Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

인증인가 기능 리팩토링 #19

Merged
merged 15 commits into from
May 21, 2024
Merged

인증인가 기능 리팩토링 #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
b554444
Refactor: 토큰 관련 상수들을 application.yml로 분리
qjvk2880 Apr 29, 2024
6857e8d
Refactor: 토큰 생성에서 공통 로직을 별도의 메소드로 분리
qjvk2880 Apr 29, 2024
17dea35
Refactor: 로그인 시 불필요한 응답 값 제거 및 유효성 검사 분리
qjvk2880 Apr 29, 2024
f038671
Refactor: 불필요한 상속 제거
qjvk2880 Apr 29, 2024
ebe57dc
Refactor: 불필요한 reissu 인자 제거
qjvk2880 Apr 29, 2024
083f75a
Refactor: reissue에 refreshToken을 사용하게끔 수정
qjvk2880 Apr 29, 2024
6d47bb7
Refactor: 토큰에서 사용자 아이디를 추출하는 함수 이름 변경
qjvk2880 Apr 29, 2024
567fa52
Refactor: Bearer token을 추출하는 함수 수정
qjvk2880 Apr 29, 2024
6d5223f
Refactor: jwt 필터 수정
qjvk2880 Apr 29, 2024
f377b7d
Refactor: 토큰 검증 함수 수정
qjvk2880 Apr 29, 2024
bfa1a13
Fix : claim 값을 추출하는 과정에서 생긴 버그 수정
qjvk2880 May 2, 2024
5639216
Refactor: 사용자의 id를 요청 header에서 추출해 메소드에 사용하게끔 수정
qjvk2880 May 4, 2024
7de100a
Refactor: getSubCategoryList()가 userId를 사용하게끔 수정
qjvk2880 May 21, 2024
e7b4028
Merge pull request #18 from HongikGraduationProject/beta-test
qjvk2880 May 21, 2024
5c3f864
Refactor: 로그인 기능 해제
qjvk2880 May 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions src/main/java/com/hongik/graduationproject/controller/CategoryController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import lombok.RequiredArgsConstructor;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.web.bind.annotation.*;

@RestController
Expand All @@ -23,7 +24,8 @@ public class CategoryController {
@ApiResponse(content = @Content(schema = @Schema(implementation = SubCategoryListResponse.class)))
@ResponseStatus(HttpStatus.OK)
@GetMapping("/categories")
public Response<SubCategoryListResponse> getSubCategoryList(@RequestParam MainCategory mainCategory) {
return Response.createSuccess(categoryService.getSubCategoryList(mainCategory));
public Response<SubCategoryListResponse> getSubCategoryList(@RequestParam MainCategory mainCategory,
@AuthenticationPrincipal Long userId) {
return Response.createSuccess(categoryService.getSubCategoryList(mainCategory, userId));
}
}
22 changes: 18 additions & 4 deletions src/main/java/com/hongik/graduationproject/controller/VideoSummaryController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,14 @@
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;

import java.nio.file.attribute.UserPrincipal;
import java.security.Principal;

@Tag(name = "영상", description = "영상 또는 요약과 관련된 api")
@RestController
@RequiredArgsConstructor
Expand All @@ -22,13 +28,20 @@
public class VideoSummaryController {
private final VideoSummaryService videoSummaryService;

@GetMapping("/test")
public Response<String> test(@AuthenticationPrincipal Long principal) {
System.out.println("principal = "+ principal);
return Response.createSuccess("TEST");
}

@Operation(summary = "영상 요약 요청", description = "영상 요약 요청을 위한 메소드")
@ApiResponse(content = @Content(schema = @Schema(implementation = VideoSummaryInitiateResponse.class)))
@PostMapping("/summaries/initiate")
@ResponseStatus(HttpStatus.ACCEPTED)
public Response<VideoSummaryInitiateResponse> initiateSummarizing(@RequestBody VideoSummaryInitiateRequest videoSummaryInitiateRequest) {
public Response<VideoSummaryInitiateResponse> initiateSummarizing(@RequestBody VideoSummaryInitiateRequest videoSummaryInitiateRequest,
@AuthenticationPrincipal Long userId) {
log.info("summarize initiate video url={}", videoSummaryInitiateRequest.getUrl());
return Response.createSuccess(videoSummaryService.initiateSummarizing(videoSummaryInitiateRequest));
return Response.createSuccess(videoSummaryService.initiateSummarizing(videoSummaryInitiateRequest, userId));
}

