fix: 로그아웃 로직 중복 수정 (#115)

* feat: Redis 설정

* feat: 소셜로그인, 재발급 시 refresh token을 redis에 저장/삭제/조회

* feat: 로그아웃, 회원 탈퇴 시 Redis에서 Refresh Token 삭제

* refactor: jwtFilter 중복 코드 제거

* feat: 블랙리스트 토큰 여부 적용

* feat: 블랙리스트 토큰 저장 구현

* feat: 탈퇴 시 블랙리스트 토큰 저장 적용

* test: 탈퇴 시 블랙리스트 토큰 저장 적용

* fix: 누락된 문서 추가

* refactor: 로그아웃, 탈퇴 시 사용 API 통일

* 새로ì�ci: 개발계용 dockerfile 생성

* ci: 개발계 배포 스크립트

* test: Redis 미기동으로 테스트 실패 방지

* ci: 배포 스크립트 수정

* feat: RedisConfig 삭제 (Spring Boot 자동설정 사용)

* test: redis mocking

* chore: 에러코드 수정

* chore: 불필요 요소 삭제

* fix: JWT 로그아웃 필터 유형 변경

* test: JWT 로그아웃 필터 관련 테스트 코드 수정

* fix: 트랜잭션 전파 수정

* feat: 에러코드 추가

* chore: 불필요 요소 삭제

* chore: 주석 수정

Author: jaelyangChoi

capturecat-core/compose.yml

@@ -0,0 +1,26 @@
+services:
+  dev-capturecat-db:
+    image: postgres
+    environment:
+      POSTGRES_DB: capturecat
+      POSTGRES_USER: capturecat
+      POSTGRES_PASSWORD: capturecat77
+      MYSQL_ROOT_PASSWORD:
+      MYSQL_DATABASE:
+    volumes:
+      - /home/ubuntu/capturecat/database/docker-postgresql/postgresql_data:/var/lib/postgresql/data
+    ports:
+      - 5432:5432
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB} -h 127.0.0.1 -p 5432"]
+      interval: 5s
+      retries: 10
+  dev-capturecat-cache-server:
+    image: redis
+    command: ["redis-server", "--requirepass", "capturecat77"]
+    ports:
+      - 6379:6379
+    healthcheck:
+      test: [ "CMD", "redis-cli", "ping" ]
+      interval: 5s
+      retries: 10

capturecat-core/src/main/java/com/capturecat/core/config/SecurityConfig.java

@@ -46,15 +46,16 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 		http.csrf(AbstractHttpConfigurer::disable)
 			.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
 			.formLogin(AbstractHttpConfigurer::disable)
+			.logout(AbstractHttpConfigurer::disable)
 			.httpBasic(AbstractHttpConfigurer::disable)
-			.addFilterBefore(new JwtFilter(jwtUtil, tokenService), JwtLoginFilter.class)
+			.addFilterBefore(new JwtFilter(jwtUtil, tokenService), UsernamePasswordAuthenticationFilter.class)
 			.addFilterAt(
 				new JwtLoginFilter(authenticationManager(authenticationConfiguration), tokenService),
 				UsernamePasswordAuthenticationFilter.class)
-			.addFilterAt(new JwtLogoutFilter(tokenService), LogoutFilter.class)
+			.addFilterBefore(new JwtLogoutFilter(tokenService), LogoutFilter.class)
 			.authorizeHttpRequests(
 				authorizeRequests -> authorizeRequests
-					.requestMatchers("/health", "/docs/**", "/token/reissue", "/v1/auth/**", "/v1/user/join")
+					.requestMatchers("/health", "/docs/**", "/token/reissue", "/v1/auth/**", "/v1/user/join", "/logout")
 					.permitAll()
 					.anyRequest()
 					.hasRole("USER"));

capturecat-core/src/main/java/com/capturecat/core/config/jwt/JwtFilter.java

@@ -72,4 +72,9 @@ private void rejectInvalidToken(HttpServletResponse response, ErrorType errorTyp
 		objectMapper.writeValue(response.getWriter(), ApiResponse.error(errorType));
 	}
 
+	@Override
+	protected boolean shouldNotFilter(HttpServletRequest request) {
+		String path = request.getServletPath();
+		return "/logout".equals(path);      // 로그아웃은 스킵
+	}
 }

capturecat-core/src/main/java/com/capturecat/core/config/jwt/JwtLoginFilter.java

@@ -19,6 +19,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 
 import com.capturecat.core.api.user.dto.UserReqDto.LoginReqDto;
 import com.capturecat.core.domain.user.UserRole;
@@ -32,6 +33,7 @@
  * 소셜 로그인/회원가입이 아닌,
  * 일반 회원가입 후 /login 경로로, id, password로 로그인한 경우 (개발 용도)
  */
+@Slf4j
 @RequiredArgsConstructor
 public class JwtLoginFilter extends UsernamePasswordAuthenticationFilter {
 
