입니다.",
+                                              "data": null
+                                            }
+                                            """),
+                                    @ExampleObject(name = "만료된 토큰", value = """
+                                            {
+                                              "success": false,
+                                              "code": "AUTH_004",
+                                              "message": "만료된 액세스 토큰입니다.",
+                                              "data": null
+                                            }
+                                            """)
+                            }
                     )
             ),
             @ApiResponse(
@@ -219,17 +237,35 @@ ResponseEntity<RsData<UserDetailResponse>> getMyInfo(
             ),
             @ApiResponse(
                     responseCode = "401",
-                    description = "인증 실패 (토큰 없음/만료/잘못됨)",
+                    description = "인증 실패 (토큰 없음/잘못됨/만료)",
                     content = @Content(
                             mediaType = "application/json",
-                            examples = @ExampleObject(value = """
-                                    {
-                                      "success": false,
-                                      "code": "AUTH_401",
-                                      "message": "인증이 필요합니다.",
-                                      "data": null
-                                    }
-                                    """)
+                            examples = {
+                                    @ExampleObject(name = "토큰 없음", value = """
+                                            {
+                                              "success": false,
+                                              "code": "AUTH_001",
+                                              "message": "인증이 필요합니다.",
+                                              "data": null
+                                            }
+                                            """),
+                                    @ExampleObject(name = "잘못된 토큰", value = """
+                                            {
+                                              "success": false,
+                                              "code": "AUTH_002",
+                                              "message": "유효하지 않은 액세스 토큰입니다.",
+                                              "data": null
+                                            }
+                                            """),
+                                    @ExampleObject(name = "만료된 토큰", value = """
+                                            {
+                                              "success": false,
+                                              "code": "AUTH_004",
+                                              "message": "만료된 액세스 토큰입니다.",
+                                              "data": null
+                                            }
+                                            """)
+                            }
                     )
             ),
             @ApiResponse(
 
@@ -125,9 +125,11 @@ public LoginResponse login(LoginRequest request, HttpServletResponse response) {
                 "refreshToken",
                 refreshToken,
                 (int) jwtTokenProvider.getRefreshTokenExpirationInSeconds(),
-                "/api/auth"
+                "/",
+                true
         );
 
+
         // LoginResponse 반환
         return new LoginResponse(
                 accessToken,
@@ -150,15 +152,18 @@ public void logout(HttpServletRequest request, HttpServletResponse response) {
         }
 
         // Refresh Token 검증
-        if (!jwtTokenProvider.validateToken(refreshToken)) {
-            throw new CustomException(ErrorCode.INVALID_TOKEN);
-        }
+        jwtTokenProvider.validateRefreshToken(refreshToken);
 
         // DB에서 Refresh Token 삭제
         userTokenRepository.deleteByRefreshToken(refreshToken);
 
         // 쿠키 삭제
-        CookieUtil.clearCookie(response, "refreshToken", "/api/auth");
+        CookieUtil.clearCookie(
+                response,
+                "refreshToken",
+                "/",
+                true
+        );
     }
 
     /**
@@ -178,13 +183,11 @@ public String refreshToken(HttpServletRequest request, HttpServletResponse respo
         }
 
         // Refresh Token 검증
-        if (!jwtTokenProvider.validateToken(refreshToken)) {
-            throw new CustomException(ErrorCode.INVALID_TOKEN);
-        }
+        jwtTokenProvider.validateRefreshToken(refreshToken);
 
         // DB에서 Refresh Token 조회
         UserToken userToken = userTokenRepository.findByRefreshToken(refreshToken)
-                .orElseThrow(() -> new CustomException(ErrorCode.INVALID_TOKEN));
+                .orElseThrow(() -> new CustomException(ErrorCode.INVALID_REFRESH_TOKEN));
 
         // 사용자 정보 조회
         User user = userToken.getUser();
 
@@ -105,9 +105,7 @@ private void authenticateUser(StompHeaderAccessor accessor) {
             String token = authHeader.substring(7); // "Bearer " 제거
 
             // JWT 토큰 검증
-            if (!jwtTokenProvider.validateToken(token)) {
-                throw new RuntimeException("유효하지 않은 인증 토큰입니다");
-            }
+            jwtTokenProvider.validateAccessToken(token);
 
             // 토큰에서 사용자 정보 추출
             Authentication authentication = jwtTokenProvider.getAuthentication(token);
 
@@ -59,12 +59,13 @@ public enum ErrorCode {
     NOT_FOUND(HttpStatus.NOT_FOUND, "COMMON_404", "요청하신 리소스를 찾을 수 없습니다."),
 
