[T3-53] add redis service for refresh token (#8)

* chore: update directory structure

* chore: update directory structure for model, request, response

* feat: change the token generation method

* feat: update JWT error code

* feat: add redis hash for refreshToken

* refactor: change class name to TokenResponse

* feat: add redis service for refreshToken

* feat: add an api for reissuing tokens

* refactor: delete a subdirectory of jwt

* refactor: move service logic from the controller layer to the service layer

* refactor: move class about request or response from model to request or response

* remove: delete unnecessary Kakao variables

* refactor: update class name about user's auth

* refactor: change to common error handling

* refactor: change directory name to kakao from oauth2

* feat: add annotation in ProdRedisConfig

* refactor: Change from RestTemplate to FeignClient

* feat: add a nickname field to your kakao profile

* refactor: change name from RedisService to AuthRedisService

* refactor: change directory name from model, entity to domain

* feat: add domain object to map Kakao, Apple membership information

* refactor: change to use one social login for both Apple and Kakao

* refactor: change to improved switch statements

Author: yuseok0215

build.gradle

@@ -17,12 +17,19 @@ repositories {
 	mavenCentral()
 }
 
+dependencyManagement {
+	imports {
+		mavenBom "org.springframework.cloud:spring-cloud-dependencies:2025.0.0"
+	}
+}
+
 dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	implementation 'org.springframework.boot:spring-boot-starter-security'
 	implementation "org.springframework.boot:spring-boot-starter-oauth2-client"
 	implementation 'org.springframework.boot:spring-boot-starter-validation'
+	implementation 'org.springframework.cloud:spring-cloud-starter-openfeign'
 
 	// jwt
     implementation 'io.jsonwebtoken:jjwt-api:0.11.5'

config

@@ -2,8 +2,10 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.openfeign.EnableFeignClients;
 
 @SpringBootApplication
+@EnableFeignClients
 public class BitnagilBackendApplication {
 
 	public static void main(String[] args) {

src/main/java/bitnagil/bitnagil_backend/BitnagilBackendApplication.java

@@ -0,0 +1,37 @@
+package bitnagil.bitnagil_backend.auth.jwt;
+
+import java.util.Optional;
+
+import org.springframework.stereotype.Component;
+
+import lombok.RequiredArgsConstructor;
+
+@Component
+@RequiredArgsConstructor
+public class AuthRedisService {
+    private final RefreshTokenRedisRepository refreshTokenRedisRepository;
+
+    // 🔸 저장
+    public void saveRefreshToken(Long userId, String token) {
+        RefreshToken refreshToken = RefreshToken.builder()
+            .userId(String.valueOf(userId))
+            .refreshToken(token)
+            .build();
+        refreshTokenRedisRepository.save(refreshToken);
+    }
+
+    // 🔸 조회 by userId
+    public Optional<RefreshToken> getRefreshTokenByUserId(Long userId) {
+        return refreshTokenRedisRepository.findById(String.valueOf(userId));
+    }
+
+    // 🔸 조회 by refreshToken
+    public Optional<RefreshToken> getRefreshTokenByToken(String token) {
+        return refreshTokenRedisRepository.findByRefreshToken(token);
+    }
+
+    // 🔸 삭제
+    public void deleteRefreshToken(Long userId) {
+        refreshTokenRedisRepository.deleteById(String.valueOf(userId));
+    }
+}

src/main/java/bitnagil/bitnagil_backend/auth/jwt/AuthRedisService.java

@@ -1,4 +1,4 @@
-package bitnagil.bitnagil_backend.infrastructure.jwt.handler;
+package bitnagil.bitnagil_backend.auth.jwt;
 
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;

…/jwt/handler/JwtAccessDeniedHandler.java …end/auth/jwt/JwtAccessDeniedHandler.javasrc/main/java/bitnagil/bitnagil_backend/infrastructure/jwt/handler/JwtAccessDeniedHandler.java renamed to src/main/java/bitnagil/bitnagil_backend/auth/jwt/JwtAccessDeniedHandler.java src/main/java/bitnagil/bitnagil_backend/infrastructure/jwt/handler/JwtAccessDeniedHandler.java renamed to src/main/java/bitnagil/bitnagil_backend/auth/jwt/JwtAccessDeniedHandler.java

@@ -1,4 +1,4 @@
-package bitnagil.bitnagil_backend.infrastructure.jwt.handler;
+package bitnagil.bitnagil_backend.auth.jwt;
 
