Merge pull request #104 from RealPawParazzi/feature/103/FixLogin

[FIX] refreshToken 발급 방식으로 변경

Author: geg222

src/main/java/pawparazzi/back/member/controller/MemberController.java

@@ -2,14 +2,12 @@
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
-import pawparazzi.back.S3.service.S3AsyncService;
 import pawparazzi.back.member.dto.request.LoginRequestDto;
 import pawparazzi.back.member.dto.request.SignUpRequestDto;
 import pawparazzi.back.member.dto.request.UpdateMemberRequestDto;
@@ -19,7 +17,6 @@
 import pawparazzi.back.member.service.MemberService;
 import pawparazzi.back.security.util.JwtUtil;
 
-import java.io.IOException;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.CompletableFuture;
@@ -33,7 +30,6 @@ public class MemberController {
     private final MemberService memberService;
     private final ObjectMapper objectMapper;
 
-
     /**
      * 회원 가입
      */
@@ -60,8 +56,8 @@ public CompletableFuture<ResponseEntity<String>> registerUser(
      */
     @PostMapping("/login")
     public ResponseEntity<Map<String, String>> login(@Valid @RequestBody LoginRequestDto request) {
-        String token = memberService.login(request);
-        return ResponseEntity.ok(Map.of("token", token));
+        Map<String, String> tokenMap = memberService.login(request);
+        return ResponseEntity.ok(tokenMap);
     }
 
     /**
@@ -100,7 +96,7 @@ public CompletableFuture<ResponseEntity<UpdateMemberResponseDto>> updateMember(
     }
 
     /**
-     * 회원 탙퇴
+     * 회원 탈퇴
      */
     @DeleteMapping("/delete")
     public ResponseEntity<String> deleteMember(@RequestHeader("Authorization") String token) {
@@ -110,7 +106,6 @@ public ResponseEntity<String> deleteMember(@RequestHeader("Authorization") Strin
         return ResponseEntity.ok("회원 탈퇴 완료");
     }
 
-
     /**
      * 전체 회원 목록 조회 API
      */
@@ -119,4 +114,24 @@ public ResponseEntity<List<MemberResponseDto>> getAllMembers() {
         List<MemberResponseDto> members = memberService.getAllMembers();
         return ResponseEntity.ok(members);
     }
+
+    /**
+     * 로그아웃
+     */
+    @PostMapping("/logout")
+    public ResponseEntity<String> logout(@RequestHeader("Authorization") String accessToken,
+                                         @RequestBody Map<String, String> body) {
+        String refreshToken = body.get("refreshToken");
+        accessToken = accessToken.replace("Bearer ", "");
+        Long memberId = jwtUtil.extractMemberId(accessToken);
+        memberService.logout(memberId, refreshToken);
+        return ResponseEntity.ok("로그아웃 완료");
+    }
+
+    @PostMapping("/reissue")
+    public ResponseEntity<Map<String, String>> reissue(@RequestBody Map<String, String> request) {
+        String refreshToken = request.get("refreshToken");
+        Map<String, String> tokenMap = memberService.reissueAccessToken(refreshToken);
+        return ResponseEntity.ok(tokenMap);
+    }
 }

src/main/java/pawparazzi/back/member/entity/RefreshToken.java

@@ -0,0 +1,29 @@
+package pawparazzi.back.member.entity;
+
+import jakarta.persistence.*;
+import lombok.*;
+
+import java.time.LocalDateTime;
+
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@AllArgsConstructor
+@Builder
+public class RefreshToken {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @OneToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "member_id", nullable = false)
+    private Member member;
+
+    @Column(nullable = false, length = 512)
+    private String token;
+
+    @Column(nullable = false)
+    private LocalDateTime expiryDate;
+}

src/main/java/pawparazzi/back/member/repository/RefreshTokenRepository.java

@@ -0,0 +1,13 @@
+package pawparazzi.back.member.repository;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import pawparazzi.back.member.entity.RefreshToken;
+import pawparazzi.back.member.entity.Member;
+
+import java.util.Optional;
+
+public interface RefreshTokenRepository extends JpaRepository<RefreshToken, Long> {
+    Optional<RefreshToken> findByMember(Member member);
+    Optional<RefreshToken> findByToken(String token);
+    void deleteByMember(Member member);
+}

