Feat/#8

build.gradle

@@ -31,6 +31,9 @@ dependencies {
 
 	// Security
 	implementation 'org.springframework.boot:spring-boot-starter-security'
+	implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
+	runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
+	runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'
 
 	// Database & Cache
 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'

src/main/java/com/whereyouad/WhereYouAd/domain/example/presentation/ExampleController.java

@@ -6,11 +6,11 @@
 import com.whereyouad.WhereYouAd.domain.example.presentation.docs.ExampleControllerDocs;
 import com.whereyouad.WhereYouAd.global.response.DataResponse;
 import com.whereyouad.WhereYouAd.global.response.DefaultIdResponse;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import com.whereyouad.WhereYouAd.global.security.jwt.CustomUserDetails;
 import lombok.AccessLevel;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.*;
 
 @RestController
@@ -35,4 +35,21 @@ public ResponseEntity<DataResponse<ExampleResponse>> findById(@PathVariable Long
                 DataResponse.from(exampleService.findById(id))
         );
     }
+
+    //@AuthenticationPrincipal 예시 메서드
+    //회원가입 및 로그인 진행한 뒤,
+    //Postman에서 Authorization 탭 -> Bearer Token -> AccessToken 값 붙여넣기
+    //or Headers 에서 Authorization 추가하여 Bearer {AccessToken} 붙여넣기
+    //해당 회원의 DB에 저장된 Id 값 반환됨.
+    @GetMapping("/userId")
+    public String userIdTest(@AuthenticationPrincipal CustomUserDetails customUserDetails) {
+        return customUserDetails.getUserId().toString();
+    }
+
+    //@AuthenticationPrincipal 예시 메서드
+    //CustomUserDetails 내부에 getUserId() 메서드를 통해 회원의 DB 저장된 Id 값 바로 뽑아내기도 가능
+    @GetMapping("/userId2")
+    public String userIdTest2(@AuthenticationPrincipal(expression = "userId") Long userId) {
+        return userId.toString();
+    }
 }

src/main/java/com/whereyouad/WhereYouAd/domain/example/presentation/docs/ExampleControllerDocs.java

@@ -4,9 +4,12 @@
 import com.whereyouad.WhereYouAd.domain.example.application.dto.response.ExampleResponse;
 import com.whereyouad.WhereYouAd.global.response.DataResponse;
 import com.whereyouad.WhereYouAd.global.response.DefaultIdResponse;
+import com.whereyouad.WhereYouAd.global.security.jwt.CustomUserDetails;
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 
@@ -30,4 +33,22 @@ public interface ExampleControllerDocs {
             @io.swagger.v3.oas.annotations.responses.ApiResponse(responseCode = "400", description = "실패")
     })
     public ResponseEntity<DataResponse<ExampleResponse>> findById(@PathVariable Long id);
+
+    @Operation(
+            summary = "@AuthenticationPrincipal 사용법 예시 API",
+            description = "회원가입 -> 로그인 후 AccessToken 을 가지고 해당 메서드 호출 시 DB 내부 회원의 Id 반환"
+    )
+    @ApiResponses(
+            @ApiResponse(responseCode = "200", description = "성공")
+    )
+    public String userIdTest(@AuthenticationPrincipal CustomUserDetails customUserDetails);
+
+    @Operation(
+            summary = "@AuthenticationPrincipal 사용법 예시 API",
+            description = "회원가입 -> 로그인 후 AccessToken 을 가지고 해당 메서드 호출 시 DB 내부 회원의 Id 반환, CustomUserDetails 내부 편의 메서드 사용 예시"
+    )
+    @ApiResponses(
+            @ApiResponse(responseCode = "200", description = "성공")
+    )
+    public String userIdTest2(@AuthenticationPrincipal(expression = "userId") Long userId);
 }

src/main/java/com/whereyouad/WhereYouAd/domains/user/application/dto/request/LoginRequest.java

