feat: 액세스 토큰 유효성 검증 API 작성 #62

Mu-necting · Dec 2, 2024 · 2f9c728 · 2f9c728
1 parent 0fa29b3
commit 2f9c728
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 4 deletions.
diff --git a/src/main/java/com/munecting/api/domain/user/controller/AuthController.java b/src/main/java/com/munecting/api/domain/user/controller/AuthController.java
@@ -5,10 +5,9 @@
 import com.munecting.api.domain.user.dto.request.RefreshTokenRequestDto;
 import com.munecting.api.domain.user.dto.request.LoginRequestDto;
 import com.munecting.api.domain.user.dto.response.UserTokenResponseDto;
+import com.munecting.api.domain.user.dto.response.ValidateTokenResponseDto;
 import com.munecting.api.domain.user.service.AuthService;
-import com.munecting.api.global.auth.user.UserId;
 import com.munecting.api.global.common.dto.response.ApiResponse;
-import com.munecting.api.global.common.dto.response.Status;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
@@ -56,7 +55,6 @@ public ApiResponse<?> logout(
         return ApiResponse.ok(null);
     }
 
-
     @PostMapping("/refresh")
     @Operation(summary = "토큰 재발급하기")
     public ApiResponse<?> refreshToken(
@@ -65,4 +63,15 @@ public ApiResponse<?> refreshToken(
         UserTokenResponseDto dto = authService.refreshToken(refreshTokenRequestDto);
         return ApiResponse.created(dto);
     }
+
+    @GetMapping("/validate")
+    @Operation(summary = "액세스 토큰 유효성 검증")
+    public ApiResponse<?> validateAccessToken(
+            @Parameter(hidden = true)
+            @RequestHeader("Authorization") String authorizationHeaderValue
+    ){
+        ValidateTokenResponseDto dto = authService.validateAccessToken(authorizationHeaderValue);
+        return ApiResponse.ok(dto);
+    }
+
 }
diff --git a/src/main/java/com/munecting/api/domain/user/service/AuthService.java b/src/main/java/com/munecting/api/domain/user/service/AuthService.java
@@ -7,6 +7,7 @@
 import com.munecting.api.domain.user.dto.request.RefreshTokenRequestDto;
 import com.munecting.api.domain.user.dto.request.LoginRequestDto;
 import com.munecting.api.domain.user.dto.response.UserTokenResponseDto;
+import com.munecting.api.domain.user.dto.response.ValidateTokenResponseDto;
 import com.munecting.api.domain.user.entity.User;
 import com.munecting.api.domain.user.dao.UserRepository;
 import com.munecting.api.global.auth.jwt.JwtProvider;
@@ -132,7 +133,7 @@ public void logout(LogoutRequestDto dto) {
     }
 
     private Long getUserIdFromAccessToken(String requestToken) {
-        String token = jwtProvider.extractAccessToken(requestToken);
+        String token = extractAccessToken(requestToken);
 
         try {
             jwtProvider.validateTokenAtLogout(token);
@@ -154,4 +155,21 @@ private void processLogout(Long userId) {
             log.info("User {} logged out, no refresh token found", userId);
         }
     }
+
+    @Transactional(readOnly = true)
+    public ValidateTokenResponseDto validateAccessToken(String authorizationHeaderValue) {
+        try {
+            String accessToken = extractAccessToken(authorizationHeaderValue);
+            jwtProvider.validateAccessToken(accessToken);
+            return ValidateTokenResponseDto.of(true);
+        } catch (Exception e) {
+            log.info("Access token validation failed: {}", e.getMessage());
+            return ValidateTokenResponseDto.of(false);
+        }
+    }
+
+    private String extractAccessToken(String bearerToken) {
+        return jwtProvider.extractAccessToken(bearerToken);
+    }
+
 }