feat: refresh token 을 추가한다

Author: devxb

docs/api/identity/create_refresh_token.md

@@ -0,0 +1,22 @@
+# Create refresh token
+
+리프레시 토큰을 생성합니다.
+
+> [!IMPORTANT]   
+> 새로운 리프레시 토큰을 발급시, 이전의 리프레시 토큰은 삭제됩니다.   
+> 리프레시 토큰의 유효기간은 7일 입니다.
+
+## Request
+### HTTP METHOD : `POST`
+### url : `https://api.gitanimals.org/users/refresh-tokens`
+### request headers
+- Authorization : "bearer ..." // 유저가 현재 로그인한 jwt
+- Login-Secret: 내부 로그인 토큰을 전달 하세요.
+
+## Response
+
+```json
+{
+  "refreshToken": "..."
+}
+```

docs/api/identity/login_by_refresh_token.md

@@ -0,0 +1,27 @@
+# Create refresh token
+
+리프레시 토큰을 이용해 로그인 합니다.
+
+> [!IMPORTANT]   
+> 리프레시 토큰의 유효기간은 7일 입니다.
+
+## Request
+### HTTP METHOD : `POST`
+### url : `https://api.gitanimals.org/logins/refresh-tokens`
+### request headers
+- Login-Secret: 내부 로그인 토큰을 전달 하세요.
+
+### request body
+```json
+{
+  "refreshToken": "..."
+}
+```
+
+## Response
+
+```json
+{
+  "token": "bearer ..."
+}
+```

src/main/kotlin/org/gitanimals/identity/app/RefreshTokenFacade.kt

@@ -0,0 +1,108 @@
+package org.gitanimals.identity.app
+
+import org.gitanimals.core.AUTHORIZATION_EXCEPTION
+import org.gitanimals.identity.domain.UserService
+import org.springframework.beans.factory.annotation.Qualifier
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.data.redis.connection.RedisStringCommands
+import org.springframework.data.redis.core.StringRedisTemplate
+import org.springframework.data.redis.core.types.Expiration
+import org.springframework.stereotype.Component
+import java.security.SecureRandom
+import java.util.*
+import kotlin.time.Duration.Companion.days
+import kotlin.time.toJavaDuration
+
+@Component
+class RefreshTokenFacade(
+    private val userService: UserService,
+    private val tokenManager: TokenManager,
+    @Value("\${login.secret}") private val loginSecret: String,
+    @Qualifier("gitanimalsRedisTemplate") private val redisTemplate: StringRedisTemplate,
+) {
+
+    fun getTokenByRefreshToken(loginSecret: String, refreshToken: String): Token {
+        if (loginSecret != this.loginSecret) {
+            throw AUTHORIZATION_EXCEPTION
+        }
+
+        val userId = redisTemplate.execute { conn ->
+            val userId: String = conn.stringCommands().get(refreshToken.toByteArray())?.let {
+                String(it)
+            } ?: throw AUTHORIZATION_EXCEPTION
+
+            val latestToken: String = conn.stringCommands().get("refresh:$userId".toByteArray())?.let {
+                String(it)
+            } ?: throw AUTHORIZATION_EXCEPTION
+
+            if (latestToken != refreshToken) {
+                throw AUTHORIZATION_EXCEPTION
+            }
+
+            userId
+        } ?: throw AUTHORIZATION_EXCEPTION
+
+        val user = userService.getUserById(userId.toLong())
+
+        return tokenManager.createToken(user)
+    }
+
+    fun generateRefreshToken(loginSecret: String, token: String): String {
+        if (loginSecret != this.loginSecret) {
+            throw AUTHORIZATION_EXCEPTION
+        }
+        val userId = tokenManager.getUserId(Token.from(token))
+
+        val user = userService.getUserById(userId)
+
+        return redisTemplate.execute {
+            val refreshToken = RefreshToken.from(userId)
+            val key = "refresh:${user.id}".toByteArray()
+
+            it.watch(key)
+
+            val oldRefreshToken: ByteArray? = it.stringCommands().get(key)
+            it.multi()
+            oldRefreshToken?.let { token ->
+                it.stringCommands().getDel(token)
+            }
+
+            it.stringCommands().set(
+                refreshToken.key.toByteArray(),
+                refreshToken.userId.toString().toByteArray(),
+                Expiration.from(7.days.toJavaDuration()),
+                RedisStringCommands.SetOption.UPSERT,
+            )
+            it.stringCommands().set(
+                key,
+                refreshToken.key.toByteArray(),
+                Expiration.from(7.days.toJavaDuration()),
+                RedisStringCommands.SetOption.UPSERT,
+            )
+
+            it.exec()
+            refreshToken
+        }?.key ?: throw IllegalArgumentException("Cannot create refresh token")
+    }
+
+    data class RefreshToken(
+        val key: String,
+        val userId: Long,
+    ) {
+        companion object {
+            private val rng = SecureRandom()
+            private val b64 = Base64.getUrlEncoder().withoutPadding()
+
+            fun from(userId: Long): RefreshToken {
+                val bytes = ByteArray(32) // 256-bit
+                rng.nextBytes(bytes)
+                b64.encodeToString(bytes)
+
+                return RefreshToken(
+                    key = b64.encodeToString(bytes),
+                    userId = userId,
+                )
+            }
+        }
+    }
+}