@@ -64,6 +66,7 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR
 
 		//토큰 발급
 		Map<TokenType, String> tokenMap = tokenIssueService.issue(username, UserRole.fromRoleString(role));
+		log.info("[JwtLoginFilter.successfulAuthentication] 사용자 로그인({}), 토큰 발급", username);
 
 		//Header에 실어 응답
 		response.setHeader(HttpHeaders.AUTHORIZATION, JwtUtil.BEARER_PREFIX + tokenMap.get(TokenType.ACCESS));

capturecat-core/src/main/java/com/capturecat/core/config/jwt/JwtLogoutFilter.java

@@ -2,72 +2,75 @@
 
 import java.io.IOException;
 
+import jakarta.servlet.DispatcherType;
 import jakarta.servlet.FilterChain;
-import jakarta.servlet.ServletException;
-import jakarta.servlet.ServletRequest;
-import jakarta.servlet.ServletResponse;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.util.StringUtils;
-import org.springframework.web.filter.GenericFilterBean;
+import org.springframework.web.filter.OncePerRequestFilter;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 
 import com.capturecat.core.service.auth.TokenService;
 import com.capturecat.core.support.error.CoreException;
 import com.capturecat.core.support.error.ErrorType;
 import com.capturecat.core.support.response.ApiResponse;
 
+@Slf4j
 @RequiredArgsConstructor
-public class JwtLogoutFilter extends GenericFilterBean {
+public class JwtLogoutFilter extends OncePerRequestFilter {
 
 	private static final String LOGOUT_PATH = "/logout";
 	private final TokenService tokenService;
 	private final ObjectMapper objectMapper = new ObjectMapper();
 
 	@Override
-	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
-		throws IOException, ServletException {
-		doFilter((HttpServletRequest)servletRequest, (HttpServletResponse)servletResponse, filterChain);
-	}
-
-	/** 로그아웃
-	 *  Refresh 토큰을 받아 DB에서 삭제 후 쿠키 null로 초기화하여 응답
-	 *  (모든 기기에서 로그아웃 시 username 기반으로 모든 refresh 토큰 삭제)
-	 */
-	private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
-		throws IOException, ServletException {
-
-		// 로그아웃 요청일 때
-		if (!request.getRequestURI().equals(LOGOUT_PATH)) {
-			filterChain.doFilter(request, response);
-			return;
+	protected boolean shouldNotFilter(HttpServletRequest request) {
+		// 1) ERROR/ASYNC 등 요청 아닌 디스패치 스킵
+		if (request.getDispatcherType() != DispatcherType.REQUEST) {
+			return true;
 		}
+		// 2) POST만 허용
+		if (!"POST".equalsIgnoreCase(request.getMethod())) {
+			return true;
+		}
+		// 3) /logout 경로만 통과
+		return !LOGOUT_PATH.equals(request.getRequestURI());
+	}
 
-		// 로그아웃
+	@Override
+	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+		throws IOException {
 		try {
 			String accessHeader = request.getHeader(HttpHeaders.AUTHORIZATION);
 			String refreshHeader = request.getHeader(JwtUtil.REFRESH_TOKEN_HEADER);
 			if (!StringUtils.hasText(accessHeader) || !StringUtils.hasText(refreshHeader)) {
-				throw new CoreException(ErrorType.INVALID_AUTH_TOKEN);
+				throw new CoreException(ErrorType.INVALID_LOGOUT_AUTH_TOKEN);
 			}
+			log.info("LogoutFilter hit: dispatcher={}, path={}", request.getDispatcherType(), request.getServletPath());
+
 			tokenService.revokeUserTokens(accessHeader, refreshHeader);
+
+			response.setStatus(HttpStatus.OK.value());
+			response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+			objectMapper.writeValue(response.getWriter(), ApiResponse.success());
 		} catch (CoreException e) {
 			response.setStatus(HttpStatus.UNAUTHORIZED.value());
 			response.setContentType(MediaType.APPLICATION_JSON_VALUE);
 			objectMapper.writeValue(response.getWriter(), ApiResponse.error(e.getErrorType()));
-			return;
+		} catch (Exception e) {
+			response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
+			response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+			objectMapper.writeValue(response.getWriter(),
+				ApiResponse.error(ErrorType.INTERNAL_SERVER_ERROR));
 		}
-
-		// 성공 응답
-		response.setStatus(HttpStatus.OK.value());
-		response.setContentType(MediaType.APPLICATION_JSON_VALUE);
-		objectMapper.writeValue(response.getWriter(), ApiResponse.success());
+		// 체인 종료 (추가 필터로 넘기지 않음)
 	}
 }

capturecat-core/src/main/java/com/capturecat/core/config/jwt/JwtUtil.java

@@ -17,6 +17,9 @@
 import io.jsonwebtoken.MalformedJwtException;
 import io.jsonwebtoken.security.SignatureException;
 
