refactor: 액세스토큰 클레임에 identifier 넣음으로써 리프레시토큰과 구분

kookmin-sw · Jun 21, 2024 · 67716d8 · 67716d8
1 parent 19734f8
commit 67716d8
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 40 deletions.
diff --git a/src/main/java/capstone/facefriend/auth/domain/Provider.java b/src/main/java/capstone/facefriend/auth/domain/Provider.java
diff --git a/src/main/java/capstone/facefriend/auth/domain/token/AccessToken.java b/src/main/java/capstone/facefriend/auth/domain/token/AccessToken.java
@@ -0,0 +1,7 @@
+package capstone.facefriend.auth.domain.token;
+
+public record AccessToken(String value) {
+    public static AccessToken from(String value) {
+        return new AccessToken(value);
+    }
+}
diff --git a/src/main/java/capstone/facefriend/auth/domain/token/RefreshToken.java b/src/main/java/capstone/facefriend/auth/domain/token/RefreshToken.java
@@ -0,0 +1,7 @@
+package capstone.facefriend.auth.domain.token;
+
+public record RefreshToken(String value) {
+    public static RefreshToken from(String value) {
+        return new RefreshToken(value);
+    }
+}
diff --git a/...facefriend/auth/domain/TokenProvider.java → ...iend/auth/domain/token/TokenProvider.java b/...facefriend/auth/domain/TokenProvider.java → ...iend/auth/domain/token/TokenProvider.java
@@ -1,4 +1,4 @@
-package capstone.facefriend.auth.domain;
+package capstone.facefriend.auth.domain.token;
 
 import capstone.facefriend.auth.controller.dto.TokenResponse;
 

diff --git a/src/main/java/capstone/facefriend/auth/exception/AuthExceptionType.java b/src/main/java/capstone/facefriend/auth/exception/AuthExceptionType.java
@@ -13,6 +13,7 @@ public enum AuthExceptionType implements ExceptionType {
     INVALID_TOKEN(Status.BAD_REQUEST, 2006, "토큰이 유효하지 않습니다."),
     BAD_REQUEST_TO_PROVIDER(Status.BAD_REQUEST, 2007, "토큰이 유효하지 않습니다."),
     UNAUTHORIZED(Status.UNAUTHORIZED, 2008, "로그인한 정보가 없습니다. 로그인하시기 바랍니다."),
+    NOT_ACCESS_TOKEN(Status.BAD_REQUEST, 2009, "액세스 토큰이 아닙니다.")
     ;
 
     private final Status status;

diff --git a/src/main/java/capstone/facefriend/auth/infrastructure/JwtProvider.java b/src/main/java/capstone/facefriend/auth/infrastructure/JwtProvider.java
@@ -2,7 +2,9 @@
 
 
 import capstone.facefriend.auth.controller.dto.TokenResponse;
-import capstone.facefriend.auth.domain.TokenProvider;
+import capstone.facefriend.auth.domain.token.AccessToken;
+import capstone.facefriend.auth.domain.token.RefreshToken;
+import capstone.facefriend.auth.domain.token.TokenProvider;
 import capstone.facefriend.auth.exception.AuthException;
 import capstone.facefriend.redis.RedisDao;
 import io.jsonwebtoken.*;
@@ -30,28 +32,36 @@ public class JwtProvider implements TokenProvider {
 
     @Value("${jwt.secret}")
     private String secret;
+    @Value("${jwt.accessKey-identifier}")
+    private String ACCESS_KEY_IDENTIFIER;
+    @Value("${jwt.refreshKey-identifier}")
+    private String PRIVATE_KEY_IDENTIFIER;
+
     private Key key;
 
     private final RedisDao redisDao;
 
     private static final long ACCESS_TOKEN_EXPIRATION_TIME = 60 * 60 * 3L; // 3시간
     private static final long REFRESH_TOKEN_EXPIRATION_TIME = 60 * 60 * 24 * 7L; // 7일
 
+
     @PostConstruct
     private void init() {
         key = Keys.hmacShaKeyFor(secret.getBytes());
     }
 
     public TokenResponse createTokens(Long memberId) {
-        String accessToken = createAccessToken(memberId);
-        String refreshToken = createRefreshToken(memberId);
+        AccessToken accessToken = AccessToken.from(createAccessToken(memberId));
+        RefreshToken refreshToken = RefreshToken.from(createRefreshToken(memberId));
         return new TokenResponse(accessToken, refreshToken, memberId);
     }
 
     @Override
     public String createAccessToken(Long id) {
         Claims claims = Jwts.claims();
         claims.put("id", id);
+        claims.put("identifier", ACCESS_KEY_IDENTIFIER);
+
         return accessToken(claims);
     }
 
@@ -107,8 +117,16 @@ public Long extractId(String token) {
                     .build()
                     .parseClaimsJws(token)
                     .getBody();
+
+            if (!claims.get("identifier", String.class).equals(ACCESS_KEY_IDENTIFIER)) {
+                throw new AuthException(NOT_ACCESS_TOKEN);
+            }
+
             return claims.get("id", Long.class);
-        } catch (ExpiredJwtException e) {
+
+        } catch (NullPointerException e) {
+            throw new AuthException(NOT_ACCESS_TOKEN);
+        }  catch (ExpiredJwtException e) {
             throw new AuthException(EXPIRED_TOKEN);
         } catch (SecurityException e) {
             throw new AuthException(SIGNATURE_NOT_FOUND);
@@ -130,7 +148,15 @@ public Long extractIdIgnoringExpiration(String token) {
                     .build()
                     .parseClaimsJws(token)
                     .getBody();
+
+            if (!claims.get("identifier", String.class).equals(ACCESS_KEY_IDENTIFIER)) {
+                throw new AuthException(NOT_ACCESS_TOKEN);
+            }
+
             return claims.get("id", Long.class);
+
+        } catch (NullPointerException e) {
+            throw new AuthException(NOT_ACCESS_TOKEN);
         } catch (ExpiredJwtException e) {
             Claims expiredClaims = e.getClaims(); // catch 후 id 를 반환하고 이를 사용해 액세스 토큰을 추출할 수 있습니다.
             return expiredClaims.get("id", Long.class);