Merge pull request #17 from SoongSilComputingClub/feat/#16-socialsuccesshandler-implementation-and-jwtservice

[Feat/#16] socialsuccesshandler 및 jwtservice 구현

Author: bell-person-ii

src/main/java/com/example/ssccwebbe/domain/preuser/repository/PreUserRefreshRepository.java

@@ -7,5 +7,11 @@
 import com.example.ssccwebbe.domain.preuser.entity.PreUserRefreshEntity;
 
 public interface PreUserRefreshRepository extends JpaRepository<PreUserRefreshEntity, Long> {
+    Boolean existsByRefresh(String refreshToken);
+
+    void deleteByRefresh(String refresh);
+
+    void deleteByUsername(String username);
+
     void deleteByCreatedDateBefore(LocalDateTime createdDateBefore);
 }

src/main/java/com/example/ssccwebbe/global/security/handler/SocialSuccessHandler.java

@@ -0,0 +1,85 @@
+package com.example.ssccwebbe.global.security.handler;
+
+import java.io.IOException;
+import java.util.Map;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import com.example.ssccwebbe.global.security.UserRoleType;
+import com.example.ssccwebbe.global.security.jwt.service.JwtService;
+import com.example.ssccwebbe.global.security.jwt.util.JwtUtil;
+
+@Component
+@Qualifier("SocialSuccessHandler")
+public class SocialSuccessHandler implements AuthenticationSuccessHandler {
+
+    private final Map<UserRoleType, JwtService> jwtServiceMap;
+
+    @Value("${frontend.url}")
+    private String frontendUrl;
+
+    @Value("${frontend.cookie.secure}")
+    private boolean cookieSecure;
+
+    public SocialSuccessHandler(@Qualifier("preJwtService") JwtService preJwtService) {
+        // JWT Service 매핑 (Strategy 패턴)
+        this.jwtServiceMap =
+                Map.of(
+                        UserRoleType.PREUSER, preJwtService
+                        // UserRoleType.USER, userJwtService  // 나중에 추가
+                        // UserRoleType.ADMIN, adminJwtService  // 나중에 추가
+                        );
+    }
+
+    // 소셜 로그인 성공시 동작 메서드
+    @Override
+    public void onAuthenticationSuccess(
+            HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+            throws IOException, ServletException {
+
+        // username, role
+        String username = authentication.getName();
+        String role = authentication.getAuthorities().iterator().next().getAuthority();
+
+        // UserRoleType 변환 및 JwtService 선택 (Strategy 패턴)
+        UserRoleType roleType = parseRoleType(role);
+        JwtService jwtService =
+                jwtServiceMap.getOrDefault(
+                        roleType, jwtServiceMap.get(UserRoleType.PREUSER)); // 기본값: PREUSER
+
+        // JWT(Refresh) 발급 => 소셜 로그인의 경우 브라우저 리다이렉트 방식으로 토큰 발급이 쿠키 방식으로만 가능
+        String refreshToken = JwtUtil.createJwt(username, "ROLE_" + role, false);
+
+        // 발급한 Refresh DB 테이블 저장 (Refresh whitelist)
+        jwtService.addRefresh(username, refreshToken);
+
+        // 응답
+        Cookie refreshCookie = new Cookie("refreshToken", refreshToken);
+        refreshCookie.setHttpOnly(true);
+        refreshCookie.setSecure(cookieSecure);
+        refreshCookie.setPath("/");
+        refreshCookie.setMaxAge(10); // 10초 (프론트에서 발급 후 바로 헤더 전환 로직 진행 예정)
+
+        response.addCookie(refreshCookie);
+        response.sendRedirect(frontendUrl + "/cookie"); // 프론트 주소로 redirect
+    }
+
+    /** "ROLE_PREUSER" -> UserRoleType.PREUSER 변환 */
+    private UserRoleType parseRoleType(String roleString) {
+        String role = roleString.replace("ROLE_", ""); // "ROLE_PREUSER" -> "PREUSER"
+        try {
+            return UserRoleType.valueOf(role); // "PREUSER" -> UserRoleType.PREUSER
+        } catch (IllegalArgumentException e) {
+            return UserRoleType.PREUSER; // 기본값
+        }
+    }
+}

