refactor: 리프레시 토큰 재발급 로직 리팩터링 및 JWT 검증 파이프라인 최적화 (#55)

ckdals4600 · ckdals4600 · commit 74b5ffdc9c83 · 2026-05-21T05:39:02.000+09:00
diff --git a/src/main/java/com/sofa/linkiving/domain/auth/controller/AuthApi.java b/src/main/java/com/sofa/linkiving/domain/auth/controller/AuthApi.java
@@ -1,6 +1,5 @@
 package com.sofa.linkiving.domain.auth.controller;
 
-import com.sofa.linkiving.domain.member.entity.Member;
 import com.sofa.linkiving.global.common.BaseResponse;
 
 import io.swagger.v3.oas.annotations.Operation;
@@ -11,9 +10,8 @@
 
 @Tag(name = "Auth", description = "인증 및 토큰 관리 API")
 public interface AuthApi {
-	@Operation(summary = "토큰 재발급", description = "쿠키에 저장된 Refresh Token을 검증하여 Access/Refresh Token을 재발급합니다.")
+	@Operation(summary = "토큰 재발급", description = "Refresh Token을 검증하여 Access/Refresh Token을 재발급합니다.")
 	BaseResponse<Void> reissue(
-		Member member,
 		@Parameter(description = "리프레시 토큰") String refreshToken,
 		HttpServletRequest request,
 		HttpServletResponse response
diff --git a/src/main/java/com/sofa/linkiving/domain/auth/controller/AuthController.java b/src/main/java/com/sofa/linkiving/domain/auth/controller/AuthController.java
@@ -7,10 +7,8 @@
 
 import com.sofa.linkiving.domain.auth.dto.internal.TokenDto;
 import com.sofa.linkiving.domain.auth.service.AuthService;
-import com.sofa.linkiving.domain.member.entity.Member;
 import com.sofa.linkiving.global.common.BaseResponse;
 import com.sofa.linkiving.global.util.CookieUtils;
-import com.sofa.linkiving.security.annotation.AuthMember;
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -26,12 +24,11 @@ public class AuthController implements AuthApi {
 	@Override
 	@PostMapping("/reissue")
 	public BaseResponse<Void> reissue(
-		@AuthMember Member member,
 		@CookieValue(value = "refreshToken", required = false) String refreshToken,
 		HttpServletRequest request,
 		HttpServletResponse response
 	) {
-		TokenDto newTokens = authService.reissue(refreshToken, member);
+		TokenDto newTokens = authService.reissue(refreshToken);
 
 		cookieUtils.addCookie(request, response, "accessToken", newTokens.accessToken(), newTokens.accessExp());
 		cookieUtils.addCookie(request, response, "refreshToken", newTokens.refreshToken(), newTokens.refreshExp());
diff --git a/src/main/java/com/sofa/linkiving/domain/auth/service/AuthService.java b/src/main/java/com/sofa/linkiving/domain/auth/service/AuthService.java
@@ -1,10 +1,8 @@
 package com.sofa.linkiving.domain.auth.service;
 
 import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
 
 import com.sofa.linkiving.domain.auth.dto.internal.TokenDto;
-import com.sofa.linkiving.domain.member.entity.Member;
 import com.sofa.linkiving.security.jwt.JwtProperties;
 import com.sofa.linkiving.security.jwt.JwtTokenProvider;
 
@@ -16,10 +14,9 @@ public class AuthService {
 	private final JwtTokenProvider jwtTokenProvider;
 	private final JwtProperties jwtProperties;
 
-	@Transactional
-	public TokenDto reissue(String refreshToken, Member member) {
-		String email = member.getEmail();
-		jwtTokenProvider.validateRefreshToken(refreshToken, email);
+	public TokenDto reissue(String refreshToken) {
+
+		String email = jwtTokenProvider.validateRefreshToken(refreshToken);
 