@@ -0,0 +1,12 @@
+package com.whereyouad.WhereYouAd.domains.user.application.dto.request;
+
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotBlank;
+
+public record LoginRequest(
+        @NotBlank(message = "이메일은 필수입니다.")
+        @Email(message = "이메일 형식이 올바르지 않습니다.")
+        String email,
+        @NotBlank(message = "비밀번호는 필수입니다.")
+        String password
+) {}

src/main/java/com/whereyouad/WhereYouAd/domains/user/domain/service/AuthService.java

@@ -0,0 +1,86 @@
+package com.whereyouad.WhereYouAd.domains.user.domain.service;
+
+import com.whereyouad.WhereYouAd.domains.user.application.dto.request.LoginRequest;
+import com.whereyouad.WhereYouAd.domains.user.exception.code.AuthErrorCode;
+import com.whereyouad.WhereYouAd.domains.user.persistence.entity.RefreshToken;
+import com.whereyouad.WhereYouAd.domains.user.persistence.repository.RefreshTokenRepository;
+import com.whereyouad.WhereYouAd.global.exception.AppException;
+import com.whereyouad.WhereYouAd.global.security.jwt.CustomUserDetailsService;
+import com.whereyouad.WhereYouAd.global.security.jwt.JwtTokenProvider;
+import com.whereyouad.WhereYouAd.global.security.jwt.dto.TokenResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+@Service
+@RequiredArgsConstructor
+public class AuthService {
+
+    private final AuthenticationManagerBuilder authenticationManagerBuilder;
+    private final JwtTokenProvider jwtTokenProvider;
+    private final RefreshTokenRepository refreshTokenRepository;
+    private final CustomUserDetailsService customUserDetailsService;
+
+    //최초 로그인을 통해 AccessToken 과 RefreshToken 발급 받는 메서드
+    @Transactional
+    public TokenResponse login(LoginRequest request) {
+        //email, password 기반 Spring Security가 사용할 인증 객체(AuthenticationToken) 생성
+        UsernamePasswordAuthenticationToken authenticationToken =
+                new UsernamePasswordAuthenticationToken(request.email(), request.password());
+
+        //실제 password 검증
+        // authenticate()가 실행되면 CustomUserDetailsService.loadUserByUsername이 호출되어 DB의 유저 정보와 비교합니다.
+        Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);
+
+        //인증 정보 기반 JWT 토큰(Access & Refresh) 생성
+        TokenResponse tokenResponse = jwtTokenProvider.generateToken(authentication);
+
+        //RefreshToken 저장 -> 없으면 생성, 이미 있으면 update
+        RefreshToken refreshToken = refreshTokenRepository.findByKeyId(request.email())
+                .map(entity -> entity.updateValue(tokenResponse.refreshToken()))
+                .orElse(RefreshToken.builder()
+                        .keyId(request.email())
+                        .value(tokenResponse.refreshToken()).
+                        build());
+
+        refreshTokenRepository.save(refreshToken);
+
+        return tokenResponse;
+    }
+
+    //기존 AccessToken 만료 시 RefreshToken을 통해 AccessToken & RefreshToken 을 재발급 받는 메서드
+    @Transactional
+    public TokenResponse reIssue(String refreshToken) {
+        jwtTokenProvider.validateToken(refreshToken); //refreshToken 자체에 문제가 있을 시 해당 부분에서 예외 발생
+
+        String email = jwtTokenProvider.getSubject(refreshToken); //refreshToken 에서 사용자 email 값 추출
+
+        //기존에 해당 email의 RefreshToken 이 있는지 조회
+        RefreshToken savedRefreshToken = refreshTokenRepository.findByKeyId(email)
+                .orElseThrow(() -> new AppException(AuthErrorCode.TOKEN_EXPIRED));
+
+        //해당 저장된 RefreshToken 과 입력받은 RefreshToken 이 동일한지 확인
+        if (!savedRefreshToken.getValue().equals(refreshToken)) {
+            throw new AppException(AuthErrorCode.INVALID_TOKEN_FORMAT);
+        }
+
+        //새로운 토큰 생성을 위해 유저 최신 정보 조회
+        UserDetails userDetails = customUserDetailsService.loadUserByUsername(email);
+
+        // Spring Security 인증 객체 생성
+        UsernamePasswordAuthenticationToken authentication =
+                new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
+
+        //새로운 Access & RefreshToken 생성 및 저장
+        TokenResponse tokenResponse = jwtTokenProvider.generateToken(authentication);
+        savedRefreshToken.updateValue(tokenResponse.refreshToken());
+        refreshTokenRepository.save(savedRefreshToken);
+
+        //새로운 Access & RefreshToken 반환
+        return tokenResponse;
+    }
+}

src/main/java/com/whereyouad/WhereYouAd/domains/user/exception/code/AuthErrorCode.java

