#343 Refactor: 로그아웃 예외처리, 토큰 만료시간 수정 (#392)

Drink-Easy · Feb 3, 2025 · 0af0be8 · 0af0be8
2 parents d77a534 + d2c9170
commit 0af0be8
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 8 deletions.
diff --git a/src/main/java/com/drinkeg/drinkeg/global/apipayLoad/code/status/ErrorStatus.java b/src/main/java/com/drinkeg/drinkeg/global/apipayLoad/code/status/ErrorStatus.java
@@ -85,6 +85,9 @@ public enum ErrorStatus implements BaseCode {
     REFRESH_TOKEN_NOT_FOUND(HttpStatus.UNAUTHORIZED, "REFRESH_TOKEN4001", "리프레쉬 토큰이 없습니다."),
     REFRESH_TOKEN_EXPIRED(HttpStatus.UNAUTHORIZED, "REFRESH_TOKEN4001", "리프레쉬 토큰이 만료되었습니다."),
     INVALID_REFRESH_TOKEN(HttpStatus.UNAUTHORIZED, "REFRESH_TOKEN4001", "유효하지 않은 리프레쉬 토큰입니다."),
+    ACCESS_TOKEN_NOT_FOUND(HttpStatus.UNAUTHORIZED,"ACCESS_TOKEN4001","엑세스 토큰이 없습니다."),
+    ACCESS_TOKEN_EXPIRED(HttpStatus.UNAUTHORIZED, "ACCESS_TOKEN4001", "엑세스 토큰이 만료되었습니다."),
+
 
     // Redis Error
     REDIS_NOT_FOUND(HttpStatus.BAD_REQUEST, "REDIS4001", "Redis 설정에 오류가 발생했습니다."),
@@ -118,7 +121,10 @@ public enum ErrorStatus implements BaseCode {
 
     // Banner Error
     BANNER_UNAUTHORIZED(HttpStatus.UNAUTHORIZED, "BANNER4001", "권한이 없는 배너입니다."),
-    BANNER_NOT_FOUND(HttpStatus.BAD_REQUEST, "BANNER4001", "존재하지 않는 배너입니다.");
+    BANNER_NOT_FOUND(HttpStatus.BAD_REQUEST, "BANNER4001", "존재하지 않는 배너입니다."),
+
+    //method Error
+    METHOD_NOT_ALLOWED(HttpStatus.METHOD_NOT_ALLOWED,"METHOD405", "허용되지 않은 HTTP 메서드입니다.");
 
 
 

diff --git a/src/main/java/com/drinkeg/drinkeg/global/config/SecurityConfig.java b/src/main/java/com/drinkeg/drinkeg/global/config/SecurityConfig.java
@@ -42,7 +42,7 @@ public WebSecurityCustomizer webSecurityCustomizer() {
         return web -> {
             web.ignoring()
                     .requestMatchers("/join/**","/login/apple/**","/login/kakao/**",
-                            "/api-docs/**", "/swagger-ui/**", "/swagger-ui.html/**", "/v3/api-docs/**", "/swagger-ui/index.html#/**","/clientSecret","/check-environment");// 필터를 타면 안되는 경로
+                            "/api-docs/**", "/swagger-ui/**", "/swagger-ui.html/**", "/v3/api-docs/**", "/swagger-ui/index.html#/**","/clientSecret","/check-environment","reissue");// 필터를 타면 안되는 경로
         };
     }
 
@@ -115,7 +115,7 @@ public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
         http
                 .authorizeHttpRequests((authorize) -> authorize
                         .requestMatchers("/api-docs/**", "/swagger-ui/**", "/swagger-ui.html/**", "/v3/api-docs/**", "/swagger-ui/index.html#/**").permitAll()
-                        .requestMatchers("/", "/join/**", "/login", "/reissue","/login/apple","/login/kakao","/clientSecret","/check-environment").permitAll()
+                        .requestMatchers("/", "/join/**", "/login", "/reissue","/login/apple","/login/kakao","/clientSecret","/check-environment","reissue").permitAll()
 