 		String newAccessToken = jwtTokenProvider.createAccessToken(email);
 		String newRefreshToken = jwtTokenProvider.createRefreshToken(email);
diff --git a/src/main/java/com/sofa/linkiving/security/auth/config/SecurityConstants.java b/src/main/java/com/sofa/linkiving/security/auth/config/SecurityConstants.java
@@ -22,7 +22,10 @@ public abstract class SecurityConstants {
 		"/v1/member/signup", "/v1/member/login", "/mock/**",
 
 		/* oauth2 */
-		"/oauth2/**"
+		"/oauth2/**",
+
+		/* auth */
+		"/v1/auth/reissue"
 	};
 
 	private static final String[] SEMI_PERMIT_URLS = {
diff --git a/src/main/java/com/sofa/linkiving/security/jwt/JwtTokenProvider.java b/src/main/java/com/sofa/linkiving/security/jwt/JwtTokenProvider.java
@@ -114,57 +114,49 @@ public String resolveToken(HttpServletRequest request) {
 		return null;
 	}
 
-	public Date getExpiration(String token) {
-		return parseClaims(token).getExpiration();
-	}
+	private Claims validateToken(String token) {
+		if (token == null || token.isBlank()) {
+			throw new CustomJwtException(JwtErrorCode.EMPTY_TOKEN);
+		}
 
-	public String getUserIdFromToken(String token) {
-		return parseClaims(token).getSubject();
+		try {
+			return parseClaims(token);
+		} catch (ExpiredJwtException e) {
+			throw new CustomJwtException(JwtErrorCode.EXPIRED_JWT_TOKEN);
+		} catch (SecurityException | MalformedJwtException | IllegalArgumentException e) {
+			throw new CustomJwtException(JwtErrorCode.INVALID_JWT_TOKEN);
+		} catch (UnsupportedJwtException e) {
+			throw new CustomJwtException(JwtErrorCode.UNSUPPORTED_JWT_TOKEN);
+		}
 	}
 
-	public void validateRefreshToken(String refreshToken, String userId) {
-		if (refreshToken == null || refreshToken.isBlank()) {
-			throw new CustomJwtException(JwtErrorCode.EMPTY_TOKEN);
-		}
+	public String validateRefreshToken(String refreshToken) {
+		Claims claims = validateToken(refreshToken);
 
-		Claims claims = parseClaims(refreshToken);
 		String tokenType = claims.get(JwtKeys.Claims.TOKEN_TYPE, String.class);
 
 		if (!JwtKeys.TokenType.REFRESH.equals(tokenType)) {
 			throw new CustomJwtException(JwtErrorCode.INVALID_REFRESH);
 		}
 
+		String userId = claims.getSubject();
+
 		if (redisService.hasNoKey(RedisKeyRegistry.REFRESH_TOKEN, userId)) {
 			throw new CustomJwtException(JwtErrorCode.CANNOT_REFRESH);
 		}
 
 		String redisToken = redisService.get(RedisKeyRegistry.REFRESH_TOKEN, userId);
-
 		if (!redisToken.equals(refreshToken)) {
 			throw new CustomJwtException(JwtErrorCode.INVALID_JWT_TOKEN);
 		}
 
+		return userId;
 	}
 
 	public boolean validateAccessToken(String token) {
-		if (token == null || token.isBlank()) {
-			throw new CustomJwtException(JwtErrorCode.EMPTY_TOKEN);
-		}
+		Claims claims = validateToken(token);
 
-		try {
-			Claims claims = parseClaims(token);
-			boolean notExpired = !claims.getExpiration().before(new Date());
-
-			String tokenType = claims.get(JwtKeys.Claims.TOKEN_TYPE, String.class);
-			boolean isAccess = JwtKeys.TokenType.ACCESS.equals(tokenType);
-
-			return notExpired && isAccess;
-		} catch (SecurityException | MalformedJwtException | IllegalArgumentException e) {
-			throw new CustomJwtException(JwtErrorCode.INVALID_JWT_TOKEN);
-		} catch (ExpiredJwtException e) {
-			throw new CustomJwtException(JwtErrorCode.EXPIRED_JWT_TOKEN);
-		} catch (UnsupportedJwtException e) {
-			throw new CustomJwtException(JwtErrorCode.UNSUPPORTED_JWT_TOKEN);
-		}
+		String tokenType = claims.get(JwtKeys.Claims.TOKEN_TYPE, String.class);
+		return JwtKeys.TokenType.ACCESS.equals(tokenType);
 	}
 }
diff --git a/src/test/java/com/sofa/linkiving/domain/auth/integration/AuthApiIntegrationTest.java b/src/test/java/com/sofa/linkiving/domain/auth/integration/AuthApiIntegrationTest.java
@@ -14,18 +14,15 @@
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.http.MediaType;
-import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.bean.override.mockito.MockitoBean;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.transaction.annotation.Transactional;
 
