#6 - 6차 세미나 실습 과제 제출

6thSeminar/springPractice/src/main/java/org/sopt/springPractice/auth/redis/config/RedisConfig.java

@@ -0,0 +1,35 @@
+package org.sopt.springPractice.auth.redis.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
+
+@Configuration
+public class RedisConfig {
+
+    @Value("${spring.data.redis.host}")
+    private String host;
+
+    @Value("${spring.data.redis.port}")
+    private int port;
+
+    @Bean
+    public RedisConnectionFactory redisConnectionFactory() {
+        return new LettuceConnectionFactory(host, port);
+    }
+
+    @Bean
+    public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory connectionFactory) {
+        RedisTemplate<String, Object> template = new RedisTemplate<>();
+        template.setConnectionFactory(connectionFactory);
+        template.setKeySerializer(new StringRedisSerializer());
+        template.setValueSerializer(new GenericJackson2JsonRedisSerializer());
+
+        return template;
+    }
+}

6thSeminar/springPractice/src/main/java/org/sopt/springPractice/auth/redis/controller/TokenController.java

@@ -0,0 +1,31 @@
+package org.sopt.springPractice.auth.redis.controller;
+
+import lombok.RequiredArgsConstructor;
+import org.sopt.springPractice.auth.PrincipalHandler;
+import org.sopt.springPractice.auth.redis.service.TokenService;
+import org.sopt.springPractice.auth.redis.service.dto.AccessTokenDTO;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@Transactional
+@RestController
+@RequiredArgsConstructor
+@RequestMapping("/api/v1/token")
+public class TokenController {
+
+    private final TokenService tokenService;
+    private final PrincipalHandler principalHandler;
+
+    @PostMapping("/reissue")
+    public ResponseEntity<AccessTokenDTO> reissueAccessToken() {
+        Long userId = principalHandler.getUserIdFromPrincipal();
+        AccessTokenDTO newAccessTokenResponse = tokenService.reissueAccessToken(userId);
+
+        return ResponseEntity.status(HttpStatus.CREATED)
+                .body(newAccessTokenResponse);
+    }
+}

6thSeminar/springPractice/src/main/java/org/sopt/springPractice/auth/redis/domain/Token.java

@@ -4,11 +4,13 @@
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Getter;
+import lombok.NoArgsConstructor;
 import org.springframework.data.redis.core.RedisHash;
 import org.springframework.data.redis.core.index.Indexed;
 
 @RedisHash(value = "", timeToLive = 60 * 60 * 24 * 1000L * 14)
 @AllArgsConstructor
+@NoArgsConstructor
 @Getter
 @Builder
 public class Token {

6thSeminar/springPractice/src/main/java/org/sopt/springPractice/auth/redis/service/TokenService.java

@@ -0,0 +1,31 @@
+package org.sopt.springPractice.auth.redis.service;
+
+import lombok.RequiredArgsConstructor;
+import org.sopt.springPractice.auth.redis.domain.Token;
+import org.sopt.springPractice.auth.redis.repository.RedisTokenRepository;
+import org.sopt.springPractice.auth.redis.service.dto.AccessTokenDTO;
+import org.sopt.springPractice.common.dto.ErrorMessage;
+import org.sopt.springPractice.common.jwt.JwtTokenProvider;
+import org.sopt.springPractice.exception.UnauthorizedException;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+@Service
+@RequiredArgsConstructor
+public class TokenService {
+
+    private final RedisTokenRepository redisTokenRepository;
+    private final JwtTokenProvider jwtTokenProvider;
+
+    @Transactional
+    public AccessTokenDTO reissueAccessToken(Long userId) {
+        Token token = redisTokenRepository.findById(userId).orElseThrow(
+                () -> new UnauthorizedException(ErrorMessage.MEMBER_NOT_FOUND)
+        );
+
+        jwtTokenProvider.validateToken(token.getRefreshToken());
+        String newAccessToken = jwtTokenProvider.newAccessToken(token.getRefreshToken());
+
+        return AccessTokenDTO.of(newAccessToken);
+    }
+}

6thSeminar/springPractice/src/main/java/org/sopt/springPractice/auth/redis/service/dto/AccessTokenDTO.java

@@ -0,0 +1,9 @@
+package org.sopt.springPractice.auth.redis.service.dto;
+
+public record AccessTokenDTO(
+        String accessToken
+) {
+    public static AccessTokenDTO of(String accessToken) {
+        return new AccessTokenDTO(accessToken);
+    }
+}

6thSeminar/springPractice/src/main/java/org/sopt/springPractice/common/dto/ErrorMessage.java

