feat: 리프레쉬 토큰, 인증 코드 Redis로 이관 및 토큰 재발급 로직 수정

Author: larama-C

src/main/java/com/back/web7_9_codecrete_be/domain/auth/entity/RefreshToken.java

@@ -0,0 +1,13 @@
+package com.back.web7_9_codecrete_be.domain.auth.entity;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@Getter
+@AllArgsConstructor
+public class RefreshToken {
+
+    private Long userId;          // 사용자 ID
+    private String refreshToken;  // 실제 토큰 값
+    private long expiration;      // TTL (초 단위)
+}

src/main/java/com/back/web7_9_codecrete_be/domain/auth/repository/RefreshTokenRedisRepository.java

@@ -0,0 +1,37 @@
+package com.back.web7_9_codecrete_be.domain.auth.repository;
+
+import com.back.web7_9_codecrete_be.domain.auth.entity.RefreshToken;
+import lombok.RequiredArgsConstructor;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.stereotype.Repository;
+
+import java.util.concurrent.TimeUnit;
+
+@Repository
+@RequiredArgsConstructor
+public class RefreshTokenRedisRepository {
+    private final RedisTemplate<String, String> redisTemplate;
+
+    private static final String REFRESH_TOKEN_PREFIX = "refreshToken: ";
+
+    public void save(RefreshToken refreshToken) {
+        redisTemplate.opsForValue().set(
+                REFRESH_TOKEN_PREFIX + refreshToken.getUserId(),
+                refreshToken.getRefreshToken(),
+                refreshToken.getExpiration(),
+                TimeUnit.SECONDS
+        );
+    }
+
+    public String findByUserId(Long userId) {
+        return (String) redisTemplate.opsForValue().get(REFRESH_TOKEN_PREFIX + userId);
+    }
+
+    public void deleteByUserId(Long userId){
+        redisTemplate.delete(REFRESH_TOKEN_PREFIX + userId);
+    }
+
+    public boolean existsByUserId(Long userId) {
+        return redisTemplate.hasKey(REFRESH_TOKEN_PREFIX + userId);
+    }
+}

src/main/java/com/back/web7_9_codecrete_be/domain/auth/repository/RefreshTokenRepository.java

@@ -50,6 +50,8 @@ public void signUp(SignupRequest req) {
                 .build();
 
         userRepository.save(user);
+
+        emailService.clearVerifiedEmail(req.getEmail());
     }
 
     // 로그인

src/main/java/com/back/web7_9_codecrete_be/domain/auth/service/AuthService.java

@@ -1,6 +1,9 @@
 package com.back.web7_9_codecrete_be.domain.auth.service;
 
+import com.back.web7_9_codecrete_be.domain.auth.entity.RefreshToken;
+import com.back.web7_9_codecrete_be.domain.auth.repository.RefreshTokenRedisRepository;
 import com.back.web7_9_codecrete_be.domain.users.entity.User;
+import com.back.web7_9_codecrete_be.domain.users.repository.UserRepository;
 import com.back.web7_9_codecrete_be.global.error.code.AuthErrorCode;
 import com.back.web7_9_codecrete_be.global.error.exception.BusinessException;
 import com.back.web7_9_codecrete_be.global.rq.Rq;
@@ -16,6 +19,8 @@ public class TokenService {
     private final JwtTokenProvider jwtTokenProvider;
     private final JwtProperties jwtProperties;
     private final Rq rq;
+    private final UserRepository userRepository;
+    private final RefreshTokenRedisRepository refreshTokenRedisRepository;
 
     // 로그인 시 실행 시 쿠키에 토큰 발급
     public void issueTokens(User user) {
@@ -24,13 +29,21 @@ public void issueTokens(User user) {
 
         rq.setCookie("ACCESS_TOKEN", access, (int) jwtProperties.getAccessTokenExpiration());
         rq.setCookie("REFRESH_TOKEN", refresh, (int) jwtProperties.getRefreshTokenExpiration());
+
+        refreshTokenRedisRepository.save(
+                new RefreshToken(
+                        user.getId(),
+                        refresh,
+                        jwtProperties.getRefreshTokenExpiration()
+                )
+        );
     }
 