src/main/java/pawparazzi/back/member/service/MemberService.java

@@ -19,16 +19,20 @@
 import pawparazzi.back.member.dto.response.MemberResponseDto;
 import pawparazzi.back.member.dto.response.UpdateMemberResponseDto;
 import pawparazzi.back.member.entity.Member;
+import pawparazzi.back.member.entity.RefreshToken;
 import pawparazzi.back.member.repository.MemberRepository;
+import pawparazzi.back.member.repository.RefreshTokenRepository;
 import pawparazzi.back.security.util.JwtUtil;
 
 import java.io.IOException;
+import java.time.LocalDateTime;
 import java.util.List;
+import java.util.Map;
 import java.util.Optional;
 import java.util.UUID;
 import java.util.concurrent.CompletableFuture;
 import java.util.stream.Collectors;
-
+import java.time.temporal.ChronoUnit;
 
 @Service
 @RequiredArgsConstructor
@@ -41,6 +45,7 @@ public class MemberService {
     private final BoardMongoRepository boardMongoRepository;
     private final S3AsyncService s3AsyncService;
     private final S3UploadUtil s3UploadUtil;
+    private final RefreshTokenRepository refreshTokenRepository;
 
     /**
      * 회원가입
@@ -72,19 +77,48 @@ public CompletableFuture<Void> registerUser(SignUpRequestDto request, MultipartF
     /**
      * 로그인
      */
-    public String login(LoginRequestDto request) {
-        Optional<Member> memberOptional = memberRepository.findByEmail(request.getEmail());
-        if (memberOptional.isEmpty()) {
+    public Map<String, String> login(LoginRequestDto request) {
+        Member member = memberRepository.findByEmail(request.getEmail())
+                .orElseThrow(() -> new BadCredentialsException("이메일 또는 비밀번호가 잘못되었습니다."));
+
+        if (!passwordEncoder.matches(request.getPassword(), member.getPassword())) {
             throw new BadCredentialsException("이메일 또는 비밀번호가 잘못되었습니다.");
         }
 
-        Member member = memberOptional.get();
+        String accessToken = jwtUtil.generateIdToken(member.getId());
 
-        if (!passwordEncoder.matches(request.getPassword(), member.getPassword())) {
-            throw new BadCredentialsException("이메일 또는 비밀번호가 잘못되었습니다.");
+        Optional<RefreshToken> existingTokenOpt = refreshTokenRepository.findByMember(member);
+        String refreshToken;
+
+        if (existingTokenOpt.isPresent()) {
+            RefreshToken existingToken = existingTokenOpt.get();
+            long remainingDays = ChronoUnit.DAYS.between(LocalDateTime.now(), existingToken.getExpiryDate());
+
+            if (remainingDays <= 1) {
+                // 만료 임박 → 새로 발급
+                refreshToken = jwtUtil.generateRefreshToken();
+                existingToken.setToken(refreshToken);
+                existingToken.setExpiryDate(jwtUtil.getRefreshTokenExpiryDate());
+                refreshTokenRepository.save(existingToken);
+            } else {
+                // 기존 토큰 사용
+                refreshToken = existingToken.getToken();
+            }
+        } else {
+            // 존재하지 않으면 새로 발급
+            refreshToken = jwtUtil.generateRefreshToken();
+            RefreshToken newToken = RefreshToken.builder()
+                    .member(member)
+                    .token(refreshToken)
+                    .expiryDate(jwtUtil.getRefreshTokenExpiryDate())
+                    .build();
+            refreshTokenRepository.save(newToken);
         }
 
-        return jwtUtil.generateIdToken(member.getId());
+        return Map.of(
+                "accessToken", accessToken,
+                "refreshToken", refreshToken
+        );
     }
 
