Merge pull request #68 from UruruLab/feat/57-jwt-refresh-token

23MinL · web-flow · commit 031089de9592 · 2025-06-27T04:38:38.000+09:00
JWT Refresh Token 자동 갱신 및 Redis 기반 토큰 관리 기능 추가
diff --git a/build.gradle b/build.gradle
@@ -48,6 +48,8 @@ dependencies {
     // S3 (AWS SDK for Java v2)
     implementation 'software.amazon.awssdk:s3:2.20.74'
 
+    implementation 'org.springframework.boot:spring-boot-starter-data-redis'
+
     // https://mvnrepository.com/artifact/org.springdoc/springdoc-openapi-starter-webmvc-ui
     implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.8")
 }
diff --git a/src/main/java/com/ururulab/ururu/UruruApplication.java b/src/main/java/com/ururulab/ururu/UruruApplication.java
@@ -1,7 +1,9 @@
 package com.ururulab.ururu;
 
+import com.ururulab.ururu.auth.jwt.JwtProperties;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.scheduling.annotation.EnableAsync;
 
 @EnableAsync
diff --git a/src/main/java/com/ururulab/ururu/auth/controller/AuthController.java b/src/main/java/com/ururulab/ururu/auth/controller/AuthController.java
@@ -2,6 +2,7 @@
 
 import com.ururulab.ururu.auth.dto.request.SocialLoginRequest;
 import com.ururulab.ururu.auth.dto.response.SocialLoginResponse;
+import com.ururulab.ururu.auth.exception.InvalidJwtTokenException;
 import com.ururulab.ururu.auth.jwt.JwtTokenProvider;
 import com.ururulab.ururu.auth.service.SocialLoginService;
 import com.ururulab.ururu.auth.service.SocialLoginServiceFactory;
@@ -10,7 +11,6 @@
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.view.RedirectView;
@@ -45,22 +45,15 @@ public final class AuthController {
     public ResponseEntity<ApiResponseFormat<SocialLoginResponse>> socialLogin(
             @Valid @RequestBody final SocialLoginRequest request
     ) {
-        try {
-            final SocialLoginService loginService = socialLoginServiceFactory.getService(request.provider());
-            final SocialLoginResponse loginResponse = loginService.processLogin(request.code());
+        final SocialLoginService loginService = socialLoginServiceFactory.getService(request.provider());
+        final SocialLoginResponse loginResponse = loginService.processLogin(request.code());
 
-            log.info("Social login successful for provider: {}, member: {}",
-                    request.provider(), loginResponse.memberInfo().memberId());
+        log.info("Social login successful for provider: {}, member: {}",
+                request.provider(), loginResponse.memberInfo().memberId());
 
-            return ResponseEntity.ok(
-                    ApiResponseFormat.success("소셜 로그인에 성공했습니다.", loginResponse)
-            );
-
-        } catch (final Exception e) {
-            log.error("Social login failed for provider: {}", request.provider(), e);
-            return ResponseEntity.badRequest()
-                    .body(ApiResponseFormat.fail("소셜 로그인에 실패했습니다: " + e.getMessage()));
-        }
+        return ResponseEntity.ok(
+                ApiResponseFormat.success("소셜 로그인에 성공했습니다.", loginResponse)
+        );
     }
 
 
@@ -114,14 +107,6 @@ public RedirectView handleKakaoCallback(
         return redirectView;
     }
 
-    @PostMapping("/logout")
-    public ResponseEntity<ApiResponseFormat<Void>> logout() {
-        log.info("Member logout requested");
-        return ResponseEntity.ok(
-                ApiResponseFormat.success("로그아웃되었습니다.")
-        );
-    }
-
     @GetMapping("/status")
     public ResponseEntity<ApiResponseFormat<AuthStatusResponse>> getAuthStatus(
             @RequestHeader(value = "Authorization", required = false) final String authorization) {
@@ -133,26 +118,19 @@ public ResponseEntity<ApiResponseFormat<AuthStatusResponse>> getAuthStatus(
             );
         }
 
-        try {
-            final String token = authorization.substring(7);
-            final Long memberId = jwtTokenProvider.getMemberId(token);
-            final String email = jwtTokenProvider.getEmail(token);
-            final String role = jwtTokenProvider.getRole(token);
-
-            if (jwtTokenProvider.validateToken(token)) {
-                return ResponseEntity.ok(
-                        ApiResponseFormat.success("인증된 상태입니다.",
-                                AuthStatusResponse.authenticated(memberId, email, role))
-                );
-            } else {
-                return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
-                        .body(ApiResponseFormat.fail("토큰이 유효하지 않습니다."));
-            }
-        } catch (final Exception e) {
-            log.warn("Token validation failed: {}", e.getMessage());
-            return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
-                    .body(ApiResponseFormat.fail("토큰 검증에 실패했습니다."));
+        final String token = authorization.substring(7);
+        final Long memberId = jwtTokenProvider.getMemberId(token);
+        final String email = jwtTokenProvider.getEmail(token);
+        final String role = jwtTokenProvider.getRole(token);
+
+        if (!jwtTokenProvider.validateToken(token)) {
+            throw new InvalidJwtTokenException("토큰이 유효하지 않습니다.");
         }
+
+        return ResponseEntity.ok(
+                ApiResponseFormat.success("인증된 상태입니다.",
+                        AuthStatusResponse.authenticated(memberId, email, role))
+        );
     }
 
