From 79dd667a675e04f8e2c9c1231ee4ec0d6ea0b5ab Mon Sep 17 00:00:00 2001 From: Hgyeol Date: Mon, 1 Dec 2025 13:03:02 +0900 Subject: [PATCH] =?UTF-8?q?=EC=95=B1=20=ED=86=A0=ED=81=B0=20=EC=9E=AC?= =?UTF-8?q?=EB=B0=9C=EA=B8=89=20api=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../security/jwt/AppJwtToken.java | 14 ++++++++ .../security/jwt/AuthController.java | 7 +++- .../security/jwt/RefreshTokenService.java | 32 +++++++++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 src/main/java/hello/cluebackend/infrastructure/security/jwt/AppJwtToken.java diff --git a/src/main/java/hello/cluebackend/infrastructure/security/jwt/AppJwtToken.java b/src/main/java/hello/cluebackend/infrastructure/security/jwt/AppJwtToken.java new file mode 100644 index 0000000..e75a638 --- /dev/null +++ b/src/main/java/hello/cluebackend/infrastructure/security/jwt/AppJwtToken.java @@ -0,0 +1,14 @@ +package hello.cluebackend.infrastructure.security.jwt; + +import lombok.*; + +@Getter +@Setter +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class AppJwtToken { + + private String accessToken; + private String refreshToken; +} diff --git a/src/main/java/hello/cluebackend/infrastructure/security/jwt/AuthController.java b/src/main/java/hello/cluebackend/infrastructure/security/jwt/AuthController.java index f4b97e0..eddd0e3 100644 --- a/src/main/java/hello/cluebackend/infrastructure/security/jwt/AuthController.java +++ b/src/main/java/hello/cluebackend/infrastructure/security/jwt/AuthController.java @@ -23,11 +23,16 @@ public AuthController(RefreshTokenService refreshTokenService) { } @PostMapping("/reissue") - public ResponseEntity refreshToken(HttpServletRequest request, HttpServletResponse response) { + public ResponseEntity refreshToken(HttpServletRequest request, HttpServletResponse response) { refreshTokenService.reissueRefreshToken(request, response); return new ResponseEntity<>(HttpStatus.OK); } + @PostMapping("/app/reissue") + public ResponseEntity appRefreshToken(HttpServletRequest request) { + return ResponseEntity.status(HttpStatus.OK).body(refreshTokenService.reissueRefreshToken(request)); + } + @PostMapping("/api/logout") public ResponseEntity logout(HttpServletRequest request, HttpServletResponse response) { System.out.println("logout request"); diff --git a/src/main/java/hello/cluebackend/infrastructure/security/jwt/RefreshTokenService.java b/src/main/java/hello/cluebackend/infrastructure/security/jwt/RefreshTokenService.java index 90d6d46..6dc01ad 100644 --- a/src/main/java/hello/cluebackend/infrastructure/security/jwt/RefreshTokenService.java +++ b/src/main/java/hello/cluebackend/infrastructure/security/jwt/RefreshTokenService.java @@ -64,6 +64,38 @@ public void reissueRefreshToken(HttpServletRequest request, HttpServletResponse response.addCookie(createCookie("refresh_token", newRefreshToken)); } + public AppJwtToken reissueRefreshToken(HttpServletRequest request) throws AuthenticationCredentialsNotFoundException { + String refreshToken = getString(request); + + jwtUtil.isExpired(refreshToken); + + String category = jwtUtil.getCategory(refreshToken); + + if (!"refresh".equals(category)) { + throw new AuthenticationCredentialsNotFoundException("Invalid refresh token"); + } + + if (!existsByRefresh(refreshToken)) { + throw new AuthenticationCredentialsNotFoundException("Invalid refresh token"); + } + + String username = jwtUtil.getUsername(refreshToken); + String role = jwtUtil.getRole(refreshToken).name(); + UUID userId = jwtUtil.getUserId(refreshToken); + String email = jwtUtil.getEmail(refreshToken); + + + String newAccessToken = jwtUtil.createJwt("access", userId, username, email, role, 60*60*1000L); + String newRefreshToken = jwtUtil.createJwt("refresh", userId, username, email, role,24 * 60 * 60 * 1000L); + + saveRefreshToken(newRefreshToken, username); + deleteByRefresh(refreshToken); + return AppJwtToken.builder() + .accessToken(newAccessToken) + .refreshToken(newRefreshToken) + .build(); + } + @NotNull private static String getString(HttpServletRequest request) { String refreshToken = null;