@@ -0,0 +1,24 @@
+package com.whereyouad.WhereYouAd.domains.user.exception.code;
+
+import com.whereyouad.WhereYouAd.global.exception.BaseErrorCode;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import org.springframework.http.HttpStatus;
+
+@Getter
+@AllArgsConstructor
+public enum AuthErrorCode implements BaseErrorCode {
+    //토큰 관련
+    TOKEN_EXPIRED(HttpStatus.UNAUTHORIZED, "AUTH_401_2", "토큰이 만료되었습니다."),
+    INVALID_TOKEN_FORMAT(HttpStatus.UNAUTHORIZED, "AUTH_401_3", "잘못된 토큰 형식입니다."),
+
+    // 로그인 실패 (비밀번호 틀림 or 계정 없음)
+    LOGIN_FAILED(HttpStatus.UNAUTHORIZED, "AUTH_401_1", "아이디 또는 비밀번호가 일치하지 않습니다."),
+
+    USER_NOT_FOUND(HttpStatus.NOT_FOUND, "AUTH_401_4", "해당 이메일의 회원이 존재하지 않습니다.")
+    ;
+
+    private final HttpStatus httpStatus;
+    private final String code;
+    private final String message;
+}

src/main/java/com/whereyouad/WhereYouAd/domains/user/persistence/entity/RefreshToken.java

@@ -0,0 +1,29 @@
+package com.whereyouad.WhereYouAd.domains.user.persistence.entity;
+
+import jakarta.persistence.Entity;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Entity
+@Table(name = "refresh_tokens")
+@Getter
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class RefreshToken {
+
+    @Id
+    private String keyId; //유저의 이메일(Key)
+
+    private String value; //Refresh Token 값(Value)
+
+    //토큰 갱신 메서드
+    public RefreshToken updateValue(String token) {
+        this.value = token;
+        return this;
+    }
+}

src/main/java/com/whereyouad/WhereYouAd/domains/user/persistence/repository/RefreshTokenRepository.java

@@ -0,0 +1,13 @@
+package com.whereyouad.WhereYouAd.domains.user.persistence.repository;
+
+import com.whereyouad.WhereYouAd.domains.user.persistence.entity.RefreshToken;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+
+import java.util.Optional;
+
+public interface RefreshTokenRepository extends JpaRepository<RefreshToken, String> {
+    @Query("select r from RefreshToken r where r.keyId = :keyId")
+    Optional<RefreshToken> findByKeyId(@Param("keyId") String keyId);
+}

src/main/java/com/whereyouad/WhereYouAd/domains/user/presentation/AuthController.java