     // 로그아웃 시 실행 시 쿠키 삭제
     public void removeTokens(User user) {
         rq.removeCookie("ACCESS_TOKEN");
         rq.removeCookie("REFRESH_TOKEN");
-
+        refreshTokenRedisRepository.deleteByUserId(user.getId());
     }
 
     public String reissueAccessToken() {
@@ -47,6 +60,16 @@ public String reissueAccessToken() {
         // RefreshToken에서 email(Subject) 추출
         String email = jwtTokenProvider.getEmailFromToken(refresh);
 
+        User user = userRepository.findByEmail(email)
+                .orElseThrow(() -> new BusinessException(AuthErrorCode.USER_NOT_FOUND));
+
+        String savedRefresh =
+                refreshTokenRedisRepository.findByUserId(user.getId());
+
+        if (savedRefresh == null || !savedRefresh.equals(refresh)) {
+            throw new BusinessException(AuthErrorCode.INVALID_TOKEN);
+        }
+
         // AccessToken 재발급
         String newAccess = jwtTokenProvider.generateAccessToken(email);
 

src/main/java/com/back/web7_9_codecrete_be/domain/auth/service/TokenService.java

@@ -0,0 +1,37 @@
+package com.back.web7_9_codecrete_be.domain.email.repository;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.stereotype.Repository;
+
+import java.util.concurrent.TimeUnit;
+
+@Repository
+@RequiredArgsConstructor
+public class VerificationCodeRedisRepository {
+
+    private final RedisTemplate<String, String> redisTemplate;
+
+    private static final String PREFIX = "email:verify:";
+
+    public void save(String email, String code, long ttlSeconds) {
+        redisTemplate.opsForValue().set(
+                PREFIX + email,
+                code,
+                ttlSeconds,
+                TimeUnit.SECONDS
+        );
+    }
+
+    public String findByEmail(String email) {
+        return redisTemplate.opsForValue().get(PREFIX + email);
+    }
+
+    public void deleteByEmail(String email) {
+        redisTemplate.delete(PREFIX + email);
+    }
+
+    public boolean existsByEmail(String email) {
+        return redisTemplate.hasKey(PREFIX + email);
+    }
+}

src/main/java/com/back/web7_9_codecrete_be/domain/email/repository/VerificationCodeRedisRepository.java

@@ -5,4 +5,5 @@
 
 public interface VerifiedEmailRepository extends JpaRepository<VerifiedEmail, String> {
     boolean existsByEmail(String email);
+    void deleteByEmail(String email);
 }

src/main/java/com/back/web7_9_codecrete_be/domain/email/repository/VerifiedEmailRepository.java

@@ -1,8 +1,7 @@
 package com.back.web7_9_codecrete_be.domain.email.service;
 
-import com.back.web7_9_codecrete_be.domain.email.entity.VerificationCode;
 import com.back.web7_9_codecrete_be.domain.email.entity.VerifiedEmail;
-import com.back.web7_9_codecrete_be.domain.email.repository.VerificationCodeRepository;
+import com.back.web7_9_codecrete_be.domain.email.repository.VerificationCodeRedisRepository;
 import com.back.web7_9_codecrete_be.domain.email.repository.VerifiedEmailRepository;
 import com.back.web7_9_codecrete_be.global.error.code.MailErrorCode;
 import com.back.web7_9_codecrete_be.global.error.exception.BusinessException;
@@ -17,14 +16,13 @@
 import org.springframework.web.reactive.function.client.WebClient;
 
 import java.security.SecureRandom;
-import java.time.LocalDateTime;
 
 @Slf4j
 @Service
 @RequiredArgsConstructor
 public class EmailService {
 
-    private final VerificationCodeRepository verificationCodeRepository;
+    private final VerificationCodeRedisRepository verificationCodeRedisRepository;
     private final VerifiedEmailRepository verifiedEmailRepository;
     private final WebClient mailgunClient;
 
