Skip to content

refactor: SignUpToken 중복 코드 제거, 회원가입 로직 통합 #445

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nayonsoso merged 15 commits into from
Aug 13, 2025
Merged

refactor: SignUpToken 중복 코드 제거, 회원가입 로직 통합 #445

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
6fdc9c0
refactor: JPA 함수로 불필요한 JPQL 제거
nayonsoso Aug 11, 2025
6abc711
refactor: SignUpService 로부터 관심 국가 저장 로직 분리
nayonsoso Aug 11, 2025
10501d0
refactor: 'SignUpToken 관리'만 담당하는 클래스 생성
nayonsoso Aug 11, 2025
82a39db
refactor: SignUpTokenProvider를 조합하여 중복 코드 제거
nayonsoso Aug 11, 2025
d4a121c
refactor: 회원가입 관련 코드를 한 곳으로 통합
nayonsoso Aug 11, 2025
cadd008
test: SignUpTokenProvider 테스트 코드 작성
nayonsoso Aug 11, 2025
abe5ae5
feat: 비밀번호 임시 저장소 구현
nayonsoso Aug 11, 2025
debdd25
test: 비밀번호 임시 저장소 테스트 작성
nayonsoso Aug 11, 2025
77b3d4f
refactor: 이메일 로그인 코드 가독성 개선
nayonsoso Aug 11, 2025
d37fb7d
refactor: transactional 어노테이션 추가
nayonsoso Aug 12, 2025
c93a883
refactor: 임시 저장 비밀번호 조회 로직 이동
nayonsoso Aug 12, 2025
e9a79df
refactor: 회원가입에 사용된 정보 삭제 기능 추가
nayonsoso Aug 12, 2025
34197d7
test: 회원가입 토큰, 임시 저장된 비밀번호 삭제 테스트 추가
nayonsoso Aug 12, 2025
828d8a2
test: 방복해서 선언되는 변수 분리
nayonsoso Aug 12, 2025
a6a57b9
refactor: 사용하지 않는 의존성 제거
nayonsoso Aug 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 4 additions & 14 deletions src/main/java/com/example/solidconnection/auth/controller/AuthController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,10 @@
import com.example.solidconnection.auth.dto.oauth.OAuthResponse;
import com.example.solidconnection.auth.dto.oauth.OAuthSignInResponse;
import com.example.solidconnection.auth.service.AuthService;
import com.example.solidconnection.auth.service.CommonSignUpTokenProvider;
import com.example.solidconnection.auth.service.EmailSignInService;
import com.example.solidconnection.auth.service.EmailSignUpService;
import com.example.solidconnection.auth.service.EmailSignUpTokenProvider;
import com.example.solidconnection.auth.service.SignUpService;
import com.example.solidconnection.auth.service.oauth.OAuthService;
import com.example.solidconnection.auth.service.oauth.OAuthSignUpService;
import com.example.solidconnection.common.exception.CustomException;
import com.example.solidconnection.common.exception.ErrorCode;
import com.example.solidconnection.common.resolver.AuthorizedUser;
Expand All @@ -38,12 +36,10 @@
public class AuthController {

private final AuthService authService;
private final OAuthSignUpService oAuthSignUpService;
private final OAuthService oAuthService;
private final SignUpService signUpService;
private final EmailSignInService emailSignInService;
private final EmailSignUpService emailSignUpService;
private final EmailSignUpTokenProvider emailSignUpTokenProvider;
private final CommonSignUpTokenProvider commonSignUpTokenProvider;
private final RefreshTokenCookieManager refreshTokenCookieManager;

@PostMapping("/apple")
Expand Down Expand Up @@ -85,21 +81,15 @@ public ResponseEntity<SignInResponse> signInWithEmail(
public ResponseEntity<EmailSignUpTokenResponse> signUpWithEmail(
@Valid @RequestBody EmailSignUpTokenRequest signUpRequest
) {
emailSignUpService.validateUniqueEmail(signUpRequest.email());
String signUpToken = emailSignUpTokenProvider.generateAndSaveSignUpToken(signUpRequest);
String signUpToken = emailSignUpTokenProvider.issueEmailSignUpToken(signUpRequest);
return ResponseEntity.ok(new EmailSignUpTokenResponse(signUpToken));
}

