Merge pull request #273 from softeer5th/fix/be/cookie-name

sunohkim · web-flow · commit 0a35feff529e · 2025-02-27T17:00:01.000+09:00
[BE] 학생과 교수의 access token이 겹치는 문제 해결
diff --git a/back-end/reacton-classroom/src/main/java/com/softeer/reacton_classroom/global/jwt/JwtAuthenticationFilter.java b/back-end/reacton-classroom/src/main/java/com/softeer/reacton_classroom/global/jwt/JwtAuthenticationFilter.java
@@ -25,7 +25,9 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
     private final JwtTokenUtil jwtTokenUtil;
 
-    private static final String TOKEN_COOKIE_NAME = "access_token";
+    private static final String PROFESSOR_COOKIE_NAME = "access_token";
+    private static final String STUDENT_COOKIE_NAME = "student_access_token";
+
     private static final String STUDENT_ACCESS_URL = "/sse/connection/student";
     private static final List<String> WHITE_LIST_URLS = List.of(
             "/sse/message"
@@ -53,11 +55,10 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
         }
 
         try {
-            String token = getJwtFromCookie(request);
-            jwtTokenUtil.validateToken(token);
-
             if ((isStudentRequest(requestUri))) {
-                filterStudent(request, token);
+                filterStudent(request);
+            } else {
+                filterProfessor(request);
             }
 
             chain.doFilter(request, response);
@@ -66,27 +67,49 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
         }
     }
 
-    private void filterStudent(HttpServletRequest request, String token) {
+    private void filterStudent(HttpServletRequest request) {
+        String token = getStudentJwtFromCookie(request);
+        jwtTokenUtil.validateToken(token);
         Map<String, Object> userInfo = jwtTokenUtil.getStudentInfoFromToken(token);
 
         request.setAttribute("studentId", userInfo.get("studentId"));
         request.setAttribute("courseId", userInfo.get("courseId"));
 
-        log.debug("JWT 검증에 성공했습니다. : studentId = {}", userInfo.get("studentId"));
+        log.debug("학생 사용자의 JWT 검증에 성공했습니다. : studentId = {}", userInfo.get("studentId"));
+    }
+
+    private void filterProfessor(HttpServletRequest request) {
+        String token = getProfessorJwtFromCookie(request);
+        jwtTokenUtil.validateToken(token);
+
+        log.debug("교수 사용자의 JWT 검증에 성공했습니다.");
     }
 
     private boolean isWhiteListed(String requestUri) {
         return WHITE_LIST_URLS.stream().anyMatch(requestUri::startsWith);
     }
 
-    private String getJwtFromCookie(HttpServletRequest request) {
+    private String getProfessorJwtFromCookie(HttpServletRequest request) {
+        if (request.getCookies() == null) {
+            log.debug("교수 사용자의 쿠키가 존재하지 않습니다.");
+            return null;
+        }
+
+        return Arrays.stream(request.getCookies())
+                .filter(cookie -> PROFESSOR_COOKIE_NAME.equals(cookie.getName()))
+                .map(Cookie::getValue)
+                .findFirst()
+                .orElse(null);
+    }
+
+    private String getStudentJwtFromCookie(HttpServletRequest request) {
         if (request.getCookies() == null) {
-            log.debug("쿠키가 존재하지 않습니다.");
+            log.debug("학생 사용자의 쿠키가 존재하지 않습니다.");
             return null;
         }
 
         return Arrays.stream(request.getCookies())
-                .filter(cookie -> TOKEN_COOKIE_NAME.equals(cookie.getName()))
+                .filter(cookie -> STUDENT_COOKIE_NAME.equals(cookie.getName()))
                 .map(Cookie::getValue)
                 .findFirst()
                 .orElse(null);
diff --git a/back-end/reacton/src/main/java/com/softeer/reacton/domain/course/StudentCourseController.java b/back-end/reacton/src/main/java/com/softeer/reacton/domain/course/StudentCourseController.java
@@ -67,7 +67,7 @@ public ResponseEntity<Void> registerCourse(
         log.debug("입장 코드와 일치하는 수업 참여를 요청합니다. : accessCode = {}", accessCode);
 
