GDSC-Hongik · uwoobeat · Jan 28, 2024 · Jan 27, 2024 · Jan 27, 2024 · Jan 27, 2024
@@ -35,6 +35,10 @@ jobs:
       - name: Run chmod to make gradlew executable
         run: chmod +x ./gradlew
 
+      # Redis 컨테이너 실행
+      - name: Start containers
+        run: docker-compose -f ./docker-compose-test.yaml up -d
+
       # Gradle 빌드
       - name: Build with Gradle
         id: gradle

@@ -13,14 +13,18 @@ jobs:
         uses: actions/[email protected]
 
       - name: JDK 설치
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: temurin
           java-version: 17
 
       - name: gradlew 권한 부여
         run: chmod +x ./gradlew
 
+      # Redis 컨테이너 실행
+      - name: Start containers
+        run: docker-compose -f ./docker-compose-test.yaml up -d
+
       - name: Gradle Build
         uses: gradle/gradle-build-action@v2
         with:

@@ -38,3 +38,6 @@ out/
 
 ### ETC ###
 .DS_Store
+
+### Secrets ###
+.env
@@ -29,17 +29,26 @@ ext {
 
 dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
-    implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
-    implementation 'org.springframework.boot:spring-boot-starter-security'
     implementation 'org.springframework.boot:spring-boot-starter-validation'
     implementation 'org.springframework.boot:spring-boot-starter-web'
     compileOnly 'org.projectlombok:lombok'
     runtimeOnly 'com.h2database:h2'
     runtimeOnly 'com.mysql:mysql-connector-j'
     annotationProcessor 'org.projectlombok:lombok'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
-    testImplementation 'org.springframework.restdocs:spring-restdocs-mockmvc'
+
+    // Spring Security
+    implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
+    implementation 'org.springframework.boot:spring-boot-starter-security'
     testImplementation 'org.springframework.security:spring-security-test'
+
+    // JWT
+    implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'
+
+    // Redis
+    implementation 'org.springframework.boot:spring-boot-starter-data-redis'
 }
 