                         .requestMatchers(HttpMethod.GET,"/home").hasRole("USER")
                         .requestMatchers("/wine/**").hasRole("USER")

diff --git a/src/main/java/com/drinkeg/drinkeg/global/security/jwt/CustomLogoutFilter.java b/src/main/java/com/drinkeg/drinkeg/global/security/jwt/CustomLogoutFilter.java
@@ -43,19 +43,26 @@ private void doFilter(HttpServletRequest request, HttpServletResponse response,
         String requestMethod = request.getMethod();
         if (!requestMethod.equals("POST")) {
 
-            filterChain.doFilter(request, response);
+            JWTException.jwtExceptionHandler(response, ErrorStatus.METHOD_NOT_ALLOWED);
             return;
         }
 
         // 쿠키에서 Refresh 토큰 가져옴
         String refresh = null;
+        String access = null;
         Cookie[] cookies = request.getCookies();
         for (Cookie cookie : cookies) {
 
             if (cookie.getName().equals("refreshToken")) {
-
                 refresh = cookie.getValue();
             }
+            else if (cookie.getName().equals("accessToken")) {
+                access = cookie.getValue();
+            }
+        }
+        if (access == null) {
+            JWTException.jwtExceptionHandler(response, ErrorStatus.ACCESS_TOKEN_NOT_FOUND);
+            return;
         }
 
         // 토큰 존재 여부 확인
@@ -70,12 +77,18 @@ private void doFilter(HttpServletRequest request, HttpServletResponse response,
         try {
             jwtUtil.isExpired(refresh);
         } catch (ExpiredJwtException e) {
-
             // response status code
             JWTException.jwtExceptionHandler(response, ErrorStatus.REFRESH_TOKEN_EXPIRED);
             return;
         }
 
+        try {
+            jwtUtil.isExpired(access);
+        } catch (ExpiredJwtException e) {
+            JWTException.jwtExceptionHandler(response, ErrorStatus.ACCESS_TOKEN_EXPIRED);
+            return;
+        }
+
         // 토큰이 refresh인지 확인 (발급시 페이로드에 명시)
         String category = jwtUtil.getCategory(refresh);
         if (!category.equals("refresh")) {
@@ -85,6 +98,13 @@ private void doFilter(HttpServletRequest request, HttpServletResponse response,
             return;
         }
 
+        String accessCategory = jwtUtil.getCategory(access);
+        if (!accessCategory.equals("access")) {
+            JWTException.jwtExceptionHandler(response, ErrorStatus.INVALID_ACCESS_TOKEN);
+            return;
+        }
+
+
         String username = jwtUtil.getUsername(refresh);
 
         // DB에 저장되어 있는지 확인

diff --git a/src/main/java/com/drinkeg/drinkeg/global/security/jwt/LoginFilter.java b/src/main/java/com/drinkeg/drinkeg/global/security/jwt/LoginFilter.java
@@ -83,7 +83,7 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR
 
         String role = auth.getAuthority();
 
-        String accessToken = jwtUtil.createJwt("access",username, role, 60000000000L); // 임의로 10000배로 해놓았음. 나중에 수정 필요.
+        String accessToken = jwtUtil.createJwt("access",username, role, 3600000L); // 임의로 10000배로 해놓았음. 나중에 수정 필요.
         String refreshToken = jwtUtil.createJwt("refresh",username,role,864000000L);
 
         System.out.println("---------------LoginFilter------------------");

diff --git a/src/main/java/com/drinkeg/drinkeg/global/security/jwt/TokenService.java b/src/main/java/com/drinkeg/drinkeg/global/security/jwt/TokenService.java
@@ -168,7 +168,7 @@ public void deleteRefreshTokenAndAccessToken(HttpServletResponse response, Strin
 
     public void jwtProvider(Member member, HttpServletResponse response) {
 
-        String accessToken = jwtUtil.createJwt("access",member.getUsername(), member.getRole().getValue(), 60000000000L); // 임의로 10000배로 해놓았음. 나중에 수정 필요.
+        String accessToken = jwtUtil.createJwt("access",member.getUsername(), member.getRole().getValue(), 3600000L); // 임의로 10000배로 해놓았음. 나중에 수정 필요.
         String refreshToken = jwtUtil.createJwt("refresh",member.getUsername(), member.getRole().getValue(),864000000L);
 
         // 토큰을 쿠키에 저장하여 응답