feat : redis 연동 및 로그인 (#19)

app/api/build.gradle

@@ -3,9 +3,13 @@ jar.enabled = true
 
 allprojects {
     dependencies {
+        implementation project(":app:domain:common-domain")
+
         //swagger
         implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0'
 
+        implementation 'org.springframework.data:spring-data-commons:3.3.0'
+
         implementation "org.springframework.boot:spring-boot-starter-web"
         implementation 'org.springframework.boot:spring-boot-starter-validation'
         testImplementation "org.springframework.boot:spring-boot-starter-test"
@@ -14,12 +18,4 @@ allprojects {
 
 dependencies {
     implementation project(":app:api:user-api")
-
-    // spring-security
-    implementation 'org.springframework.boot:spring-boot-starter-security'
-
-    // jwt
-    implementation 'io.jsonwebtoken:jjwt-api:0.12.5'
-    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.5'
-    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.5'
 }

app/api/common-api/build.gradle

@@ -0,0 +1,14 @@
+bootJar.enabled = false
+jar.enabled = true
+
+dependencies {
+    implementation project(":app:domain:user-domain")
+
+    // spring-security
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+
+    // jwt
+    implementation 'io.jsonwebtoken:jjwt-api:0.12.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.5'
+}

app/api/common-api/src/main/java/org/example/config/CommonApiConfig.java

@@ -0,0 +1,13 @@
+package org.example.config;
+
+import org.example.property.TokenProperty;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@EnableConfigurationProperties(TokenProperty.class)
+@ComponentScan(basePackages = "org.example")
+public class CommonApiConfig {
+
+}

app/api/src/main/java/org/example/filter/JWTFilter.java → app/api/common-api/src/main/java/org/example/filter/JWTFilter.java

@@ -8,11 +8,15 @@
 import java.io.IOException;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
+import org.example.exception.BusinessException;
+import org.example.repository.TokenRepository;
 import org.example.security.dto.AuthenticatedUser;
 import org.example.security.dto.TokenParam;
 import org.example.security.dto.UserParam;
+import org.example.security.token.JWTGenerator;
 import org.example.security.token.JWTHandler;
 import org.example.security.token.RefreshTokenProcessor;
+import org.example.security.vo.TokenError;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -24,7 +28,9 @@
 public class JWTFilter extends OncePerRequestFilter {
 
     private final JWTHandler jwtHandler;
+    private final JWTGenerator jwtGenerator;
     private final RefreshTokenProcessor refreshTokenProcessor;
+    private final TokenRepository tokenRepository;
 
     @Override
     protected void doFilterInternal(
@@ -33,7 +39,7 @@ protected void doFilterInternal(
         FilterChain filterChain
     ) throws ServletException, IOException {
         if (request.getHeader("Refresh") != null) {
-            TokenParam token = refreshTokenProcessor.process(request, response);
+            TokenParam token = refreshTokenProcessor.reissueToken(request);
             response.getWriter().write(new ObjectMapper().writeValueAsString(token));
             return;
         }
@@ -48,9 +54,16 @@ protected void doFilterInternal(
     private void handleAccessToken(HttpServletRequest request) {
         String accessToken = jwtHandler.extractAccessToken(request);
         UserParam userParam = jwtHandler.extractUserFrom(accessToken);
+        verifyLogoutAccessToken(userParam);
         saveOnSecurityContextHolder(userParam);
     }
 
+    public void verifyLogoutAccessToken(UserParam userParam) {
+        if (tokenRepository.existAccessToken(userParam.userId().toString())) {
+            throw new BusinessException(TokenError.INVALID_TOKEN);
+        }
+    }
+
     private void saveOnSecurityContextHolder(UserParam userParam) {
         AuthenticatedUser authenticatedUser = AuthenticatedUser.builder()
             .userId(userParam.userId())

app/api/common-api/src/main/java/org/example/repository/TokenRepository.java

@@ -0,0 +1,14 @@
+package org.example.repository;
+
+import java.util.Optional;
+import org.springframework.stereotype.Component;
+
+@Component
+public interface TokenRepository {
+
+    void save(String userId, String refreshToken);
+
+    Optional<String> getExistRefreshToken(String userId);
+
+    Boolean existAccessToken(String userId);
+}

app/api/src/main/java/org/example/security/token/JWTGenerator.java → app/api/common-api/src/main/java/org/example/security/token/JWTGenerator.java

