[ADD] TODO: REFRESH TOKEN

10 months ago · a5aa215b70
parent 0d6e9e3ccc
commit a5aa215b70
5 changed files with 117 additions and 83 deletions
--- a/src/main/java/kr/re/etri/autoflow/controllers/AuthController.java
+++ b/src/main/java/kr/re/etri/autoflow/controllers/AuthController.java
@ -7,14 +7,13 @@ import io.swagger.v3.oas.annotations.Parameter;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.Valid;
 import kr.re.etri.autoflow.service.AuthService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.web.bind.annotation.*;
@ -43,11 +42,8 @@ import io.swagger.v3.oas.annotations.responses.ApiResponses;
@CrossOrigin(origins = "*", maxAge = 3600)
@RestController
@RequestMapping("/api/auth")
@RequiredArgsConstructor
 public class AuthController {
  @Autowired
  AuthenticationManager authenticationManager;
  @Autowired
  UserRepository userRepository;
@ -63,50 +59,18 @@ public class AuthController {
  @Autowired
  RefreshTokenService refreshTokenService;
-  @Operation(summary = "로그인", description = "사용자 인증 후 JWT 및 리프레시 토큰 쿠키를 반환합니다.")
+  private final AuthService authService;
-  @ApiResponses({
+
-          @ApiResponse(responseCode = "200", description = "로그인 성공"),
+    @Operation(summary = "로그인", description = "사용자 인증 후 JWT 및 리프레시 토큰 쿠키를 반환합니다.")
-          @ApiResponse(responseCode = "401", description = "잘못된 사용자명 또는 비밀번호")
+    @ApiResponses({
-  })
+            @ApiResponse(responseCode = "200", description = "로그인 성공"),
-  @PostMapping("/signin")
+            @ApiResponse(responseCode = "401", description = "잘못된 사용자명 또는 비밀번호")
-  public ResponseEntity<?> authenticateUser(@Valid @RequestBody LoginRequest loginRequest) {
+    })
-      Authentication authentication = authenticationManager.authenticate(
+    @PostMapping("/signin")
-              new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword())
+    public ResponseEntity<?> signIn(@Valid @RequestBody LoginRequest request) {
-      );
+        Map<String, Object> response = authService.authenticate(request);
-
+        return ResponseEntity.ok(response);
-      SecurityContextHolder.getContext().setAuthentication(authentication);
+    }
      UserDetailsImpl userDetails = (UserDetailsImpl) authentication.getPrincipal();
      // 기존 refresh token 제거
      refreshTokenService.deleteByUserId(userDetails.getId());
      // 새 JWT 및 RefreshToken 생성
      ResponseCookie jwtCookie = jwtUtils.generateJwtCookie(userDetails);
      RefreshToken refreshToken = refreshTokenService.createRefreshToken(userDetails.getId());
      ResponseCookie jwtRefreshCookie = jwtUtils.generateRefreshJwtCookie(refreshToken.getToken());
      List<String> roles = userDetails.getAuthorities().stream()
              .map(GrantedAuthority::getAuthority)
              .toList();
      UserInfoResponse userInfo = new UserInfoResponse(
              userDetails.getId(),
              userDetails.getUsername(),
              userDetails.getEmail(),
              userDetails.getAuthorities().stream()
                      .map(GrantedAuthority::getAuthority)
                      .collect(Collectors.toList())
      );
      // 응답 바디에 userInfo와 쿠키 문자열 같이 넣기
      Map<String, Object> responseBody = new HashMap<>();
      responseBody.put("userInfo", userInfo);
      responseBody.put("jwtCookie", jwtCookie.toString());
      responseBody.put("jwtRefreshCookie", jwtRefreshCookie.toString());
      return ResponseEntity.ok(responseBody);
  }
    @Operation(summary = "회원가입", description = "새로운 사용자를 등록합니다.")
