Merge pull request #151 from Pinback-Team/feat/#145

feat: 토큰 재발급 기능 구현

Author: ose0221

api/src/main/java/com/pinback/api/auth/controller/AuthControllerV3.java

@@ -0,0 +1,49 @@
+package com.pinback.api.auth.controller;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseCookie;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CookieValue;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.pinback.application.auth.dto.SignUpResponseV3;
+import com.pinback.application.auth.dto.TokenResponse;
+import com.pinback.application.auth.usecase.AuthUsecase;
+import com.pinback.shared.dto.ResponseDto;
+
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.RequiredArgsConstructor;
+
+@RestController
+@RequestMapping("/api/v3/auth")
+@RequiredArgsConstructor
+@Tag(name = "Authentication V3", description = "인증 관리 API V3")
+public class AuthControllerV3 {
+	private final AuthUsecase authUsecase;
+
+	@Value("${jwt.refreshExpirationPeriod}")
+	private long refreshTokenExpirationPeriod;
+
+	@PostMapping("/reissue")
+	public ResponseEntity<ResponseDto<TokenResponse>> reissueAccessToken(
+		@CookieValue(name = "refreshToken") String refreshToken
+	) {
+		SignUpResponseV3 response = authUsecase.getNewToken(refreshToken);
+
+		ResponseCookie cookie = ResponseCookie.from("refreshToken", response.refreshToken())
+			.httpOnly(true)
+			.secure(true)
+			.path("/")
+			.maxAge(refreshTokenExpirationPeriod / 1000)
+			.sameSite("None")
+			.build();
+
+		return ResponseEntity.ok()
+			.header(HttpHeaders.SET_COOKIE, cookie.toString())
+			.body(ResponseDto.ok(TokenResponse.of(response.accessToken())));
+	}
+
+}

api/src/main/java/com/pinback/api/config/filter/JwtAuthenticationFilter.java

@@ -104,7 +104,8 @@ protected boolean shouldNotFilter(HttpServletRequest request) throws ServletExce
 				path.startsWith("/api/v2/auth/signup") ||
 				path.startsWith("/api/v3/auth/signup") ||
 				path.startsWith("/api/v3/auth/google") ||
-				path.startsWith("/api/v3/enums/jobs")
+				path.startsWith("/api/v3/enums/jobs") ||
+				path.startsWith("/api/v3/auth/reissue")
 			;
 	}
 }

api/src/main/java/com/pinback/api/config/security/SecurityConfig.java

@@ -56,7 +56,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 					"/api/v2/auth/google",
 					"/api/v2/auth/signup",
 					"/api/v3/auth/signup",
-					"/api/v3/auth/google"
+					"/api/v3/auth/google",
+					"api/v3/auth/reissue"
 				).permitAll()
 
 				.requestMatchers(

api/src/main/java/com/pinback/api/google/controller/GoogleLoginControllerV3.java

@@ -1,5 +1,9 @@
 package com.pinback.api.google.controller;
 
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseCookie;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -8,7 +12,7 @@
 
 import com.pinback.api.auth.dto.request.SignUpRequestV3;
 import com.pinback.api.google.dto.request.GoogleLoginRequestV3;
-import com.pinback.application.auth.dto.SignUpResponse;
+import com.pinback.application.auth.dto.SignUpResponseV3;
 import com.pinback.application.auth.usecase.AuthUsecase;
 import com.pinback.application.google.dto.response.GoogleLoginResponseV3;
 import com.pinback.application.google.usecase.GoogleUsecase;
@@ -27,28 +31,51 @@
 public class GoogleLoginControllerV3 {
 	private final GoogleUsecase googleUsecase;
 	private final AuthUsecase authUsecase;
+	@Value("${jwt.refreshExpirationPeriod}")
+	private long refreshTokenExpirationPeriod;
 
 	@Operation(summary = "구글 소셜 로그인 V3", description = "구글 소셜 로그인을 진행하며, 응답에 직무 선택 여부를 포함합니다.")
 	@PostMapping("/google")
-	public Mono<ResponseDto<GoogleLoginResponseV3>> googleLogin(
+	public Mono<ResponseEntity<ResponseDto<GoogleLoginResponseV3>>> googleLogin(
 		@Valid @RequestBody GoogleLoginRequestV3 request
 	) {
 		return googleUsecase.getUserInfoV3(request.toCommand())
 			.flatMap(googleResponse -> {
 				return authUsecase.getInfoAndTokenV3(googleResponse.email(), googleResponse.pictureUrl(),
 						googleResponse.name())
 					.map(loginResponse -> {
-						return ResponseDto.ok(loginResponse);
+						ResponseCookie cookie = ResponseCookie.from("refreshToken", loginResponse.refreshToken())
+							.httpOnly(true)
+							.secure(true)
+							.path("/")
+							.maxAge(refreshTokenExpirationPeriod / 1000)
+							.sameSite("None")
+							.build();
+
+						return ResponseEntity.ok()
+							.header(HttpHeaders.SET_COOKIE, cookie.toString())
+							.body(ResponseDto.ok(loginResponse));
 					});
 			});
 	}
 
