From 610cf9d31340d68ac643e0aa7a2d5018054aa907 Mon Sep 17 00:00:00 2001 From: minjun Date: Tue, 20 Jun 2023 20:32:20 +0900 Subject: [PATCH 1/5] =?UTF-8?q?[Add]=20#275=20-=20=EC=9D=B8=ED=84=B0?= =?UTF-8?q?=EC=85=89=ED=84=B0=EC=97=90=EC=84=9C=EC=9D=98=20userID=20?= =?UTF-8?q?=EA=B2=80=EC=A6=9D=20=EB=B6=88=ED=95=84=EC=9A=94=ED=95=9C=20?= =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=82=AD=EC=A0=9C=20=EB=B0=8F=20=EB=A6=AC?= =?UTF-8?q?=ED=8C=A9=ED=86=A0=EB=A7=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../encrypt/AuthenticationInterceptor.java | 34 ++++++++----------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/src/main/java/shop/cazait/global/config/encrypt/AuthenticationInterceptor.java b/src/main/java/shop/cazait/global/config/encrypt/AuthenticationInterceptor.java index a37c492e..9afb308c 100644 --- a/src/main/java/shop/cazait/global/config/encrypt/AuthenticationInterceptor.java +++ b/src/main/java/shop/cazait/global/config/encrypt/AuthenticationInterceptor.java @@ -5,9 +5,12 @@ import org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController; import org.springframework.objenesis.strategy.BaseInstantiatorStrategy; import org.springframework.web.method.HandlerMethod; +import org.springframework.web.servlet.DispatcherServlet; +import org.springframework.web.servlet.HandlerAdapter; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.HandlerMapping; +import org.springframework.web.servlet.handler.AbstractHandlerMethodMapping; import shop.cazait.domain.user.exception.UserException; import shop.cazait.global.error.exception.BaseException; @@ -15,6 +18,8 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.util.Enumeration; +import java.util.List; import java.util.Map; import java.util.Optional; @@ -27,10 +32,12 @@ public class AuthenticationInterceptor implements HandlerInterceptor { private final JwtService jwtService; @Override - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws UserException{ + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { + System.out.println("request.pathinfo = " + request.getPathInfo()); - System.out.println("request.getRequestURI() = " + request.getRequestURI()); - System.out.println("request.getRequestURL() = " + request.getRequestURL()); + System.out.println("request = " + request); + System.out.println("request.getServletPath() = " + request.getServletPath()); + System.out.println("handler = " + handler); // if(BasicErrorController.class == handlerMethod.getBeanType()){ // return true; // } @@ -42,37 +49,26 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons String accessToken = request.getHeader("Authorization"); log.info("AccessToken in interceptor prehandle = "+accessToken); -// if(jwtService.isValidToken(accessToken)){ -// return true; -// } -// else { -// return false; -// } - final Map pathVariables = (Map) request + /* final Map pathVariables = (Map) request .getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE); System.out.println("pathVariables = " + pathVariables); Optional masterId = Optional.ofNullable(pathVariables.get("masterId")); - Optional userId = Optional.ofNullable(pathVariables.get("userId")); + Optional userId = Optional.ofNullable(pathVariables.get("userId"));*/ if(jwtService.isValidToken(accessToken)) { - if (!masterId.isEmpty()) { - jwtService.isValidAccessTokenId(Long.valueOf(masterId.get())); - } - if (!userId.isEmpty()) { - jwtService.isValidAccessTokenId(Long.valueOf(userId.get())); - } + return true; } else { return false; } - return true; } private boolean checkAnnotation(Object handler,Class cls){ - HandlerMethod handlerMethod=(HandlerMethod) handler; + System.out.println("handlerMethod.getBean() = " + handlerMethod.getBean()); + System.out.println("handlerMethod = " + handlerMethod); System.out.println("handlerMethod.getMethodAnnotation(cls) = " + handlerMethod.getMethodAnnotation(cls)); if(handlerMethod.getMethodAnnotation(cls)!