         String newAccessToken = studentCourseService.registerCourse(accessCode);
-        ResponseCookie jwtCookie = ResponseCookie.from("access_token", newAccessToken)
+        ResponseCookie jwtCookie = ResponseCookie.from("student_access_token", newAccessToken)
                 .httpOnly(true)
                 .secure(true)
                 .path("/")
diff --git a/back-end/reacton/src/main/java/com/softeer/reacton/global/jwt/JwtAuthenticationFilter.java b/back-end/reacton/src/main/java/com/softeer/reacton/global/jwt/JwtAuthenticationFilter.java
@@ -23,11 +23,10 @@
 @RequiredArgsConstructor
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
-    // Todo: JWT 토큰 검증을 하지 않아도 되는 페이지에 대해 filter 미적용 기능 추가
-
     private final JwtTokenUtil jwtTokenUtil;
 
-    private static final String TOKEN_COOKIE_NAME = "access_token";
+    private static final String PROFESSOR_COOKIE_NAME = "access_token";
+    private static final String STUDENT_COOKIE_NAME = "student_access_token";
 
     private static final List<String> WHITE_LIST_URLS = List.of(
             "/auth/google/url",
@@ -79,40 +78,53 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
     }
 
     private void filterStudent(HttpServletRequest request) {
-        String token = getJwtFromCookie(request);
+        String token = getStudentJwtFromCookie(request);
         jwtTokenUtil.validateToken(token);
         Map<String, Object> userInfo = jwtTokenUtil.getStudentInfoFromToken(token);
 
         request.setAttribute("studentId", userInfo.get("studentId"));
         request.setAttribute("courseId", userInfo.get("courseId"));
 
-        log.debug("JWT 검증에 성공했습니다. : studentId = {}", userInfo.get("studentId"));
+        log.debug("학생 사용자의 JWT 검증에 성공했습니다. : studentId = {}", userInfo.get("studentId"));
     }
 
     private void filterProfessor(HttpServletRequest request) {
-        String token = getJwtFromCookie(request);
+        String token = getProfessorJwtFromCookie(request);
         jwtTokenUtil.validateToken(token);
         Map<String, Object> userInfo = jwtTokenUtil.getProfessorInfoFromToken(token);
 
         request.setAttribute("oauthId", userInfo.get("oauthId"));
         request.setAttribute("email", userInfo.get("email"));
         request.setAttribute("isSignedUp", userInfo.get("isSignedUp"));
 
-        log.debug("JWT 검증에 성공했습니다. : email = {}", userInfo.get("email"));
+        log.debug("교수 사용자의 JWT 검증에 성공했습니다. : email = {}", userInfo.get("email"));
     }
 
     private boolean isWhiteListed(String requestUri) {
         return WHITE_LIST_URLS.stream().anyMatch(requestUri::startsWith);
     }
 
-    private String getJwtFromCookie(HttpServletRequest request) {
+    private String getProfessorJwtFromCookie(HttpServletRequest request) {
+        if (request.getCookies() == null) {
+            log.debug("교수 사용자의 쿠키가 존재하지 않습니다.");
+            return null;
+        }
+
+        return Arrays.stream(request.getCookies())
+                .filter(cookie -> PROFESSOR_COOKIE_NAME.equals(cookie.getName()))
+                .map(Cookie::getValue)
+                .findFirst()
+                .orElse(null);
+    }
+
+    private String getStudentJwtFromCookie(HttpServletRequest request) {
         if (request.getCookies() == null) {
-            log.debug("쿠키가 존재하지 않습니다.");
+            log.debug("학생 사용자의 쿠키가 존재하지 않습니다.");
             return null;
         }
 
         return Arrays.stream(request.getCookies())
-                .filter(cookie -> TOKEN_COOKIE_NAME.equals(cookie.getName()))
+                .filter(cookie -> STUDENT_COOKIE_NAME.equals(cookie.getName()))
                 .map(Cookie::getValue)
                 .findFirst()
                 .orElse(null);