 	@Operation(summary = "신규 회원 온보딩 V3", description = "신규 회원의 기본 정보(직무 포함)를 등록합니다.")
 	@PatchMapping("/signup")
-	public ResponseDto<SignUpResponse> signUpV3(
+	public ResponseEntity<ResponseDto<SignUpResponseV3>> signUpV3(
 		@Valid @RequestBody SignUpRequestV3 request
 	) {
-		SignUpResponse response = authUsecase.signUpV3(request.toCommand());
-		return ResponseDto.ok(response);
+		SignUpResponseV3 response = authUsecase.signUpV3(request.toCommand());
+
+		ResponseCookie cookie = ResponseCookie.from("refreshToken", response.refreshToken())
+			.httpOnly(true)
+			.secure(true)
+			.path("/")
+			.maxAge(refreshTokenExpirationPeriod / 1000)
+			.sameSite("None")
+			.build();
+
+		return ResponseEntity.ok()
+			.header(HttpHeaders.SET_COOKIE, cookie.toString())
+			.body(ResponseDto.ok(response));
 	}
 }

api/src/main/resources/application.yml

@@ -24,6 +24,7 @@ springdoc:
 jwt:
   secret-key: ${SECRET_KEY}
   accessExpirationPeriod: ${EXPIRATION_PERIOD}
+  refreshExpirationPeriod: ${REFRESH_EXPIRATION_PERIOD}
   issuer: ${ISSUER}
 
 fcm: ${FCM_JSON}

application/build.gradle

@@ -17,4 +17,6 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-webflux'
 
     annotationProcessor 'org.springframework.boot:spring-boot-configuration-processor'
+
+    implementation 'org.springframework.boot:spring-boot-starter-data-redis'
 }

application/src/main/java/com/pinback/application/auth/dto/SignUpResponseV3.java

@@ -0,0 +1,10 @@
+package com.pinback.application.auth.dto;
+
+public record SignUpResponseV3(
+	String accessToken,
+	String refreshToken
+) {
+	public static SignUpResponseV3 from(String accessToken, String refreshToken) {
+		return new SignUpResponseV3(accessToken, refreshToken);
+	}
+}

application/src/main/java/com/pinback/application/auth/dto/TokenResponse.java

@@ -3,4 +3,7 @@
 public record TokenResponse(
 	String token
 ) {
+	public static TokenResponse of(String token) {
+		return new TokenResponse(token);
+	}
 }

application/src/main/java/com/pinback/application/auth/service/JwtProvider.java

@@ -8,4 +8,6 @@ public interface JwtProvider {
 	boolean validateToken(String token);
 
 	UUID getUserIdFromToken(String token);
+
+	String createRefreshToken(UUID userId);
 }

application/src/main/java/com/pinback/application/auth/usecase/AuthUsecase.java

@@ -1,15 +1,20 @@
 package com.pinback.application.auth.usecase;
 
 import java.time.LocalTime;
+import java.util.UUID;
 
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
 import com.pinback.application.auth.dto.SignUpCommand;
 import com.pinback.application.auth.dto.SignUpCommandV3;
 import com.pinback.application.auth.dto.SignUpResponse;
+import com.pinback.application.auth.dto.SignUpResponseV3;
 import com.pinback.application.auth.dto.TokenResponse;
 import com.pinback.application.auth.service.JwtProvider;
+import com.pinback.application.common.exception.InvalidTokenException;
 import com.pinback.application.config.ProfileImageConfig;
 import com.pinback.application.google.dto.response.GoogleLoginResponse;
 import com.pinback.application.google.dto.response.GoogleLoginResponseV3;
@@ -30,6 +35,7 @@
 @Service
 @RequiredArgsConstructor
 public class AuthUsecase {
+	private static final String REDIS_REFRESH_TOKEN_PREFIX = "RT:";
 
 	private final UserValidateServicePort userValidateServicePort;
 	private final UserSaveServicePort userSaveServicePort;
@@ -40,6 +46,10 @@ public class AuthUsecase {
 	private final UserUpdateServicePort userUpdateServicePort;
 	private final UserOAuthUsecase userOAuthUsecase;
 	private final ProfileImageConfig profileImageConfig;
+	private final StringRedisTemplate stringRedisTemplate;
+
+	@Value("${jwt.refreshExpirationPeriod}")
+	private long refreshTokenExpirationPeriod;
 