=null){ //해당 어노테이션이 존재하면 true. return true; From 163da58f607a7298010f4badb8bd64b97d866a0e Mon Sep 17 00:00:00 2001 From: minjun Date: Tue, 20 Jun 2023 20:33:17 +0900 Subject: [PATCH 2/5] =?UTF-8?q?[Refactor]=20#275-=20userID,=20masterID=20?= =?UTF-8?q?=EC=B6=94=EC=B6=9C=20=ED=9B=84=20=EC=9D=B8=EC=A6=9D=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=82=AD=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../global/config/encrypt/AuthenticationInterceptor.java | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/main/java/shop/cazait/global/config/encrypt/AuthenticationInterceptor.java b/src/main/java/shop/cazait/global/config/encrypt/AuthenticationInterceptor.java index 9afb308c..6b0e168b 100644 --- a/src/main/java/shop/cazait/global/config/encrypt/AuthenticationInterceptor.java +++ b/src/main/java/shop/cazait/global/config/encrypt/AuthenticationInterceptor.java @@ -49,13 +49,6 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons String accessToken = request.getHeader("Authorization"); log.info("AccessToken in interceptor prehandle = "+accessToken); - /* final Map pathVariables = (Map) request - .getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE); - System.out.println("pathVariables = " + pathVariables); - - Optional masterId = Optional.ofNullable(pathVariables.get("masterId")); - Optional userId = Optional.ofNullable(pathVariables.get("userId"));*/ - if(jwtService.isValidToken(accessToken)) { return true; } From 203113b0fc0e07bd92e13a6a09aae36e6deeb45b Mon Sep 17 00:00:00 2001 From: minjun Date: Tue, 20 Jun 2023 20:34:24 +0900 Subject: [PATCH 3/5] =?UTF-8?q?[Refactor]=20#272=20-=20=ED=86=A0=ED=81=B0?= =?UTF-8?q?=20=ED=8C=8C=EC=8B=B1=20=EA=B3=BC=EC=A0=95=EC=97=90=EC=84=9C?= =?UTF-8?q?=EC=9D=98=20=EC=98=88=EC=99=B8=EC=B2=98=EB=A6=AC=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../global/config/encrypt/JwtService.java | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/main/java/shop/cazait/global/config/encrypt/JwtService.java b/src/main/java/shop/cazait/global/config/encrypt/JwtService.java index c86484b2..eda5fced 100644 --- a/src/main/java/shop/cazait/global/config/encrypt/JwtService.java +++ b/src/main/java/shop/cazait/global/config/encrypt/JwtService.java @@ -42,7 +42,6 @@ public JwtBuilder makeCommonTokenSource(Date now, Date expirationDate) { .setIssuedAt(now) .setExpiration(expirationDate) .signWith(key); - } //accessToken 발행 함수 @@ -50,10 +49,13 @@ public String createJwt(Long userIdx) { log.info("Created token userIdx = " + userIdx); Date now = new Date(); Date expirationDate = new Date(now.getTime() + ACCESS_TOKEN_VALID_TIME); - + System.out.println("key = " + key); return makeCommonTokenSource(now, expirationDate) .claim("userIdx", userIdx) .compact(); +// return makeCommonTokenSource(now, expirationDate) +// .setSubject(String.valueOf(userIdx)) +// .compact(); } //refreshToken 발행 함수 @@ -106,17 +108,16 @@ public Jws parseTokenWithAllException(String token) throws UserException try { Jws parsedToken = parseJwt(token); return parsedToken; - } catch (ExpiredJwtException exception) { - log.error("Token Expired UserID : " + exception.getClaims().get("userIdx")); - throw new UserException(EXPIRED_JWT); - } catch (JwtException exception) { - log.error("RefreshToken Tampered."); - throw new UserException(INVALID_JWT); - } catch (NullPointerException exception) { + } catch (NullPointerException e) { log.error("Token is null."); throw new UserException(EMPTY_JWT); + } catch (ExpiredJwtException e) { + log.error("Token Expired UserID : " + e.getClaims().get("userIdx")); + throw new UserException(EXPIRED_JWT); + } catch (JwtException | IllegalArgumentException e) { + log.error("Token tampered"); + throw new UserException(INVALID_JWT); } - } public Jws parseRefreshTokenWithAllException(String token) throws UserException { From e635a100e87e1ffb2648eadc8c396d6a442a82c1 Mon Sep 17 00:00:00 2001 From: minjun Date: Tue, 20 Jun 2023 20:56:16 +0900 Subject: [PATCH 4/5] =?UTF-8?q?[Refactor]=20#275=20-=20=ED=86=A0=ED=81=B0?= =?UTF-8?q?=20=EC=9E=AC=EB=B0=9C=EA=B8=89=20=ED=8C=8C=EC=8B=B1=20=ED=95=A8?= =?UTF-8?q?=EC=88=98=20=EC=98=88=EC=99=B8=20=EC=B2=98=EB=A6=AC=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/shop/cazait/global/config/encrypt/JwtService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/shop/cazait/global/config/encrypt/JwtService.java b/src/main/java/shop/cazait/global/config/encrypt/JwtService.java index eda5fced..2715f28b 100644 --- a/src/main/java/shop/cazait/global/config/encrypt/JwtService.java +++ b/src/main/java/shop/cazait/global/config/encrypt/JwtService.java @@ -217,7 +217,7 @@ public boolean isValidAccessTokenInRefresh(String token) throws UserException { } catch (ExpiredJwtException exception) { log.error("Token Expired UserID = " + exception.getClaims().get("userIdx")); return false; - } catch (JwtException exception) { + } catch (JwtException | IllegalArgumentException exception) { log.error("accessToken Tampered."); throw new UserException(INVALID_JWT); } catch (NullPointerException exception) { From b1ca0f82790c346eea56da67bb2ce97076168447 Mon Sep 17 00:00:00 2001 From: minjun Date: Tue, 20 Jun 2023 21:08:35 +0900 Subject: [PATCH 5/5] =?UTF-8?q?[Refactor]=20#275=20-=20=ED=86=A0=ED=81=B0?= =?UTF-8?q?=20=EB=82=B4=20=EC=9C=A0=EC=A0=80=20id=20=EA=B2=80=EC=A6=9D=20?= =?UTF-8?q?=EB=B0=A9=EB=B2=95=20=EB=B3=80=EA=B2=BD=20(=ED=8C=8C=EB=9D=BC?= =?UTF-8?q?=EB=AF=B8=ED=84=B0=EB=A1=9C=20=EC=9C=A0=EC=A0=80=20id=20?= =?UTF-8?q?=EC=9A=94=EC=B2=AD=20=3D>=20=ED=86=A0=ED=81=B0=EC=97=90?= =?UTF-8?q?=EC=84=9C=20=ED=8C=8C=EC=8B=B1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/shop/cazait/domain/auth/api/AuthController.java | 8 +++----- .../java/shop/cazait/domain/auth/service/AuthService.java | 4 ++-- .../java/shop/cazait/domain/user/service/UserService.java | 4 ++-- .../shop/cazait/global/config/encrypt/JwtService.java | 2 +- 4 files changed, 8 insertions(+), 10 deletions(-) diff --git a/src/main/java/shop/cazait/domain/auth/api/AuthController.java b/src/main/java/shop/cazait/domain/auth/api/AuthController.java index cb65553c..9505da98 100644 --- a/src/main/java/shop/cazait/domain/auth/api/AuthController.java +++ b/src/main/java/shop/cazait/domain/auth/api/AuthController.java @@ -61,23 +61,21 @@ public SuccessResponse logIn( @NoAuth - @GetMapping(value = "/refresh/{userIdx}") + @GetMapping(value = "/refresh") @Operation(summary = "토큰 재발급", description = "인터셉터에서 accesstoken이 만료되고 난 후 클라이언트에서 해당 api로 토큰 재발급 요청 필요") @Parameters({ @Parameter(name = "role", description = "유저인지 마스터인지(user/master)",example = "user"), @Parameter(name = "Authorization", description = "발급 받은 accesstoken"), @Parameter(name = "REFRESH-TOKEN", description = "발급 받은 refreshtoken"), - @Parameter(name = "userIdx", description = "response로 발급 받은 계정 ID번호",example="1"), }) public SuccessResponse refreshToken( - @PathVariable(name = "userIdx") Long userIdx, @RequestParam @NotBlank String role, @RequestHeader(value = "Authorization") String accessToken, @RequestHeader(value = "REFRESH-TOKEN") String refreshToken) throws UserException, BaseException, MasterException { - jwtService.isValidAccessTokenId(userIdx); + System.out.println("accessToken = " + accessToken); Role exactRole = Role.of(role); - PostLoginRes postLoginRes = authService.reIssueTokensByRole(exactRole, accessToken, refreshToken, userIdx); + PostLoginRes postLoginRes = authService.reIssueTokensByRole(exactRole, accessToken, refreshToken); return new SuccessResponse<>(SUCCESS, postLoginRes); } } diff --git a/src/main/java/shop/cazait/domain/auth/service/AuthService.java b/src/main/java/shop/cazait/domain/auth/service/AuthService.java index e8dc48e2..956c1569 100644 --- a/src/main/java/shop/cazait/domain/auth/service/AuthService.java +++ b/src/main/java/shop/cazait/domain/auth/service/AuthService.java @@ -51,9 +51,9 @@ public class AuthService { private final UserRepository userRepository; - public PostLoginRes reIssueTokensByRole(Role exactRole, String accessToken, String refreshToken, Long userIdx) throws MasterException, UserException { + public PostLoginRes reIssueTokensByRole(Role exactRole, String accessToken, String refreshToken) throws MasterException, UserException { if (exactRole.equals(USER)) { - return userService.reIssueTokens(accessToken, refreshToken, userIdx); + return userService.reIssueTokens(accessToken, refreshToken); } else { return masterService.issueAccessToken(accessToken, refreshToken); } diff --git a/src/main/java/shop/cazait/domain/user/service/UserService.java b/src/main/java/shop/cazait/domain/user/service/UserService.java index f960ac0a..a6041b1a 100644 --- a/src/main/java/shop/cazait/domain/user/service/UserService.java +++ b/src/main/java/shop/cazait/domain/user/service/UserService.java @@ -221,10 +221,10 @@ public SuccessResponse checkduplicateNickname(PostCheckDuplicateNickname // return PostLoginRes.of(user,accessToken,refreshToken,USER); // } - public PostLoginRes reIssueTokens(String accessToken,String refreshToken, Long userIdx) throws UserException{ + public PostLoginRes reIssueTokens(String accessToken,String refreshToken) throws UserException{ User user = null; - + Long userIdx = jwtService.getUserIdx(accessToken); log.info("accessToken = " + accessToken); log.info("refreshToken = " + refreshToken); diff --git a/src/main/java/shop/cazait/global/config/encrypt/JwtService.java b/src/main/java/shop/cazait/global/config/encrypt/JwtService.java index 2715f28b..e04d9d34 100644 --- a/src/main/java/shop/cazait/global/config/encrypt/JwtService.java +++ b/src/main/java/shop/cazait/global/config/encrypt/JwtService.java @@ -149,7 +149,7 @@ public Long getUserIdx(String token) throws UserException { } catch (ExpiredJwtException exception) { Long userIdx = exception.getClaims().get("userIdx", Long.class); return userIdx; - } catch (JwtException exception) { + } catch (JwtException | IllegalArgumentException exception) { log.error("Token tampered."); throw new UserException(INVALID_JWT); } catch (NullPointerException exception) {