JWT 인증 및 인가 기능 구현

.github/workflows/build-test.yml

@@ -47,7 +47,7 @@ jobs:
       - name: 🐋 Docker Run
         run: docker-compose -f docker-compose.test.yml up -d
       - name: ⌛ Wait for Application
-        run: sleep 30
+        run: sleep 120
       - name: 🧪 Test Application
         run: |
           RESPONSE=$(curl -s "http://127.0.0.1:8080${{ secrets.HEALTH_CHECK_PATH }}")

src/main/java/com/ampersand/groom/domain/auth/application/port/AuthPort.java

@@ -0,0 +1,12 @@
+package com.ampersand.groom.domain.auth.application.port;
+
+import com.ampersand.groom.domain.member.persistence.entity.MemberJpaEntity;
+
+import java.util.Optional;
+
+public interface AuthPort {
+
+    Optional<MemberJpaEntity> findMembersByCriteria(String email);
+
+    void save(MemberJpaEntity member);
+}

src/main/java/com/ampersand/groom/domain/auth/application/service/AuthService.java

@@ -0,0 +1,100 @@
+package com.ampersand.groom.domain.auth.application.service;
+
+import com.ampersand.groom.domain.auth.application.port.AuthPort;
+import com.ampersand.groom.domain.auth.expection.*;
+import com.ampersand.groom.domain.auth.domain.JwtToken;
+import com.ampersand.groom.domain.auth.presentation.data.request.SignupRequest;
+import com.ampersand.groom.domain.member.persistence.entity.MemberJpaEntity;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+
+import java.time.Instant;
+
+@Service
+@RequiredArgsConstructor
+public class AuthService {
+
+    private final JwtService jwtService;
+    private final PasswordEncoder passwordEncoder;
+    private final AuthPort authPort;
+
+    @Value("${spring.jwt.token.access-expiration}")
+    private long accessTokenExpiration;
+
+    @Value("${spring.jwt.token.refresh-expiration}")
+    private long refreshTokenExpiration;
+
+    public JwtToken signIn(String email, String password) {
+
+        MemberJpaEntity user = authPort.findMembersByCriteria(email)
+                .orElseThrow(()->new UserNotFoundException());
+
+        if(!user.getIsAvailable()) {
+            throw new UserForbiddenException();
+        }
+
+        if (!passwordEncoder.matches(password, user.getPassword())) {
+            throw new PasswordInvalidException();
+        }
+
+        String accessToken = jwtService.createAccessToken(email);
+        String refreshToken = jwtService.createRefreshToken(email);
+
+        return JwtToken.builder()
+                .accessToken(accessToken)
+                .refreshToken(refreshToken)
+                .accessTokenExpiration(Instant.now().plusMillis(accessTokenExpiration))
+                .refreshTokenExpiration(Instant.now().plusMillis(refreshTokenExpiration))
+                .role(user.getRole())
+                .build();
+    }
+
+    public JwtToken refreshToken(String refreshToken) {
+        if (refreshToken == null || refreshToken.isEmpty()) {
+            throw new RefreshTokenRequestFormatInvalidException();
+        }
+
+        String email = jwtService.getEmailFromToken(refreshToken);
+        boolean isTokenValid = jwtService.refreshToken(email, refreshToken);
+        if (!isTokenValid) {
+            throw new RefreshTokenExpiredOrInvalidException();
+        }
+
+        if (!jwtService.validateToken(refreshToken)) {
+            throw new RefreshTokenExpiredOrInvalidException();
+        }
+
+        MemberJpaEntity user = authPort.findMembersByCriteria(email)
+                .orElseThrow(()->new UserNotFoundException());
+
+        String newAccessToken = jwtService.createAccessToken(email);
+        String newRefreshToken = jwtService.createRefreshToken(email);
+
+        return JwtToken.builder()
+                .accessToken(newAccessToken)
+                .refreshToken(newRefreshToken)
+                .accessTokenExpiration(Instant.now().plusMillis(accessTokenExpiration))
+                .refreshTokenExpiration(Instant.now().plusMillis(refreshTokenExpiration))
+                .role(user.getRole())
+                .build();
+    }
+
+    public void signup(SignupRequest request) {
+        authPort.findMembersByCriteria(request.getEmail())
+                .ifPresent(emailVerification -> {
+                    throw new UserExistException();
+                });
+
+        MemberJpaEntity newUser = MemberJpaEntity.builder()
+                .name(request.getName())
+                .email(request.getEmail())
+                .password(passwordEncoder.encode(request.getPassword()))
+                .generation(1)
+                .isAvailable(true)
+                .build();
+
+        authPort.save(newUser);
+    }
+}

src/main/java/com/ampersand/groom/domain/auth/application/service/CustomUserDetailsService.java

