From ad0f785e55a26ad7f16b316c856be06b6ddff321 Mon Sep 17 00:00:00 2001 From: jwj Date: Thu, 26 Dec 2024 11:46:09 +0900 Subject: [PATCH 1/2] =?UTF-8?q?[fix]=20=EB=A6=AC=ED=94=84=EB=A0=88?= =?UTF-8?q?=EC=8B=9C=20=ED=86=A0=ED=81=B0=20=EC=A0=80=EC=9E=A5=EC=86=8C?= =?UTF-8?q?=EB=A5=BC=20Redis=EB=A1=9C=20=EB=8B=A8=EC=9D=BC=ED=99=94?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../aniwhere/domain/token/RefreshToken.java | 42 +++++++++---------- .../token/RefreshTokenRepository.java | 14 +++---- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/src/main/java/com/example/aniwhere/domain/token/RefreshToken.java b/src/main/java/com/example/aniwhere/domain/token/RefreshToken.java index 10ddccc..70c0309 100644 --- a/src/main/java/com/example/aniwhere/domain/token/RefreshToken.java +++ b/src/main/java/com/example/aniwhere/domain/token/RefreshToken.java @@ -7,24 +7,24 @@ import lombok.Getter; import lombok.NoArgsConstructor; -@Entity -@Getter -@NoArgsConstructor(access = AccessLevel.PROTECTED) -public class RefreshToken extends Common { - - @Column(name = "user_id", nullable = false, unique = true) - private Long userId; - - @Column(name = "refresh_token", nullable = false) - private String refreshToken; - - public RefreshToken(Long userId, String refreshToken) { - this.userId = userId; - this.refreshToken = refreshToken; - } - - public RefreshToken update(String newRefreshToken) { - this.refreshToken = newRefreshToken; - return this; - } -} +//@Entity +//@Getter +//@NoArgsConstructor(access = AccessLevel.PROTECTED) +//public class RefreshToken extends Common { +// +// @Column(name = "user_id", nullable = false, unique = true) +// private Long userId; +// +// @Column(name = "refresh_token", nullable = false) +// private String refreshToken; +// +// public RefreshToken(Long userId, String refreshToken) { +// this.userId = userId; +// this.refreshToken = refreshToken; +// } +// +// public RefreshToken update(String newRefreshToken) { +// this.refreshToken = newRefreshToken; +// return this; +// } +//} diff --git a/src/main/java/com/example/aniwhere/repository/token/RefreshTokenRepository.java b/src/main/java/com/example/aniwhere/repository/token/RefreshTokenRepository.java index ef331f1..eabb652 100644 --- a/src/main/java/com/example/aniwhere/repository/token/RefreshTokenRepository.java +++ b/src/main/java/com/example/aniwhere/repository/token/RefreshTokenRepository.java @@ -1,10 +1,10 @@ package com.example.aniwhere.repository.token; -import com.example.aniwhere.domain.token.RefreshToken; -import org.springframework.data.jpa.repository.JpaRepository; +//import com.example.aniwhere.domain.token.RefreshToken; +//import org.springframework.data.jpa.repository.JpaRepository; +// +//import java.util.Optional; -import java.util.Optional; - -public interface RefreshTokenRepository extends JpaRepository { - Optional findByUserId(Long userId); -} +//public interface RefreshTokenRepository extends JpaRepository { +// Optional findByUserId(Long userId); +//} From 61b5ccc451f3531ccaaf9afc4a4c58dca325b40b Mon Sep 17 00:00:00 2001 From: jwj Date: Mon, 30 Dec 2024 01:03:32 +0900 Subject: [PATCH 2/2] =?UTF-8?q?[fix]=20=EB=A6=AC=ED=94=84=EB=A0=88?= =?UTF-8?q?=EC=8B=9C=20=ED=86=A0=ED=81=B0=20=EC=A0=80=EC=9E=A5=EC=86=8C?= =?UTF-8?q?=EB=A5=BC=20Redis=EB=A1=9C=20=EB=8B=A8=EC=9D=BC=ED=99=94?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/jwt/provider/TokenProvider.java | 14 +------ .../aniwhere/service/redis/RedisService.java | 38 ++++++++++--------- .../aniwhere/service/token/TokenService.java | 23 +---------- .../aniwhere/service/user/UserService.java | 5 +-- 4 files changed, 24 insertions(+), 56 deletions(-) diff --git a/src/main/java/com/example/aniwhere/application/auth/jwt/provider/TokenProvider.java b/src/main/java/com/example/aniwhere/application/auth/jwt/provider/TokenProvider.java index 67e5d59..04725ed 100644 --- a/src/main/java/com/example/aniwhere/application/auth/jwt/provider/TokenProvider.java +++ b/src/main/java/com/example/aniwhere/application/auth/jwt/provider/TokenProvider.java @@ -5,10 +5,8 @@ import com.example.aniwhere.application.auth.jwt.dto.CreateTokenCommand; import com.example.aniwhere.global.error.exception.TokenException; import com.example.aniwhere.service.redis.RedisService; -import com.example.aniwhere.domain.token.RefreshToken; import com.example.aniwhere.domain.user.Role; import com.example.aniwhere.domain.user.User; -import