feat: 리프레시, 엑세스 토큰 재발급

spring/src/main/java/org/sopt/spring/common/auth/SecurityConfig.java

@@ -21,7 +21,7 @@ public class SecurityConfig {
     private final CustomJwtAuthenticationEntryPoint customJwtAuthenticationEntryPoint;
     private final CustomAccessDeniedHandler customAccessDeniedHandler;
 
-    private static final String[] AUTH_WHITE_LIST = {"/api/v1/member", "/api/v1/member/refresh"};
+    private static final String[] AUTH_WHITE_LIST = {"/api/v1/member"};
 
     @Bean
     SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {

spring/src/main/java/org/sopt/spring/common/exception/ErrorMessage.java

@@ -12,6 +12,7 @@ public enum ErrorMessage {
     BLOG_CANT_USE(HttpStatus.NOT_FOUND.value(), "사용자의 블로그가 아닙니다."),
     POSTING_NOT_FOUND(HttpStatus.NOT_FOUND.value(), "ID에 해당하는 사용자가 존재하지 않습니다"),
     JWT_UNAUTHORIZED_EXCEPTION(HttpStatus.UNAUTHORIZED.value(), "사용자의 로그인 검증을 실패했습니다."),
+    INVALID_REFRESH_TOKEN(HttpStatus.UNAUTHORIZED.value(), "리프레시 토큰이 만료되었습니다."),
     ;
     private final int status;
     private final String message;

spring/src/main/java/org/sopt/spring/member/controller/MemberController.java

@@ -2,6 +2,7 @@
 
 
 import lombok.RequiredArgsConstructor;
+import org.sopt.spring.common.auth.PrincipalHandler;
 import org.sopt.spring.member.service.MemberService;
 import org.sopt.spring.member.dto.MemberCreateDto;
 import org.sopt.spring.member.dto.MemberFindDto;
@@ -24,6 +25,7 @@
 public class MemberController {
 
     private final MemberService memberService;
+    private final PrincipalHandler principalHandler;
 
     @PostMapping
     public ResponseEntity<UserJoinResponse> createMember(
@@ -36,9 +38,12 @@ public ResponseEntity<UserJoinResponse> createMember(
                         userJoinResponse
                 );
     }
+
     @PostMapping("/refresh")
-    public ResponseEntity<UserJoinResponse> refreshAccessToken() {
-        UserJoinResponse userJoinResponse = memberService.createMember(memberCreateDto);
+    public ResponseEntity<UserJoinResponse> refreshToken(){
+        UserJoinResponse userJoinResponse = memberService.refreshToken(
+                principalHandler.getUserIdFromPrincipal()
+        );
         return ResponseEntity.status(HttpStatus.CREATED)
                 .header("Location", userJoinResponse.userId())
                 .body(

spring/src/main/java/org/sopt/spring/member/service/MemberService.java

@@ -6,6 +6,7 @@
 import org.sopt.spring.common.auth.redis.domain.Token;
 import org.sopt.spring.common.auth.redis.repository.RedisTokenRepository;
 import org.sopt.spring.common.exception.ErrorMessage;
+import org.sopt.spring.common.exception.UnauthorizedException;
 import org.sopt.spring.common.jwt.JwtTokenProvider;
 import org.sopt.spring.member.domain.Member;
 import org.sopt.spring.common.exception.NotFoundException;
@@ -72,4 +73,24 @@ public Member findById(Long memberId) {
                 () -> new NotFoundException(ErrorMessage.MEMBER_NOT_FOUND)
         );
     }
+
+    @Transactional
+    public UserJoinResponse refreshToken(Long memberId) {
+        //Refresh 토큰 만료:  Redis에 해당 Refresh 토큰이 존재하지 않음
+        if(!redisTokenRepository.existsById(memberId.toString())){
+          throw new UnauthorizedException(ErrorMessage.INVALID_REFRESH_TOKEN);
+        }
+        //DB에 해당하는 유저 아이디가 있는지 확인
+        findById(memberId);
+
+        String accessToken = jwtTokenProvider.issueAccessToken(
+                UserAuthentication.createUserAuthentication(memberId)
+        );
+        String refreshToken = jwtTokenProvider.issueRefreshToken(
+                UserAuthentication.createUserAuthentication(memberId)
+        );
+        //레디스에 저*장
+        redisTokenRepository.save(Token.of(memberId, refreshToken));
+        return UserJoinResponse.of(accessToken, refreshToken, memberId.toString());
+    }
 }