     /**
@@ -222,4 +256,53 @@ public Long handleKakaoLogin(KakaoUserDto kakaoUser) {
             return newMember.getId();
         }
     }
+
+    /**
+     * 로그아웃
+     */
+    @Transactional
+    public void logout(Long memberId, String refreshToken) {
+        RefreshToken savedToken = refreshTokenRepository.findByToken(refreshToken)
+                .orElseThrow(() -> new IllegalArgumentException("이미 만료되었거나 존재하지 않는 토큰입니다."));
+
+        if (!savedToken.getMember().getId().equals(memberId)) {
+            throw new SecurityException("토큰의 사용자 정보가 일치하지 않습니다.");
+        }
+
+        refreshTokenRepository.delete(savedToken);
+    }
+
+
+    @Transactional
+    public Map<String, String> reissueAccessToken(String refreshToken) {
+        RefreshToken savedToken = refreshTokenRepository.findByToken(refreshToken)
+                .orElseThrow(() -> new IllegalArgumentException("유효하지 않은 리프레시 토큰입니다."));
+
+        if (savedToken.getExpiryDate().isBefore(LocalDateTime.now())) {
+            refreshTokenRepository.delete(savedToken);
+            throw new IllegalArgumentException("리프레시 토큰이 만료되었습니다. 다시 로그인 해주세요.");
+        }
+
+        Member member = savedToken.getMember();
+        String newAccessToken = jwtUtil.generateIdToken(member.getId());
+
+        long remainingDays = ChronoUnit.DAYS.between(LocalDateTime.now(), savedToken.getExpiryDate());
+
+        if (remainingDays <= 1) {
+            // RefreshToken 재발급
+            String newRefreshToken = jwtUtil.generateRefreshToken();
+            savedToken.setToken(newRefreshToken);
+            savedToken.setExpiryDate(jwtUtil.getRefreshTokenExpiryDate());
+            refreshTokenRepository.save(savedToken);
+
+            return Map.of(
+                    "accessToken", newAccessToken,
+                    "refreshToken", newRefreshToken
+            );
+        } else {
+            return Map.of(
+                    "accessToken", newAccessToken
+            );
+        }
+    }
 }

src/main/java/pawparazzi/back/security/filter/JwtAuthenticationFilter.java

@@ -1,5 +1,7 @@
 package pawparazzi.back.security.filter;
 
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.JwtException;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -28,16 +30,26 @@ protected void doFilterInternal(HttpServletRequest request,
 
         if (token != null && token.startsWith("Bearer ")) {
             token = token.substring(7);
-
-            if (jwtUtil.validateToken(token)) {
-                Long memberId = jwtUtil.extractMemberId(token);
-                UserDetails userDetails = userDetailsService.loadUserById(memberId);
-
-                JwtAuthenticationToken authentication =
-                        new JwtAuthenticationToken(userDetails, token, userDetails.getAuthorities());
-                SecurityContextHolder.getContext().setAuthentication(authentication);
+            try {
+                if (jwtUtil.validateToken(token)) {
+                    Long memberId = jwtUtil.extractMemberId(token);
+                    UserDetails userDetails = userDetailsService.loadUserById(memberId);
+
+                    JwtAuthenticationToken authentication =
+                            new JwtAuthenticationToken(userDetails, token, userDetails.getAuthorities());
+                    SecurityContextHolder.getContext().setAuthentication(authentication);
+                }
+            } catch (ExpiredJwtException e) {
+                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); // 401로 응답
+                response.getWriter().write("Access Token Expired");
+                return;
+            } catch (JwtException e) {
+                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                response.getWriter().write("Invalid JWT");
+                return;
             }
         }
+
         chain.doFilter(request, response);
     }
 }

src/main/java/pawparazzi/back/security/util/JwtUtil.java

@@ -6,7 +6,9 @@
 import org.springframework.stereotype.Component;
 
 import java.security.Key;
+import java.time.LocalDateTime;
 import java.util.Date;
+import java.util.UUID;
 
 @Component
 public class JwtUtil {
@@ -30,6 +32,15 @@ public String generateIdToken(Long memberId) {
                 .compact();
     }
 
+    public String generateRefreshToken() {
+        return UUID.randomUUID().toString();
+    }
+
+    public LocalDateTime getRefreshTokenExpiryDate() {
+        return LocalDateTime.now().plusDays(7); // 7일
+    }
+
+
     // 토큰에서 사용자 ID 추출
     public Long extractMemberId(String token) {
         return Long.parseLong(Jwts.parserBuilder()