fix(be) : Token 문제 해결 (#146)

jungdongha · web-flow · commit 6f4c55649767 · 2025-10-14T16:30:39.000+09:00
* refreshtoken 발급 로직 수정

* logout 로직 수정
diff --git a/src/main/kotlin/com/back/koreaTravelGuide/common/security/JwtAuthenticationFilter.kt b/src/main/kotlin/com/back/koreaTravelGuide/common/security/JwtAuthenticationFilter.kt
@@ -20,7 +20,7 @@ class JwtAuthenticationFilter(
     ) {
         val token = resolveToken(request)
 
-        val isBlacklisted = if (token != null) redisTemplate.opsForValue().get(token) != null else false
+        val isBlacklisted = if (token != null) redisTemplate.opsForValue().get("blacklist:$token") != null else false
 
         if (token != null && !isBlacklisted && jwtTokenProvider.validateToken(token)) {
             val authentication = jwtTokenProvider.getAuthentication(token)
diff --git a/src/main/kotlin/com/back/koreaTravelGuide/domain/auth/controller/AuthController.kt b/src/main/kotlin/com/back/koreaTravelGuide/domain/auth/controller/AuthController.kt
@@ -4,9 +4,9 @@ import com.back.koreaTravelGuide.common.ApiResponse
 import com.back.koreaTravelGuide.common.security.getUserId
 import com.back.koreaTravelGuide.domain.auth.dto.request.UserRoleUpdateRequest
 import com.back.koreaTravelGuide.domain.auth.dto.response.AccessTokenResponse
-import com.back.koreaTravelGuide.domain.auth.dto.response.LoginResponse
 import com.back.koreaTravelGuide.domain.auth.service.AuthService
 import io.swagger.v3.oas.annotations.Operation
+import jakarta.servlet.http.Cookie
 import jakarta.servlet.http.HttpServletRequest
 import jakarta.servlet.http.HttpServletResponse
 import org.springframework.beans.factory.annotation.Value
@@ -48,10 +48,21 @@ class AuthController(
     fun updateUserRole(
         authentication: Authentication,
         @RequestBody request: UserRoleUpdateRequest,
-    ): ResponseEntity<ApiResponse<LoginResponse>> {
+        response: HttpServletResponse,
+    ): ResponseEntity<ApiResponse<AccessTokenResponse>> {
         val userId = authentication.getUserId()
-        val loginResponse = authService.updateRoleAndLogin(userId, request.role)
-        return ResponseEntity.ok(ApiResponse("역할이 선택되었으며 로그인에 성공했습니다.", loginResponse))
+        val (accessToken, refreshToken) = authService.updateRoleAndLogin(userId, request.role)
+
+        val cookie =
+            Cookie("refreshToken", refreshToken).apply {
+                isHttpOnly = true
+                secure = true
+                path = "/"
+                maxAge = (refreshTokenExpirationDays * 24 * 60 * 60).toInt()
+            }
+        response.addCookie(cookie)
+
+        return ResponseEntity.ok(ApiResponse("역할이 선택되었으며 로그인에 성공했습니다.", AccessTokenResponse(accessToken = accessToken)))
     }
 
     @Operation(summary = "로그아웃")
diff --git a/src/main/kotlin/com/back/koreaTravelGuide/domain/auth/service/AuthService.kt b/src/main/kotlin/com/back/koreaTravelGuide/domain/auth/service/AuthService.kt
@@ -1,7 +1,6 @@
 package com.back.koreaTravelGuide.domain.auth.service
 
 import com.back.koreaTravelGuide.common.security.JwtTokenProvider
-import com.back.koreaTravelGuide.domain.auth.dto.response.LoginResponse
 import com.back.koreaTravelGuide.domain.user.enums.UserRole
 import com.back.koreaTravelGuide.domain.user.repository.UserRepository
 import org.springframework.beans.factory.annotation.Value
@@ -22,7 +21,7 @@ class AuthService(
     fun updateRoleAndLogin(
         userId: Long,
         role: UserRole,
-    ): LoginResponse {
+    ): Pair<String, String> {
         if (role != UserRole.USER && role != UserRole.GUIDE) {
             throw IllegalArgumentException("선택할 수 없는 역할입니다.")
         }
@@ -39,15 +38,19 @@ class AuthService(
         userRepository.save(user)
 
         val accessToken = jwtTokenProvider.createAccessToken(user.id!!, user.role)
+        val refreshToken = jwtTokenProvider.createRefreshToken(user.id!!)
 
-        return LoginResponse(accessToken = accessToken)
+        val redisKey = "refreshToken:${user.id}"
+        redisTemplate.opsForValue().set(redisKey, refreshToken, refreshTokenExpirationDays, TimeUnit.DAYS)
+
+        return Pair(accessToken, refreshToken)
     }
 
     fun logout(accessToken: String) {
         val remainingTime = jwtTokenProvider.getRemainingTime(accessToken)
 
         if (remainingTime > 0) {
-            redisTemplate.opsForValue().set(accessToken, "logout", remainingTime, TimeUnit.MILLISECONDS)
+            redisTemplate.opsForValue().set("blacklist:$accessToken", "logout", remainingTime, TimeUnit.MILLISECONDS)
         }
     }
 
