[Feat] #44 TokenRefresh하기~

build.gradle

@@ -26,6 +26,7 @@ repositories {
 dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-web'
     implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
+    implementation 'org.springframework.boot:spring-boot-starter-data-redis'
     compileOnly 'org.projectlombok:lombok'
     annotationProcessor 'org.projectlombok:lombok'
     implementation 'org.springframework.boot:spring-boot-starter-security'

src/main/java/team7/inplace/InplaceApplication.java

@@ -3,9 +3,20 @@
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.FilterType;
+import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
+import team7.inplace.token.persistence.RefreshTokenRepository;
 
 @SpringBootApplication
 @ConfigurationPropertiesScan
+@EnableJpaRepositories(
+    basePackages = "team7.inplace",
+    excludeFilters = @ComponentScan.Filter(
+        type = FilterType.ASSIGNABLE_TYPE,
+        classes = {RefreshTokenRepository.class}
+    )
+)
 public class InplaceApplication {
 
     public static void main(String[] args) {

src/main/java/team7/inplace/global/exception/code/UserErroCode.java

@@ -0,0 +1,30 @@
+package team7.inplace.global.exception.code;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import org.springframework.http.HttpStatus;
+
+@AllArgsConstructor
+@Getter
+public enum UserErroCode implements ErrorCode {
+    NOT_FOUND(HttpStatus.NOT_FOUND, "U001", "User is not found");
+
+    private final HttpStatus status;
+    private final String code;
+    private final String message;
+
+    @Override
+    public HttpStatus httpStatus() {
+        return null;
+    }
+
+    @Override
+    public String code() {
+        return "";
+    }
+
+    @Override
+    public String message() {
+        return "";
+    }
+}

src/main/java/team7/inplace/security/config/CorsConfig.java

@@ -0,0 +1,17 @@
+package team7.inplace.security.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class CorsConfig implements WebMvcConfigurer {
+
+    @Override
+    public void addCorsMappings(CorsRegistry registry) {
+        registry.addMapping("/**")
+            .allowedOriginPatterns("*")
+            .allowedMethods("GET", "POST", "PUT", "DELETE")
+            .allowCredentials(true);
+    }
+}

src/main/java/team7/inplace/security/config/RedisConfig.java

@@ -0,0 +1,26 @@
+package team7.inplace.security.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisStandaloneConfiguration;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
+
+@Configuration
+public class RedisConfig {
+
+    @Bean
+    LettuceConnectionFactory redisConnectionFactory() {
+        return new LettuceConnectionFactory(new RedisStandaloneConfiguration("localhost", 6379));
+    }
+
+    @Bean
+    public RedisTemplate<?, ?> redisTemplate() {
+        RedisTemplate<?, ?> template = new RedisTemplate<>();
+        template.setConnectionFactory(redisConnectionFactory());
+        template.setKeySerializer(new StringRedisSerializer());
+        template.setValueSerializer(new StringRedisSerializer());
+        return template;
+    }
+}

src/main/java/team7/inplace/security/config/SecurityHandlerConfig.java

@@ -4,6 +4,7 @@
 import org.springframework.context.annotation.Configuration;
 import team7.inplace.security.handler.CustomSuccessHandler;
 import team7.inplace.security.util.JwtUtil;
+import team7.inplace.token.application.RefreshTokenService;
 import team7.inplace.user.application.UserService;
 
 @Configuration
@@ -12,8 +13,9 @@ public class SecurityHandlerConfig {
     @Bean
     public CustomSuccessHandler customSuccessHandler(
         JwtUtil jwtUtil,
-        UserService userService
+        UserService userService,
+        RefreshTokenService refreshTokenService
     ) {
-        return new CustomSuccessHandler(jwtUtil, userService);
+        return new CustomSuccessHandler(jwtUtil, userService, refreshTokenService);
     }
 }

src/main/java/team7/inplace/security/filter/AuthorizationFilter.java

@@ -43,14 +43,14 @@ protected void doFilterInternal(
     private boolean hasNoTokenCookie(HttpServletRequest request) {
         return Optional.ofNullable(request.getCookies())
             .flatMap(cookies -> Arrays.stream(cookies)
-                .filter(cookie -> cookie.getName().equals("Authorization"))
+                .filter(cookie -> cookie.getName().equals("access_token"))
                 .findAny())
             .isEmpty();
     }
 
     private Cookie getTokenCookie(HttpServletRequest request) throws InplaceException {
         return Arrays.stream(request.getCookies())
-            .filter(cookie -> cookie.getName().equals("Authorization"))
+            .filter(cookie -> cookie.getName().equals("access_token"))
             .findAny()
             .orElse(null);
     }

src/main/java/team7/inplace/security/handler/CustomSuccessHandler.java

@@ -8,20 +8,23 @@
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import team7.inplace.security.application.dto.CustomOAuth2User;
 import team7.inplace.security.util.JwtUtil;
+import team7.inplace.token.application.RefreshTokenService;
 import team7.inplace.user.application.UserService;
 import team7.inplace.user.application.dto.UserCommand;
 
 public class CustomSuccessHandler implements AuthenticationSuccessHandler {
 
     private final JwtUtil jwtUtil;
     private final UserService userService;
+    private final RefreshTokenService refreshTokenService;
 
     public CustomSuccessHandler(
         JwtUtil jwtUtil,
-        UserService userService
+        UserService userService, RefreshTokenService refreshTokenService
     ) {
         this.jwtUtil = jwtUtil;
         this.userService = userService;
+        this.refreshTokenService = refreshTokenService;
     }
 
