Feature/becooq81 step2

.gitignore

@@ -0,0 +1,45 @@
+HELP.md
+.gradle
+build/
+!gradle/wrapper/gradle-wrapper.jar
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+bin/
+!**/src/main/**/bin/
+!**/src/test/**/bin/
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+out/
+!**/src/main/**/out/
+!**/src/test/**/out/
+settings.gradle
+/build/**
+/.gradle/**
+gradlew
+gradlew.bat
+
+
+
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+
+### VS Code ###
+.vscode/

build.gradle

@@ -0,0 +1,52 @@
+plugins {
+	id 'java'
+	id 'org.springframework.boot' version '2.7.16'
+	id 'io.spring.dependency-management' version '1.0.15.RELEASE'
+}
+
+group = 'com.gdsc-ys'
+version = '0.0.1-SNAPSHOT'
+
+java {
+	sourceCompatibility = '11'
+}
+
+configurations {
+	compileOnly {
+		extendsFrom annotationProcessor
+	}
+}
+
+repositories {
+	mavenCentral()
+}
+
+dependencies {
+	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
+	implementation 'org.springframework.boot:spring-boot-starter-security'
+	implementation 'org.springframework.boot:spring-boot-starter-validation'
+	implementation 'org.springframework.boot:spring-boot-starter-web'
+
+	implementation group: 'org.springdoc', name: 'springdoc-openapi-ui', version: '1.6.12'
+	implementation 'net.minidev:json-smart:2.4.9'
+
+	compileOnly 'org.projectlombok:lombok:1.18.30'
+	runtimeOnly 'com.h2database:h2'
+	annotationProcessor 'org.projectlombok:lombok:1.18.30'
+	testImplementation 'org.springframework.boot:spring-boot-starter-test'
+	testImplementation 'org.springframework.security:spring-security-test'
+
+	// jwt
+	implementation group: 'io.jsonwebtoken', name: 'jjwt-api', version: '0.11.5'
+	runtimeOnly group: 'io.jsonwebtoken', name: 'jjwt-impl', version: '0.11.5'
+	runtimeOnly group: 'io.jsonwebtoken', name: 'jjwt-jackson', version: '0.11.5'
+
+
+	implementation "com.querydsl:querydsl-jpa:5.0.0"
+	annotationProcessor "com.querydsl:querydsl-apt:5.0.0"
+
+}
+
+tasks.named('test') {
+	useJUnitPlatform()
+}

gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,7 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.2.1-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists

src/main/java/com/gdscys/cokepoke/CokePokeApplication.java

@@ -0,0 +1,13 @@
+package com.gdscys.cokepoke;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class CokePokeApplication {
+
+	public static void main(String[] args) {
+		SpringApplication.run(CokePokeApplication.class, args);
+	}
+
+}

src/main/java/com/gdscys/cokepoke/auth/DelegatingSecurityContextRepository.java

@@ -0,0 +1,53 @@
+package com.gdscys.cokepoke.auth;
+
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.web.context.HttpRequestResponseHolder;
+import org.springframework.security.web.context.SecurityContextRepository;
+import org.springframework.util.Assert;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Arrays;
+import java.util.List;
+
+public class DelegatingSecurityContextRepository implements SecurityContextRepository {
+    private final List<SecurityContextRepository> delegates;
+
+    public DelegatingSecurityContextRepository(SecurityContextRepository... delegates) {
+        this(Arrays.asList(delegates));
+    }
+
+    public DelegatingSecurityContextRepository(List<SecurityContextRepository> delegates) {
+        Assert.notEmpty(delegates, "delegates cannot be empty");
+        this.delegates = delegates;
+    }
+
+    @Override
+    public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
+        SecurityContext result = null;
+        for (SecurityContextRepository delegate : this.delegates) {
+            SecurityContext delegateResult = delegate.loadContext(requestResponseHolder);
+            if (result == null || delegate.containsContext(requestResponseHolder.getRequest())) {
+                result = delegateResult;
+            }
+        }
+        return result;
+    }
+
+    @Override
+    public void saveContext(SecurityContext context, HttpServletRequest request, HttpServletResponse response) {
+        for (SecurityContextRepository delegate : this.delegates) {
+            delegate.saveContext(context, request, response);
+        }
+    }
+
+    @Override
+    public boolean containsContext(HttpServletRequest request) {
+        for (SecurityContextRepository delegate : this.delegates) {
+            if (delegate.containsContext(request)) {
+                return true;
+            }
+        }
+        return false;
+    }
+}

