액세스 토큰 만료시 Refresh 하는 기능 구현

src/main/java/com/sickgyun/server/auth/interceptor/AuthInterceptor.java

@@ -1,5 +1,7 @@
 package com.sickgyun.server.auth.interceptor;
 
+import static org.springframework.http.HttpHeaders.*;
+
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.HandlerInterceptor;
@@ -30,7 +32,7 @@ public class AuthInterceptor implements HandlerInterceptor {
 	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
 		if (handler instanceof HandlerMethod hm) {
 			if (hm.hasMethodAnnotation(LoginRequired.class)) {
-				String jwt = BearerTokenExtractor.extract(request);
+				String jwt = BearerTokenExtractor.extract(request.getHeader(AUTHORIZATION));
 				Long userId = jwtParser.getIdFromJwt(jwt);
 
 				User user = userRepository.findById(userId)

src/main/java/com/sickgyun/server/auth/presentation/AuthController.java

@@ -6,6 +6,7 @@
 import org.springframework.web.bind.annotation.RestController;
 
 import com.sickgyun.server.auth.presentation.dto.AccessTokenRequest;
+import com.sickgyun.server.auth.presentation.dto.RefreshTokenRequest;
 import com.sickgyun.server.auth.presentation.dto.TokenResponse;
 import com.sickgyun.server.auth.service.CommandAuthService;
 
@@ -23,4 +24,11 @@ public TokenResponse login(@RequestBody AccessTokenRequest accessToken) {
 			authService.login(accessToken.accessToken())
 		);
 	}
+
+	@PostMapping("/refresh")
+	public TokenResponse refreshAccessToken(@RequestBody RefreshTokenRequest refreshToken) {
+		return TokenResponse.from(
+			authService.refresh(refreshToken.refreshToken())
+		);
+	}
 }

src/main/java/com/sickgyun/server/auth/presentation/dto/RefreshTokenRequest.java

@@ -0,0 +1,6 @@
+package com.sickgyun.server.auth.presentation.dto;
+
+public record RefreshTokenRequest(
+	String refreshToken
+) {
+}

src/main/java/com/sickgyun/server/auth/service/CommandAuthService.java

@@ -7,8 +7,10 @@
 import com.sickgyun.server.auth.service.implementation.AuthReader;
 import com.sickgyun.server.auth.service.implementation.AuthValidator;
 import com.sickgyun.server.auth.service.implementation.TokenProvider;
+import com.sickgyun.server.auth.util.BearerTokenExtractor;
 import com.sickgyun.server.user.domain.User;
 import com.sickgyun.server.user.service.implementation.UserCreator;
+import com.sickgyun.server.user.service.implementation.UserReader;
 import com.sickgyun.server.user.service.implementation.UserUpdater;
 import com.sickgyun.server.user.service.implementation.UserValidator;
 
@@ -20,14 +22,15 @@
 public class CommandAuthService {
 	private final TokenProvider tokenProvider;
 	private final AuthReader authReader;
-	private final AuthValidator validator;
+	private final AuthValidator authValidator;
 	private final UserValidator userValidator;
 	private final UserUpdater userUpdater;
 	private final UserCreator userCreator;
+	private final UserReader userReader;
 
 	public Token login(String accessToken) {
 		User user = authReader.getGoogleUser(accessToken);
-		validator.shouldBeBssmEmail(user);
+		authValidator.shouldBeBssmEmail(user);
 
 		User updatedUser;
 		if (userValidator.checkUserExist(user)) {
@@ -38,4 +41,14 @@ public Token login(String accessToken) {
 
 		return tokenProvider.createNewTokens(updatedUser);
 	}
+
+	public Token refresh(String bearer) {
+		String refreshToken = BearerTokenExtractor.extract(bearer);
+		authValidator.shouldRefreshTokenValid(refreshToken);
+
+		Long userId = authReader.getIdFromJwt(refreshToken);
+		String accessToken = tokenProvider.createAccessToken(userReader.readUser(userId));
+
+		return new Token(accessToken, refreshToken);
+	}
 }

src/main/java/com/sickgyun/server/auth/service/implementation/AuthReader.java

@@ -3,6 +3,7 @@
 import org.springframework.stereotype.Service;
 
 import com.sickgyun.server.auth.infra.feign.GoogleOauthFeign;
+import com.sickgyun.server.auth.util.JwtParser;
 import com.sickgyun.server.user.domain.User;
 
