액세스 토큰 만료시 Refresh 하는 기능 구현

build.gradle

@@ -27,12 +27,20 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-validation'
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 
+	//openFeign
+	implementation 'org.springframework.cloud:spring-cloud-starter-openfeign:4.1.0'
+
 	//querydsl
 	implementation 'com.querydsl:querydsl-jpa:5.0.0:jakarta'
 	annotationProcessor "com.querydsl:querydsl-apt:${dependencyManagement.importedProperties['querydsl.version']}:jakarta"
 	annotationProcessor "jakarta.annotation:jakarta.annotation-api"
 	annotationProcessor "jakarta.persistence:jakarta.persistence-api"
 
+	//jwt
+	implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
+	runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
+	runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'
+
 	implementation 'com.github.gavlyukovskiy:p6spy-spring-boot-starter:1.9.0'
 	compileOnly 'org.projectlombok:lombok'
 	runtimeOnly 'com.mysql:mysql-connector-j'
@@ -42,6 +50,17 @@ dependencies {
 	testRuntimeOnly 'com.h2database:h2'
 }
 
+//openFeign
+ext {
+	set('springCloudVersion', "2023.0.0")
+}
+
+dependencyManagement {
+	imports {
+		mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
+	}
+}
+
 
 //checkStyle
 compileJava.options.encoding = 'UTF-8'

src/main/java/com/sickgyun/server/auth/annotation/AdminOnly.java

@@ -0,0 +1,12 @@
+package com.sickgyun.server.auth.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@LoginRequired
+public @interface AdminOnly {
+}

src/main/java/com/sickgyun/server/auth/annotation/LoginRequired.java

@@ -0,0 +1,11 @@
+package com.sickgyun.server.auth.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target({ElementType.METHOD, ElementType.ANNOTATION_TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+public @interface LoginRequired {
+}

src/main/java/com/sickgyun/server/auth/domain/Token.java

@@ -0,0 +1,7 @@
+package com.sickgyun.server.auth.domain;
+
+public record Token(
+	String accessToken,
+	String refreshToken
+) {
+}

src/main/java/com/sickgyun/server/auth/exception/NotBssmEmailException.java

@@ -0,0 +1,11 @@
+package com.sickgyun.server.auth.exception;
+
+import org.springframework.http.HttpStatus;
+
+import com.sickgyun.server.common.exception.SickgyunException;
+
+public class NotBssmEmailException extends SickgyunException {
+	public NotBssmEmailException(String email) {
+		super(HttpStatus.BAD_REQUEST, email + "은 Bssm 이메일이 아닙니다.");
+	}
+}

src/main/java/com/sickgyun/server/auth/exception/TokenExpiredException.java

@@ -0,0 +1,11 @@
+package com.sickgyun.server.auth.exception;
+
+import org.springframework.http.HttpStatus;
+
+import com.sickgyun.server.common.exception.SickgyunException;
+
+public class TokenExpiredException extends SickgyunException {
+	public TokenExpiredException() {
+		super(HttpStatus.FORBIDDEN, "토큰이 만료되었습니다.");
+	}
+}

src/main/java/com/sickgyun/server/auth/exception/TokenInvalidException.java

@@ -0,0 +1,11 @@
+package com.sickgyun.server.auth.exception;
+
+import org.springframework.http.HttpStatus;
+
+import com.sickgyun.server.common.exception.SickgyunException;
+
+public class TokenInvalidException extends SickgyunException {
+	public TokenInvalidException() {
+		super(HttpStatus.UNAUTHORIZED, "토큰이 유효하지 않습니다.");
+	}
+}

src/main/java/com/sickgyun/server/auth/exception/TokenMissingException.java

@@ -0,0 +1,11 @@
+package com.sickgyun.server.auth.exception;
+
+import org.springframework.http.HttpStatus;
+
+import com.sickgyun.server.common.exception.SickgyunException;
+
+public class TokenMissingException extends SickgyunException {
+	public TokenMissingException() {
+		super(HttpStatus.UNAUTHORIZED, "토큰이 없습니다.");
+	}
+}

src/main/java/com/sickgyun/server/auth/exception/UserIsNotAdminException.java

@@ -0,0 +1,11 @@
+package com.sickgyun.server.auth.exception;
+
+import org.springframework.http.HttpStatus;
+
+import com.sickgyun.server.common.exception.SickgyunException;
+
+public class UserIsNotAdminException extends SickgyunException {
+	public UserIsNotAdminException() {
+		super(HttpStatus.UNAUTHORIZED, "사용자가 어드민이 아닙니다.");
+	}
+}

