Terning-Server/src/main/java/org/terning/terningserver/auth/jwt/JwtProvider.java at c8f6f4a92c490dc46ff876b42f1742f150c49477 · teamterning/Terning-Server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package org.terning.terningserver.auth.jwt;

import io.jsonwebtoken.*;
import io.jsonwebtoken.security.Keys;
import jakarta.annotation.PostConstruct;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Component;
import org.terning.terningserver.auth.dto.Token;
import org.terning.terningserver.common.config.ValueConfig;
import org.terning.terningserver.auth.jwt.exception.JwtErrorCode;

import javax.crypto.SecretKey;
import java.util.Date;

@Component
@RequiredArgsConstructor
public class JwtProvider {

    private static final String USER_ID_CLAIM = "userId";
    private static final String TOKEN_PREFIX = "Bearer ";

    private final ValueConfig valueConfig;
    private SecretKey secretKey;

    @PostConstruct
    protected void init() {
        secretKey = Keys.hmacShaKeyFor(valueConfig.getSecretKey().getBytes());
    }

    public Token generateTokens(Long userId) {
        String accessToken = generateToken(userId, valueConfig.getAccessTokenExpired());
        String refreshToken = generateToken(userId, valueConfig.getRefreshTokenExpired());
        return new Token(accessToken, refreshToken);
    }

    public Token generateAccessToken(Long userId) {
        String accessToken = generateToken(userId, valueConfig.getAccessTokenExpired());
        return new Token(accessToken, null);
    }

    public Long getUserIdFrom(String authorizationHeader) {
        String token = resolveToken(authorizationHeader);

        Claims claims = parseClaims(token);

        Object userIdClaim = claims.get(USER_ID_CLAIM);
        if (userIdClaim instanceof Number) {
            return ((Number) userIdClaim).longValue();
        }
        throw new JwtException(JwtErrorCode.INVALID_USER_ID_TYPE.getMessage());
    }

    public String resolveToken(String rawToken) {
        if (rawToken != null && rawToken.startsWith(TOKEN_PREFIX)) {
            return rawToken.substring(TOKEN_PREFIX.length());
        }
        throw new JwtException(JwtErrorCode.TOKEN_NOT_FOUND.getMessage());
    }

    private String generateToken(Long userId, long expiration) {
        Claims claims = Jwts.claims();
        claims.put(USER_ID_CLAIM, userId);

        return Jwts.builder()
                .setClaims(claims)
                .setIssuedAt(new Date())
                .setExpiration(new Date(System.currentTimeMillis() + expiration))
                .signWith(secretKey)
                .compact();
    }

    private Claims parseClaims(String token) {
        try {
            return Jwts.parserBuilder()
                    .setSigningKey(secretKey)
                    .build()
                    .parseClaimsJws(token)
                    .getBody();
        } catch (ExpiredJwtException e) {
            throw new JwtException(JwtErrorCode.EXPIRED_JWT_TOKEN.getMessage());
        } catch (UnsupportedJwtException | MalformedJwtException | SecurityException | IllegalArgumentException e) {
            throw new JwtException(JwtErrorCode.INVALID_JWT_TOKEN.getMessage());
        }
    }
}