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;

…handler/JwtAuthenticationEntryPoint.java …uth/jwt/JwtAuthenticationEntryPoint.javasrc/main/java/bitnagil/bitnagil_backend/infrastructure/jwt/handler/JwtAuthenticationEntryPoint.java renamed to src/main/java/bitnagil/bitnagil_backend/auth/jwt/JwtAuthenticationEntryPoint.java src/main/java/bitnagil/bitnagil_backend/infrastructure/jwt/handler/JwtAuthenticationEntryPoint.java renamed to src/main/java/bitnagil/bitnagil_backend/auth/jwt/JwtAuthenticationEntryPoint.java

@@ -1,4 +1,4 @@
-package bitnagil.bitnagil_backend.infrastructure.jwt.service;
+package bitnagil.bitnagil_backend.auth.jwt;
 
 import java.io.IOException;
 
@@ -21,7 +21,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
     public static final String AUTHORIZATION_HEADER = "Authorization";
     public static final String BEARER_PREFIX = "Bearer ";
 
-    private final JwtTokenProvider jwtTokenProvider;
+    private final JwtProvider jwtProvider;
 
     // 실제 필터링 로직은 doFilterInternal 에 들어감
     // JWT 토큰의 인증 정보를 현재 쓰레드의 SecurityContext 에 저장하는 역할 수행
@@ -34,8 +34,8 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 
         // 2. validateToken 으로 토큰 유효성 검사
         // 정상 토큰이면 해당 토큰으로 Authentication 을 가져와서 SecurityContext 에 저장
-        if (StringUtils.hasText(jwt) && jwtTokenProvider.validateToken(jwt)) {
-            Authentication authentication = jwtTokenProvider.getAuthentication(jwt);
+        if (StringUtils.hasText(jwt) && jwtProvider.validateToken(jwt)) {
+            Authentication authentication = jwtProvider.getAuthentication(jwt);
             SecurityContextHolder.getContext().setAuthentication(authentication);
         }
 
@@ -45,8 +45,9 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
     // Request Header 에서 토큰 정보를 꺼내오기
     private String resolveToken(HttpServletRequest request) {
         String bearerToken = request.getHeader(AUTHORIZATION_HEADER);
+
         if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(BEARER_PREFIX)) {
-            return bearerToken.substring(7);
+            return bearerToken.substring(BEARER_PREFIX.length());
         }
         return null;
     }

…jwt/service/JwtAuthenticationFilter.java …nd/auth/jwt/JwtAuthenticationFilter.javasrc/main/java/bitnagil/bitnagil_backend/infrastructure/jwt/service/JwtAuthenticationFilter.java renamed to src/main/java/bitnagil/bitnagil_backend/auth/jwt/JwtAuthenticationFilter.java src/main/java/bitnagil/bitnagil_backend/infrastructure/jwt/service/JwtAuthenticationFilter.java renamed to src/main/java/bitnagil/bitnagil_backend/auth/jwt/JwtAuthenticationFilter.java

