develop → main 병합

.gitignore

@@ -35,3 +35,4 @@ out/
 
 ### VS Code ###
 .vscode/
+/src/empty/

build.gradle

@@ -1,50 +1,76 @@
 plugins {
-	id 'java'
-	id 'org.springframework.boot' version '3.5.6'
-	id 'io.spring.dependency-management' version '1.1.7'
+    id 'java'
+    id 'org.springframework.boot' version '3.5.6'
+    id 'io.spring.dependency-management' version '1.1.7'
 }
 
 group = 'springboot'
 version = '0.0.1-SNAPSHOT'
 description = 'Demo project for Spring Boot'
 
 java {
-	toolchain {
-		languageVersion = JavaLanguageVersion.of(17)
-	}
+    toolchain {
+        languageVersion = JavaLanguageVersion.of(17)
+    }
 }
 
+
+
+
+
 repositories {
-	mavenCentral()
+    mavenCentral()
 }
 
 dependencies {
-	implementation 'org.springframework.boot:spring-boot-starter-web'
-	implementation 'org.springframework.boot:spring-boot-starter-validation'
+    implementation 'org.springframework.boot:spring-boot-starter-web'
+    implementation 'org.springframework.boot:spring-boot-starter-validation'
+
 
-	// JPA
-	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
+    // JPA
+    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 
-	// MySQL
-	implementation 'com.mysql:mysql-connector-j'
+    // MySQL
+    implementation 'com.mysql:mysql-connector-j'
+    implementation 'org.springframework.boot:spring-boot-starter-actuator'
 
-	// Lombok (compileOnly + annotationProcessor 조합)
+    // Lombok (compileOnly + annotationProcessor 조합)
     compileOnly 'org.projectlombok:lombok:1.18.30'
     annotationProcessor 'org.projectlombok:lombok:1.18.30'
 
-	// QueryDSL
-	implementation 'com.querydsl:querydsl-jpa:5.1.0:jakarta'
-	annotationProcessor "com.querydsl:querydsl-apt:${dependencyManagement.importedProperties['querydsl.version']}:jakarta"
-	annotationProcessor "jakarta.annotation:jakarta.annotation-api"
-	annotationProcessor "jakarta.persistence:jakarta.persistence-api"
+    // QueryDSL
+    implementation 'com.querydsl:querydsl-jpa:5.1.0:jakarta'
+    annotationProcessor "com.querydsl:querydsl-apt:${dependencyManagement.importedProperties['querydsl.version']}:jakarta"
+    annotationProcessor "jakarta.annotation:jakarta.annotation-api"
+    annotationProcessor "jakarta.persistence:jakarta.persistence-api"
+
+    // Spring Security (웹 필터 및 인증 X)
+    implementation 'org.springframework.security:spring-security-crypto'
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+
+    //test
+    testImplementation 'org.springframework.boot:spring-boot-starter-test'
+    testImplementation platform('org.junit:junit-bom:5.10.2') // 최신 BOM
+    testImplementation 'org.junit.jupiter:junit-jupiter-api'
+    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine'
+    testImplementation 'org.assertj:assertj-core:3.22.0'
+
+    //Jwt
+    implementation 'io.jsonwebtoken:jjwt-api:0.12.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.5'
+
+    // Redis
+    implementation 'org.springframework.boot:spring-boot-starter-data-redis'
+    implementation 'org.springframework.session:spring-session-data-redis'
 
-	// Spring Security (웹 필터 및 인증 X)
-	implementation 'org.springframework.security:spring-security-crypto'
+    // Password Encode Algorithm
+    implementation 'org.mindrot:jbcrypt:0.4'
 
 
 }
 
 
 tasks.named('test') {
-	useJUnitPlatform()
+    useJUnitPlatform()
 }

src/main/java/springboot/kakao_boot_camp/KakaoBootCampApplication.java

@@ -2,12 +2,21 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.validation.ValidationAutoConfiguration;
+import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
 
-@SpringBootApplication
+@SpringBootApplication(
+    exclude = {ValidationAutoConfiguration.class,
+                SecurityAutoConfiguration.class } // ← Security 자동설정 제외
+
+)
+
+@EnableJpaAuditing
 public class KakaoBootCampApplication {
 