     @Override
@@ -31,19 +34,22 @@ public void onAuthenticationSuccess(
         Authentication authentication
     ) throws IOException {
         CustomOAuth2User customOAuth2User = (CustomOAuth2User) authentication.getPrincipal();
-        addTokenToResponse(response, customOAuth2User);
+        UserCommand.Info userInfo = userService.getUserByUsername(customOAuth2User.username());
+        String accessToken = jwtUtil.createAccessToken(userInfo.username(), userInfo.id(),
+            userInfo.role().getRoles());
+        String refreshToken = jwtUtil.createRefreshToken(userInfo.username(), userInfo.id(),
+            userInfo.role().getRoles());
+        refreshTokenService.saveRefreshToken(userInfo.username(), refreshToken);
+        addTokenToResponse(response, accessToken, refreshToken);
         setRedirectUrlToResponse(response, customOAuth2User);
     }
 
     private void addTokenToResponse(
         HttpServletResponse response,
-        CustomOAuth2User customOAuth2User
+        String accessToken, String refreshToken
     ) {
-        UserCommand.Info user = userService.getUserByUsername(customOAuth2User.username());
-        Cookie accessTokenCookie = createCookie("access_token",
-            jwtUtil.createAccessToken(user.username(), user.id(), user.role().getRoles()));
-        Cookie refreshTokenCookie = createCookie("refresh_token",
-            jwtUtil.createRefreshToken(user.username(), user.id(), user.role().getRoles()));
+        Cookie accessTokenCookie = createCookie("access_token", accessToken);
+        Cookie refreshTokenCookie = createCookie("refresh_token", refreshToken);
 
         response.addCookie(accessTokenCookie);
         response.addCookie(refreshTokenCookie);

src/main/java/team7/inplace/security/util/JwtUtil.java

@@ -57,9 +57,10 @@ public String getUsername(String token) throws InplaceException {
         }
     }
 
-    public String getTokenType(String token) throws InplaceException {
+    public boolean isRefreshToken(String token) throws InplaceException {
         try {
-            return jwtParser.parseSignedClaims(token).getPayload().get("tokenType", String.class);
+            return jwtParser.parseSignedClaims(token).getPayload().get("tokenType", String.class)
+                .equals("refreshToken");
         } catch (JwtException | IllegalArgumentException e) {
             throw InplaceException.of(AuthorizationErrorCode.INVALID_TOKEN);
         }

src/main/java/team7/inplace/token/application/RefreshTokenFacade.java

@@ -0,0 +1,38 @@
+package team7.inplace.token.application;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Transactional;
+import team7.inplace.global.exception.InplaceException;
+import team7.inplace.global.exception.code.AuthorizationErrorCode;
+import team7.inplace.security.util.JwtUtil;
+import team7.inplace.token.application.dto.TokenCommand;
+import team7.inplace.token.application.dto.TokenCommand.ReIssued;
+import team7.inplace.user.application.UserService;
+import team7.inplace.user.application.dto.UserCommand;
+
+@Component
+@RequiredArgsConstructor
+public class RefreshTokenFacade {
+
+    private final JwtUtil jwtUtil;
+    private final RefreshTokenService refreshTokenService;
+    private final UserService userService;
+
+    @Transactional
+    public ReIssued getReIssuedRefreshTokenCookie(String username, String refreshToken)
+        throws InplaceException {
+        if (refreshTokenService.isInvalidRefreshToken(refreshToken)) {
+            throw InplaceException.of(AuthorizationErrorCode.INVALID_TOKEN);
+        }
+
+        UserCommand.Info userInfo = userService.getUserByUsername(username);
+        String reIssuedRefreshToken = jwtUtil
+            .createRefreshToken(userInfo.username(), userInfo.id(), userInfo.role().getRoles());
+        String reIssuedAccessToken = jwtUtil
+            .createAccessToken(userInfo.username(), userInfo.id(), userInfo.role().getRoles());
+        refreshTokenService.saveRefreshToken(username, reIssuedRefreshToken);
+
+        return TokenCommand.ReIssued.of(reIssuedRefreshToken, reIssuedAccessToken);
+    }
+}