 tasks.named('test') {

@@ -0,0 +1,9 @@
+version: "3.8"
+
+services:
+  redis:
+    image: "redis:alpine"
+    ports:
+      - "6379:6379"
+    environment:
+      - TZ=Asia/Seoul
@@ -10,3 +10,11 @@ services:
       - .env
     environment:
       - TZ=Asia/Seoul
+  redis:
+    image: "redis:alpine"
+    container_name: redis
+    ports:
+      - "6379:6379"
+    environment:
+      - TZ=Asia/Seoul
+    network_mode: host
@@ -0,0 +1,96 @@
+package com.gdschongik.gdsc.domain.auth.application;
+
+import static com.gdschongik.gdsc.global.common.constant.SecurityConstant.*;
+
+import com.gdschongik.gdsc.domain.auth.dao.RefreshTokenRepository;
+import com.gdschongik.gdsc.domain.auth.domain.RefreshToken;
+import com.gdschongik.gdsc.domain.auth.dto.AccessTokenDto;
+import com.gdschongik.gdsc.domain.auth.dto.RefreshTokenDto;
+import com.gdschongik.gdsc.domain.member.domain.MemberRole;
+import com.gdschongik.gdsc.global.util.JwtUtil;
+import io.jsonwebtoken.ExpiredJwtException;
+import java.util.Optional;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class JwtService {
+
+    private final JwtUtil jwtUtil;
+    private final RefreshTokenRepository refreshTokenRepository;
+
+    public AccessTokenDto createAccessToken(Long memberId, MemberRole memberRole) {
+        return jwtUtil.generateAccessToken(memberId, memberRole);
+    }
+
+    public RefreshTokenDto createRefreshToken(Long memberId) {
+        RefreshTokenDto refreshTokenDto = jwtUtil.generateRefreshToken(memberId);
+        saveRefreshTokenToRedis(refreshTokenDto);
+        return refreshTokenDto;
+    }
+
+    private void saveRefreshTokenToRedis(RefreshTokenDto refreshTokenDto) {
+        RefreshToken refreshToken = RefreshToken.builder()
+                .memberId(refreshTokenDto.memberId())
+                .token(refreshTokenDto.tokenValue())
+                .ttl(refreshTokenDto.ttl())
+                .build();
+        refreshTokenRepository.save(refreshToken);
+    }
+
+    public AccessTokenDto retrieveAccessToken(String accessTokenValue) {
+        try {
+            return jwtUtil.parseAccessToken(accessTokenValue);
+        } catch (Exception e) {
+            return null;
+        }
+    }
+
+    public RefreshTokenDto retrieveRefreshToken(String refreshTokenValue) {
+        RefreshTokenDto refreshTokenDto = parseRefreshToken(refreshTokenValue);
+
+        if (refreshTokenDto == null) {
+            return null;
+        }
+
+        // 파싱된 DTO와 일치하는 토큰이 Redis에 저장되어 있는지 확인
+        Optional<RefreshToken> refreshToken = getRefreshTokenFromRedis(refreshTokenDto.memberId());
+
+        // Redis에 토큰이 존재하고, 쿠키의 토큰과 값이 일치하면 DTO 반환
+        if (refreshToken.isPresent()
+                && refreshTokenDto.tokenValue().equals(refreshToken.get().getToken())) {
+            return refreshTokenDto;
+        }
+
+        // Redis에 토큰이 존재하지 않거나, 쿠키의 토큰과 값이 일치하지 않으면 null 반환
+        return null;
+    }
+
+    private Optional<RefreshToken> getRefreshTokenFromRedis(Long memberId) {
+        // TODO: CustomException으로 바꾸기
+        return refreshTokenRepository.findByMemberId(memberId);
+    }
+
+    private RefreshTokenDto parseRefreshToken(String refreshTokenValue) {
+        try {
+            return jwtUtil.parseRefreshToken(refreshTokenValue);
+        } catch (Exception e) {
+            return null;
+        }
+    }
+
+    public AccessTokenDto reissueAccessTokenIfExpired(String accessTokenValue) {
+        // AT가 만료된 경우 AT를 재발급, 만료되지 않은 경우 null 반환
+        try {
+            jwtUtil.parseAccessToken(accessTokenValue);
+            return null;
+        } catch (ExpiredJwtException e) {
+            Long memberId = Long.parseLong(e.getClaims().getSubject());
+            MemberRole memberRole = MemberRole.valueOf(e.getClaims().get(TOKEN_ROLE_NAME, String.class));
+            return createAccessToken(memberId, memberRole);
+        }
+    }
+}
@@ -0,0 +1,9 @@
+package com.gdschongik.gdsc.domain.auth.dao;
+
+import com.gdschongik.gdsc.domain.auth.domain.RefreshToken;
+import java.util.Optional;
+import org.springframework.data.repository.CrudRepository;
+
+public interface RefreshTokenRepository extends CrudRepository<RefreshToken, Long> {
+    Optional<RefreshToken> findByMemberId(Long aLong);
+}
@@ -0,0 +1,27 @@
+package com.gdschongik.gdsc.domain.auth.domain;
+
+import lombok.Builder;
+import lombok.Getter;
+import org.springframework.data.annotation.Id;
+import org.springframework.data.redis.core.RedisHash;
+import org.springframework.data.redis.core.TimeToLive;
+
+@Getter
+@RedisHash(value = "refreshToken")
+public class RefreshToken {
+
+    @Id
+    private Long memberId;
+
+    private String token;
+
+    @TimeToLive
+    private long ttl;
+
+    @Builder
+    public RefreshToken(Long memberId, String token, long ttl) {
+        this.memberId = memberId;
+        this.token = token;
+        this.ttl = ttl;
+    }
+}
@@ -0,0 +1,5 @@
+package com.gdschongik.gdsc.domain.auth.dto;
+
+import com.gdschongik.gdsc.domain.member.domain.MemberRole;
+
+public record AccessTokenDto(Long memberId, MemberRole memberRole, String tokenValue) {}
@@ -0,0 +1,3 @@
+package com.gdschongik.gdsc.domain.auth.dto;
+
+public record RefreshTokenDto(Long memberId, String tokenValue, Long ttl) {}
@@ -1,4 +1,4 @@
-package com.gdschongik.gdsc.common.model;
+package com.gdschongik.gdsc.domain.common.model;
 