src/main/java/com/example/ssccwebbe/global/security/jwt/code/JwtErrorCode.java

@@ -0,0 +1,28 @@
+package com.example.ssccwebbe.global.security.jwt.code;
+
+import org.springframework.http.HttpStatus;
+
+import com.example.ssccwebbe.global.apipayload.code.error.ErrorCode;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@Getter
+@AllArgsConstructor
+public enum JwtErrorCode implements ErrorCode {
+
+    // JWT 관련 401 UNAUTHORIZED 에러
+    COOKIE_NOT_FOUND(HttpStatus.UNAUTHORIZED, "JWT4001", "쿠키가 존재하지 않습니다."),
+    REFRESH_TOKEN_COOKIE_NOT_FOUND(HttpStatus.UNAUTHORIZED, "JWT4002", "refreshToken 쿠키가 없습니다."),
+    INVALID_REFRESH_TOKEN(HttpStatus.UNAUTHORIZED, "JWT4003", "유효하지 않은 refreshToken입니다."),
+    REFRESH_TOKEN_NOT_IN_WHITELIST(
+            HttpStatus.UNAUTHORIZED, "JWT4004", "화이트리스트에 없는 refreshToken입니다."),
+
+    // JWT 관련 403 FORBIDDEN 에러
+    EXPIRED_TOKEN(HttpStatus.FORBIDDEN, "JWT4031", "만료된 토큰입니다."),
+    INVALID_TOKEN(HttpStatus.FORBIDDEN, "JWT4032", "유효하지 않은 토큰입니다.");
+
+    private final HttpStatus httpStatus;
+    private final String code;
+    private final String message;
+}

src/main/java/com/example/ssccwebbe/global/security/jwt/dto/JwtResponseDto.java

@@ -0,0 +1,13 @@
+package com.example.ssccwebbe.global.security.jwt.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.ToString;
+
+@AllArgsConstructor
+@Getter
+@ToString
+public class JwtResponseDto {
+    private final String accessToken;
+    private final String refreshToken;
+}

src/main/java/com/example/ssccwebbe/global/security/jwt/dto/RefreshRequestDto.java

@@ -0,0 +1,13 @@
+package com.example.ssccwebbe.global.security.jwt.dto;
+
+import jakarta.validation.constraints.NotBlank;
+
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+public class RefreshRequestDto {
+
+    @NotBlank private String refreshToken;
+}

src/main/java/com/example/ssccwebbe/global/security/jwt/service/JwtService.java

@@ -0,0 +1,57 @@
+package com.example.ssccwebbe.global.security.jwt.service;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import com.example.ssccwebbe.global.security.jwt.dto.JwtResponseDto;
+import com.example.ssccwebbe.global.security.jwt.dto.RefreshRequestDto;
+
+public interface JwtService {
+
+    /**
+     * 소셜 로그인 성공 후 쿠키로 발급해준 Refresh 토큰을 Refresh 토큰과 Access 토큰을 헤더에 담아 한번에 재발급 해주는 메서드
+     *
+     * @param request HTTP 요청
+     * @param response HTTP 응답
+     * @return JWT 응답 (Access Token, Refresh Token)
+     */
+    JwtResponseDto cookie2Header(HttpServletRequest request, HttpServletResponse response);
+
+    /**
+     * Refresh 토큰으로 새로운 Access 토큰과 Refresh 토큰을 재발급해주는 로직 (Rotate 포함)
+     *
+     * @param dto Refresh 요청 DTO
+     * @return JWT 응답 (Access Token, Refresh Token)
+     */
+    JwtResponseDto refreshRotate(RefreshRequestDto dto);
+
+    /**
+     * JWT Refresh 토큰 발급 후 저장 메소드
+     *
+     * @param username 사용자명
+     * @param refreshToken Refresh 토큰
+     */
+    void addRefresh(String username, String refreshToken);
+
+    /**
+     * JWT Refresh 존재 확인 메소드
+     *
+     * @param refreshToken Refresh 토큰
+     * @return 존재 여부
+     */
+    Boolean existsRefresh(String refreshToken);
+
+    /**
+     * JWT Refresh 토큰 삭제 메소드
+     *
+     * @param refreshToken Refresh 토큰
+     */
+    void removeRefresh(String refreshToken);
+
+    /**
+     * 특정 유저 Refresh 토큰 모두 삭제 (탈퇴)
+     *
+     * @param username 사용자명
+     */
+    void removeRefreshUser(String username);
+}