src/main/java/team7/inplace/token/application/RefreshTokenService.java

@@ -0,0 +1,30 @@
+package team7.inplace.token.application;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+import team7.inplace.global.exception.InplaceException;
+import team7.inplace.global.exception.code.AuthorizationErrorCode;
+import team7.inplace.security.util.JwtUtil;
+import team7.inplace.token.domain.RefreshToken;
+import team7.inplace.token.persistence.RefreshTokenRepository;
+
+@Service
+@RequiredArgsConstructor
+public class RefreshTokenService {
+
+    private final RefreshTokenRepository refreshTokenRepository;
+    private final JwtUtil jwtUtil;
+
+    public boolean isInvalidRefreshToken(String refreshToken) throws InplaceException {
+        String username = jwtUtil.getUsername(refreshToken);
+        return !refreshTokenRepository.findById(username).orElseThrow(() ->
+                InplaceException.of(AuthorizationErrorCode.INVALID_TOKEN))
+            .getRefreshToken().equals(refreshToken);
+    }
+
+    public void saveRefreshToken(String username, String token) {
+        RefreshToken refreshToken = new RefreshToken(username, token);
+        refreshTokenRepository.save(refreshToken);
+    }
+
+}

src/main/java/team7/inplace/token/application/dto/TokenCommand.java

@@ -0,0 +1,14 @@
+package team7.inplace.token.application.dto;
+
+public class TokenCommand {
+
+    public record ReIssued(
+        String accessToken,
+        String refreshToken
+    ) {
+
+        public static ReIssued of(String reIssuedRefreshToken, String reIssuedAccessToken) {
+            return new ReIssued(reIssuedRefreshToken, reIssuedAccessToken);
+        }
+    }
+}

src/main/java/team7/inplace/token/domain/RefreshToken.java

@@ -0,0 +1,19 @@
+package team7.inplace.token.domain;
+
+import lombok.AccessLevel;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import org.springframework.data.annotation.Id;
+import org.springframework.data.redis.core.RedisHash;
+
+@Getter
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+@AllArgsConstructor
+@RedisHash(value = "refreshToken", timeToLive = 60 * 60 * 1000L)
+public class RefreshToken {
+
+    @Id
+    private String username;
+    private String refreshToken;
+}

src/main/java/team7/inplace/token/persistence/RefreshTokenRepository.java

@@ -0,0 +1,12 @@
+package team7.inplace.token.persistence;
+
+import java.util.Optional;
+import org.springframework.data.repository.CrudRepository;
+import org.springframework.stereotype.Repository;
+import team7.inplace.token.domain.RefreshToken;
+
+@Repository
+public interface RefreshTokenRepository extends CrudRepository<RefreshToken, String> {
+
+    Optional<RefreshToken> findById(String id);
+}

src/main/java/team7/inplace/token/presentation/RefreshTokenController.java

@@ -0,0 +1,57 @@
+package team7.inplace.token.presentation;
+
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CookieValue;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+import team7.inplace.global.exception.InplaceException;
+import team7.inplace.global.exception.code.AuthorizationErrorCode;
+import team7.inplace.security.util.AuthorizationUtil;
+import team7.inplace.security.util.JwtUtil;
+import team7.inplace.token.application.RefreshTokenFacade;
+import team7.inplace.token.application.dto.TokenCommand.ReIssued;
+
+@RestController
+@RequiredArgsConstructor
+public class RefreshTokenController {
+
+    private final JwtUtil jwtUtil;
+    private final RefreshTokenFacade refreshTokenFacade;
+
+    @GetMapping("/refresh-token")
+    public ResponseEntity<Void> refreshToken(@CookieValue(value = "refresh_token") Cookie cookie,
+        HttpServletResponse response) {
+        if (cannotRefreshToken(cookie)) {
+            throw InplaceException.of(AuthorizationErrorCode.INVALID_TOKEN);
+        }
+
+        String refreshToken = cookie.getValue();
+        ReIssued reIssuedToken = refreshTokenFacade.getReIssuedRefreshTokenCookie(
+            jwtUtil.getUsername(refreshToken), refreshToken);
+        addTokenToCookie(response, reIssuedToken);
+
+        return ResponseEntity.ok().build();
+    }
+
+    private void addTokenToCookie(HttpServletResponse response, ReIssued reIssuedToken) {
+        Cookie accessTokenCookie = createCookie("access_token", reIssuedToken.accessToken());
+        Cookie refreshTokenCookie = createCookie("refresh_token", reIssuedToken.refreshToken());
+        response.addCookie(accessTokenCookie);
+        response.addCookie(refreshTokenCookie);
+    }
+
+    private boolean cannotRefreshToken(Cookie cookie) {
+        return AuthorizationUtil.getUserId() == null || !jwtUtil.isRefreshToken(cookie.getValue());
+    }
+
+    private Cookie createCookie(String key, String value) {
+        Cookie cookie = new Cookie(key, value);
+        cookie.setMaxAge(60 * 60);
+        cookie.setPath("/");
+        cookie.setHttpOnly(true);
+        return cookie;
+    }
+}