🔀 Jwt Refresh

src/main/java/com/mycom/socket/auth/config/JWTProperties.java

@@ -10,8 +10,10 @@
 @ConfigurationProperties(prefix = "jwt")
 public class JWTProperties {
     private String secret;
-    private long accessTokenValidityInSeconds = 1800;
-    private String cookieName = "Authorization";
+    private long accessTokenValidityInSeconds;
+    private long refreshTokenValidityInSeconds;
+    private String accessTokenCookieName;
+    private String refreshTokenCookieName;
     private String issuer = "go_socket";
     private boolean secureCookie = false;
 }

src/main/java/com/mycom/socket/auth/controller/RefreshController.java

@@ -0,0 +1,60 @@
+package com.mycom.socket.auth.controller;
+
+import com.mycom.socket.auth.config.JWTProperties;
+import com.mycom.socket.auth.dto.response.TokenResponse;
+import com.mycom.socket.auth.jwt.JWTUtil;
+import com.mycom.socket.auth.security.CookieUtil;
+import com.mycom.socket.global.exception.BadRequestException;
+import io.jsonwebtoken.JwtException;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequiredArgsConstructor
+public class RefreshController {
+
+    private final JWTUtil jwtUtil;
+    private final CookieUtil cookieUtil;
+    private final JWTProperties jwtProperties;
+
+    @PostMapping("/refresh")
+    public TokenResponse refreshAccessToken(HttpServletRequest request, HttpServletResponse response) {
+        String refreshToken = extractRefreshToken(request);
+
+        try {
+            jwtUtil.validateToken(refreshToken);
+        } catch (JwtException e) {
+            response.addCookie(cookieUtil.createExpiredRefreshCookie());
+            throw new BadRequestException("유효하지 않은 리프레시 토큰입니다. 다시 로그인해주세요.");
+        }
+
+        String email = jwtUtil.getEmail(refreshToken);
+        String newAccessToken = jwtUtil.createToken(email, jwtProperties.getAccessTokenValidityInSeconds());
+
+        Cookie accessTokenCookie = cookieUtil.createAuthCookie(newAccessToken);
+        response.addCookie(accessTokenCookie);
+
+        String newRefreshToken = jwtUtil.createToken(email, jwtProperties.getRefreshTokenValidityInSeconds());
+        Cookie refreshTokenCookie = cookieUtil.createRefreshCookie(newRefreshToken);
+        response.addCookie(refreshTokenCookie);
+
+        return TokenResponse.of(newAccessToken);
+    }
+
+    private String extractRefreshToken(HttpServletRequest request) {
+        if (request.getCookies() == null) {
+            throw new BadRequestException("리프레시 토큰이 없습니다. 다시 로그인해주세요.");
+        }
+
+        for (Cookie cookie : request.getCookies()) {
+            if (jwtProperties.getRefreshTokenCookieName().equals(cookie.getName())) {
+                return cookie.getValue();
+            }
+        }
+        throw new BadRequestException("리프레시 토큰이 없습니다. 다시 로그인해주세요.");
+    }
+}

src/main/java/com/mycom/socket/auth/dto/response/TokenResponse.java

@@ -0,0 +1,9 @@
+package com.mycom.socket.auth.dto.response;
+
+public record TokenResponse(
+        String accessToken
+) {
+    public static TokenResponse of(String accessToken) {
+        return new TokenResponse(accessToken);
+    }
+}

src/main/java/com/mycom/socket/auth/jwt/JWTFilter.java

@@ -46,7 +46,7 @@ private String resolveTokenFromCookie(HttpServletRequest request) {
         Cookie[] cookies = request.getCookies();
         if (cookies != null) {
             for (Cookie cookie : cookies) {
-                if (jwtProperties.getCookieName().equals(cookie.getName())) {
+                if (jwtProperties.getAccessTokenCookieName().equals(cookie.getName())) {
                     return cookie.getValue();
                 }
             }

src/main/java/com/mycom/socket/auth/jwt/JWTUtil.java

@@ -25,13 +25,26 @@ public JWTUtil(JWTProperties jwtProperties) {
         );
     }
 