-	public static void main(String[] args) {
-		SpringApplication.run(KakaoBootCampApplication.class, args);
-	}
+    public static void main(String[] args) {
+       SpringApplication.run(KakaoBootCampApplication.class, args);
+    }
 
-}
+}

src/main/java/springboot/kakao_boot_camp/domain/auth/controller/LoginController.java

@@ -0,0 +1,47 @@
+package springboot.kakao_boot_camp.domain.auth.controller;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import springboot.kakao_boot_camp.domain.auth.util.Manager.login.jwt.RefreshTokenCookieManager;
+import springboot.kakao_boot_camp.domain.auth.dto.loginDtos.LoginReq;
+import springboot.kakao_boot_camp.domain.auth.dto.loginDtos.LoginRes;
+import springboot.kakao_boot_camp.domain.auth.service.LoginService;
+import springboot.kakao_boot_camp.global.api.ApiResponse;
+import springboot.kakao_boot_camp.global.api.SuccessCode;
+
+@RequestMapping("/api/v1/auth/login")
+@RequiredArgsConstructor
+@RestController
+public class LoginController {
+
+    private final LoginService loginService;
+    private final RefreshTokenCookieManager refreshTokenCookieManager;
+
+
+    @PostMapping
+    public ResponseEntity<ApiResponse<LoginRes>> login(
+            @RequestBody @Valid LoginReq req,
+            HttpServletRequest servletRequest,
+            HttpServletResponse servletResponse) {
+
+        // 1. 액세스 토큰 포함 DTO 생성
+        LoginRes res = loginService.login(req, servletRequest);
+
+        // 2. 리프레시 토큰 포함
+        refreshTokenCookieManager.addRefreshTokenCookie(servletResponse, res.refreshToken());
+
+        // 3. Login response Dto에서 Refresh token 빼기
+        LoginRes result = LoginRes.fromWithoutRefreshToken(res.userId(), res.accessToken());
+        return ResponseEntity
+                .ok(ApiResponse.success(SuccessCode.LOGIN_SUCCESS, result));
+    }
+
+
+}

src/main/java/springboot/kakao_boot_camp/domain/auth/controller/LogoutController.java

@@ -0,0 +1,31 @@
+package springboot.kakao_boot_camp.domain.auth.controller;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import springboot.kakao_boot_camp.domain.auth.service.LogoutService;
+import springboot.kakao_boot_camp.global.api.ApiResponse;
+import springboot.kakao_boot_camp.global.api.SuccessCode;
+import springboot.kakao_boot_camp.security.CustomUserDetails;
+
+@RestController
+@RequestMapping("/api/v1/auth/logout")
+@RequiredArgsConstructor
+public class LogoutController {
+
+    private final LogoutService logoutService;
+
+    @PostMapping
+    public ResponseEntity<ApiResponse<Void>> logout(HttpServletRequest request, HttpServletResponse response,
+                                                    @AuthenticationPrincipal CustomUserDetails currentUser) {
+
+        logoutService.logout(currentUser, request, response);
+
+        return ResponseEntity.ok(ApiResponse.success(SuccessCode.LOGOUT_SUCCESS, null));
+    }
+}

src/main/java/springboot/kakao_boot_camp/domain/auth/controller/AuthController.java → src/main/java/springboot/kakao_boot_camp/domain/auth/controller/SignUpController.java

@@ -10,33 +10,24 @@
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
-import springboot.kakao_boot_camp.domain.auth.dto.AuthDtos.*;
+import springboot.kakao_boot_camp.domain.auth.dto.signDtos.SignReq;
+import springboot.kakao_boot_camp.domain.auth.dto.signDtos.SignRes;
 import springboot.kakao_boot_camp.global.api.ApiResponse;
 import springboot.kakao_boot_camp.global.api.SuccessCode;
-import springboot.kakao_boot_camp.domain.auth.service.AuthService;
+import springboot.kakao_boot_camp.domain.auth.service.SignUpService;
 
 @RequiredArgsConstructor
 @RestController     // v1, v2 같은 버전은 추후 버전 관리를 위해 필요한 것인데 해당 프로젝트는 학습용 이므로 추후에 유지 보수 예정 X -> 따라서 버전 명 명시 안할 예정
-@RequestMapping("/api/v1/auth")
-public class AuthController {
+@RequestMapping("/api/v1/auth/signup")
+public class SignUpController {
+    private final SignUpService authService;
 