@Operation(summary = "영상 요약 상태", description = "영상 요약 상태 확인을 위한 메소드")
Expand All @@ -37,9 +50,10 @@ public Response<VideoSummaryInitiateResponse> initiateSummarizing(@RequestBody V
@ResponseStatus(HttpStatus.OK)
public Response<VideoSummaryStatusResponse> getSummarizeStatus(@PathVariable(name = "videoCode")
@Parameter(name = "videoCode", description = "영상 요약 요청에서 응답받은 비디오 코드", example = "INSTAGRAM_C4kWXhEuQpD")
String videoCode) {
String videoCode,
@AuthenticationPrincipal Long userId) {
log.info("summarize status request videoCode = {}", videoCode);
return Response.createSuccess(videoSummaryService.getStatus(videoCode));
return Response.createSuccess(videoSummaryService.getStatus(videoCode, userId));
}

@Operation(summary = "영상 요약 조회", description = "영상 요약 조회를 위한 메소드")
Expand Down
2 changes: 0 additions & 2 deletions src/main/java/com/hongik/graduationproject/domain/dto/auth/KaKaoResponse.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,4 @@ public class KaKaoResponse extends AuthResponse{

String accessToken;
String refreshToken;
int exprTime;
User user;
}
1 change: 0 additions & 1 deletion src/main/java/com/hongik/graduationproject/domain/dto/auth/ReissueResponse.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,4 @@ public class ReissueResponse {

String accessToken;
String refreshToken;
int exprTime;
}
41 changes: 15 additions & 26 deletions src/main/java/com/hongik/graduationproject/jwt/JwtAuthenticationFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,49 +1,38 @@
package com.hongik.graduationproject.jwt;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

import java.io.IOException;

@Component
@RequiredArgsConstructor
public class JwtAuthenticationFilter extends OncePerRequestFilter {

private final TokenProvider tokenProvider;

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String token = parseBearerToken(request);
if (tokenProvider.validateToken(token)) {
setAuthentication(token);
}

try {
AbstractAuthenticationToken authentication;
if (token != null && !token.equalsIgnoreCase("null")) {
String email = tokenProvider.validate(token);

System.out.println("=====vvvvvvv=======");
authentication = new UsernamePasswordAuthenticationToken(email, null, AuthorityUtils.NO_AUTHORITIES);
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));

SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
securityContext.setAuthentication(authentication);
SecurityContextHolder.setContext(securityContext);
filterChain.doFilter(request, response);
filterChain.doFilter(request, response);
}

}
} catch (Exception exception) {
exception.printStackTrace();
}
System.out.println("=====mmmmmm=======");
private void setAuthentication(String accessToken) {
Long userId = tokenProvider.parseUserId(accessToken);

UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userId, "");
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
}

@Override
Expand All @@ -52,10 +41,10 @@ protected boolean shouldNotFilter(HttpServletRequest request) {
return path.startsWith("/");
}

private String parseBearerToken(HttpServletRequest request){
private String parseBearerToken(HttpServletRequest request) {
String bearerToken = request.getHeader("Authorization");

if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer")) {
if (bearerToken != null && bearerToken.startsWith("Bearer")) {
return bearerToken.substring(7);
}
return null;
Expand Down
100 changes: 36 additions & 64 deletions src/main/java/com/hongik/graduationproject/jwt/TokenProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,82 +1,54 @@
package com.hongik.graduationproject.jwt;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Date;
import org.springframework.beans.factory.InitializingBean;
import io.jsonwebtoken.*;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