@PostMapping("/sign-up")
public ResponseEntity<SignInResponse> signUp(
@Valid @RequestBody SignUpRequest signUpRequest
) {
AuthType authType = commonSignUpTokenProvider.parseAuthType(signUpRequest.signUpToken());
if (AuthType.isEmail(authType)) {
SignInResponse signInResponse = emailSignUpService.signUp(signUpRequest);
return ResponseEntity.ok(signInResponse);
}
SignInResponse signInResponse = oAuthSignUpService.signUp(signUpRequest);
SignInResponse signInResponse = signUpService.signUp(signUpRequest);
Copy link
Member

@whqtker whqtker Aug 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

signUp 관련된 로직이 한 곳으로 통합되니까 정말 깔끔하네요 ....!!!!

return ResponseEntity.ok(signInResponse);
}

Expand Down
25 changes: 0 additions & 25 deletions src/main/java/com/example/solidconnection/auth/service/CommonSignUpTokenProvider.java
View file
Open in desktop

This file was deleted.

25 changes: 12 additions & 13 deletions src/main/java/com/example/solidconnection/auth/service/EmailSignInService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,18 @@
package com.example.solidconnection.auth.service;

import static com.example.solidconnection.common.exception.ErrorCode.USER_NOT_FOUND;
import static com.example.solidconnection.common.exception.ErrorCode.SIGN_IN_FAILED;

import com.example.solidconnection.auth.dto.EmailSignInRequest;
import com.example.solidconnection.auth.dto.SignInResponse;
import com.example.solidconnection.common.exception.CustomException;
import com.example.solidconnection.siteuser.domain.AuthType;
import com.example.solidconnection.siteuser.domain.SiteUser;
import com.example.solidconnection.siteuser.repository.SiteUserRepository;
import java.util.Optional;
import lombok.RequiredArgsConstructor;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

/*
* 보안을 위해 이메일과 비밀번호 중 무엇이 틀렸는지 구체적으로 응답하지 않는다.
* */
@Service
@RequiredArgsConstructor
public class EmailSignInService {
Expand All @@ -24,19 +21,21 @@ public class EmailSignInService {
private final SiteUserRepository siteUserRepository;
private final PasswordEncoder passwordEncoder;

@Transactional(readOnly = true)
public SignInResponse signIn(EmailSignInRequest signInRequest) {
Optional<SiteUser> optionalSiteUser = siteUserRepository.findByEmailAndAuthType(signInRequest.email(), AuthType.EMAIL);
if (optionalSiteUser.isPresent()) {
SiteUser siteUser = optionalSiteUser.get();
validatePassword(signInRequest.password(), siteUser.getPassword());
return signInService.signIn(siteUser);
}
throw new CustomException(USER_NOT_FOUND, "이메일과 비밀번호를 확인해주세요.");
SiteUser siteUser = getEmailMatchingUserOrThrow(signInRequest.email());
validatePassword(signInRequest.password(), siteUser.getPassword());
return signInService.signIn(siteUser);
}

private SiteUser getEmailMatchingUserOrThrow(String email) {
return siteUserRepository.findByEmailAndAuthType(email, AuthType.EMAIL)
.orElseThrow(() -> new CustomException(SIGN_IN_FAILED));
}

private void validatePassword(String rawPassword, String encodedPassword) {
if (!passwordEncoder.matches(rawPassword, encodedPassword)) {
throw new CustomException(USER_NOT_FOUND, "이메일과 비밀번호를 확인해주세요.");
throw new CustomException(SIGN_IN_FAILED);
}
}
}
54 changes: 0 additions & 54 deletions src/main/java/com/example/solidconnection/auth/service/EmailSignUpService.java
View file
Open in desktop

This file was deleted.

80 changes: 12 additions & 68 deletions src/main/java/com/example/solidconnection/auth/service/EmailSignUpTokenProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,88 +1,32 @@
package com.example.solidconnection.auth.service;

import static com.example.solidconnection.common.exception.ErrorCode.SIGN_UP_TOKEN_INVALID;
import static com.example.solidconnection.common.exception.ErrorCode.SIGN_UP_TOKEN_NOT_ISSUED_BY_SERVER;

import com.example.solidconnection.auth.domain.TokenType;
import com.example.solidconnection.auth.dto.EmailSignUpTokenRequest;
import com.example.solidconnection.auth.token.config.JwtProperties;
import com.example.solidconnection.common.exception.CustomException;
import com.example.solidconnection.common.exception.ErrorCode;
import com.example.solidconnection.siteuser.domain.AuthType;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import com.example.solidconnection.siteuser.repository.SiteUserRepository;
import lombok.RequiredArgsConstructor;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Component
@RequiredArgsConstructor
public class EmailSignUpTokenProvider {