 import jakarta.persistence.Column;
 import jakarta.persistence.EntityListeners;

@@ -0,0 +1,10 @@
+package com.gdschongik.gdsc.domain.member.dao;
+
+import com.gdschongik.gdsc.domain.member.domain.Member;
+import java.util.Optional;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface MemberRepository extends JpaRepository<Member, Long> {
+
+    Optional<Member> findByOauthId(String oauthId);
+}
@@ -1,6 +1,6 @@
 package com.gdschongik.gdsc.domain.member.domain;
 
-import com.gdschongik.gdsc.common.model.BaseTimeEntity;
+import com.gdschongik.gdsc.domain.common.model.BaseTimeEntity;
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
 import jakarta.persistence.EnumType;

@@ -0,0 +1,18 @@
+package com.gdschongik.gdsc.global.common.constant;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@Getter
+@AllArgsConstructor
+public enum JwtConstant {
+    ACCESS_TOKEN(Constants.ACCESS_TOKEN_COOKIE_NAME),
+    REFRESH_TOKEN(Constants.REFRESH_TOKEN_COOKIE_NAME);
+
+    private final String cookieName;
+
+    private static class Constants {
+        public static final String ACCESS_TOKEN_COOKIE_NAME = "accessToken";
+        public static final String REFRESH_TOKEN_COOKIE_NAME = "refreshToken";
+    }
+}
@@ -0,0 +1,9 @@
+package com.gdschongik.gdsc.global.common.constant;
+
+public class SecurityConstant {
+
+    public static final String REGISTRATION_REQUIRED_HEADER = "Registration-Required";
+    public static final String TOKEN_ROLE_NAME = "role";
+
+    private SecurityConstant() {}
+}
@@ -1,4 +1,4 @@
-package com.gdschongik.gdsc.common.config;
+package com.gdschongik.gdsc.global.config;
 
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.jpa.repository.config.EnableJpaAuditing;

@@ -0,0 +1,10 @@
+package com.gdschongik.gdsc.global.config;
+
+import com.gdschongik.gdsc.global.property.JwtProperty;
+import com.gdschongik.gdsc.global.property.RedisProperty;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@EnableConfigurationProperties({JwtProperty.class, RedisProperty.class})
+@Configuration
+public class PropertyConfig {}
@@ -0,0 +1,35 @@
+package com.gdschongik.gdsc.global.config;
+
+import com.gdschongik.gdsc.global.property.RedisProperty;
+import java.time.Duration;
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.connection.RedisStandaloneConfiguration;
+import org.springframework.data.redis.connection.lettuce.LettuceClientConfiguration;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+
+@RequiredArgsConstructor
+@Configuration
+public class RedisConfig {
+
+    private final RedisProperty redisProperty;
+
+    @Bean
+    public RedisConnectionFactory redisConnectionFactory() {
+        RedisStandaloneConfiguration redisConfig =
+                new RedisStandaloneConfiguration(redisProperty.getHost(), redisProperty.getPort());
+
+        if (!redisProperty.getPassword().isBlank()) {
+            redisConfig.setPassword(redisProperty.getPassword());
+        }
+
+        LettuceClientConfiguration clientConfig = LettuceClientConfiguration.builder()
+                .commandTimeout(Duration.ofSeconds(1))
+                .shutdownTimeout(Duration.ZERO)
+                .build();
+
+        return new LettuceConnectionFactory(redisConfig, clientConfig);
+    }
+}