 import com.sofa.linkiving.domain.member.entity.Member;
-import com.sofa.linkiving.domain.member.enums.Role;
 import com.sofa.linkiving.domain.member.repository.MemberRepository;
 import com.sofa.linkiving.infra.redis.RedisService;
 import com.sofa.linkiving.security.jwt.JwtTokenProvider;
-import com.sofa.linkiving.security.userdetails.CustomMemberDetail;
 
 import jakarta.servlet.http.Cookie;
 
@@ -48,15 +45,13 @@ public class AuthApiIntegrationTest {
 	private RedisService redisService;
 
 	private Member testMember;
-	private UserDetails testUserDetails;
 
 	@BeforeEach
 	void setUp() {
 		testMember = memberRepository.save(Member.builder()
 			.email("auth@test.com")
 			.password("password")
 			.build());
-		testUserDetails = new CustomMemberDetail(testMember, Role.USER);
 	}
 
 	@Test
@@ -75,14 +70,12 @@ void shouldReissueTokensAndReturnOk() throws Exception {
 				post("/v1/auth/reissue")
 					.cookie(refreshTokenCookie)
 					.with(csrf())
-					.with(user(testUserDetails))
 					.accept(MediaType.APPLICATION_JSON)
 			)
 			.andDo(print())
 			.andExpect(status().isOk())
 			.andExpect(jsonPath("$.success").value(true))
 			.andExpect(jsonPath("$.message").value("토큰 재발급 완료"))
-			// 쿠키가 응답 헤더에 세팅되었는지 확인
 			.andExpect(cookie().exists("accessToken"))
 			.andExpect(cookie().exists("refreshToken"));
 	}
@@ -96,7 +89,6 @@ void shouldFailWhenRefreshTokenCookieIsMissing() throws Exception {
 		mockMvc.perform(
 				post("/v1/auth/reissue")
 					.with(csrf())
-					.with(user(testUserDetails))
 					.accept(MediaType.APPLICATION_JSON)
 			)
 			.andDo(print())
diff --git a/src/test/java/com/sofa/linkiving/domain/auth/service/AuthServiceTest.java b/src/test/java/com/sofa/linkiving/domain/auth/service/AuthServiceTest.java
@@ -11,7 +11,6 @@
 import org.mockito.junit.jupiter.MockitoExtension;
 
 import com.sofa.linkiving.domain.auth.dto.internal.TokenDto;
-import com.sofa.linkiving.domain.member.entity.Member;
 import com.sofa.linkiving.security.jwt.JwtProperties;
 import com.sofa.linkiving.security.jwt.JwtTokenProvider;
 import com.sofa.linkiving.security.jwt.error.CustomJwtException;
@@ -34,14 +33,13 @@ public class AuthServiceTest {
 	@DisplayName("유효한 RefreshToken이 주어지면 새로운 토큰 쌍을 발급한다")
 	void shouldReissueTokensSuccessfully() {
 		// given
-		Member member = mock(Member.class);
-		given(member.getEmail()).willReturn("test@test.com");
+
 		String oldRefreshToken = "old-refresh-token";
 
 		String newAccessToken = "new-access-token";
 		String newRefreshToken = "new-refresh-token";
 
-		willDoNothing().given(jwtTokenProvider).validateRefreshToken(oldRefreshToken, "test@test.com");
+		given(jwtTokenProvider.validateRefreshToken(oldRefreshToken)).willReturn("test@test.com");
 		given(jwtTokenProvider.createAccessToken("test@test.com")).willReturn(newAccessToken);
 		given(jwtTokenProvider.createRefreshToken("test@test.com")).willReturn(newRefreshToken);
 