@Component
public class TokenProvider implements InitializingBean {

private static final long REFRESH_TOKEN_EXPIRATION = 604800000;
import java.util.Date;

private static final String SECURITY_KEY = "jwtseckey!@";
@Component
public class TokenProvider {
@Value("${jwt.secret}")
private String jwtSecretKey;
@Value("${jwt.access-token-time}")
private long accessTokenTime;
@Value("${jwt.refresh-token-time}")
private long refreshTokenTime;

public String createAccessToken(Long userId) {
return createToken(userId, accessTokenTime);
}

public String createAccessToken(Long id){
Date exprTime = Date.from(Instant.now().plus(1, ChronoUnit.HOURS));
public String createRefreshToken(Long userId) {
return createToken(userId, refreshTokenTime);
}

private String createToken(Long userId, long validTime) {
Date now = new Date();
return Jwts.builder()
.signWith(SignatureAlgorithm.HS512, SECURITY_KEY)
.setIssuedAt(new Date())
.setExpiration(exprTime)
.claim("id", id)
.signWith(SignatureAlgorithm.HS512, jwtSecretKey)
.setIssuedAt(now)
.setExpiration(new Date(now.getTime() + validTime))
.claim("userId", userId)
.compact();
}

public String createRefreshToken(String accessToken){
try {
Claims claims = Jwts.parser().setSigningKey(SECURITY_KEY).parseClaimsJws(accessToken).getBody();

validateExpiration(claims);

Date newExpirationTime = Date.from(Instant.now().plus(REFRESH_TOKEN_EXPIRATION, ChronoUnit.MILLIS));

String refreshToken = Jwts.builder()
.setExpiration(newExpirationTime)
.signWith(SignatureAlgorithm.HS512, SECURITY_KEY)
.compact();

claims.put("refreshToken", refreshToken);

return Jwts.builder()
.setClaims(claims)
.setExpiration(newExpirationTime)
.signWith(SignatureAlgorithm.HS512, SECURITY_KEY)
.compact();
} catch (Exception e) {
throw new BadCredentialsException("Token refresh failed", e);
}
}

public String validate(String token) {
try{
Claims claims = Jwts.parser().setSigningKey(SECURITY_KEY).parseClaimsJws(token).getBody();
validateExpiration(claims);
return claims.getSubject();
} catch (Exception e) {
throw new BadCredentialsException("JWT validation failed", e);
public boolean validateToken(String token) {
if (!StringUtils.hasText(token)) {
throw new RuntimeException();
}
}

private void validateExpiration(Claims claims) {
Date expiration = claims.getExpiration();
if (expiration != null && expiration.before(new Date())) {
throw new BadCredentialsException("JWT has expired");
try {
Jwts.parser().setSigningKey(jwtSecretKey).parseClaimsJws(token).getBody();
} catch (SignatureException | ExpiredJwtException e) {
throw new RuntimeException();
}
return true;
}

@Override
public void afterPropertiesSet() throws Exception {

}

public Long getUserId(String token){
Claims claims = Jwts.parser().setSigningKey(SECURITY_KEY).parseClaimsJws(token).getBody();
return claims.get("id", Long.class);
public Long parseUserId(String token) {
Claims claims = Jwts.parser().setSigningKey(jwtSecretKey).parseClaimsJws(token).getBody();
return claims.get("userId", Long.class);
}
}
4 changes: 2 additions & 2 deletions src/main/java/com/hongik/graduationproject/service/CategoryService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,9 @@ public class CategoryService {
private final CategoryRepository categoryRepository;
private final UserRepository userRepository;

public SubCategoryListResponse getSubCategoryList(MainCategory mainCategory) {
public SubCategoryListResponse getSubCategoryList(MainCategory mainCategory, Long userId) {
// User user = userRepository.getReferenceById(userId);
User user = userRepository.getReferenceById(1L);
// MainCategory mainCategory = subCategoryListRequest.mainCategory();/

List<SubCategoryResponse> subCategoryList = categoryRepository.findAllByMainCategoryAndUser(mainCategory, user).stream()
.map(category -> new SubCategoryResponse(category.getSubCategory(), category.getId()))
Expand Down
7 changes: 4 additions & 3 deletions src/main/java/com/hongik/graduationproject/service/VideoSummaryService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,13 @@ public class VideoSummaryService {
private final CategoryRepository categoryRepository;
private final VideoSummaryCategoryRepository videoSummaryCategoryRepository;

public VideoSummaryInitiateResponse initiateSummarizing(VideoSummaryInitiateRequest summaryInitiateRequest) {
public VideoSummaryInitiateResponse initiateSummarizing(VideoSummaryInitiateRequest summaryInitiateRequest, Long userId) {
Platform platform = UrlUtils.getVideoPlatform(summaryInitiateRequest.getUrl());
String videoId = UrlUtils.getVideoId(summaryInitiateRequest.getUrl(), platform);