     private String generateSecureState() {
@@ -162,14 +140,9 @@ private String generateSecureState() {
     }
 
     private String generateAuthUrl(final SocialProvider provider) {
-        try {
-            final SocialLoginService loginService = socialLoginServiceFactory.getService(provider);
-            final String state = generateSecureState();
-            return loginService.getAuthorizationUrl(state);
-        } catch (final Exception e) {
-            log.warn("Failed to generate auth URL for provider: {}", provider, e);
-            return "";
-        }
+        final SocialLoginService loginService = socialLoginServiceFactory.getService(provider);
+        final String state = generateSecureState();
+        return loginService.getAuthorizationUrl(state);
     }
 
     private String maskSensitiveData(final String data) {
diff --git a/src/main/java/com/ururulab/ururu/auth/controller/JwtRefreshController.java b/src/main/java/com/ururulab/ururu/auth/controller/JwtRefreshController.java
@@ -0,0 +1,64 @@
+package com.ururulab.ururu.auth.controller;
+
+import com.ururulab.ururu.auth.dto.request.RefreshTokenRequest;
+import com.ururulab.ururu.auth.dto.response.SocialLoginResponse;
+import com.ururulab.ururu.auth.exception.MissingAuthorizationHeaderException;
+import com.ururulab.ururu.auth.exception.RedisConnectionException;
+import com.ururulab.ururu.auth.service.JwtRefreshService;
+import com.ururulab.ururu.auth.jwt.JwtTokenProvider;
+import com.ururulab.ururu.global.common.dto.ApiResponse;
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.data.redis.RedisConnectionFailureException;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+@Slf4j
+@RestController
+@RequestMapping("/auth")
+@RequiredArgsConstructor
+public final class JwtRefreshController {
+    private final JwtRefreshService jwtRefreshService;
+    private final JwtTokenProvider jwtTokenProvider;
+
+    @PostMapping("/refresh")
+    public ResponseEntity<ApiResponse<SocialLoginResponse>> refreshToken(
+            @Valid @RequestBody RefreshTokenRequest request
+    ) {
+        final String newAccessToken = jwtRefreshService.refreshAccessToken(request.refreshToken());
+        final String refreshToken = request.refreshToken();
+        final Long expiresIn = jwtTokenProvider.getAccessTokenExpiry();
+        final Long memberId = jwtTokenProvider.getMemberId(newAccessToken);
+        final String email = jwtTokenProvider.getEmail(newAccessToken);
+        final String role = jwtTokenProvider.getRole(newAccessToken);
+
+        final SocialLoginResponse responseBody = SocialLoginResponse.of(
+                newAccessToken,
+                refreshToken,
+                expiresIn,
+                SocialLoginResponse.MemberInfo.of(memberId, email, null, null)
+        );
+        return ResponseEntity.ok(ApiResponse.success("토큰이 갱신되었습니다.", responseBody));
+    }
+
+    @PostMapping("/logout")
+    public ResponseEntity<ApiResponse<Void>> logout(
+            @RequestHeader("Authorization") String authorization
+    ) {
+        if (authorization == null || !authorization.startsWith("Bearer ")) {
+            throw new MissingAuthorizationHeaderException("Authorization 헤더가 필요합니다.");
+        }
+        
+        final String accessToken = authorization.substring(7);
+        final Long memberId = jwtTokenProvider.getMemberId(accessToken);
+        
+        try {
+            jwtRefreshService.logout(memberId, accessToken);
+        } catch (RedisConnectionFailureException e) {
+            throw new RedisConnectionException("일시적인 서버 오류입니다.", e);
+        }
+        
+        return ResponseEntity.ok(ApiResponse.success("로그아웃되었습니다."));
+    }
+}
diff --git a/src/main/java/com/ururulab/ururu/auth/dto/request/RefreshTokenRequest.java b/src/main/java/com/ururulab/ururu/auth/dto/request/RefreshTokenRequest.java
@@ -0,0 +1,16 @@
+package com.ururulab.ururu.auth.dto.request;
+
+import jakarta.validation.constraints.NotBlank;
+
+/**
+ * 토큰 갱신 요청 DTO.
+ * 클라이언트로부터 받은 Refresh Token을 담는다.
+ */
+public record RefreshTokenRequest(
+        @NotBlank(message = "리프레시 토큰은 필수입니다")
+        String refreshToken
+) {
+    public static RefreshTokenRequest of(final String refreshToken) {
+        return new RefreshTokenRequest(refreshToken);
+    }
+}
diff --git a/src/main/java/com/ururulab/ururu/auth/exception/InvalidJwtTokenException.java b/src/main/java/com/ururulab/ururu/auth/exception/InvalidJwtTokenException.java
@@ -0,0 +1,14 @@
+package com.ururulab.ururu.auth.exception;
+
+/**
+ * JWT 토큰이 유효하지 않을 때 발생하는 예외.
+ */
+public final class InvalidJwtTokenException extends RuntimeException {
+    public InvalidJwtTokenException(final String message) {
+        super(message);
+    }
+
+    public InvalidJwtTokenException(final String message, final Throwable cause) {
+        super(message, cause);
+    }
+}
diff --git a/src/main/java/com/ururulab/ururu/auth/exception/InvalidRefreshTokenException.java b/src/main/java/com/ururulab/ururu/auth/exception/InvalidRefreshTokenException.java
@@ -0,0 +1,11 @@
+package com.ururulab.ururu.auth.exception;
+
+/**
+ * Refresh 토큰이 유효하지 않을 때 발생하는 예외.
+ * (만료, 위조, 미인증 로그아웃 등의 경우)
+ */
+public final class InvalidRefreshTokenException extends RuntimeException {
+    public InvalidRefreshTokenException(final String message) {
+        super(message);
+    }
+}
diff --git a/src/main/java/com/ururulab/ururu/auth/exception/MissingAuthorizationHeaderException.java b/src/main/java/com/ururulab/ururu/auth/exception/MissingAuthorizationHeaderException.java
@@ -0,0 +1,10 @@
+package com.ururulab.ururu.auth.exception;
+
+/**
+ * Authorization 헤더가 누락되었을 때 발생하는 예외.
+ */
+public final class MissingAuthorizationHeaderException extends RuntimeException {
+    public MissingAuthorizationHeaderException(final String message) {
+        super(message);
+    }
+}
diff --git a/src/main/java/com/ururulab/ururu/auth/exception/RedisConnectionException.java b/src/main/java/com/ururulab/ururu/auth/exception/RedisConnectionException.java
@@ -0,0 +1,14 @@
+package com.ururulab.ururu.auth.exception;
+
+/**
+ * Redis 연결 실패 시 발생하는 예외.
+ */
+public final class RedisConnectionException extends RuntimeException {
+    public RedisConnectionException(final String message) {
+        super(message);
+    }
+
+    public RedisConnectionException(final String message, final Throwable cause) {
+        super(message, cause);
+    }
+}
diff --git a/src/main/java/com/ururulab/ururu/auth/jwt/JwtProperties.java b/src/main/java/com/ururulab/ururu/auth/jwt/JwtProperties.java
@@ -15,8 +15,8 @@
 public final class JwtProperties {
 