+import com.capturecat.core.support.error.CoreException;
+import com.capturecat.core.support.error.ErrorType;
+
 @Component
 public class JwtUtil {
 
@@ -77,10 +80,11 @@ public boolean isValid(String token) {
 		return true;
 	}
 
-	public String resolveToken(String header) {
-		return header != null && header.startsWith(BEARER_PREFIX)
-			? header.substring(BEARER_PREFIX.length()).trim()
-			: null;
+	public String resolveToken(String authHeader) {
+		if (authHeader == null || !authHeader.startsWith(JwtUtil.BEARER_PREFIX)) {
+			throw new CoreException(ErrorType.INVALID_ACCESS_TOKEN);
+		}
+		return authHeader.substring(BEARER_PREFIX.length()).trim();
 	}
 
 	// JWT 파싱하여 만료일자(ms) 반환
@@ -89,7 +93,6 @@ public long getExpiration(String token) {
 		return claims.getExpiration().getTime();
 	}
 
-
 	// username(subject) 추출
 	public String getUsername(String token) {
 		return extractClaims(token).getSubject();

capturecat-core/src/main/java/com/capturecat/core/service/auth/TokenService.java

@@ -109,8 +109,12 @@ private void saveRefreshToken(String username, String refreshToken) {
 	 * Refresh Token 삭제 및 Access Token 블랙리스트 등록
 	 */
 	public void revokeUserTokens(String accessTokenHeader, String refreshTokenHeader) {
-		blacklistAccessToken(accessTokenHeader);
-		deleteValidRefreshToken(refreshTokenHeader);
+		try {
+			blacklistAccessToken(accessTokenHeader);
+			deleteValidRefreshToken(refreshTokenHeader);
+		} catch (Exception e) {
+			throw new CoreException(ErrorType.INTERNAL_SERVER_ERROR);
+		}
 	}
 
 	/**
@@ -145,6 +149,7 @@ public void blacklistAccessToken(String authHeader) {
 			redisTemplate.opsForValue()
 				.set(blacklistKey(accessToken), "blacklisted", remainMillis, TimeUnit.MILLISECONDS);
 		}
+		log.info("Blacklist Token: {}", accessToken);
 	}
 
 	public boolean isBlacklisted(String accessToken) {

capturecat-core/src/main/java/com/capturecat/core/service/user/UserService.java

@@ -113,7 +113,6 @@ public String withdraw(LoginUser loginUser, String reason) {
 		return resultMessage;
 	}
 
-	@Transactional
 	protected void deleteUserAndRelated(Long userId) {
 		//1. 즐겨찾기 삭제
 		bookmarkRepository.deleteByUserId(userId);

capturecat-core/src/main/java/com/capturecat/core/service/user/WithdrawLogService.java

@@ -16,8 +16,7 @@
 public class WithdrawLogService {
 	private final WithdrawLogRepository withdrawLogRepository;
 
-	// 전파 시 실패해도 록백하지 않도록
-	@Transactional(propagation = Propagation.REQUIRES_NEW)
+	@Transactional
 	public void save(Long userId, String reason) {
 		try {
 			WithdrawLog log = WithdrawLog.builder()

capturecat-core/src/main/java/com/capturecat/core/support/error/ErrorCode.java

@@ -36,7 +36,9 @@ public enum ErrorCode {
 	UNLINK_SOCIAL_FAIL("소셜 로그인 연결 해제에 실패했습니다."),
 	FETCH_SOCIAL_TOKEN_FAIL("소셜 서비스로부터 idToken 혹은 unlinkKey 획득에 실패했습니다."),
 	SOCIAL_API_ERROR("소셜 서비스 API 호출 결과 실패를 응답받았습니다."),
-	MISSING_PARAMETER("필수 파라미터 %s(이)가 누락되었습니다.");
+	MISSING_PARAMETER("필수 파라미터 %s(이)가 누락되었습니다."),
+	INTERNAL_SERVER_ERROR("서버에서 오류가 발생했습니다."),
+	INVALID_LOGOUT_AUTH_TOKEN("ACCESS 토큰 또는 REFRESH 토큰이 유효하지 않습니다.");
 
 	private final String message;