+    /**
+     * 액세스 토큰 생성
+     */
+    public String createAccessToken(String email) {
+        return createToken(email, jwtProperties.getAccessTokenValidityInSeconds());
+    }
+
+    /**
+     * 리프레시 토큰 생성
+     */
+    public String createRefreshToken(String email) {
+        return createToken(email, jwtProperties.getRefreshTokenValidityInSeconds());
+    }
+
     /**
      * JWT 토큰 생성
      */
-    public String createToken(String email) {
+    public String createToken(String email, long validityInSeconds) {
         Date now = new Date();
-        Date validity = new Date(now.getTime() +
-                (jwtProperties.getAccessTokenValidityInSeconds() * 1000));
+        Date validity = new Date(now.getTime() + (validityInSeconds * 1000));
 
         return Jwts.builder()
                 .issuer(jwtProperties.getIssuer())

src/main/java/com/mycom/socket/auth/security/CookieUtil.java

@@ -14,19 +14,44 @@ public class CookieUtil {
      * 인증 쿠키 생성
      */
     public Cookie createAuthCookie(String token) {
-        Cookie cookie = new Cookie(jwtProperties.getCookieName(), token);
+        Cookie cookie = new Cookie(jwtProperties.getAccessTokenCookieName(), token);
         cookie.setHttpOnly(true);
         cookie.setSecure(jwtProperties.isSecureCookie());
         cookie.setPath("/");
         cookie.setMaxAge((int) jwtProperties.getAccessTokenValidityInSeconds());
         return cookie;
     }
 
+    /**
+     * 리프레시 토큰 쿠키 생성
+     */
+    public Cookie createRefreshCookie(String token) {
+        Cookie cookie = new Cookie(jwtProperties.getRefreshTokenCookieName(), token);
+        cookie.setHttpOnly(true);
+        cookie.setSecure(jwtProperties.isSecureCookie());
+        cookie.setPath("/");
+        cookie.setMaxAge((int) jwtProperties.getRefreshTokenValidityInSeconds());
+        return cookie;
+    }
+
+
     /**
      * 인증 쿠키 만료 처리
      */
     public Cookie createExpiredAuthCookie() {
-        Cookie cookie = new Cookie(jwtProperties.getCookieName(), null);
+        Cookie cookie = new Cookie(jwtProperties.getAccessTokenCookieName(), null);
+        cookie.setHttpOnly(true);
+        cookie.setSecure(true);
+        cookie.setPath("/");
+        cookie.setMaxAge(0);  // 즉시 만료
+        return cookie;
+    }
+
+    /**
+     * 리프레시 토큰 쿠키 만료 처리
+     */
+    public Cookie createExpiredRefreshCookie() {
+        Cookie cookie = new Cookie(jwtProperties.getRefreshTokenCookieName(), null);
         cookie.setHttpOnly(true);
         cookie.setSecure(true);
         cookie.setPath("/");

src/main/java/com/mycom/socket/auth/security/LoginFilter.java

@@ -51,11 +51,14 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR
         MemberDetails memberDetails = (MemberDetails) authResult.getPrincipal();
         Member member = memberDetails.getMember();
 
-        String token = jwtUtil.createToken(member.getEmail());
+        String accessToken = jwtUtil.createAccessToken(member.getEmail()); //액세스 토큰 생성
+        String refreshToken = jwtUtil.createRefreshToken(member.getEmail()); //리프레시 토큰 생성
 
         // 쿠키 생성 및 설정
-        Cookie authCookie = cookieUtil.createAuthCookie(token);
-        response.addCookie(authCookie);
+        Cookie accessTokenCookie = cookieUtil.createAuthCookie(accessToken); //액세스 토큰 쿠키
+        Cookie refreshTokenCookie = cookieUtil.createRefreshCookie(refreshToken); //리프레시 토큰 쿠키
+        response.addCookie(accessTokenCookie);
+        response.addCookie(refreshTokenCookie);
 
         // 로그인 응답 생성
         LoginResponse loginResponse = new LoginResponse(member.getEmail(), member.getNickname());

src/main/java/com/mycom/socket/auth/service/AuthService.java

@@ -1,5 +1,6 @@
 package com.mycom.socket.auth.service;
 
+import com.mycom.socket.auth.config.JWTProperties;
 import com.mycom.socket.auth.dto.response.RegisterResponse;
 import com.mycom.socket.auth.jwt.JWTUtil;
 import com.mycom.socket.auth.security.CookieUtil;
@@ -28,6 +29,7 @@ public class AuthService {
     private final JWTUtil jwtUtil;
     private final MailService mailService;
     private final CookieUtil cookieUtil;
+    private final JWTProperties jwtProperties;
 
     /**
      * 사용자 로그인 처리
@@ -46,8 +48,17 @@ public LoginResponse login(LoginRequest request, HttpServletResponse response) {
             throw new BadRequestException("잘못된 비밀번호입니다.");
         }
 
