[Refactor] 토큰, 리이슈, 로그아웃 로직 변경 (#30)

Author: junseoplee

src/main/java/project/backend/business/auth/AuthService.java

@@ -4,7 +4,6 @@
 import java.util.Collections;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
@@ -48,26 +47,24 @@ public TokenServiceResponse kakaoLogin(String code) throws JsonProcessingExcepti
   @Transactional
   public void logout(TokenServiceRequest tokenServiceRequest) {
     String accessToken = tokenServiceRequest.getAccessToken();
+    String refreshToken = tokenServiceRequest.getRefreshToken();
 
     if (accessToken == null || !tokenProvider.validate(accessToken)) {
       throw new CustomException(ErrorCode.INVALID_ACCESS_TOKEN);
     }
 
     long expiration = tokenProvider.getExpiration(accessToken);
-
     blacklistTokenRedisRepository.save(BlacklistToken.builder()
                                                      .token(accessToken)
                                                      .expiration(expiration / 1000)
                                                      .build());
 
-    Authentication authentication = tokenProvider.getAuthentication(accessToken);
-    String userId = authentication.getName();
-
-    refreshTokenRedisRepository.deleteById(userId);
+    refreshTokenRedisRepository.deleteById(refreshToken);
 
     SecurityContextHolder.clearContext();
   }
 
+  @Transactional
   public TokenServiceResponse reissueAccessToken(TokenServiceRequest tokenServiceRequest) {
     String refreshToken = tokenServiceRequest.getRefreshToken();
 
@@ -76,34 +73,44 @@ public TokenServiceResponse reissueAccessToken(TokenServiceRequest tokenServiceR
       throw new CustomException(ErrorCode.INVALID_REFRESH_TOKEN);
     }
 
-    RefreshToken findToken = refreshTokenRedisRepository.findByRefreshToken(refreshToken);
+    RefreshToken findToken = refreshTokenRedisRepository.findById(refreshToken)
+                                                        .orElseThrow(() -> new CustomException(
+                                                            ErrorCode.NOT_EXIST_REFRESH_TOKEN));
+    refreshTokenRedisRepository.deleteById(refreshToken);
 
+    // 새 AccessToken 생성
     TokenServiceResponse tokenServiceResponse = tokenProvider.createToken(
         String.valueOf(findToken.getId()),
         findToken.getEmail(),
-        findToken.getAuthority());
-
-    refreshTokenRedisRepository.save(RefreshToken.builder()
-                                                 .id(findToken.getId())
-                                                 .email(findToken.getEmail())
-                                                 .authorities(findToken.getAuthorities())
-                                                 .refreshToken(tokenServiceResponse.getRefreshToken())
-                                                 .build());
+        findToken.getAuthority()
+    );
+
+    // 새로 발급된 RefreshToken 을 다시 저장
+    refreshTokenRedisRepository.save(
+        RefreshToken.builder()
+                    .id(findToken.getId())
+                    .email(findToken.getEmail())
+                    .authorities(findToken.getAuthorities())
+                    .refreshToken(tokenServiceResponse.getRefreshToken())
+                    .build()
+    );
 
     SecurityContextHolder.getContext()
                          .setAuthentication(
-                             tokenProvider.getAuthentication(tokenServiceResponse.getAccessToken()));
+                             tokenProvider.getAuthentication(tokenServiceResponse.getAccessToken())
+                         );
 
     return tokenServiceResponse;
   }
 
   private void saveRefreshTokenOnRedis(User user, TokenServiceResponse response) {
-    refreshTokenRedisRepository.save(RefreshToken.builder()
-                                                 .id(user.getId())
-                                                 .email(user.getEmail())
-                                                 .authorities(Collections.singleton(
-                                                     new SimpleGrantedAuthority("USER")))
-                                                 .refreshToken(response.getRefreshToken())
-                                                 .build());
+    RefreshToken refreshToken = RefreshToken.builder()
+                                            .id(user.getId())
+                                            .email(user.getEmail())
+                                            .authorities(Collections.singleton(
+                                                new SimpleGrantedAuthority("USER")))
+                                            .refreshToken(response.getRefreshToken())
+                                            .build();
+    refreshTokenRedisRepository.save(refreshToken);
   }
 }

src/main/java/project/backend/common/config/RedisConfig.java

@@ -5,7 +5,11 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.repository.configuration.EnableRedisRepositories;
+import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
+import project.backend.entity.token.RefreshToken;
 