@@ -0,0 +1,29 @@
+package com.ampersand.groom.domain.auth.application.service;
+
+import com.ampersand.groom.domain.auth.application.port.AuthPort;
+import com.ampersand.groom.domain.auth.expection.UserNotFoundException;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.stereotype.Service;
+
+import java.util.Collections;
+
+@Service
+@RequiredArgsConstructor
+public class CustomUserDetailsService implements UserDetailsService {
+
+    private final AuthPort authPort;
+
+    @Override
+    public UserDetails loadUserByUsername(String email) {
+        return authPort.findMembersByCriteria(email)
+                .map(member -> {
+                    SimpleGrantedAuthority authority = new SimpleGrantedAuthority(member.getRole().name());
+                    return new User(member.getEmail(), member.getPassword(), Collections.singletonList(authority));
+                })
+                .orElseThrow(() -> new UserNotFoundException());
+    }
+}

src/main/java/com/ampersand/groom/domain/auth/application/service/JwtService.java

@@ -0,0 +1,80 @@
+package com.ampersand.groom.domain.auth.application.service;
+
+import io.jsonwebtoken.*;
+import jakarta.servlet.http.HttpServletRequest;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.stereotype.Service;
+
+import javax.crypto.SecretKey;
+import java.util.Date;
+import java.util.concurrent.TimeUnit;
+
+@Service
+@RequiredArgsConstructor
+public class JwtService {
+
+    private final RedisTemplate<String, String> redisTemplate;
+    private final SecretKey secretKey;
+    @Getter
+    private final long accessTokenExpiration;
+    private final long refreshTokenExpiration;
+
+    public String createAccessToken(String email) {
+        return generateToken(email, accessTokenExpiration);
+    }
+
+    public String createRefreshToken(String email) {
+        String refreshToken = generateToken(email, refreshTokenExpiration);
+
+        redisTemplate.opsForValue().set("refresh_token:" + email, refreshToken, refreshTokenExpiration, TimeUnit.SECONDS);
+
+        return refreshToken;
+    }
+
+    public boolean refreshToken(String email, String refreshToken) {
+        String storedToken = redisTemplate.opsForValue().get("refresh_token:" + email);
+
+        if (storedToken == null || !storedToken.equals(refreshToken)) {
+            return false;
+        }
+        return true;
+    }
+
+    private String generateToken(String subject, long expirationMs) {
+        Date now = new Date();
+        return Jwts.builder()
+                .setSubject(subject)
+                .setIssuedAt(now)
+                .setExpiration(new Date(now.getTime() + expirationMs))
+                .signWith(secretKey)
+                .compact();
+    }
+
+    public String getEmailFromToken(String token) {
+        return parseClaims(token).getSubject();
+    }
+
+    public boolean validateToken(String token) {
+        try {
+            parseClaims(token);
+            return true;
+        } catch (JwtException | IllegalArgumentException e) {
+            return false;
+        }
+    }
+
+    private Claims parseClaims(String token) {
+        return Jwts.parser()
+                .setSigningKey(secretKey)
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+    }
+
+    public String resolveToken(HttpServletRequest request) {
+        String token = request.getHeader("Authorization");
+        return (token != null && token.startsWith("Bearer ")) ? token.substring(7) : null;
+    }
+}

src/main/java/com/ampersand/groom/domain/auth/domain/JwtToken.java

@@ -0,0 +1,18 @@
+package com.ampersand.groom.domain.auth.domain;
+
+import com.ampersand.groom.domain.member.domain.constant.MemberRole;
+import lombok.Builder;
+import lombok.Getter;
+
+import java.time.Instant;
+
+@Getter
+@Builder
+public class JwtToken {
+
+    private String accessToken;
+    private String refreshToken;
+    private Instant accessTokenExpiration;
+    private Instant refreshTokenExpiration;
+    private MemberRole role;
+}

src/main/java/com/ampersand/groom/domain/auth/expection/EmailOrPasswordEmptyException.java