     private String secret;
-    private long accessTokenExpiry = 3600L;
-    private long refreshTokenExpiry = 1209600L;
-    private String issuer = "ururu-backend";
-    private String audience = "ururu-client";
+    private long accessTokenExpiry;
+    private long refreshTokenExpiry;
+    private String issuer;
+    private String audience;
 }
diff --git a/src/main/java/com/ururulab/ururu/auth/jwt/JwtTokenProvider.java b/src/main/java/com/ururulab/ururu/auth/jwt/JwtTokenProvider.java
diff --git a/src/main/java/com/ururulab/ururu/auth/service/JwtRefreshService.java b/src/main/java/com/ururulab/ururu/auth/service/JwtRefreshService.java
diff --git a/src/main/java/com/ururulab/ururu/auth/service/social/KakaoLoginService.java b/src/main/java/com/ururulab/ururu/auth/service/social/KakaoLoginService.java
diff --git a/src/main/java/com/ururulab/ururu/global/exception/GlobalExceptionHandler.java b/src/main/java/com/ururulab/ururu/global/exception/GlobalExceptionHandler.java

Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,8 @@ dependencies {`
`48`	`48`	`// S3 (AWS SDK for Java v2)`
`49`	`49`	`implementation 'software.amazon.awssdk:s3:2.20.74'`
`50`	`50`
	`51`	`+ implementation 'org.springframework.boot:spring-boot-starter-data-redis'`
	`52`	`+`
`51`	`53`	`// https://mvnrepository.com/artifact/org.springdoc/springdoc-openapi-starter-webmvc-ui`
`52`	`54`	`implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.8")`
`53`	`55`	`}`