 @Configuration
 @EnableRedisRepositories
@@ -21,4 +25,14 @@ public class RedisConfig {
   public RedisConnectionFactory redisConnectionFactory() {
     return new LettuceConnectionFactory(redisHost, redisPort);
   }
+
+  @Bean
+  public RedisTemplate<String, RefreshToken> redisTemplate(
+      RedisConnectionFactory redisConnectionFactory) {
+    RedisTemplate<String, RefreshToken> template = new RedisTemplate<>();
+    template.setConnectionFactory(redisConnectionFactory);
+    template.setKeySerializer(new StringRedisSerializer());
+    template.setValueSerializer(new GenericJackson2JsonRedisSerializer());
+    return template;
+  }
 }

src/main/java/project/backend/common/error/ErrorCode.java

@@ -12,8 +12,8 @@ public enum ErrorCode {
   INVALID_REFRESH_TOKEN("유효하지 않은 리프레시 토큰입니다.", HttpStatus.UNAUTHORIZED),
   INVALID_ACCESS_TOKEN("유효하지 않은 엑세스 토큰입니다.", HttpStatus.UNAUTHORIZED),
   TOKEN_INVALID("유효하지 않은 토큰입니다.", HttpStatus.UNAUTHORIZED),
-  ACCESS_DENIED("접근 권한이 없습니다.", HttpStatus.FORBIDDEN);
-
+  ACCESS_DENIED("접근 권한이 없습니다.", HttpStatus.FORBIDDEN),
+  NOT_EXIST_REFRESH_TOKEN("존재하지 않는 리프레시 토큰입니다.", HttpStatus.BAD_REQUEST);
   private final String message;
   private final HttpStatus httpStatus;
 

src/main/java/project/backend/entity/token/RefreshToken.java

@@ -1,29 +1,30 @@
 package project.backend.entity.token;
 
 import java.util.Collection;
-import org.springframework.data.annotation.Id;
-import org.springframework.data.redis.core.RedisHash;
 import lombok.Builder;
 import lombok.Getter;
+import org.springframework.data.annotation.Id;
+import org.springframework.data.redis.core.RedisHash;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 @Builder
 @Getter
-@RedisHash(value = "refresh", timeToLive = 604800)
+@RedisHash(value = "refreshToken", timeToLive = 86400)
 public class RefreshToken {
 
-  @Id
-  private String userId;
-
   private Long id;
-  private String refreshToken;
   private String email;
   private Collection<? extends GrantedAuthority> authorities;
 
+  @Id
+  private String refreshToken;
+
   public String getAuthority() {
     return authorities.stream()
-                      .map(GrantedAuthority::getAuthority)
-                      .findFirst()
-                      .orElse("");
+                      .map(authority -> new SimpleGrantedAuthority(authority.getAuthority()))
+                      .toList()
+                      .get(0)
+                      .getAuthority();
   }
 }

src/main/java/project/backend/presentation/auth/util/TokenExtractor.java

@@ -4,23 +4,28 @@
 
 import jakarta.servlet.http.HttpServletRequest;
 import java.util.Optional;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 import project.backend.business.auth.request.TokenServiceRequest;
 
+@Slf4j
 @Component
 public class TokenExtractor {
 
   @Value("${jwt.access_header}")
   private String accessTokenHeader;
-  
+
   @Value("${jwt.refresh_header}")
   private String refreshTokenHeader;
 
   public TokenServiceRequest extractTokenRequest(HttpServletRequest request) {
+    String accessToken = extractAccessToken(request).orElse(null);
+    String refreshToken = extractRefreshToken(request).orElse(null);
+    log.info("Logout initiated with accessToken: {}, refreshToken: {}", accessToken, refreshToken);
     return TokenServiceRequest.builder()
-                              .accessToken(extractAccessToken(request).orElse(null))
-                              .refreshToken(extractRefreshToken(request).orElse(null))
+                              .accessToken(accessToken)
+                              .refreshToken(refreshToken)
                               .build();
   }
 

src/main/java/project/backend/repository/auth/BlacklistTokenRedisRepository.java

@@ -4,5 +4,4 @@
 import project.backend.entity.token.BlacklistToken;
 
 public interface BlacklistTokenRedisRepository extends CrudRepository<BlacklistToken, String> {
-
 }

src/main/java/project/backend/repository/auth/RefreshTokenRedisRepository.java

@@ -1,13 +1,7 @@
 package project.backend.repository.auth;
 
-import org.springframework.data.redis.core.RedisHash;
 import org.springframework.data.repository.CrudRepository;
 import project.backend.entity.token.RefreshToken;
 
-@RedisHash
-public interface RefreshTokenRedisRepository extends CrudRepository<RefreshToken, Long> {
-
-  RefreshToken findByRefreshToken(String refreshToken);
-
-  void deleteById(String userId);
+public interface RefreshTokenRedisRepository extends CrudRepository<RefreshToken, String> {
 }