@@ -0,0 +1,10 @@
+package com.ampersand.groom.domain.auth.expection;
+
+import com.ampersand.groom.global.error.ErrorCode;
+import com.ampersand.groom.global.error.exception.GroomException;
+
+public class EmailOrPasswordEmptyException extends GroomException {
+    public EmailOrPasswordEmptyException() {
+        super(ErrorCode.EMAIL_OR_PASSWORD_EMPTY);
+    }
+}

src/main/java/com/ampersand/groom/domain/auth/expection/PasswordInvalidException.java

@@ -0,0 +1,10 @@
+package com.ampersand.groom.domain.auth.expection;
+
+import com.ampersand.groom.global.error.ErrorCode;
+import com.ampersand.groom.global.error.exception.GroomException;
+
+public class PasswordInvalidException extends GroomException {
+    public PasswordInvalidException() {
+        super(ErrorCode.PASSWORD_INVALID);
+    }
+}

src/main/java/com/ampersand/groom/domain/auth/expection/RefreshTokenExpiredOrInvalidException.java

@@ -0,0 +1,10 @@
+package com.ampersand.groom.domain.auth.expection;
+
+import com.ampersand.groom.global.error.ErrorCode;
+import com.ampersand.groom.global.error.exception.GroomException;
+
+public class RefreshTokenExpiredOrInvalidException extends GroomException {
+    public RefreshTokenExpiredOrInvalidException() {
+        super(ErrorCode.REFRESH_TOKEN_EXPIRED_OR_INVALID);
+    }
+}

src/main/java/com/ampersand/groom/domain/auth/expection/RefreshTokenRequestFormatInvalidException.java

@@ -0,0 +1,10 @@
+package com.ampersand.groom.domain.auth.expection;
+
+import com.ampersand.groom.global.error.ErrorCode;
+import com.ampersand.groom.global.error.exception.GroomException;
+
+public class RefreshTokenRequestFormatInvalidException extends GroomException {
+    public RefreshTokenRequestFormatInvalidException() {
+        super(ErrorCode.REFRESH_TOKEN_REQUEST_FORMAT_INVALID);
+    }
+}

src/main/java/com/ampersand/groom/domain/auth/expection/UserExistException.java

@@ -0,0 +1,10 @@
+package com.ampersand.groom.domain.auth.expection;
+
+import com.ampersand.groom.global.error.ErrorCode;
+import com.ampersand.groom.global.error.exception.GroomException;
+
+public class UserExistException extends GroomException {
+    public UserExistException() {
+        super(ErrorCode.USER_ALREADY_EXISTS);
+    }
+}

src/main/java/com/ampersand/groom/domain/auth/expection/UserForbiddenException.java

@@ -0,0 +1,10 @@
+package com.ampersand.groom.domain.auth.expection;
+
+import com.ampersand.groom.global.error.ErrorCode;
+import com.ampersand.groom.global.error.exception.GroomException;
+
+public class UserForbiddenException extends GroomException {
+    public UserForbiddenException() {
+        super(ErrorCode.USER_FORBIDDEN);
+    }
+}

src/main/java/com/ampersand/groom/domain/auth/expection/UserNotFoundException.java

@@ -0,0 +1,10 @@
+package com.ampersand.groom.domain.auth.expection;
+
+import com.ampersand.groom.global.error.ErrorCode;
+import com.ampersand.groom.global.error.exception.GroomException;
+
+public class UserNotFoundException extends GroomException {
+    public UserNotFoundException() {
+        super(ErrorCode.USER_NOT_FOUND);
+    }
+}

src/main/java/com/ampersand/groom/domain/auth/persistence/adapter/auth/AuthPortAdapter.java

@@ -0,0 +1,28 @@
+package com.ampersand.groom.domain.auth.persistence.adapter.auth;
+
+import com.ampersand.groom.domain.auth.application.port.AuthPort;
+import com.ampersand.groom.domain.member.persistence.entity.MemberJpaEntity;
+import com.ampersand.groom.domain.member.persistence.repository.MemberJpaRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+
+import java.util.Optional;
+
+@Component
+@RequiredArgsConstructor
+public class AuthPortAdapter implements AuthPort {
+
+    private final MemberJpaRepository memberJpaRepository;
+
+    @Override
+    public Optional<MemberJpaEntity> findMembersByCriteria(String email) {
+        return memberJpaRepository.findMembersByCriteria(null, null, null, email, null, null)
+                .stream().findFirst();
+    }
+
+
+    @Override
+    public void save(MemberJpaEntity member) {
+        memberJpaRepository.save(member);
+    }
+}