com.example.aniwhere.repository.token.RefreshTokenRepository; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; import com.auth0.jwt.JWT; @@ -32,15 +30,13 @@ public class TokenProvider { private final JwtProperties jwtProperties; private final RedisService redisService; - private final RefreshTokenRepository refreshTokenRepository; private final Algorithm algorithm; private final JWTVerifier jwtVerifier; - public TokenProvider(JwtProperties jwtProperties, RedisService redisService, RefreshTokenRepository refreshTokenRepository) { + public TokenProvider(JwtProperties jwtProperties, RedisService redisService) { this.jwtProperties = jwtProperties; this.redisService = redisService; - this.refreshTokenRepository = refreshTokenRepository; this.algorithm = Algorithm.HMAC512(jwtProperties.getSecretKey()); this.jwtVerifier = JWT.require(algorithm) .withIssuer(jwtProperties.getIssuer()) @@ -71,13 +67,7 @@ public String generateRefreshToken(final CreateTokenCommand command, final User .withClaim(ROLE, command.role().getValue()) .sign(algorithm); - redisService.saveRefreshToken(user.getEmail(), refreshToken); - - RefreshToken refreshTokenEntity = refreshTokenRepository.findByUserId(user.getId()) - .map(entity -> entity.update(refreshToken)) - .orElse(new RefreshToken(user.getId(), refreshToken)); - refreshTokenRepository.save(refreshTokenEntity); - + redisService.saveRefreshToken(user.getId(), refreshToken); return refreshToken; } diff --git a/src/main/java/com/example/aniwhere/service/redis/RedisService.java b/src/main/java/com/example/aniwhere/service/redis/RedisService.java index cc63dff..420396a 100644 --- a/src/main/java/com/example/aniwhere/service/redis/RedisService.java +++ b/src/main/java/com/example/aniwhere/service/redis/RedisService.java @@ -16,39 +16,41 @@ public class RedisService { private final RedisTemplate redisTemplate; private final ValueOperations operations; + private static final String REFRESH_TOKEN_PREFIX = "RT:"; + private static final String OAUTH_ACCESS_PREFIX = "OAT:"; + private static final String OAUTH_REFRESH_PREFIX = "ORT:"; + private static final String BLACKLIST_ACCESS_PREFIX = "BAL:"; + private static final String BLACKLIST_REFRESH_PREFIX = "BRL"; + private static final String CODE_PREFIX = "CODE:"; + public RedisService(JwtProperties jwtProperties, RedisTemplate redisTemplate) { this.jwtProperties = jwtProperties; this.redisTemplate = redisTemplate; this.operations = redisTemplate.opsForValue(); } - public void saveRefreshToken(String email, String token) { - operations.set(email, token, Duration.ofSeconds(jwtProperties.getRefresh_token_expiration_time())); - } - - public boolean deleteRefreshToken(String email) { - Boolean result = redisTemplate.delete(email); - return Boolean.TRUE.equals(result); + public void saveRefreshToken(Long userId, String token) { + operations.set(REFRESH_TOKEN_PREFIX + userId, token, Duration.ofSeconds(jwtProperties.getRefresh_token_expiration_time())); } - public String getRefreshToken(String email) { - return operations.get(email); + public String getRefreshToken(String userId) { + return operations.get(REFRESH_TOKEN_PREFIX + userId); } public String getOAuthAccessToken(String email) { - return operations.get(email); + return operations.get(OAUTH_ACCESS_PREFIX + email); } public String getOAuthRefreshToken(String email) { - return operations.get(email); + return operations.get(OAUTH_REFRESH_PREFIX + email); } public void saveOAuthAccessToken(String email, String token) { - operations.set("OAT:" + email, token, Duration.ofSeconds(jwtProperties.getAccess_token_expiration_time())); + operations.set(OAUTH_ACCESS_PREFIX + email, token, Duration.ofSeconds(jwtProperties.getAccess_token_expiration_time())); } public void saveOAuthRefreshToken(String email, String token) { - operations.set("ORT:" + email, token, Duration.ofSeconds(jwtProperties.getRefresh_token_expiration_time())); + operations.set(OAUTH_REFRESH_PREFIX + email, token, Duration.ofSeconds(jwtProperties.getRefresh_token_expiration_time())); } public void deleteOAuthToken(String email) { @@ -57,23 +59,23 @@ public void deleteOAuthToken(String email) { public void saveCode(String key, String value, Duration duration) { redisTemplate.opsForValue() - .set(key, value, duration); + .set(CODE_PREFIX + key, value, duration); } public void deleteCode(String key) { - redisTemplate.delete(key); + redisTemplate.delete(CODE_PREFIX + key); } public String