     // ======================== 인증/인가 에러 ========================
-    UNAUTHORIZED(HttpStatus.UNAUTHORIZED, "AUTH_401", "인증이 필요합니다."),
-    INVALID_TOKEN(HttpStatus.UNAUTHORIZED, "AUTH_401", "유효하지 않은 토큰입니다."),
-    EXPIRED_ACCESS_TOKEN(HttpStatus.UNAUTHORIZED, "AUTH_401", "만료된 액세스 토큰입니다."),
-    EXPIRED_REFRESH_TOKEN(HttpStatus.UNAUTHORIZED, "AUTH_401", "만료된 리프레시 토큰입니다."),
-    REFRESH_TOKEN_REUSE(HttpStatus.FORBIDDEN, "AUTH_403", "재사용된 리프레시 토큰입니다."),
-    ACCESS_DENIED(HttpStatus.FORBIDDEN, "AUTH_403", "권한이 없습니다.");
+    UNAUTHORIZED(HttpStatus.UNAUTHORIZED, "AUTH_001", "인증이 필요합니다."),
+    INVALID_ACCESS_TOKEN(HttpStatus.UNAUTHORIZED, "AUTH_002", "유효하지 않은 액세스 토큰입니다."),
+    INVALID_REFRESH_TOKEN(HttpStatus.UNAUTHORIZED, "AUTH_003", "유효하지 않은 리프레시 토큰입니다."),
+    EXPIRED_ACCESS_TOKEN(HttpStatus.UNAUTHORIZED, "AUTH_004", "만료된 액세스 토큰입니다."),
+    EXPIRED_REFRESH_TOKEN(HttpStatus.UNAUTHORIZED, "AUTH_005", "만료된 리프레시 토큰입니다."),
+    REFRESH_TOKEN_REUSE(HttpStatus.FORBIDDEN, "AUTH_006", "재사용된 리프레시 토큰입니다."),
+    ACCESS_DENIED(HttpStatus.FORBIDDEN, "AUTH_007", "권한이 없습니다.");
 
 
     private final HttpStatus status;
 
@@ -1,6 +1,7 @@
 package com.back.global.security;
 
 import com.back.global.common.dto.RsData;
+import com.back.global.exception.CustomException;
 import com.back.global.exception.ErrorCode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import jakarta.servlet.http.HttpServletRequest;
@@ -22,17 +23,24 @@ public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
     private final ObjectMapper objectMapper = new ObjectMapper();
 
     @Override
-    public void commence(
-            HttpServletRequest request,
-            HttpServletResponse response,
-            AuthenticationException authException
-    ) throws IOException {
+    public void commence(HttpServletRequest request,
+                         HttpServletResponse response,
+                         AuthenticationException authException) throws IOException {
 
         response.setContentType("application/json;charset=UTF-8");
-        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 
-        RsData<Void> body = RsData.fail(ErrorCode.UNAUTHORIZED);
+        // request attribute에서 ErrorCode 꺼내기
+        ErrorCode errorCode = (ErrorCode) request.getAttribute("errorCode");
+
+        // ErrorCode가 없으면 UNAUTHORIZED로 기본 설정
+        if (errorCode == null) {
+            errorCode = ErrorCode.UNAUTHORIZED;
+        }
+
+        response.setStatus(errorCode.getStatus().value());
+        RsData<Void> body = RsData.fail(errorCode);
 
         response.getWriter().write(objectMapper.writeValueAsString(body));
     }
+
 }
@@ -1,10 +1,12 @@
 package com.back.global.security;
 
+import com.back.global.exception.CustomException;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
@@ -21,30 +23,44 @@
 @RequiredArgsConstructor
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
     private final JwtTokenProvider jwtTokenProvider;
+    private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
 
     @Override
     protected void doFilterInternal(
             HttpServletRequest request, HttpServletResponse response, FilterChain filterChain
     ) throws ServletException, IOException {
 
-        // Request Header에서 토큰 추출
-        String token = resolveToken(request);
+        try {
+            // Request Header에서 토큰 추출
+            String token = resolveToken(request);
 
-        // 토큰이 유효한 경우에만 Authentication 객체 생성 및 SecurityContext에 저장
-        if (token != null && jwtTokenProvider.validateToken(token)) {
-            Authentication authentication = jwtTokenProvider.getAuthentication(token);
-            SecurityContextHolder.getContext().setAuthentication(authentication);
+            // 토큰이 유효한 경우에만 Authentication 객체 생성 및 SecurityContext에 저장
+            if (token != null) {
+                jwtTokenProvider.validateAccessToken(token);
+                Authentication authentication = jwtTokenProvider.getAuthentication(token);
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+            }
+
+            // 다음 필터로 요청 전달
+            filterChain.doFilter(request, response);
+        } catch (CustomException ex) {
+            // SecurityContext 초기화
+            SecurityContextHolder.clearContext();
+
+            // request attribute에 ErrorCode 저장
+            request.setAttribute("errorCode", ex.getErrorCode());
+
+            // 인증 실패 처리
+            jwtAuthenticationEntryPoint.commence(
+                    request, response,
+                    new InsufficientAuthenticationException("Custom auth error")
+            );
         }
 
-        // 다음 필터로 요청 전달
-        filterChain.doFilter(request, response);
     }
 
     /**
      * Request의 Authorization 헤더에서 JWT 토큰을 추출
-     *
-     * @param request HTTP 요청 객체
-     * @return JWT 토큰 문자열 또는 null
      */
     private String resolveToken(HttpServletRequest request) {
         String bearerToken = request.getHeader("Authorization");