@@ -3,22 +3,29 @@
 import io.jsonwebtoken.Jwts;
 import java.util.Date;
 import lombok.RequiredArgsConstructor;
+import org.example.exception.BusinessException;
 import org.example.property.TokenProperty;
+import org.example.repository.TokenRepository;
 import org.example.security.dto.TokenParam;
 import org.example.security.dto.UserParam;
+import org.example.security.vo.TokenError;
 import org.springframework.stereotype.Component;
 
 @Component
 @RequiredArgsConstructor
 public class JWTGenerator {
 
     private final TokenProperty tokenProperty;
+    private final TokenRepository tokenRepository;
 
     public TokenParam generate(UserParam userParam, Date from) {
-        return TokenParam.builder()
+        TokenParam tokenParam = TokenParam.builder()
             .accessToken(createAccessToken(userParam, from))
             .refreshToken(createRefreshToken(userParam, from))
             .build();
+
+        tokenRepository.save(userParam.userId().toString(), tokenParam.refreshToken());
+        return tokenParam;
     }
 
     private String createAccessToken(UserParam userParam, Date from) {
@@ -42,4 +49,10 @@ private String createRefreshToken(UserParam userParam, Date from) {
             .signWith(tokenProperty.getBase64URLSecretKey())
             .compact();
     }
+
+    public String getExistRefreshToken(UserParam userParam) {
+        return tokenRepository.getExistRefreshToken(userParam.userId().toString())
+            .orElseThrow(() -> new BusinessException(TokenError.WRONG_HEADER));
+    }
+
 }

app/api/common-api/src/main/java/org/example/security/token/RefreshTokenProcessor.java

@@ -0,0 +1,30 @@
+package org.example.security.token;
+
+import jakarta.servlet.http.HttpServletRequest;
+import java.util.Date;
+import lombok.RequiredArgsConstructor;
+import org.example.exception.BusinessException;
+import org.example.security.dto.TokenParam;
+import org.example.security.dto.UserParam;
+import org.example.security.vo.TokenError;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+public class RefreshTokenProcessor {
+
+    private final JWTHandler jwtHandler;
+    private final JWTGenerator jwtGenerator;
+
+    public TokenParam reissueToken(HttpServletRequest request) {
+        String refreshToken = jwtHandler.extractRefreshToken(request);
+        UserParam userParam = jwtHandler.extractUserFrom(refreshToken);
+
+        String oldRefreshToken = jwtGenerator.getExistRefreshToken(userParam);
+        if (!refreshToken.equals(oldRefreshToken)) {
+            throw new BusinessException(TokenError.INVALID_TOKEN);
+        }
+
+        return jwtGenerator.generate(userParam, new Date());
+    }
+}

app/api/src/main/java/org/example/vo/UserRoleApiType.java → app/api/common-api/src/main/java/org/example/vo/UserRoleApiType.java

@@ -13,4 +13,8 @@ public enum UserRoleApiType {
     UserRoleApiType(String authority) {
         this.authority = authority;
     }
+
+    public static UserRoleApiType from(UserRole userRole) {
+        return UserRoleApiType.valueOf(userRole.name());
+    }
 }

app/api/src/test/java/org/example/security/token/JWTGeneratorTest.java → app/api/common-api/src/test/java/org/example/security/token/JWTGeneratorTest.java

@@ -1,10 +1,13 @@
 package org.example.security.token;
 
+import static org.mockito.Mockito.mock;
+
 import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.Jwts;
 import java.util.Date;
 import java.util.UUID;
 import org.example.property.TokenProperty;
+import org.example.repository.TokenRepository;
 import org.example.security.dto.TokenParam;
 import org.example.security.dto.UserParam;
 import org.example.vo.UserRoleApiType;
@@ -23,8 +26,8 @@ class JWTGeneratorTest {
         hour,
         twoWeeks
     );
-
-    JWTGenerator tokenGenerator = new JWTGenerator(tokenProperty);
+    TokenRepository tokenRepository = mock(TokenRepository.class);
+    JWTGenerator tokenGenerator = new JWTGenerator(tokenProperty, tokenRepository);
     UserParam userParam = new UserParam(
         UUID.randomUUID(),
         UserRoleApiType.USER

app/api/src/test/java/org/example/security/token/JWTHandlerTest.java → app/api/common-api/src/test/java/org/example/security/token/JWTHandlerTest.java