@@ -50,7 +48,7 @@ void shouldReissueTokensSuccessfully() {
 		given(jwtProperties.refreshTokenValidTime()).willReturn(1209600000L);
 
 		// when
-		TokenDto result = authService.reissue(oldRefreshToken, member);
+		TokenDto result = authService.reissue(oldRefreshToken);
 
 		// then
 		assertThat(result).isNotNull();
@@ -59,22 +57,20 @@ void shouldReissueTokensSuccessfully() {
 		assertThat(result.refreshToken()).isEqualTo(newRefreshToken);
 		assertThat(result.refreshExp()).isEqualTo(1209600);
 
-		verify(jwtTokenProvider, times(1)).validateRefreshToken(oldRefreshToken, "test@test.com");
+		verify(jwtTokenProvider, times(1)).validateRefreshToken(oldRefreshToken);
 	}
 
 	@Test
 	@DisplayName("RefreshToken 검증에 실패하면 예외가 발생한다")
 	void shouldThrowExceptionWhenRefreshTokenIsInvalid() {
 		// given
-		Member member = mock(Member.class);
-		given(member.getEmail()).willReturn("test@test.com");
 		String invalidToken = "invalid-token";
 
 		willThrow(new CustomJwtException(JwtErrorCode.INVALID_JWT_TOKEN))
-			.given(jwtTokenProvider).validateRefreshToken(invalidToken, "test@test.com");
+			.given(jwtTokenProvider).validateRefreshToken(invalidToken);
 
 		// when & then
-		assertThatThrownBy(() -> authService.reissue(invalidToken, member))
+		assertThatThrownBy(() -> authService.reissue(invalidToken))
 			.isInstanceOf(RuntimeException.class);
 	}
 }
diff --git a/src/test/java/com/sofa/linkiving/global/security/jwt/JwtTokenProviderTest.java b/src/test/java/com/sofa/linkiving/global/security/jwt/JwtTokenProviderTest.java
@@ -174,7 +174,7 @@ void shouldThrowCannotRefreshWhenNoTokenInRedis() {
 			.willReturn(true);
 
 		// when & then
-		assertThatThrownBy(() -> provider.validateRefreshToken(refreshToken, userId))
+		assertThatThrownBy(() -> provider.validateRefreshToken(refreshToken))
 			.isInstanceOf(CustomJwtException.class)
 			.extracting("errorCode")
 			.isEqualTo(JwtErrorCode.CANNOT_REFRESH);
@@ -190,7 +190,7 @@ void shouldThrowWhenRefreshTokenTypeIsInvalid() {
 		String accessToken = provider.createAccessToken("member");
 
 		// when & then
-		assertThatThrownBy(() -> provider.validateRefreshToken(accessToken, "member-5"))
+		assertThatThrownBy(() -> provider.validateRefreshToken(accessToken))
 			.isInstanceOf(CustomJwtException.class)
 			.extracting("errorCode")
 			.isEqualTo(JwtErrorCode.INVALID_REFRESH);
@@ -211,7 +211,7 @@ void shouldThrowWhenRefreshTokenMismatch() {
 			.willReturn("another-token");
 
 		// when & then
-		assertThatThrownBy(() -> provider.validateRefreshToken(refreshToken, userId))
+		assertThatThrownBy(() -> provider.validateRefreshToken(refreshToken))
 			.isInstanceOf(CustomJwtException.class)
 			.extracting("errorCode")
 			.isEqualTo(JwtErrorCode.INVALID_JWT_TOKEN);
@@ -231,7 +231,7 @@ void shouldValidateRefreshTokenSuccessfully() {
 		given(redisService.get(RedisKeyRegistry.REFRESH_TOKEN, userId)).willReturn(refreshToken);
 
 		// when & then
-		assertThatCode(() -> provider.validateRefreshToken(refreshToken, userId))
+		assertThatCode(() -> provider.validateRefreshToken(refreshToken))
 			.doesNotThrowAnyException();
 	}
 }
