[FEATURE] 로그아웃 API (#158)

* feat: API 권한 설정 수정 (#156)

* feat: API 권한 설정 수정 (#156)

* refactor: 권한 순서 대로 수정 (#156)

* feat: 로그아웃 API (#156)

src/main/java/com/smunity/server/domain/account/controller/AccountController.java

@@ -2,6 +2,7 @@
 
 import com.smunity.server.domain.account.dto.*;
 import com.smunity.server.domain.account.service.AccountService;
+import com.smunity.server.global.security.annotation.AuthMember;
 import com.smunity.server.global.security.annotation.AuthVerified;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
@@ -42,4 +43,11 @@ public ResponseEntity<LoginResponseDto> refresh(@RequestBody @Valid RefreshReque
         LoginResponseDto responseDto = accountService.refresh(requestDto);
         return ResponseEntity.ok(responseDto);
     }
+
+    @PostMapping("/logout")
+    @Operation(summary = "로그아웃", description = "동일 사용자 검증 후 리프레시 토큰을 무효화합니다.")
+    public ResponseEntity<Void> logout(@AuthMember Long memberId, @RequestBody @Valid RefreshRequestDto requestDto) {
+        accountService.logout(memberId, requestDto);
+        return ResponseEntity.noContent().build();
+    }
 }

src/main/java/com/smunity/server/domain/account/service/AccountService.java

@@ -59,6 +59,13 @@ public LoginResponseDto refresh(RefreshRequestDto requestDto) {
         return generateToken(member.getUsername(), member.getId(), member.getRole());
     }
 
+    public void logout(Long memberId, RefreshRequestDto requestDto) {
+        jwtTokenProvider.validateToken(requestDto.refreshToken(), true);
+        RefreshToken oldRefreshToken = refreshTokenService.findRefreshToken(requestDto.refreshToken());
+        validateMember(memberId, oldRefreshToken);
+        refreshTokenService.deleteRefreshToken(oldRefreshToken.getToken());
+    }
+
     private LoginResponseDto generateToken(String username, Long memberId, MemberRole memberRole) {
         String accessToken = jwtTokenProvider.createAccessToken(memberId, memberRole, false);
         String refreshToken = jwtTokenProvider.createAccessToken(memberId, memberRole, true);
@@ -83,6 +90,12 @@ private void validateUsername(String username) {
         }
     }
 
+    private void validateMember(Long memberId, RefreshToken refreshToken) {
+        if (!memberId.equals(refreshToken.getMemberId())) {
+            throw new GeneralException(ErrorCode.FORBIDDEN_EXCEPTION);
+        }
+    }
+
     private void checkPassword(String requestPassword, String memberPassword) {
         if (!passwordEncoder.matches(requestPassword, memberPassword)) {
             throw new GeneralException(ErrorCode.PASSWORD_NOT_MATCH);

src/main/java/com/smunity/server/global/common/entity/enums/MemberRole.java

@@ -7,9 +7,9 @@
 @AllArgsConstructor
 public enum MemberRole {
 
+    ROLE_VERIFIED("인증된 회원"),
     ROLE_USER("회원"),
-    ROLE_ADMIN("관리자"),
-    ROLE_VERIFIED("인증된 회원");
+    ROLE_ADMIN("관리자");
 
     private final String description;
 }

src/main/java/com/smunity/server/global/security/config/SecurityConfig.java

@@ -89,16 +89,15 @@ public SecurityFilterChain jwtFilterChain(HttpSecurity http) throws Exception {
 
         // 경로별 인가 작업
         http.authorizeHttpRequests(authorize -> authorize
-                // H2 콘솔, Actuator 에 대한 접근 허용
+                // 모든 사용자
                 .requestMatchers("/h2-console/**", "/actuator/prometheus").permitAll()
+                .requestMatchers("/api/v1/accounts/login", "/api/v1/accounts/refresh").permitAll()
+                .requestMatchers("/api/v1/auth/**", "/api/v1/departments", "/api/v1/members/count").permitAll()
+                .requestMatchers(HttpMethod.GET, "/api/v1/questions/**").permitAll()
 
                 // 재학생 인증을 완료한 사용자 (ROLE_VERIFIED)
                 .requestMatchers("/api/v1/accounts/register").hasRole("VERIFIED")
 
-                // 모든 사용자
-                .requestMatchers("/api/v1/accounts/**", "/api/v1/auth/**", "/api/v1/departments", "/api/v1/members/count").permitAll()
-                .requestMatchers(HttpMethod.GET, "/api/v1/questions/**").permitAll()
-
                 // 관리자 권한을 가진 사용자 (ROLE_ADMIN)
                 .requestMatchers("/api/v1/members", "/api/v1/questions/{questionId}/answer").hasRole("ADMIN")