@@ -2,11 +2,13 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.Mockito.mock;
 
 import java.util.Date;
 import java.util.UUID;
 import org.example.exception.BusinessException;
 import org.example.property.TokenProperty;
+import org.example.repository.TokenRepository;
 import org.example.security.dto.TokenParam;
 import org.example.security.dto.UserParam;
 import org.example.security.vo.TokenError;
@@ -22,8 +24,9 @@ class JWTHandlerTest {
         3600000L,
         1209600000L
     );
+    TokenRepository tokenRepository = mock(TokenRepository.class);
     JWTHandler jwtHandler = new JWTHandler(tokenProperty);
-    JWTGenerator jwtGenerator = new JWTGenerator(tokenProperty);
+    JWTGenerator jwtGenerator = new JWTGenerator(tokenProperty, tokenRepository);
     UserParam userParam = new UserParam(
         UUID.randomUUID(),
         UserRoleApiType.USER

app/api/src/main/java/org/example/config/ApiConfig.java

@@ -1,15 +1,10 @@
 package org.example.config;
 
-import org.example.property.TokenProperty;
-import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 
 @Configuration
 @Import(UserApiConfig.class)
-@EnableConfigurationProperties(TokenProperty.class)
-@ComponentScan(basePackages = "org.example")
 public class ApiConfig {
 
 }

app/api/user-api/build.gradle

@@ -2,6 +2,7 @@ bootJar.enabled = false
 jar.enabled = true
 
 dependencies {
-    implementation project(":app:domain")
     implementation project(":app:domain:user-domain")
+
+    implementation project(":app:api:common-api")
 }

app/api/user-api/src/main/java/org/example/controller/UserController.java

@@ -1,11 +1,13 @@
 package org.example.controller;
 
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
-import org.example.dto.request.SignUpRequest;
-import org.example.entity.User;
+import org.example.controller.dto.request.LoginApiRequest;
+import org.example.security.dto.TokenParam;
 import org.example.service.UserService;
+import org.example.service.dto.request.LoginServiceRequest;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -19,14 +21,14 @@ public class UserController {
 
     private final UserService userService;
 
-    @PostMapping("/sign-up")
-    @Operation(summary = "유저 회원가입", description = "사용자는 회원가입을 할 수 있다.", tags = {"user"})
-    public ResponseEntity<String> signUp(@Valid @RequestBody SignUpRequest request) {
-        final User createdUser = request.toUser();
-        final User user = userService.signUp(createdUser);
-        final String nickName = userService.findNickname(user);
+    @PostMapping("/login")
+    @Tag(name = "user")
+    @Operation(summary = "유저 로그인", description = "사용자는 소셜 로그인을 할 수 있다.")
+    public ResponseEntity<TokenParam> signUp(@Valid @RequestBody LoginApiRequest request) {
+        LoginServiceRequest loginServiceRequest = request.toLoginServiceRequest();
+        TokenParam tokenParam = userService.login(loginServiceRequest);
 
-        return ResponseEntity.ok(nickName + "사용자 생성 성공!");
+        return ResponseEntity.ok(tokenParam);
     }
 
 }

app/api/user-api/src/main/java/org/example/controller/dto/request/LoginApiRequest.java

@@ -0,0 +1,39 @@
+package org.example.controller.dto.request;
+
+import jakarta.validation.constraints.NotNull;
+import org.example.entity.credential.AppleSocialCredential;
+import org.example.entity.credential.GoogleSocialCredential;
+import org.example.entity.credential.KakaoSocialCredential;
+import org.example.entity.credential.SocialCredential;
+import org.example.entity.credential.SocialCredentials;
+import org.example.service.dto.request.LoginServiceRequest;
+import org.example.vo.SocialLoginType;
+
+public record LoginApiRequest(
+    @NotNull(message = "소셜 로그인 타입은 필수 입력값입니다.")
+    SocialLoginType socialLoginType,
+
+    @NotNull(message = "소셜 로그인 식별값은 필수 입력값입니다.")
+    String socialLoginIdentifier
+) {
+
+    public LoginServiceRequest toLoginServiceRequest() {
+        return LoginServiceRequest.builder()
+            .socialCredentials(socialCredentials())
+            .build();
+    }
+
+    private SocialCredentials socialCredentials() {
+        SocialCredentials socialCredentials = new SocialCredentials();
+        socialCredentials.saveCredentials(socialLoginType, socialCredential());
+        return socialCredentials;
+    }
+
+    private SocialCredential socialCredential() {
+        return switch (socialLoginType) {
+            case GOOGLE -> new GoogleSocialCredential(socialLoginIdentifier);
+            case KAKAO -> new KakaoSocialCredential(socialLoginIdentifier);
+            case APPLE -> new AppleSocialCredential(socialLoginIdentifier);
+        };
+    }
+}