 	@Transactional
 	public SignUpResponse signUp(SignUpCommand signUpCommand) {
@@ -123,9 +133,11 @@ public SignUpResponse signUpV2(SignUpCommand signUpCommand) {
 	}
 
 	@Transactional
-	public SignUpResponse signUpV3(SignUpCommandV3 signUpCommand) {
+	public SignUpResponseV3 signUpV3(SignUpCommandV3 signUpCommand) {
 		User user = userGetServicePort.findByEmail(signUpCommand.email());
 		String accessToken = jwtProvider.createAccessToken(user.getId());
+		String refreshToken = jwtProvider.createRefreshToken(user.getId());
+		saveRefreshTokenToRedis(user.getId(), refreshToken);
 		userUpdateServicePort.updateRemindDefault(user.getId(), signUpCommand.remindDefault());
 
 		savePushSubscriptionPort.savePushSubscription(user, signUpCommand.fcmToken());
@@ -135,7 +147,7 @@ public SignUpResponse signUpV3(SignUpCommandV3 signUpCommand) {
 		Job job = Job.from(signUpCommand.job());
 		userUpdateServicePort.updateJob(user.getId(), job);
 
-		return SignUpResponse.from(accessToken);
+		return SignUpResponseV3.from(accessToken, refreshToken);
 	}
 
 	@Transactional
@@ -149,11 +161,15 @@ public Mono<GoogleLoginResponseV3> getInfoAndTokenV3(String email, String pictur
 						if (updatedUser.getRemindDefault() != null && updatedUser.getProfileImage() != null) {
 							log.info("기존 사용자 로그인 성공: User ID {}", updatedUser.getId());
 
-							//Access Token 발급
+							//Access Token & Refresh Token 발급
 							String accessToken = jwtProvider.createAccessToken(updatedUser.getId());
+							String refreshToken = jwtProvider.createRefreshToken(updatedUser.getId());
+
+							saveRefreshTokenToRedis(updatedUser.getId(), refreshToken);
 
 							return Mono.just(GoogleLoginResponseV3.loggedIn(
-								updatedUser.hasJob(), updatedUser.getId(), updatedUser.getEmail(), accessToken
+								updatedUser.hasJob(), updatedUser.getId(), updatedUser.getEmail(), accessToken,
+								refreshToken
 							));
 						} else {
 							log.info("기존 사용자 - 온보딩 미완료 유저 처리: User ID {}", updatedUser.getId());
@@ -185,6 +201,25 @@ public Mono<GoogleLoginResponseV3> getInfoAndTokenV3(String email, String pictur
 			}));
 	}
 
+	@Transactional
+	public SignUpResponseV3 getNewToken(String refreshToken) {
+		UUID userId = jwtProvider.getUserIdFromToken(refreshToken);
+
+		String redisKey = REDIS_REFRESH_TOKEN_PREFIX + userId.toString();
+		String savedToken = stringRedisTemplate.opsForValue().get(redisKey);
+		if (savedToken == null || !savedToken.equals(refreshToken)) {
+			stringRedisTemplate.delete(redisKey);
+			throw new InvalidTokenException();
+		}
+
+		String newAccessToken = jwtProvider.createAccessToken(userId);
+		String newRefreshToken = jwtProvider.createRefreshToken(userId);
+
+		saveRefreshTokenToRedis(userId, newRefreshToken);
+
+		return SignUpResponseV3.from(newAccessToken, newRefreshToken);
+	}
+
 	private Mono<User> applyMissingUserInfo(User existingUser, String pictureUrl, String name) {
 		// 1. 이름 업데이트
 		boolean nameUpdated = false;
@@ -224,4 +259,13 @@ private String matchingProfileImage(LocalTime remindDefault) {
 			return "IMAGE3";
 		}
 	}
+
+	private void saveRefreshTokenToRedis(UUID userId, String refreshToken) {
+		stringRedisTemplate.opsForValue().set(
+			"RT:" + userId.toString(),
+			refreshToken,
+			refreshTokenExpirationPeriod,
+			java.util.concurrent.TimeUnit.MILLISECONDS
+		);
+	}
 }