Merge pull request #13 from local-mood/chore/12-env

Feat: 회원 API 생성
local-mood · Dec 13, 2023 · 908515e · 908515e
2 parents b83f1c2 + ec3eb8b
commit 908515e
Show file tree

Hide file tree

Showing 25 changed files with 1,007 additions and 18 deletions.
diff --git a/build.gradle b/build.gradle
@@ -38,6 +38,20 @@ dependencies {
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testImplementation 'org.springframework.security:spring-security-test'
 
+    // Spring Security
+    implementation 'org.springframework.boot:spring-boot-starter-security:3.0.4'
+    testImplementation 'org.springframework.security:spring-security-test'
+
+    // JWT
+    implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'
+
+    // Redis
+    implementation 'org.springframework.boot:spring-boot-starter-data-redis'
+    implementation('it.ozimov:embedded-redis:0.7.3') { exclude group: "org.slf4j", module: "slf4j-simple" }
+
+
 }
 
 tasks.named('test') {

diff --git a/src/main/java/com/ceos/vote/auth/CurrentUser.java b/src/main/java/com/ceos/vote/auth/CurrentUser.java
@@ -0,0 +1,12 @@
+package com.ceos.vote.auth;
+
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+
+import java.lang.annotation.*;
+
+@Target(ElementType.PARAMETER)
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+@AuthenticationPrincipal(expression = "#this == 'anonymousUser' ? null : user")
+public @interface CurrentUser {
+}
diff --git a/src/main/java/com/ceos/vote/auth/controller/AuthController.java b/src/main/java/com/ceos/vote/auth/controller/AuthController.java
@@ -0,0 +1,109 @@
+package com.ceos.vote.auth.controller;
+
+import com.ceos.vote.auth.service.AuthService;
+import com.ceos.vote.common.dto.NormalResponseDto;
+import com.ceos.vote.auth.jwt.entity.TokenDto;
+import com.ceos.vote.auth.jwt.entity.LoginRequestDto;
+import com.ceos.vote.domain.member.dto.MemberRequestDto;
+
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
+import org.springframework.boot.web.server.Cookie;
+import org.springframework.http.*;
+import org.springframework.web.bind.annotation.*;
+
+@RestController
+@RequestMapping("/app/auth")
+@RequiredArgsConstructor
+public class AuthController {
+
+    private final long COOKIE_EXPIRATION = 7776000; // 90일
+
+    private final AuthService authService;
+
+    // 회원가입
+    @PostMapping("/signup")
+    public ResponseEntity<NormalResponseDto> join(@RequestBody @Valid MemberRequestDto requestDto) {
+        authService.joinMember(requestDto);
+        return ResponseEntity.ok(NormalResponseDto.success());
+    }
+
+    // 로그인
+    @PostMapping("/login")
+    public ResponseEntity<?> login(@RequestBody LoginRequestDto loginRequest) {
+
+        TokenDto tokenDto = authService.login(loginRequest);
+
+        HttpCookie httpCookie = ResponseCookie.from("refresh-token", tokenDto.getRefreshToken())
+                .maxAge(COOKIE_EXPIRATION)
+                .httpOnly(true)
+                .secure(true)
+                .sameSite(Cookie.SameSite.NONE.attributeValue())    //서드파티 쿠키 사용 허용
+                .build();
+        return ResponseEntity.ok()
+                .header(HttpHeaders.SET_COOKIE, httpCookie.toString())
+                .header(HttpHeaders.AUTHORIZATION, "Bearer " + tokenDto.getAccessToken())
+                .build();
+    }
+
+    // 토큰 유효성 검사
+    @PostMapping("/validate")
+    public ResponseEntity<?> validate(@RequestHeader("Authorization") String requestAccessToken) {
+        if (!authService.validate(requestAccessToken)) {
+            return ResponseEntity.ok().build();
+        } else {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+        }
+    }
+
+    // 토큰 재발급
+    @PostMapping("/reissue")
+    public ResponseEntity<?> reissue(@CookieValue(name = "refresh-token") String requestRefreshToken,
+                                     @RequestHeader("Authorization") String requestAccessToken) {
+
+        TokenDto newAuthToken = authService.reissue(requestAccessToken, requestRefreshToken);
+
+        if (newAuthToken != null) {
+            // 새로운 토큰 발급, 반환
+            ResponseCookie responseCookie = ResponseCookie.from("refresh-token", newAuthToken.getRefreshToken())
+                    .maxAge(COOKIE_EXPIRATION)
+                    .httpOnly(true)
+                    .secure(true)
+                    .sameSite(Cookie.SameSite.NONE.attributeValue())
+                    .build();
+            return ResponseEntity.status(HttpStatus.OK)
+                    .header(HttpHeaders.SET_COOKIE, responseCookie.toString())
+                    .header(HttpHeaders.AUTHORIZATION, "Bearer " + newAuthToken.getAccessToken())
+                    .build();
+        } else {