String videoCode = platform.name() + '_' + videoId;

Long userId = summaryInitiateRequest.getUserId();
userId = summaryInitiateRequest.getUserId();

if (summaryStatusCacheRepository.existsByVideoCodeAndUserId(videoCode, userId)) {
throw new AppException(ErrorCode.ALREADY_REQUESTED_SUMMARIZING);
Expand Down Expand Up @@ -67,9 +67,10 @@ public VideoSummaryDto getVideoSummaryById(Long videoSummaryId) {
}

@Transactional
public VideoSummaryStatusResponse getStatus(String videoCode) {
public VideoSummaryStatusResponse getStatus(String videoCode, Long userId) {
VideoSummaryStatusCache statusCache = summaryStatusCacheRepository.findByVideoCode(videoCode).get();
if (statusCache.getStatus().equals("COMPLETE")) {
// Category category = categoryRepository.findDefaultCategoryByUserIdAndMainCategory(userId, statusCache.getGeneratedMainCategory()).get();
Category category = categoryRepository.findDefaultCategoryByUserIdAndMainCategory(1L, statusCache.getGeneratedMainCategory()).get();
VideoSummary videoSummary = videoSummaryRepository.getReferenceById(statusCache.getVideoSummaryId());

Expand Down
45 changes: 19 additions & 26 deletions src/main/java/com/hongik/graduationproject/service/auth/KakaoAuthService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,25 +36,32 @@ public AuthResponse loginUser(AuthRequest authRequest) {
KaKaoRequest kakaoRequest = (KaKaoRequest) authRequest;
KaKaoProfile kakaoProfile = getKaKaoProfile(kakaoRequest.getAccessToken());

checkInvalidProfile(kakaoProfile);

checkDuplicateUser(kakaoProfile);

User savedUser = userRepository.save(User.of(kakaoProfile));

String accessToken = tokenProvider.createAccessToken(savedUser.getId());
String refreshToken = tokenProvider.createRefreshToken(savedUser.getId());

return new KaKaoResponse(accessToken, refreshToken);
}

private void checkInvalidProfile(KaKaoProfile kakaoProfile) {
if (kakaoProfile == null || kakaoProfile.getKakao_account() == null) {
log.error("Failed to retrieve Kakao profile or account information");
throw new RuntimeException(); //TODO: 예외 처리 요망
}
}

private void checkDuplicateUser(KaKaoProfile kakaoProfile) {
String email = kakaoProfile.getKakao_account().getEmail();
Optional<User> optionalUser = userRepository.findByEmail(email);

if (optionalUser.isPresent()) {
throw new RuntimeException(); //TODO: 예외 처리 요망
}

User savedUser = userRepository.save(User.of(kakaoProfile));

String newAccessToken = tokenProvider.createAccessToken(savedUser.getId());
String refreshToken = tokenProvider.createRefreshToken(newAccessToken);
int exprTime = 3600000;

return new KaKaoResponse(newAccessToken, refreshToken, exprTime, savedUser);
}

private KaKaoProfile getKaKaoProfile(String token) {
Expand Down Expand Up @@ -83,27 +90,13 @@ private KaKaoProfile getKaKaoProfile(String token) {

@Override
public ReissueResponse reissueToken(ReissueRequest reissueRequest) {
Long userId = tokenProvider.parseUserId(reissueRequest.getAccessToken());

Long userId = tokenProvider.getUserId(reissueRequest.getAccessToken());

if (userId == null) {
log.error("Failed to retrieve user information");
throw new RuntimeException(); //TODO: 예외 처리 요망
}

Optional<User> optionalUser = userRepository.findById(userId);

if (optionalUser.isEmpty()) {
log.error("User not found");
throw new RuntimeException(); //TODO: 예외 처리 요망
}

tokenProvider.validate(reissueRequest.getAccessToken());
tokenProvider.validateToken(reissueRequest.getRefreshToken());

String newAccessToken = tokenProvider.createAccessToken(userId);
String newRefreshToken = tokenProvider.createRefreshToken(reissueRequest.getRefreshToken());
int exprTime = 3600000;
String newRefreshToken = tokenProvider.createRefreshToken(userId);

return new ReissueResponse(newAccessToken, newRefreshToken, exprTime);
return new ReissueResponse(newAccessToken, newRefreshToken);
}
}
Loading
Loading