@@ -66,16 +64,10 @@ public void createAndSendVerificationCode(String email) {
         String code = generateVerificationCode();
 
         // 기존 코드 있으면 삭제
-        verificationCodeRepository.deleteByEmail(email);
+        verificationCodeRedisRepository.deleteByEmail(email);
 
-        // DB 저장
-        VerificationCode entity = VerificationCode.builder()
-                .email(email)
-                .code(code)
-                .expireAt(LocalDateTime.now().plusSeconds(TTL_SECONDS))
-                .build();
-
-        verificationCodeRepository.save(entity);
+        // Redis 저장 (TTL 5분)
+        verificationCodeRedisRepository.save(email, code, TTL_SECONDS);
 
         String content = """
                 안녕하세요. NCB 입니다.
@@ -103,23 +95,20 @@ private String generateVerificationCode() {
     // 인증코드 검증
     @Transactional
     public void verifyCode(String email, String inputCode) {
-        VerificationCode saved = verificationCodeRepository.findByEmail(email)
-                .orElseThrow(() -> new BusinessException(MailErrorCode.VERIFICATION_CODE_EXPIRED));
+        String savedCode = verificationCodeRedisRepository.findByEmail(email);
 
-        if (saved.isExpired()) {
-            verificationCodeRepository.deleteByEmail(email);
+        if (savedCode == null) {
             throw new BusinessException(MailErrorCode.VERIFICATION_CODE_EXPIRED);
         }
 
-        if (!saved.getCode().equals(inputCode)) {
+        if (!savedCode.equals(inputCode)) {
             throw new BusinessException(MailErrorCode.VERIFICATION_CODE_MISMATCH);
         }
 
-        // 성공 시 삭제
-        verificationCodeRepository.deleteByEmail(email);
-
+        // 성공 시 Redis에서 삭제
+        verificationCodeRedisRepository.deleteByEmail(email);
 
-        // 인증 완료 상태 저장
+        // 인증 완료 상태 저장 (DB)
         verifiedEmailRepository.save(new VerifiedEmail(email));
 
         log.info("[이메일 인증 성공] {}", email);
@@ -142,4 +131,9 @@ public void sendNewPassword(String email, String newPassword) {
 
         sendEmail(email, "[NCB] 임시 비밀번호 안내", content);
     }
+
+    @Transactional
+    public void clearVerifiedEmail(String email) {
+        verifiedEmailRepository.deleteByEmail(email);
+    }
 }

src/main/java/com/back/web7_9_codecrete_be/domain/email/service/EmailService.java

@@ -0,0 +1,49 @@
+package com.back.web7_9_codecrete_be.global.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.connection.RedisStandaloneConfiguration;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
+
+@Configuration
+public class RedisConfig {
+    @Value("${spring.data.redis.host}")
+    private String host;
+
+    @Value("${spring.data.redis.port}")
+    private int port;
+
+    //Redis와 연결을 위한 Connection 생성
+    @Bean
+    public RedisConnectionFactory redisConnectionFactory() {
+        final RedisStandaloneConfiguration configuration = new RedisStandaloneConfiguration(host,port);
+        return new LettuceConnectionFactory(configuration);
+    }
+
+    //문자열만 사용할 때(refreshToken)
+    @Bean
+    public StringRedisTemplate stringRedisTemplate() {
+        return new StringRedisTemplate(redisConnectionFactory());
+    }
+
+    //Json 직렬화 필요할 때(복잡한 객체 저장 등)
+    @Bean
+    public RedisTemplate<String, Object> redisTemplate() {
+        RedisTemplate<String, Object> template = new RedisTemplate<>();
+
+        template.setKeySerializer(new StringRedisSerializer());
+        template.setValueSerializer(new GenericJackson2JsonRedisSerializer());
+
+        template.setHashKeySerializer(new StringRedisSerializer());
+        template.setHashValueSerializer(new GenericJackson2JsonRedisSerializer());
+
+        template.setConnectionFactory(redisConnectionFactory());
+        return template;
+    }
+}