src/main/kotlin/org/gitanimals/identity/controller/RefreshTokenController.kt

@@ -0,0 +1,40 @@
+package org.gitanimals.identity.controller
+
+import org.gitanimals.identity.app.RefreshTokenFacade
+import org.gitanimals.identity.controller.request.LoginByRefreshTokenRequest
+import org.gitanimals.identity.controller.response.RefreshTokenResponse
+import org.gitanimals.identity.controller.response.TokenResponse
+import org.springframework.http.HttpHeaders
+import org.springframework.web.bind.annotation.*
+
+@RestController
+class RefreshTokenController(
+    private val refreshTokenFacade: RefreshTokenFacade,
+) {
+
+    @PostMapping("/users/refresh-tokens")
+    fun generateRefreshToken(
+        @RequestHeader("Login-Secret") loginSecret: String,
+        @RequestHeader(HttpHeaders.AUTHORIZATION) authorization: String,
+    ): RefreshTokenResponse {
+        val refreshToken = refreshTokenFacade.generateRefreshToken(
+            loginSecret = loginSecret,
+            token = authorization,
+        )
+
+        return RefreshTokenResponse(refreshToken)
+    }
+
+    @PostMapping("/logins/refresh-tokens")
+    fun loginByRefreshToken(
+        @RequestHeader("Login-Secret") loginSecret: String,
+        @RequestBody loginByRefreshTokenRequest: LoginByRefreshTokenRequest,
+    ): TokenResponse {
+        val token = refreshTokenFacade.getTokenByRefreshToken(
+            loginSecret = loginSecret,
+            refreshToken = loginByRefreshTokenRequest.refreshToken,
+        )
+
+        return TokenResponse(token.withType())
+    }
+}

src/main/kotlin/org/gitanimals/identity/controller/request/LoginByRefreshTokenRequest.kt

@@ -0,0 +1,5 @@
+package org.gitanimals.identity.controller.request
+
+data class LoginByRefreshTokenRequest(
+    val refreshToken: String
+)

src/main/kotlin/org/gitanimals/identity/controller/response/RefreshTokenResponse.kt

@@ -0,0 +1,5 @@
+package org.gitanimals.identity.controller.response
+
+data class RefreshTokenResponse(
+    val refreshToken: String
+)