-        String token = jwtUtil.createToken(member.getEmail());
-        response.addCookie(cookieUtil.createAuthCookie(token));  // CookieUtil 사용
+        String refreshToken = jwtUtil.createToken(member.getEmail(),
+                jwtProperties.getRefreshTokenValidityInSeconds());
+
+        Cookie refreshTokenCookie = cookieUtil.createRefreshCookie(refreshToken);
+        response.addCookie(refreshTokenCookie);
+
+        String accessToken = jwtUtil.createToken(member.getEmail(),
+                jwtProperties.getAccessTokenValidityInSeconds());
+
+        Cookie accessTokenCookie = cookieUtil.createAuthCookie(accessToken);
+        response.addCookie(accessTokenCookie);
 
         return LoginResponse.of(member.getEmail(), member.getNickname());
     }
@@ -101,5 +112,6 @@ public RegisterResponse register(RegisterRequest request) {
      */
     public void logout(HttpServletResponse response) {
         response.addCookie(cookieUtil.createExpiredAuthCookie());  // CookieUtil 사용
+        response.addCookie(cookieUtil.createExpiredRefreshCookie());
     }
 }

src/main/java/com/mycom/socket/auth/service/MailService.java

@@ -90,15 +90,13 @@ public EmailVerificationResponse verifyCode(String email, String code) {
             throw new BaseException("유효하지 않은 인증 코드 형식입니다.", HttpStatus.BAD_REQUEST);
         }
 
-        try {
-            String saveCode = redisService.getCode(code);  // 인증코드 검증
-            if(!saveCode.equals(code)) {
-                throw new BaseException("인증 코드가 일치하지 않습니다.", HttpStatus.BAD_REQUEST);
-            }
-            return EmailVerificationResponse.of("이메일 인증이 완료되었습니다.");
-        } catch (Exception e) {
+        String savedCode = redisService.getCode(email);  // Redis에서 코드를 가져옴
+
+        if(!savedCode.equals(code)){
             throw new BaseException("인증 코드가 일치하지 않습니다.", HttpStatus.BAD_REQUEST);
         }
+        redisService.saveVerifiedEmail(email);
+        return EmailVerificationResponse.of("이메일 인증이 완료되었습니다.");
     }
 
 }

src/main/java/com/mycom/socket/global/service/RedisService.java

@@ -90,7 +90,7 @@ public void saveVerifiedEmail(String email) {
      */
     public boolean isEmailVerified(String email) {
         Object verified = redisTemplate.opsForValue().get(VERIFIED_EMAIL_PREFIX + email);
-        return "true".equals(verified);
+        return verified != null && "true".equals(verified.toString());
     }
 
 }

src/test/java/com/mycom/socket/member/service/LoginTest.java

@@ -1,5 +1,6 @@
 package com.mycom.socket.member.service;
 
+import com.mycom.socket.auth.config.JWTProperties;
 import com.mycom.socket.auth.dto.request.LoginRequest;
 import com.mycom.socket.auth.dto.response.LoginResponse;
 import com.mycom.socket.auth.jwt.JWTUtil;
@@ -13,7 +14,6 @@
 import jakarta.servlet.http.HttpServletResponse;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.mockito.ArgumentCaptor;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
@@ -36,6 +36,9 @@ class LoginTest {
     @Mock
     private PasswordEncoder passwordEncoder;
 
+    @Mock
+    private JWTProperties  jwtProperties;
+
     @Mock
     private JWTUtil jwtUtil;
 
@@ -70,7 +73,7 @@ class LoginTest {
 
         when(memberRepository.findByEmail(email)).thenReturn(Optional.of(member));
         when(passwordEncoder.matches(password, encodedPassword)).thenReturn(true);
-        when(jwtUtil.createToken(email)).thenReturn(token);
+        when(jwtUtil.createToken(email, jwtProperties.getRefreshTokenValidityInSeconds())).thenReturn(token);
         when(cookieUtil.createAuthCookie(token)).thenReturn(authCookie);  // CookieUtil 동작 정의
 
         // when
@@ -82,7 +85,7 @@ class LoginTest {
         assertEquals(nickname, response.nickname());
         verify(memberRepository).findByEmail(email);
         verify(passwordEncoder).matches(password, encodedPassword);
-        verify(jwtUtil).createToken(email);
+        verify(jwtUtil).createToken(email, jwtProperties.getRefreshTokenValidityInSeconds());
         verify(cookieUtil).createAuthCookie(token);
     }