@@ -0,0 +1,129 @@
+package bitnagil.bitnagil_backend.auth.jwt;
+
+import java.security.Key;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.stereotype.Service;
+
+import bitnagil.bitnagil_backend.global.errorcode.ErrorCode;
+import bitnagil.bitnagil_backend.global.exception.CustomException;
+import bitnagil.bitnagil_backend.user.Repository.UserRepository;
+import bitnagil.bitnagil_backend.user.domain.User;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.MalformedJwtException;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.UnsupportedJwtException;
+import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.security.Keys;
+import jakarta.annotation.PostConstruct;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class JwtProvider {
+    private final AuthRedisService authRedisService;
+
+    @Value("${jwt.secret}")
+    private String secretKey;
+
+    private static final Long ACCESS_TOKEN_EXPIRE_TIME = (long)(1000 * 60 * 30);            // 30분
+    private static final Long REFRESH_TOKEN_EXPIRE_TIME = (long)(1000 * 60 * 60 * 24 * 7);
+    private static final String ACCESS_TOKEN_SUBJECT = "AccessToken";
+    private static final String REFRESH_TOKEN_SUBJECT = "RefreshToken";// 7일
+
+    private Key key;
+
+    private final UserRepository userRepository;
+
+    // jwt.secret을 사용해서 암호화 키값 생성
+    @PostConstruct
+    protected void init() {
+        byte[] keyBytes = Decoders.BASE64.decode(secretKey);
+        this.key = Keys.hmacShaKeyFor(keyBytes);
+    }
+
+    public Token generateToken(Long userId) {
+        Date now = new Date();
+
+        // Access Token 생성
+        Date accessTokenExpiresIn = new Date(now.getTime() + ACCESS_TOKEN_EXPIRE_TIME);
+
+        String accessToken = Jwts.builder()
+            .setSubject(ACCESS_TOKEN_SUBJECT)
+            .claim("userId", userId)
+            .setExpiration(accessTokenExpiresIn)
+            .signWith(key, SignatureAlgorithm.HS512)
+            .compact();
+
+        // Refresh Token 생성
+        Date refreshTokenExpiresIn = new Date(now.getTime() + REFRESH_TOKEN_EXPIRE_TIME);
+        String refreshToken = Jwts.builder()
+            .setSubject(REFRESH_TOKEN_SUBJECT)
+            .claim("userId", userId)
+            .setExpiration(refreshTokenExpiresIn)
+            .signWith(key, SignatureAlgorithm.HS512)
+            .compact();
+
+        authRedisService.saveRefreshToken(userId, refreshToken);
+
+        return Token.builder()
+            .accessToken(accessToken)
+            .accessTokenExpiresIn(accessTokenExpiresIn.getTime())
+            .refreshToken(refreshToken)
+            .build();
+    }
+
+    public Authentication getAuthentication(String accessToken) {
+        // 토큰 복호화
+        Claims claims = parseClaims(accessToken);
+
+        Long userId = Long.valueOf(claims.get("userId", Integer.class));
+        User user = userRepository.findById(userId).orElseThrow(() -> new CustomException(ErrorCode.NOT_FOUND_USER));
+
+        return new UsernamePasswordAuthenticationToken(user, null, getAuthorities(user));
+        // TODO 추후 회원탈퇴한 유저를 어떻게 관리하는지에 따라 추가 검증 필요
+    }
+
+    public boolean validateToken(String token) {
+        try {
+            Claims claims = Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token).getBody();
+
+            return claims.getExpiration().after(new Date());
+        } catch (io.jsonwebtoken.security.SecurityException | MalformedJwtException e) {
+            throw new CustomException(ErrorCode.INVALID_JWT_SIGNATURE);
+        } catch (ExpiredJwtException e) {
+            throw new CustomException(ErrorCode.EXPIRED_JWT_TOKEN);
+        } catch (UnsupportedJwtException e) {
+            throw new CustomException(ErrorCode.UNSUPPORTED_JWT_TOKEN);
+        } catch (IllegalArgumentException e) {
+            throw new CustomException(ErrorCode.INVALID_JWT_TOKEN);
+        }
+    }
+
+    public Claims parseClaims(String accessToken) {
+        try {
+            return Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(accessToken).getBody();
+        } catch (ExpiredJwtException e) {
+            throw new CustomException(ErrorCode.EXPIRED_JWT_TOKEN);
+        }
+    }
+
+    private Collection<GrantedAuthority> getAuthorities(User user) {
+        return Collections.singletonList(
+            new SimpleGrantedAuthority("ROLE_" + user.getRole().toString())
+        );
+    }
+
+
+}

src/main/java/bitnagil/bitnagil_backend/auth/jwt/JwtProvider.java

@@ -0,0 +1,27 @@
+package bitnagil.bitnagil_backend.auth.jwt;
+
+import org.springframework.data.annotation.Id;
+import org.springframework.data.redis.core.RedisHash;
+import org.springframework.data.redis.core.index.Indexed;
+
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Getter
+@NoArgsConstructor
+@RedisHash(value = "refreshToken", timeToLive = 60 * 60 * 24 * 7) // 토큰 만료 기한 7일
+public class RefreshToken {
+
+    @Id
+    private String userId;
+
+    @Indexed
+    private String refreshToken;
+
+    @Builder
+    public RefreshToken(String userId, String refreshToken) {
+        this.userId = userId;
+        this.refreshToken = refreshToken;
+    }
+}

src/main/java/bitnagil/bitnagil_backend/auth/jwt/RefreshToken.java

@@ -0,0 +1,9 @@
+package bitnagil.bitnagil_backend.auth.jwt;
+
+import java.util.Optional;
+
+import org.springframework.data.repository.CrudRepository;
+
+public interface RefreshTokenRedisRepository extends CrudRepository<RefreshToken, String> {
+    Optional<RefreshToken> findByRefreshToken(String refreshToken);
+}