-    private final AuthService authService;
-
-    @PostMapping("/signup")
+    @PostMapping
     public ResponseEntity<ApiResponse<SignRes>> signUp(@RequestBody @Valid SignReq req, HttpServletResponse servletRes) {
         SignRes res = authService.signUp(req);    //data 얻기
 
         return ResponseEntity
                 .status(HttpStatus.OK)
                 .body(ApiResponse.success(SuccessCode.REGISTER_SUCCESS, res));
     }
-
-    @PostMapping("/login")
-    public ResponseEntity<ApiResponse<LoginRes>> login(@RequestBody @Valid LoginReq req, HttpServletResponse servletRes) {
-        LoginRes res = authService.login(req);    //data 얻기
-
-        return ResponseEntity
-                .status(HttpStatus.OK)
-                .body(ApiResponse.success(SuccessCode.LOGIN_SUCCESS, res));
-    }
-}
+}

src/main/java/springboot/kakao_boot_camp/domain/auth/controller/TokenRefreshController.java

@@ -0,0 +1,49 @@
+package springboot.kakao_boot_camp.domain.auth.controller;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import springboot.kakao_boot_camp.domain.auth.util.Manager.login.jwt.RefreshTokenCookieManager;
+import springboot.kakao_boot_camp.domain.auth.dto.loginDtos.LoginRes;
+import springboot.kakao_boot_camp.domain.auth.service.TokenRefreshService;
+import springboot.kakao_boot_camp.global.api.ApiResponse;
+import springboot.kakao_boot_camp.global.api.SuccessCode;
+import springboot.kakao_boot_camp.security.CustomUserDetails;
+
+@RestController
+@RequestMapping("/api/v1/auth/token")
+@RequiredArgsConstructor
+public class TokenRefreshController {
+
+    private final RefreshTokenCookieManager refreshTokenCookieManager;
+    private final TokenRefreshService tokenRefreshService;
+
+    /**
+     * 🔄 Refresh Token을 이용해 Access Token 재발급
+     */
+    @PostMapping("/refresh")
+    public ResponseEntity<ApiResponse<LoginRes>> refreshAccessToken(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            @AuthenticationPrincipal CustomUserDetails currentUser
+    ) {
+
+        // 1️⃣ 쿠키에서 refresh token 추출
+        String refreshToken = refreshTokenCookieManager.getRefreshTokenFromCookie(request);
+
+        // 2️⃣ 새 access + refresh token 생성
+        LoginRes newTokens = tokenRefreshService.refreshTokens(currentUser, refreshToken);
+
+        // 3️⃣ 새 refresh token을 쿠키에 다시 설정
+        refreshTokenCookieManager.addRefreshTokenCookie(response, newTokens.refreshToken());
+
+        // 4️⃣ refresh token은 response에 포함하지 않음
+        LoginRes result = LoginRes.fromWithoutRefreshToken(newTokens.userId(), newTokens.accessToken());
+        return ResponseEntity.ok(ApiResponse.success(SuccessCode.TOKEN_REFERSH_SUCCESS, result));
+    }
+}

src/main/java/springboot/kakao_boot_camp/domain/auth/dto/loginDtos/LoginReq.java

@@ -0,0 +1,7 @@
+package springboot.kakao_boot_camp.domain.auth.dto.loginDtos;
+
+public record LoginReq(
+        String email,
+        String passWord
+) {
+}

src/main/java/springboot/kakao_boot_camp/domain/auth/dto/loginDtos/LoginRes.java

@@ -0,0 +1,25 @@
+package springboot.kakao_boot_camp.domain.auth.dto.loginDtos;
+
+import springboot.kakao_boot_camp.security.CustomUserDetails;
+
+public record LoginRes(
+        Long userId,
+        String accessToken,
+        String refreshToken
+) {
+    public static LoginRes from(CustomUserDetails user, String accessToken, String refreshToken) {
+        return new LoginRes(
+                user.getId(),
+                accessToken,
+                refreshToken
+        );
+    }
+
+    public static LoginRes fromWithoutRefreshToken(Long userId, String accessToken) {
+        return new LoginRes(
+                userId,
+                accessToken,
+                null
+        );
+    }
+}