src/main/java/com/sickgyun/server/auth/exception/UserNotLoginException.java

@@ -0,0 +1,11 @@
+package com.sickgyun.server.auth.exception;
+
+import static org.springframework.http.HttpStatus.*;
+
+import com.sickgyun.server.common.exception.SickgyunException;
+
+public class UserNotLoginException extends SickgyunException {
+	public UserNotLoginException() {
+		super(FORBIDDEN, "유저가 로그인하지 않았습니다.");
+	}
+}

src/main/java/com/sickgyun/server/auth/infra/feign/GoogleOauthFeign.java

@@ -0,0 +1,13 @@
+package com.sickgyun.server.auth.infra.feign;
+
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+import com.sickgyun.server.auth.infra.feign.dto.GoogleUserInfoResponse;
+
+@FeignClient(name = "GoogleOauthFeign", url = "https://www.googleapis.com/oauth2/v1/userinfo")
+public interface GoogleOauthFeign {
+	@GetMapping
+	GoogleUserInfoResponse getInfo(@RequestParam(name = "access_token") String accessToken);
+}

src/main/java/com/sickgyun/server/auth/infra/feign/dto/GoogleUserInfoResponse.java

@@ -0,0 +1,12 @@
+package com.sickgyun.server.auth.infra.feign.dto;
+
+import com.sickgyun.server.user.domain.User;
+
+public record GoogleUserInfoResponse(
+	String email,
+	String name
+) {
+	public User toUser() {
+		return new User(name, email);
+	}
+}

src/main/java/com/sickgyun/server/auth/interceptor/AuthInterceptor.java

@@ -0,0 +1,56 @@
+package com.sickgyun.server.auth.interceptor;
+
+import static org.springframework.http.HttpHeaders.*;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import com.sickgyun.server.auth.annotation.AdminOnly;
+import com.sickgyun.server.auth.annotation.LoginRequired;
+import com.sickgyun.server.auth.exception.UserIsNotAdminException;
+import com.sickgyun.server.auth.repository.AuthRepository;
+import com.sickgyun.server.auth.util.BearerTokenExtractor;
+import com.sickgyun.server.auth.util.JwtParser;
+import com.sickgyun.server.user.domain.User;
+import com.sickgyun.server.user.domain.repository.UserRepository;
+import com.sickgyun.server.user.domain.role.Role;
+import com.sickgyun.server.user.exception.UserNotFoundException;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+
+@Configuration
+@RequiredArgsConstructor
+public class AuthInterceptor implements HandlerInterceptor {
+	private final JwtParser jwtParser;
+	private final AuthRepository authRepository;
+	private final UserRepository userRepository;
+
+	@Override
+	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+		if (handler instanceof HandlerMethod hm) {
+			if (hm.hasMethodAnnotation(LoginRequired.class)) {
+				String jwt = BearerTokenExtractor.extract(request.getHeader(AUTHORIZATION));
+				Long userId = jwtParser.getIdFromJwt(jwt);
+
+				User user = userRepository.findById(userId)
+					.orElseThrow(() -> new UserNotFoundException(userId));
+
+				authRepository.updateCurrentUser(user);
+			}
+			if (hm.hasMethodAnnotation(AdminOnly.class)) {
+				User currentUser = authRepository.getCurrentUser();
+				shouldUserAdmin(currentUser);
+			}
+		}
+		return true;
+	}
+
+	private static void shouldUserAdmin(User currentUser) {
+		if (currentUser.getRole() != Role.ADMIN) {
+			throw new UserIsNotAdminException();
+		}
+	}
+}

src/main/java/com/sickgyun/server/auth/presentation/AuthController.java

@@ -0,0 +1,34 @@
+package com.sickgyun.server.auth.presentation;
+
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.sickgyun.server.auth.presentation.dto.AccessTokenRequest;
+import com.sickgyun.server.auth.presentation.dto.RefreshTokenRequest;
+import com.sickgyun.server.auth.presentation.dto.TokenResponse;
+import com.sickgyun.server.auth.service.CommandAuthService;
+
+import lombok.RequiredArgsConstructor;
+
+@RestController
+@RequestMapping("/auth")
+@RequiredArgsConstructor
+public class AuthController {
+	private final CommandAuthService authService;
+
+	@PostMapping("/login")
+	public TokenResponse login(@RequestBody AccessTokenRequest accessToken) {
+		return TokenResponse.from(
+			authService.login(accessToken.accessToken())
+		);
+	}
+
+	@PostMapping("/refresh")
+	public TokenResponse refreshAccessToken(@RequestBody RefreshTokenRequest refreshToken) {
+		return TokenResponse.from(
+			authService.refresh(refreshToken.refreshToken())
+		);
+	}
+}