@@ -10,7 +10,8 @@ public enum ErrorMessage {
 
     MEMBER_NOT_FOUND(HttpStatus.NOT_FOUND.value(), "ID에 해당하는 사용자가 존재하지 않습니다."),
     BLOG_NOT_FOUND(HttpStatus.NOT_FOUND.value(), "ID에 해당하는 블로그가 존재하지 않습니다."),
-    JWT_UNAUTHORIZED_EXCEPTION(HttpStatus.UNAUTHORIZED.value(), "사용자의 로그인 검증을 실패했습니다.");
+    JWT_UNAUTHORIZED_EXCEPTION(HttpStatus.UNAUTHORIZED.value(), "사용자의 로그인 검증을 실패했습니다."),
+    EXPIRED_JWT_TOKEN(HttpStatus.UNAUTHORIZED.value(), "만료된 refresh 토큰입니다.");
     private final int status;
     private final String message;
 }

6thSeminar/springPractice/src/main/java/org/sopt/springPractice/common/jwt/JwtTokenProvider.java

@@ -12,6 +12,7 @@
 import java.util.Date;
 import javax.crypto.SecretKey;
 import lombok.RequiredArgsConstructor;
+import org.sopt.springPractice.auth.UserAuthentication;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Component;
@@ -22,8 +23,8 @@ public class JwtTokenProvider {
 
     private static final String USER_ID = "userId";
 
-    private static final Long ACCESS_TOKEN_EXPIRATION_TIME = 24 * 60 * 60 * 1000L * 14;
-    private static final Long REFRESH_TOKEN_EXPIRATION_TIME = 60 * 60 * 24 * 1000L * 14;
+    private static final Long ACCESS_TOKEN_EXPIRATION_TIME = 24 * 60 * 60 * 1000L * 2;
+    private static final Long REFRESH_TOKEN_EXPIRATION_TIME = 24 * 60 * 60 * 1000L * 14;
 
     @Value("${jwt.secret}")
     private String JWT_SECRET;
@@ -83,4 +84,12 @@ public Long getUserFromJwt(String token) {
         Claims claims = getBody(token);
         return Long.valueOf(claims.get(USER_ID).toString());
     }
+
+    public String newAccessToken(String refreshToken) {
+        Claims claims = getBody(refreshToken);
+        Long userId = Long.valueOf(claims.get(USER_ID).toString());
+        Authentication authentication = UserAuthentication.createUserAuthentication(userId);
+
+        return issueAccessToken(authentication);
+    }
 }

6thSeminar/springPractice/src/main/java/org/sopt/springPractice/service/MemberService.java

@@ -3,6 +3,8 @@
 import jakarta.persistence.EntityNotFoundException;
 import lombok.RequiredArgsConstructor;
 import org.sopt.springPractice.auth.UserAuthentication;
+import org.sopt.springPractice.auth.redis.domain.Token;
+import org.sopt.springPractice.auth.redis.repository.RedisTokenRepository;
 import org.sopt.springPractice.common.dto.ErrorMessage;
 import org.sopt.springPractice.common.jwt.JwtTokenProvider;
 import org.sopt.springPractice.domain.Member;
@@ -21,6 +23,7 @@ public class MemberService {
 
     private final MemberRepository memberRepository;
     private final JwtTokenProvider jwtTokenProvider;
+    private final RedisTokenRepository redisTokenRepository;
 
     @Transactional
     public UserJoinResponse createMember(
@@ -33,8 +36,12 @@ public UserJoinResponse createMember(
         String accessToken = jwtTokenProvider.issueAccessToken(
                 UserAuthentication.createUserAuthentication(memberId)
         );
+        String refreshToken = jwtTokenProvider.issueRefreshToken(
+                UserAuthentication.createUserAuthentication(memberId)
+        );
+        redisTokenRepository.save(Token.of(memberId, refreshToken));
 
-        return UserJoinResponse.of(accessToken, memberId.toString());
+        return UserJoinResponse.of(accessToken, refreshToken, memberId.toString());
     }
 
     public Member findById(

6thSeminar/springPractice/src/main/java/org/sopt/springPractice/service/dto/UserJoinResponse.java

@@ -2,12 +2,14 @@
 
 public record UserJoinResponse(
         String accessToken,
+        String refreshToken,
         String userId
 ) {
     public static UserJoinResponse of(
             String accessToken,
+            String refreshToken,
             String userId
     ) {
-        return new UserJoinResponse(accessToken, userId);
+        return new UserJoinResponse(accessToken, refreshToken, userId);
     }
 }