 import lombok.RequiredArgsConstructor;
@@ -11,8 +12,13 @@
 @RequiredArgsConstructor
 public class AuthReader {
 	private final GoogleOauthFeign googleFeign;
+	private final JwtParser jwtParser;
 
 	public User getGoogleUser(String accessToken) {
 		return googleFeign.getInfo(accessToken).toUser();
 	}
+
+	public Long getIdFromJwt(String token) {
+		return jwtParser.getIdFromJwt(token);
+	}
 }

src/main/java/com/sickgyun/server/auth/service/implementation/AuthValidator.java

@@ -3,13 +3,20 @@
 import org.springframework.stereotype.Service;
 
 import com.sickgyun.server.auth.exception.NotBssmEmailException;
+import com.sickgyun.server.auth.exception.TokenExpiredException;
+import com.sickgyun.server.auth.exception.TokenInvalidException;
+import com.sickgyun.server.common.config.JwtCredentials;
 import com.sickgyun.server.user.domain.User;
 
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.JwtException;
+import io.jsonwebtoken.Jwts;
 import lombok.RequiredArgsConstructor;
 
 @Service
 @RequiredArgsConstructor
 public class AuthValidator {
+	private final JwtCredentials jwtCredentials;
 
 	public void shouldBeBssmEmail(User user) {
 		String email = user.getEmail();
@@ -18,4 +25,17 @@ public void shouldBeBssmEmail(User user) {
 			throw new NotBssmEmailException(email);
 		}
 	}
+
+	public void shouldRefreshTokenValid(String refreshToken) {
+		try {
+			Jwts.parserBuilder()
+				.setSigningKey(jwtCredentials.secretKey())
+				.build()
+				.parseClaimsJws(refreshToken);
+		} catch (ExpiredJwtException e) {
+			throw new TokenExpiredException();
+		} catch (JwtException e) {
+			throw new TokenInvalidException();
+		}
+	}
 }

src/main/java/com/sickgyun/server/auth/service/implementation/TokenProvider.java

@@ -24,7 +24,7 @@ public Token createNewTokens(User user) {
 		);
 	}
 
-	private String createAccessToken(User user) {
+	public String createAccessToken(User user) {
 		return createToken(user, jwtCredentials.accessTokenExpirationTime());
 	}
 

src/main/java/com/sickgyun/server/auth/util/BearerTokenExtractor.java

@@ -1,11 +1,8 @@
 package com.sickgyun.server.auth.util;
 
-import static org.springframework.http.HttpHeaders.*;
-
 import com.sickgyun.server.auth.exception.TokenInvalidException;
 import com.sickgyun.server.auth.exception.TokenMissingException;
 
-import jakarta.servlet.http.HttpServletRequest;
 import lombok.AccessLevel;
 import lombok.NoArgsConstructor;
 
@@ -15,10 +12,9 @@ public class BearerTokenExtractor {
 	private static final String BEARER_TYPE = "Bearer ";
 	private static final String BEARER_JWT_REGEX = "^Bearer [A-Za-z0-9-_=]+\\.[A-Za-z0-9-_=]+\\.?[A-Za-z0-9-_.+/=]*$";
 
-	public static String extract(HttpServletRequest request) {
-		String authorization = request.getHeader(AUTHORIZATION);
-		validate(authorization);
-		return authorization.replace(BEARER_TYPE, "").trim();
+	public static String extract(String bearer) {
+		validate(bearer);
+		return bearer.replace(BEARER_TYPE, "").trim();
 	}
 
 	private static void validate(String authorization) {

src/main/java/com/sickgyun/server/user/service/implementation/UserReader.java

@@ -0,0 +1,21 @@
+package com.sickgyun.server.user.service.implementation;
+
+import org.springframework.stereotype.Service;
+
+import com.sickgyun.server.user.domain.User;
+import com.sickgyun.server.user.domain.repository.UserRepository;
+import com.sickgyun.server.user.exception.UserNotFoundException;
+
+import lombok.RequiredArgsConstructor;
+
+@Service
+@RequiredArgsConstructor
+public class UserReader {
+	private final UserRepository userRepository;
+
+	public User readUser(Long id) {
+		return userRepository.findById(id)
+			.orElseThrow(() -> new UserNotFoundException(id));
+	}
+
+}