getCode(String key) { return redisTemplate.opsForValue() - .get(key); + .get(CODE_PREFIX + key); } public void saveBlackListAccessToken(String email, String token) { - operations.set(email, token, Duration.ofSeconds(jwtProperties.getAccess_token_expiration_time())); + operations.set(BLACKLIST_ACCESS_PREFIX + email, token, Duration.ofSeconds(jwtProperties.getAccess_token_expiration_time())); } public void saveBlackListRefreshToken(String email, String token) { - operations.set(email, token, Duration.ofSeconds(jwtProperties.getRefresh_token_expiration_time())); + operations.set(BLACKLIST_REFRESH_PREFIX + email, token, Duration.ofSeconds(jwtProperties.getRefresh_token_expiration_time())); } } \ No newline at end of file diff --git a/src/main/java/com/example/aniwhere/service/token/TokenService.java b/src/main/java/com/example/aniwhere/service/token/TokenService.java index d86846b..7ca6dad 100644 --- a/src/main/java/com/example/aniwhere/service/token/TokenService.java +++ b/src/main/java/com/example/aniwhere/service/token/TokenService.java @@ -4,12 +4,10 @@ import com.example.aniwhere.application.auth.jwt.dto.Claims; import com.example.aniwhere.application.auth.jwt.dto.CreateTokenCommand; import com.example.aniwhere.service.redis.RedisService; -import com.example.aniwhere.domain.token.RefreshToken; import com.example.aniwhere.domain.user.User; import com.example.aniwhere.global.error.exception.UserException; import com.example.aniwhere.global.error.exception.TokenException; import com.example.aniwhere.application.auth.jwt.provider.TokenProvider; -import com.example.aniwhere.repository.token.RefreshTokenRepository; import com.example.aniwhere.repository.user.UserRepository; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; @@ -29,7 +27,6 @@ public class TokenService { private final CookieConfig cookieConfig; private final RedisService redisService; private final UserRepository userRepository; - private final RefreshTokenRepository refreshTokenRepository; @Transactional public ResponseCookie createNewAccessToken(String refreshToken) { @@ -43,31 +40,13 @@ public ResponseCookie createNewAccessToken(String refreshToken) { return cookieConfig.createAccessTokenCookie("access_token", newAccessToken); } - return handleCacheMiss(claims.userId()); + throw new TokenException(NOT_FOUND_REFRESH_TOKEN); } catch (TokenException e) { log.error("Refresh token validation failed", e); throw new TokenException(INVALID_TOKEN); } } - - private ResponseCookie handleCacheMiss(Long userId) { - User user = getUserByUserId(userId); - - RefreshToken dbRefreshToken = refreshTokenRepository.findByUserId(userId) - .orElseThrow(() -> new TokenException(NOT_FOUND_REFRESH_TOKEN)); - - try { - tokenProvider.validateToken(dbRefreshToken.getRefreshToken()); - } catch (TokenException e) { - throw new TokenException(INVALID_REFRESH_TOKEN); - } - - redisService.saveRefreshToken(String.valueOf(userId), dbRefreshToken.getRefreshToken()); - String newAccessToken = generateAccessToken(user); - return cookieConfig.createAccessTokenCookie("access_token", newAccessToken); - } - private User getUserByUserId(Long userId) { return userRepository.findById(userId) .orElseThrow(() -> new UserException(NOT_FOUND_USER)); diff --git a/src/main/java/com/example/aniwhere/service/user/UserService.java b/src/main/java/com/example/aniwhere/service/user/UserService.java index ab38cf1..e350b1a 100644 --- a/src/main/java/com/example/aniwhere/service/user/UserService.java +++ b/src/main/java/com/example/aniwhere/service/user/UserService.java @@ -82,7 +82,7 @@ public UserSignInResult signIn(UserSignInRequest request) { } JwtToken jwtToken = generateTokens(user); - redisService.saveRefreshToken(user.getEmail(), jwtToken.refreshToken()); + redisService.saveRefreshToken(user.getId(), jwtToken.refreshToken()); ResponseCookie accessTokenCookie = cookieConfig.createAccessTokenCookie("access_token", jwtToken.accessToken()); ResponseCookie refreshTokenCookie = cookieConfig.createRefreshTokenCookie("refresh_token", jwtToken.refreshToken()); @@ -119,9 +119,6 @@ private JwtToken generateTokens(User user) { String accessToken = tokenProvider.generateAccessToken(command); String refreshToken = tokenProvider.generateRefreshToken(command, user); - redisService.saveRefreshToken(String.valueOf(user.getId()), refreshToken); - log.debug("Tokens generated for user: {}", user.getId()); - return new JwtToken(accessToken, refreshToken); }