  @ApiResponses({
--- a/src/main/java/kr/re/etri/autoflow/security/WebSecurityConfig.java
+++ b/src/main/java/kr/re/etri/autoflow/security/WebSecurityConfig.java
@ -83,38 +83,38 @@ public class WebSecurityConfig { // extends WebSecurityConfigurerAdapter {
 //    http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
 //  }
 //  @Bean
 //  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 //    http.csrf(AbstractHttpConfigurer::disable)
 //        .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
 //        .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
 //        .authorizeHttpRequests(auth ->
 //          auth.requestMatchers("/api/auth/**").permitAll()
 //                  .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
 //                  .requestMatchers("/api/test/**").permitAll()
 //              .anyRequest().authenticated()
 //        );
 //
 //    http.authenticationProvider(authenticationProvider());
 //
 //    http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
 //
 //    return http.build();
 //  }
  // 임시 설정
  @Bean
  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http.csrf(AbstractHttpConfigurer::disable)
-            .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
+        .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
-            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+        .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-            .authorizeHttpRequests(auth ->
+        .authorizeHttpRequests(auth ->
-                    auth.anyRequest().permitAll() // 모든 요청 허용
+          auth.requestMatchers("/api/auth/**").permitAll()
-            );
+                  .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
                  .requestMatchers("/api/test/**").permitAll()
              .anyRequest().authenticated()
        );
    http.authenticationProvider(authenticationProvider());
    http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
    return http.build();
  }
  // 임시 설정
 //  @Bean
 //  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 //    http.csrf(AbstractHttpConfigurer::disable)
 //            .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
 //            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
 //            .authorizeHttpRequests(auth ->
 //                    auth.anyRequest().permitAll() // 모든 요청 허용
 //            );
 //
 //    http.authenticationProvider(authenticationProvider());
 //    http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
 //
 //    return http.build();
 //  }
 }
--- a/src/main/java/kr/re/etri/autoflow/security/jwt/AuthTokenFilter.java
+++ b/src/main/java/kr/re/etri/autoflow/security/jwt/AuthTokenFilter.java
@ -52,8 +52,16 @@ public class AuthTokenFilter extends OncePerRequestFilter {
    filterChain.doFilter(request, response);
  }
-  private String parseJwt(HttpServletRequest request) {
+    private String parseJwt(HttpServletRequest request) {
-    String jwt = jwtUtils.getJwtFromCookies(request);
+        // 쿠키에서 JWT 가져오기
-    return jwt;
+        String jwt = jwtUtils.getJwtFromCookies(request);
-  }
+        if (jwt != null) {
            return jwt;
        }
        // 헤더에서 JWT 가져오기
        jwt = request.getHeader("cuuva-jwt");
        return (jwt != null && !jwt.isEmpty()) ? jwt : null;
    }
 }
--- a/src/main/java/kr/re/etri/autoflow/service/AuthService.java
+++ b/src/main/java/kr/re/etri/autoflow/service/AuthService.java
@ -0,0 +1,61 @@
 package kr.re.etri.autoflow.service;
 import kr.re.etri.autoflow.models.RefreshToken;
 import kr.re.etri.autoflow.payload.request.LoginRequest;
 import kr.re.etri.autoflow.payload.response.UserInfoResponse;
 import kr.re.etri.autoflow.security.jwt.JwtUtils;
 import kr.re.etri.autoflow.security.services.RefreshTokenService;
 import kr.re.etri.autoflow.security.services.UserDetailsImpl;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseCookie;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 import java.util.HashMap;
 import java.util.Map;
@Service
@RequiredArgsConstructor
 public class AuthService {
    private final AuthenticationManager authenticationManager;
    private final JwtUtils jwtUtils;
    private final RefreshTokenService refreshTokenService;
    public Map<String, Object> authenticate(LoginRequest request) {
        Authentication authentication = authenticationManager.authenticate(
                new UsernamePasswordAuthenticationToken(request.getUsername(), request.getPassword())
        );
        SecurityContextHolder.getContext().setAuthentication(authentication);
        UserDetailsImpl userDetails = (UserDetailsImpl) authentication.getPrincipal();
        // 기존 refresh token 제거
        refreshTokenService.deleteByUserId(userDetails.getId());
        // 새 JWT 및 RefreshToken 생성
        ResponseCookie jwtCookie = jwtUtils.generateJwtCookie(userDetails);
        RefreshToken refreshToken = refreshTokenService.createRefreshToken(userDetails.getId());
        ResponseCookie jwtRefreshCookie = jwtUtils.generateRefreshJwtCookie(refreshToken.getToken());
        UserInfoResponse userInfo = new UserInfoResponse(
                userDetails.getId(),
                userDetails.getUsername(),
                userDetails.getEmail(),
                userDetails.getAuthorities().stream()
                        .map(GrantedAuthority::getAuthority)
                        .toList()
        );
        Map<String, Object> response = new HashMap<>();
        response.put("userInfo", userInfo);
        response.put("jwtCookie", jwtCookie.toString());
        response.put("jwtRefreshCookie", jwtRefreshCookie.toString());
        return response;
    }
 }
--- a/src/main/java/kr/re/etri/autoflow/swagger/OpenAPIConfig.java
+++ b/src/main/java/kr/re/etri/autoflow/swagger/OpenAPIConfig.java
@ -40,6 +40,7 @@ public class OpenAPIConfig {
                .addSecuritySchemes(SECURITY_SCHEME_ACCESS,
                        new SecurityScheme()
                                .name("cuuva-jwt")  // 액세스 토큰 쿠키 이름
                                .bearerFormat("JWT")
                                .type(SecurityScheme.Type.APIKEY)
                                .in(SecurityScheme.In.HEADER)
                )