@@ -0,0 +1,64 @@
+package com.whereyouad.WhereYouAd.domains.user.presentation;
+
+import com.whereyouad.WhereYouAd.domains.user.application.dto.request.LoginRequest;
+import com.whereyouad.WhereYouAd.domains.user.domain.service.AuthService;
+import com.whereyouad.WhereYouAd.domains.user.presentation.docs.AuthControllerDocs;
+import com.whereyouad.WhereYouAd.global.response.DataResponse;
+import com.whereyouad.WhereYouAd.global.security.jwt.dto.TokenResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseCookie;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+@RestController
+@RequestMapping("/api/auth")
+@RequiredArgsConstructor
+public class AuthController implements AuthControllerDocs {
+
+    private final AuthService authService;
+
+    @PostMapping("/login")
+    public ResponseEntity<DataResponse<TokenResponse>> login(@RequestBody LoginRequest request) {
+
+        TokenResponse tokenResponse = authService.login(request);
+
+        ResponseCookie httpOnlyCookie = ResponseCookie.from("refresh_token", tokenResponse.refreshToken())
+                .httpOnly(true)
+//                .secure(true) //<-- HTTPS 에서만 쿠키 전송하도록 설정
+                .secure(false) //<-- Postman 테스트 용이를 위해 false
+                .path("/")
+                .maxAge(60 * 60 * 24 * 7) // 7일
+//                .sameSite("None") //<-- 크로스 사이트 전송 정책, 프론트와 연동시 해당 코드 활성화
+                .sameSite("Strict") //<-- 개발 or 테스트 or Postman 을 위해 임시 Strict
+                .build();
+
+        return ResponseEntity.ok()
+                .header(HttpHeaders.SET_COOKIE, httpOnlyCookie.toString()) //생성한 RefreshToken 쿠키를 헤더에 설정
+                .header(HttpHeaders.AUTHORIZATION, "Bearer " + tokenResponse.accessToken()) //AccessToken 을 Authorization 헤더에도 추가(편의사항)
+                .body(DataResponse.from(tokenResponse));
+    }
+
+    @PostMapping("/reissue")
+    public ResponseEntity<DataResponse<TokenResponse>> reIssue(
+            @CookieValue(name = "refresh_token") String refreshToken
+    )
+    {
+        TokenResponse tokenResponse = authService.reIssue(refreshToken);
+
+        ResponseCookie httpOnlyCookie = ResponseCookie.from("refresh_token", tokenResponse.refreshToken())
+                .httpOnly(true)
+//                .secure(true)
+                .secure(false)
+                .path("/")
+                .maxAge(60 * 60 * 24 * 7) // 7일
+//                .sameSite("None")
+                .sameSite("Strict")
+                .build();
+
+        return ResponseEntity.ok()
+                .header(HttpHeaders.SET_COOKIE, httpOnlyCookie.toString()) //생성한 RefreshToken 쿠키를 헤더에 설정
+                .header(HttpHeaders.AUTHORIZATION, "Bearer " + tokenResponse.accessToken()) //AccessToken 을 Authorization 헤더에도 추가(편의사항)
+                .body(DataResponse.from(tokenResponse));
+    }
+}

src/main/java/com/whereyouad/WhereYouAd/domains/user/presentation/docs/AuthControllerDocs.java

@@ -0,0 +1,34 @@
+package com.whereyouad.WhereYouAd.domains.user.presentation.docs;
+
+import com.whereyouad.WhereYouAd.domains.user.application.dto.request.LoginRequest;
+import com.whereyouad.WhereYouAd.global.response.DataResponse;
+import com.whereyouad.WhereYouAd.global.security.jwt.dto.TokenResponse;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CookieValue;
+import org.springframework.web.bind.annotation.RequestBody;
+
+public interface AuthControllerDocs {
+    @Operation(
+            summary = "로그인 API",
+            description = "이메일, 비밀번호를 입력받아 로그인 진행, AccessToken 을 body 로 반환 & RefreshToken 은 쿠키로 반환"
+    )
+    @ApiResponses({
+            @ApiResponse(responseCode = "200", description = "성공"),
+            @ApiResponse(responseCode = "401_1", description = "실패")
+    })
+    public ResponseEntity<DataResponse<TokenResponse>> login(@RequestBody LoginRequest request);
+
+    @Operation(
+            summary = "AccessToken 재발급 API",
+            description = "AccessToken 만료 시 쿠키에 있는 RefreshToken 을 사용해 AccessToken & RefreshToken 을 재발급"
+    )
+    @ApiResponses({
+            @ApiResponse(responseCode = "200", description = "성공"),
+            @ApiResponse(responseCode = "401_2", description = "실패(RefreshToken 만료, 재로그인 필요)"),
+            @ApiResponse(responseCode = "401_3", description = "실패(RefreshToken 옳지 않은 값)")
+    })
+    public ResponseEntity<DataResponse<TokenResponse>> reIssue(@CookieValue(name = "refresh_token") String refreshToken);
+}