src/main/java/com/gdscys/cokepoke/auth/SecurityUtil.java

@@ -0,0 +1,12 @@
+package com.gdscys.cokepoke.auth;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+public class SecurityUtil {
+    public static String getLoginUsername(){
+        Authentication loggedInUser = SecurityContextHolder.getContext().getAuthentication();
+        String username = loggedInUser.getName();
+        return username;
+    }
+}

src/main/java/com/gdscys/cokepoke/auth/controller/AuthController.java

@@ -0,0 +1,50 @@
+package com.gdscys.cokepoke.auth.controller;
+
+import com.gdscys.cokepoke.auth.domain.TokenInfo;
+import com.gdscys.cokepoke.auth.dto.LoginRequest;
+import com.gdscys.cokepoke.member.domain.Member;
+import com.gdscys.cokepoke.member.dto.SignupRequest;
+import com.gdscys.cokepoke.member.dto.MemberResponse;
+import javax.validation.Valid;
+
+import com.gdscys.cokepoke.member.service.MemberService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseCookie;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import static org.springframework.http.HttpHeaders.SET_COOKIE;
+
+@Controller
+@RequestMapping("/auth")
+@RequiredArgsConstructor
+public class AuthController {
+    private final MemberService memberService;
+
+    @PostMapping("/signup")
+    public ResponseEntity<MemberResponse> signup(@RequestBody @Valid SignupRequest request) {
+        Member member = memberService.saveMember(request.getEmail(), request.getUsername(), request.getPassword());
+        return ResponseEntity.status(HttpStatus.CREATED)
+                .body(MemberResponse.of(member));
+    }
+
+    @PostMapping(value = "/login")
+    public ResponseEntity<TokenInfo> login(@RequestBody @Valid LoginRequest loginRequest) {
+        TokenInfo tokenInfo = memberService.login(loginRequest.getEmail(), loginRequest.getPassword());
+        return ResponseEntity.ok()
+                .header(SET_COOKIE, generateCookie("accessToken", tokenInfo.getAccessToken()).toString())
+                .header(SET_COOKIE, generateCookie("refreshToken", tokenInfo.getRefreshToken()).toString())
+                .body(tokenInfo);
+    }
+
+    private ResponseCookie generateCookie(String from, String token) {
+        return ResponseCookie.from(from, token)
+                .httpOnly(true) // false로 하면 클라이언트도 쿠키로 접근할 수 있기 때문에 보안상 조치
+                .path("/")
+                .build();
+    }
+}

src/main/java/com/gdscys/cokepoke/auth/domain/JwtCode.java

@@ -0,0 +1,5 @@
+package com.gdscys.cokepoke.auth.domain;
+
+public enum JwtCode {
+    ACCESS,EXPIRED,DENIED
+}

src/main/java/com/gdscys/cokepoke/auth/domain/TokenInfo.java

@@ -0,0 +1,16 @@
+package com.gdscys.cokepoke.auth.domain;
+
+import lombok.Getter;
+
+@Getter
+public class TokenInfo {
+    private String accessToken;
+    private String refreshToken;
+
+    protected TokenInfo() {}
+
+    public TokenInfo(String accessToken, String refreshToken) {
+        this.accessToken = accessToken;
+        this.refreshToken = refreshToken;
+    }
+}

src/main/java/com/gdscys/cokepoke/auth/dto/LoginRequest.java

@@ -0,0 +1,23 @@
+package com.gdscys.cokepoke.auth.dto;
+
+import com.gdscys.cokepoke.validation.declaration.ValidEmail;
+import lombok.Getter;
+
+import javax.validation.constraints.NotBlank;
+
+@Getter
+public class LoginRequest {
+
+    @ValidEmail
+    private String email;
+
+    @NotBlank
+    private String password;
+
+    protected LoginRequest() {}
+
+    public LoginRequest(String email, String password) {
+        this.email = email;
+        this.password = password;
+    }
+}