src/main/java/com/example/ssccwebbe/global/security/jwt/service/PreJwtServiceImpl.java

@@ -0,0 +1,150 @@
+package com.example.ssccwebbe.global.security.jwt.service;
+
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.example.ssccwebbe.domain.preuser.entity.PreUserRefreshEntity;
+import com.example.ssccwebbe.domain.preuser.repository.PreUserRefreshRepository;
+import com.example.ssccwebbe.global.apipayload.exception.GeneralException;
+import com.example.ssccwebbe.global.security.jwt.code.JwtErrorCode;
+import com.example.ssccwebbe.global.security.jwt.dto.JwtResponseDto;
+import com.example.ssccwebbe.global.security.jwt.dto.RefreshRequestDto;
+import com.example.ssccwebbe.global.security.jwt.util.JwtUtil;
+
+import lombok.RequiredArgsConstructor;
+
+@Service("preJwtService")
+@RequiredArgsConstructor
+public class PreJwtServiceImpl implements JwtService {
+
+    private final PreUserRefreshRepository preUserRefreshRepository;
+
+    @Value("${frontend.cookie.secure}")
+    private boolean cookieSecure;
+
+    // 소셜 로그인 성공 후 쿠키로 발급해준 Refresh 토큰을 Refresh 토큰과 Access 토큰을  헤더에 담아 한번에 재발급 해주는 메서드
+    @Transactional
+    public JwtResponseDto cookie2Header(HttpServletRequest request, HttpServletResponse response) {
+
+        // 쿠키 리스트
+        Cookie[] cookies = request.getCookies();
+
+        // 쿠키가 없는 경우
+        if (cookies == null) {
+            throw new GeneralException(JwtErrorCode.COOKIE_NOT_FOUND);
+        }
+
+        // Refresh 토큰 획득
+        String refreshToken = null;
+        for (Cookie cookie : cookies) {
+            if ("refreshToken".equals(cookie.getName())) {
+                refreshToken = cookie.getValue();
+                break;
+            }
+        }
+
+        // Refresh 토큰이 없는 경우
+        if (refreshToken == null) {
+            throw new GeneralException(JwtErrorCode.REFRESH_TOKEN_COOKIE_NOT_FOUND);
+        }
+
+        // Refresh 토큰 검증
+        Boolean isValid = JwtUtil.isValid(refreshToken, false);
+        if (!isValid) {
+            throw new GeneralException(JwtErrorCode.INVALID_REFRESH_TOKEN);
+        }
+
+        // 정보 추출
+        String username = JwtUtil.getUsername(refreshToken);
+        String role = JwtUtil.getRole(refreshToken);
+
+        // 토큰 생성
+        String newAccessToken = JwtUtil.createJwt(username, role, true);
+        String newRefreshToken = JwtUtil.createJwt(username, role, false);
+
+        // 기존 Refresh 토큰 DB 삭제 후 신규 추가
+        PreUserRefreshEntity newRefreshEntity =
+                PreUserRefreshEntity.builder().username(username).refresh(newRefreshToken).build();
+
+        removeRefresh(refreshToken);
+        preUserRefreshRepository.flush(); // 같은 트랜잭션 내부라 : 삭제 -> 생성 문제 해결
+        preUserRefreshRepository.save(newRefreshEntity);
+
+        // 기존 쿠키 제거
+        Cookie refreshCookie = new Cookie("refreshToken", null);
+        refreshCookie.setHttpOnly(true);
+        refreshCookie.setSecure(cookieSecure);
+        refreshCookie.setPath("/");