src/main/java/com/sickgyun/server/auth/presentation/dto/AccessTokenRequest.java

@@ -0,0 +1,6 @@
+package com.sickgyun.server.auth.presentation.dto;
+
+public record AccessTokenRequest(
+	String accessToken
+) {
+}

src/main/java/com/sickgyun/server/auth/presentation/dto/RefreshTokenRequest.java

@@ -0,0 +1,6 @@
+package com.sickgyun.server.auth.presentation.dto;
+
+public record RefreshTokenRequest(
+	String refreshToken
+) {
+}

src/main/java/com/sickgyun/server/auth/presentation/dto/TokenResponse.java

@@ -0,0 +1,15 @@
+package com.sickgyun.server.auth.presentation.dto;
+
+import com.sickgyun.server.auth.domain.Token;
+
+public record TokenResponse(
+	String accessToken,
+	String refreshToken
+) {
+	public static TokenResponse from(Token token) {
+		return new TokenResponse(
+			token.accessToken(),
+			token.refreshToken()
+		);
+	}
+}

src/main/java/com/sickgyun/server/auth/repository/AuthRepository.java

@@ -0,0 +1,22 @@
+package com.sickgyun.server.auth.repository;
+
+import org.springframework.stereotype.Repository;
+
+import com.sickgyun.server.auth.exception.UserNotLoginException;
+import com.sickgyun.server.user.domain.User;
+
+@Repository
+public class AuthRepository {
+	private User currentUser;
+
+	public User getCurrentUser() {
+		if (currentUser == null) {
+			throw new UserNotLoginException();
+		}
+		return currentUser;
+	}
+
+	public void updateCurrentUser(User currentUser) {
+		this.currentUser = currentUser;
+	}
+}

src/main/java/com/sickgyun/server/auth/service/CommandAuthService.java

@@ -0,0 +1,54 @@
+package com.sickgyun.server.auth.service;
+
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.sickgyun.server.auth.domain.Token;
+import com.sickgyun.server.auth.service.implementation.AuthReader;
+import com.sickgyun.server.auth.service.implementation.AuthValidator;
+import com.sickgyun.server.auth.service.implementation.TokenProvider;
+import com.sickgyun.server.auth.util.BearerTokenExtractor;
+import com.sickgyun.server.user.domain.User;
+import com.sickgyun.server.user.service.implementation.UserCreator;
+import com.sickgyun.server.user.service.implementation.UserReader;
+import com.sickgyun.server.user.service.implementation.UserUpdater;
+import com.sickgyun.server.user.service.implementation.UserValidator;
+
+import lombok.RequiredArgsConstructor;
+
+@Service
+@Transactional
+@RequiredArgsConstructor
+public class CommandAuthService {
+	private final TokenProvider tokenProvider;
+	private final AuthReader authReader;
+	private final AuthValidator authValidator;
+	private final UserValidator userValidator;
+	private final UserUpdater userUpdater;
+	private final UserCreator userCreator;
+	private final UserReader userReader;
+
+	public Token login(String accessToken) {
+		User user = authReader.getGoogleUser(accessToken);
+		authValidator.shouldBeBssmEmail(user);
+
+		User updatedUser;
+		if (userValidator.checkUserExist(user)) {
+			updatedUser = userUpdater.updateUser(user);
+		} else {
+			updatedUser = userCreator.create(user);
+		}
+
+		return tokenProvider.createNewTokens(updatedUser);
+	}
+
+	public Token refresh(String bearer) {
+		String refreshToken = BearerTokenExtractor.extract(bearer);
+		authValidator.shouldRefreshTokenValid(refreshToken);
+
+		Long userId = authReader.getIdFromJwt(refreshToken);
+		String accessToken = tokenProvider.createAccessToken(userReader.readUser(userId));
+
+		return new Token(accessToken, refreshToken);
+	}
+}

src/main/java/com/sickgyun/server/auth/service/implementation/AuthReader.java

@@ -0,0 +1,24 @@
+package com.sickgyun.server.auth.service.implementation;
+
+import org.springframework.stereotype.Service;
+
+import com.sickgyun.server.auth.infra.feign.GoogleOauthFeign;
+import com.sickgyun.server.auth.util.JwtParser;
+import com.sickgyun.server.user.domain.User;
+
+import lombok.RequiredArgsConstructor;
+
+@Service
+@RequiredArgsConstructor
+public class AuthReader {
+	private final GoogleOauthFeign googleFeign;
+	private final JwtParser jwtParser;
+
+	public User getGoogleUser(String accessToken) {
+		return googleFeign.getInfo(accessToken).toUser();
+	}
+
+	public Long getIdFromJwt(String token) {
+		return jwtParser.getIdFromJwt(token);
+	}
+}