src/main/java/com/gdscys/cokepoke/auth/jwt/JwtAuthFilter.java

@@ -0,0 +1,104 @@
+package com.gdscys.cokepoke.auth.jwt;
+
+
+import com.gdscys.cokepoke.auth.domain.JwtCode;
+import com.gdscys.cokepoke.auth.domain.TokenInfo;
+import com.gdscys.cokepoke.member.domain.RefreshToken;
+import com.gdscys.cokepoke.member.repository.RefreshTokenRepository;
+import io.jsonwebtoken.Claims;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Optional;
+
+@Slf4j
+@RequiredArgsConstructor
+public class JwtAuthFilter extends OncePerRequestFilter {
+
+    private final JwtTokenProvider jwtTokenProvider;
+    private final RefreshTokenRepository refreshTokenRepository;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        Optional<String> accessToken = extractTokenFromCookie(request, "accessToken");
+        Optional<String> refreshToken = extractTokenFromCookie(request, "refreshToken");
+
+        // 유효한 토큰인지 확인합니다.
+        if (accessToken.isPresent() && jwtTokenProvider.validateToken(accessToken.get()) == JwtCode.ACCESS) {
+            // 토큰이 유효하면 토큰으로부터 유저 정보를 받아옵니다.
+            Authentication authentication = jwtTokenProvider.getAuthentication(accessToken.get());
+            // SecurityContext 에 Authentication 객체를 저장합니다.
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+        } else if (accessToken.isPresent() && jwtTokenProvider.validateToken(accessToken.get()) == JwtCode.EXPIRED) {
+            log.info("Access token expired");
+
+            // refresh token 검증
+            if (refreshToken.isPresent() && jwtTokenProvider.validateToken(refreshToken.get()) == JwtCode.ACCESS) {
+
+                Optional<RefreshToken> savedToken = refreshTokenRepository.findByRefreshToken(refreshToken.get());
+
+                Claims claims = jwtTokenProvider.parseClaims(accessToken.get());
+
+                if (savedToken.isPresent() && claims.get("email").equals(savedToken.get().getMember().getEmail())) {
+                    // accessToken 으로 부터 Authentication 객체 추출
+                    Authentication authentication = jwtTokenProvider.getAuthentication(accessToken.get());
+
+                    // email 을 추출하여 accessToken, refreshToken 생성
+                    TokenInfo tokenInfo = jwtTokenProvider.generateToken(authentication, savedToken.get().getMember().getEmail());
+
+                    // 인증 객체 설정
+                    SecurityContextHolder.getContext().setAuthentication(authentication);
+
+                    // refreshToken 업데이트
+                    savedToken.get().setRefreshToken(tokenInfo.getRefreshToken());
+                    refreshTokenRepository.save(savedToken.get());
+
+                    response.addCookie(jwtTokenProvider.generateCookie("refreshToken", tokenInfo.getRefreshToken()));
+                    response.addCookie(jwtTokenProvider.generateCookie("accessToken", tokenInfo.getAccessToken()));
+
+                    log.info("Reissue access token");
+                }
+            }
+        }
+
+        filterChain.doFilter(request, response);
+    }
+
+    private Optional<String> extractTokenFromCookie(HttpServletRequest request, String cookieName) {
+
+        if (request.getCookies() == null || request.getCookies().length == 0) return Optional.empty();
+
+        return Arrays.stream(request.getCookies())
+                .sequential()
+                .filter(cookie -> cookie.getName().equals(cookieName))
+                .map(Cookie::getValue)
+                .findFirst();
+    }
+
+    @Override
+    protected boolean shouldNotFilter(HttpServletRequest request) {
+        // request 에서 요청 path 추출
+        String path = request.getServletPath();
+
+        // filter 에서 제외한 url 목록
+        String[] excludedPaths = { "/auth/login", "/auth/signup", "/h2-console"};
+
+        for (String excludedPath : excludedPaths) {
+            if (path.startsWith(excludedPath)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+}