+            //  Refresh Token이 탈취 가능할 때 쿠키 삭제하고 재로그인
+            ResponseCookie responseCookie = ResponseCookie.from("refresh-token", "")
+                    .maxAge(0)
+                    .path("/")
+                    .build();
+            return ResponseEntity
+                    .status(HttpStatus.UNAUTHORIZED)
+                    .header(HttpHeaders.SET_COOKIE, responseCookie.toString())
+                    .build();
+        }
+    }
+
+    // 로그아웃
+    @PostMapping("/logout")
+    public ResponseEntity<NormalResponseDto> logout(@RequestHeader("Authorization") String requestAccessToken) {
+
+        // Access Token을 무효화하여 로그아웃 처리
+        authService.logout(requestAccessToken);
+
+        ResponseCookie responseCookie = ResponseCookie.from("refresh-token", "")
+                .maxAge(0)
+                .path("/")
+                .build();
+
+
+        return ResponseEntity.status(HttpStatus.OK)
+                .header(HttpHeaders.SET_COOKIE, responseCookie.toString())
+                .build();
+    }
+
+}
diff --git a/src/main/java/com/ceos/vote/auth/exception/JwtAccessDeniedHandler.java b/src/main/java/com/ceos/vote/auth/exception/JwtAccessDeniedHandler.java
@@ -0,0 +1,22 @@
+package com.ceos.vote.auth.exception;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+public class JwtAccessDeniedHandler implements AccessDeniedHandler {
+
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response,
+                       AccessDeniedException accessDeniedException) throws IOException {
+
+        // 필요한 권한 없이 접근시 403 error
+        response.sendError(HttpServletResponse.SC_FORBIDDEN);
+
+    }
+}
diff --git a/src/main/java/com/ceos/vote/auth/exception/JwtAuthenticationEntryPoint.java b/src/main/java/com/ceos/vote/auth/exception/JwtAuthenticationEntryPoint.java
@@ -0,0 +1,20 @@
+package com.ceos.vote.auth.exception;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response,
+                         AuthenticationException authenticationException) throws IOException {
+        // 유효하지 않은 자격증명일 때 401 error
+        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+    }
+}
diff --git a/src/main/java/com/ceos/vote/auth/jwt/entity/LoginRequestDto.java b/src/main/java/com/ceos/vote/auth/jwt/entity/LoginRequestDto.java
@@ -0,0 +1,16 @@
+package com.ceos.vote.auth.jwt.entity;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+@Builder
+public class LoginRequestDto {
+    private String email;
+
+    private String password;
+}
diff --git a/src/main/java/com/ceos/vote/auth/jwt/entity/TokenDto.java b/src/main/java/com/ceos/vote/auth/jwt/entity/TokenDto.java
@@ -0,0 +1,20 @@
+package com.ceos.vote.auth.jwt.entity;
+
+import lombok.AccessLevel;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Getter
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+@Builder
+public class TokenDto {
+
+    private String accessToken;
+    private String refreshToken;
+
+    public TokenDto(String accessToken, String refreshToken) {
+        this.accessToken = accessToken;
+        this.refreshToken = refreshToken;
+    }
+}
diff --git a/src/main/java/com/ceos/vote/auth/jwt/filter/JwtAuthenticationFilter.java b/src/main/java/com/ceos/vote/auth/jwt/filter/JwtAuthenticationFilter.java
@@ -0,0 +1,52 @@
+package com.ceos.vote.auth.jwt.filter;
+
+import com.ceos.vote.auth.jwt.provider.JwtTokenProvider;
+import com.ceos.vote.exception.ErrorCode;
+import com.ceos.vote.exception.CeosException;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+
+@RequiredArgsConstructor
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+
+    private final JwtTokenProvider jwtTokenProvider;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+                                    FilterChain filterChain) throws IOException, ServletException {
+        // AT 추출
+        String token = resolveToken(request);
+
+        try {
+            // 유효기간만 제외하고 정상토큰인지 검사
+            if (token != null && jwtTokenProvider.validateToken(token)) {
+                Authentication authentication = jwtTokenProvider.getAuthentication(token);
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+            }
+        } catch (UsernameNotFoundException e) { // 회원 못 찾을 때
+            throw new CeosException(ErrorCode.MEMBER_NOT_FOUND);
+        }
+
+        // 다음 필터로 이동
+        filterChain.doFilter(request, response);
+    }
+
+    // request header에서 토큰 추출
+    public String resolveToken(HttpServletRequest request) {
+        String bearerToken = request.getHeader("Authorization");
+        if (bearerToken != null && bearerToken.startsWith("Bearer ")) {
+            return bearerToken.substring(7);
+        }
+        return null;
+    }
+}