static final String PASSWORD_CLAIM_KEY = "password";
static final String AUTH_TYPE_CLAIM_KEY = "authType";

private final PasswordEncoder passwordEncoder;
private final JwtProperties jwtProperties;
private final RedisTemplate<String, String> redisTemplate;
private final TokenProvider tokenProvider;
private final SignUpTokenProvider signUpTokenProvider;
private final SiteUserRepository siteUserRepository;
private final PasswordTemporaryStorage passwordTemporaryStorage;

public String generateAndSaveSignUpToken(EmailSignUpTokenRequest request) {
@Transactional(readOnly = true)
public String issueEmailSignUpToken(EmailSignUpTokenRequest request) {
String email = request.email();
String password = request.password();
String encodedPassword = passwordEncoder.encode(password);
Map<String, Object> emailSignUpClaims = new HashMap<>(Map.of(
PASSWORD_CLAIM_KEY, encodedPassword,
AUTH_TYPE_CLAIM_KEY, AuthType.EMAIL
));
Claims claims = Jwts.claims(emailSignUpClaims).setSubject(email);
Date now = new Date();
Date expiredDate = new Date(now.getTime() + TokenType.SIGN_UP.getExpireTime());

String signUpToken = Jwts.builder()
.setClaims(claims)
.setIssuedAt(now)
.setExpiration(expiredDate)
.signWith(SignatureAlgorithm.HS512, jwtProperties.secret())
.compact();
return tokenProvider.saveToken(signUpToken, TokenType.SIGN_UP);
}

public void validateSignUpToken(String token) {
validateFormatAndExpiration(token);
String email = parseEmail(token);
validateIssuedByServer(email);
}

private void validateFormatAndExpiration(String token) {
try {
Claims claims = tokenProvider.parseClaims(token);
Objects.requireNonNull(claims.getSubject());
String encodedPassword = claims.get(PASSWORD_CLAIM_KEY, String.class);
Objects.requireNonNull(encodedPassword);
} catch (Exception e) {
throw new CustomException(SIGN_UP_TOKEN_INVALID);
if (siteUserRepository.existsByEmailAndAuthType(email, AuthType.EMAIL)) {
throw new CustomException(ErrorCode.USER_ALREADY_EXISTED);
}
}

private void validateIssuedByServer(String email) {
String key = TokenType.SIGN_UP.addPrefix(email);
if (redisTemplate.opsForValue().get(key) == null) {
throw new CustomException(SIGN_UP_TOKEN_NOT_ISSUED_BY_SERVER);
}
}

public String parseEmail(String token) {
return tokenProvider.parseSubject(token);
}

public String parseEncodedPassword(String token) {
Claims claims = tokenProvider.parseClaims(token);
return claims.get(PASSWORD_CLAIM_KEY, String.class);
passwordTemporaryStorage.save(email, password);
return signUpTokenProvider.generateAndSaveSignUpToken(email, AuthType.EMAIL);
}
}
46 changes: 46 additions & 0 deletions src/main/java/com/example/solidconnection/auth/service/PasswordTemporaryStorage.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
package com.example.solidconnection.auth.service;

import com.example.solidconnection.auth.domain.TokenType;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import lombok.RequiredArgsConstructor;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;

@Component
@RequiredArgsConstructor
public class PasswordTemporaryStorage {

private static final String KEY_PREFIX = "password:";

private final RedisTemplate<String, String> redisTemplate;
private final PasswordEncoder passwordEncoder;

public void save(String email, String rawPassword) {
String encodedPassword = passwordEncoder.encode(rawPassword);
redisTemplate.opsForValue().set(
convertToKey(email),
encodedPassword,
TokenType.SIGN_UP.getExpireTime(),
TimeUnit.MILLISECONDS
);
}

public Optional<String> findByEmail(String email) {
String encodedPassword = redisTemplate.opsForValue().get(convertToKey(email));
if (encodedPassword == null) {
return Optional.empty();
}
return Optional.of(encodedPassword);
}

public void deleteByEmail(String email) {
String key = convertToKey(email);
redisTemplate.delete(key);
}

private String convertToKey(String email) {
return KEY_PREFIX + email;
}
}
Loading
Loading