+        refreshCookie.setMaxAge(10);
+        response.addCookie(refreshCookie);
+
+        return new JwtResponseDto(newAccessToken, newRefreshToken);
+    }
+
+    // Refresh 토큰으로 새로운 Access 토큰 과 Refresh 토큰을 재발급해주는 로직 (Rotate 포함)
+    @Transactional
+    public JwtResponseDto refreshRotate(RefreshRequestDto dto) {
+
+        String refreshToken = dto.getRefreshToken();
+
+        // Refresh 토큰 검증
+        Boolean isValid = JwtUtil.isValid(refreshToken, false);
+        if (!isValid) {
+            throw new GeneralException(JwtErrorCode.INVALID_REFRESH_TOKEN);
+        }
+
+        // RefreshEntity 존재 확인 (화이트리스트)
+        if (!existsRefresh(refreshToken)) {
+            throw new GeneralException(JwtErrorCode.REFRESH_TOKEN_NOT_IN_WHITELIST);
+        }
+
+        // 정보 추출
+        String username = JwtUtil.getUsername(refreshToken);
+        String role = JwtUtil.getRole(refreshToken);
+
+        // 토큰 생성
+        String newAccessToken = JwtUtil.createJwt(username, role, true);
+        String newRefreshToken = JwtUtil.createJwt(username, role, false);
+
+        // 기존 Refresh 토큰 DB 삭제 후 신규 추가
+        PreUserRefreshEntity newRefreshEntity =
+                PreUserRefreshEntity.builder().username(username).refresh(newRefreshToken).build();
+
+        removeRefresh(refreshToken);
+        preUserRefreshRepository.save(newRefreshEntity);
+
+        return new JwtResponseDto(newAccessToken, newRefreshToken);
+    }
+
+    // JWT Refresh 토큰 발급 후 저장 메소드
+    @Transactional
+    public void addRefresh(String username, String refreshToken) {
+        PreUserRefreshEntity entity =
+                PreUserRefreshEntity.builder().username(username).refresh(refreshToken).build();
+
+        preUserRefreshRepository.save(entity);
+    }
+
+    // JWT Refresh 존재 확인 메소드
+    @Transactional(readOnly = true)
+    public Boolean existsRefresh(String refreshToken) {
+        return preUserRefreshRepository.existsByRefresh(refreshToken);
+    }
+
+    // JWT Refresh 토큰 삭제 메소드
+    @Transactional
+    public void removeRefresh(String refreshToken) {
+        preUserRefreshRepository.deleteByRefresh(refreshToken);
+    }
+
+    // 특정 유저 Refresh 토큰 모두 삭제 (탈퇴)
+    @Transactional
+    public void removeRefreshUser(String username) {
+        preUserRefreshRepository.deleteByUsername(username);
+    }
+}

src/main/resources/application-local.yaml

@@ -22,6 +22,12 @@ refresh-token:
   ttl-days: 8
   cleanup-cron: "0 0 3 * * *"  # 3AM
 
+# Frontend Configuration
+frontend:
+  url: http://localhost:5173
+  cookie:
+    secure: false
+
 logging:
   level:
     root: INFO

src/main/resources/application-prod.yaml

@@ -20,6 +20,12 @@ jwt:
   access-token-expires-in: ${JWT_ACCESS_TOKEN_EXPIRES_IN:3600000}
   refresh-token-expires-in: ${JWT_REFRESH_TOKEN_EXPIRES_IN:604800000}
 
+# Frontend Configuration
+frontend:
+  url: ${FRONTEND_URL:http://localhost:5173}
+  cookie:
+    secure: true
+
 logging:
   level:
     root: INFO