src/test/kotlin/org/gitanimals/identity/app/RefreshTokenFacadeTest.kt

@@ -0,0 +1,78 @@
+package org.gitanimals.identity.app
+
+import io.kotest.assertions.throwables.shouldNotThrowAny
+import io.kotest.assertions.throwables.shouldThrowExactly
+import io.kotest.core.spec.style.DescribeSpec
+import io.kotest.matchers.should
+import io.kotest.matchers.shouldBe
+import org.gitanimals.core.AuthorizationException
+import org.gitanimals.core.redis.RedisConfiguration
+import org.gitanimals.identity.domain.UserRepository
+import org.gitanimals.identity.domain.UserService
+import org.gitanimals.identity.domain.user
+import org.gitanimals.identity.infra.JwtTokenManager
+import org.rooftop.netx.meta.EnableSaga
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.boot.autoconfigure.domain.EntityScan
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest
+import org.springframework.data.jpa.repository.config.EnableJpaRepositories
+import org.springframework.test.context.ContextConfiguration
+import org.springframework.test.context.TestPropertySource
+
+@EnableSaga
+@DataJpaTest
+@ContextConfiguration(
+    classes = [
+        RedisContainer::class,
+        RedisConfiguration::class,
+        JwtTokenManager::class,
+        UserService::class,
+        RefreshTokenFacade::class,
+    ]
+)
+@EntityScan(basePackages = ["org.gitanimals.identity.domain"])
+@EnableJpaRepositories(basePackages = ["org.gitanimals.identity.domain"])
+@TestPropertySource("classpath:test.properties")
+class RefreshTokenFacadeTest(
+    private val refreshTokenFacade: RefreshTokenFacade,
+    @Value("\${login.secret}") private val loginSecret: String,
+    private val userRepository: UserRepository,
+    private val tokenManager: TokenManager,
+) : DescribeSpec({
+
+    afterEach { userRepository.deleteAll() }
+
+    describe("generateRefreshToken 메소드는") {
+
+        context("처음으로 refresh token을 생성하는 유저라면,") {
+            val user = userRepository.save(user())
+            val token = tokenManager.createToken(user)
+
+            it("생성된 토큰을 응답한다") {
+                shouldNotThrowAny {
+                    refreshTokenFacade.generateRefreshToken(loginSecret, token.withType())
+                }
+            }
+        }
+
+        context("이미 refresh token이 존재한다면,") {
+            val user = userRepository.save(user())
+            val token = tokenManager.createToken(user)
+
+            val oldToken = refreshTokenFacade.generateRefreshToken(loginSecret, token.withType())
+            it("기존 refresh token을 새로운 refresh token으로 교체한다") {
+                val newToken = refreshTokenFacade.generateRefreshToken(loginSecret, token.withType())
+
+                val shouldNotThrowWhenNewToken = shouldNotThrowAny {
+                    refreshTokenFacade.getTokenByRefreshToken(loginSecret, newToken)
+                }
+                val shouldThrowWhenOldToken = shouldThrowExactly<AuthorizationException> {
+                    refreshTokenFacade.getTokenByRefreshToken(loginSecret, oldToken)
+                }
+
+                shouldNotThrowWhenNewToken::class shouldBe Token::class
+                shouldThrowWhenOldToken::class shouldBe AuthorizationException::class
+            }
+        }
+    }
+})

src/test/kotlin/org/gitanimals/identity/app/UserStatisticScheduleTest.kt

@@ -2,6 +2,7 @@ package org.gitanimals.identity.app
 
 import io.kotest.assertions.nondeterministic.eventually
 import io.kotest.core.spec.style.DescribeSpec
+import org.gitanimals.core.redis.RedisConfiguration
 import org.gitanimals.identity.IdentityTestRoot
 import org.springframework.boot.test.context.SpringBootTest
 import org.springframework.test.context.TestPropertySource
@@ -12,6 +13,7 @@ import kotlin.time.Duration.Companion.seconds
         IdentityTestRoot::class,
         RedisContainer::class,
         IdentitySagaCapture::class,
+        RedisConfiguration::class,
     ]
 )
 @TestPropertySource("classpath:test.properties")

src/test/kotlin/org/gitanimals/quiz/app/CreateQuizFacadeTest.kt

@@ -28,6 +28,7 @@ import org.gitanimals.quiz.domain.not_approved.NotApprovedQuizService
 import org.gitanimals.quiz.domain.prompt.QuizCreatePrompt
 import org.gitanimals.quiz.domain.prompt.QuizCreatePromptRepository
 import org.gitanimals.quiz.domain.prompt.QuizCreatePromptService
+import org.gitanimals.quiz.domain.prompt.rag.QuizCreateRagService
 import org.gitanimals.quiz.domain.quiz.notApprovedQuiz
 import org.gitanimals.quiz.domain.quiz.quiz
 import org.gitanimals.quiz.infra.event.NewQuizCreated
@@ -61,6 +62,7 @@ import kotlin.time.Duration.Companion.seconds
         QuizSolveContextDoneHibernateEventListener::class,
         QuizDeletedHibernateEventListener::class,
         HibernateEventListenerConfiguration::class,
+        QuizCreateRagService::class,
     ]
 )
 @EntityScan(basePackages = ["org.gitanimals.quiz.domain"])