feat(auth) : 컨트롤러, 서비스 작성 securityContext 사용

Author: rogrhrh

.gitignore

@@ -41,5 +41,6 @@ out/
 
 ###custom###
 application-secret.yml
+.env
 db_dev.mv.db
 db_dev.trace.db

build.gradle

@@ -43,9 +43,11 @@ dependencies {
     runtimeOnly("com.mysql:mysql-connector-j")
 
     // JWT 라이브러리
-    implementation 'io.jsonwebtoken:jjwt-api:0.12.7'
-    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.7'
-    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.7'
+    implementation("io.jsonwebtoken:jjwt-api:0.12.6")
+    runtimeOnly("io.jsonwebtoken:jjwt-impl:0.12.6")
+    runtimeOnly("io.jsonwebtoken:jjwt-jackson:0.12.6")
+    implementation("com.fasterxml.jackson.datatype:jackson-datatype-jsr310")
+    implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
 }
 
 tasks.named('test') {

src/main/java/back/kalender/domain/auth/controller/UserAuthController.java

@@ -15,8 +15,8 @@
 @Table(
         name = "password_reset_tokens",
         indexes = {
-                @Index(name = "idx_user_id", columnList = "userId"),
-                @Index(name = "idx_token", columnList = "token")
+                @Index(name = "idx_password_user_id", columnList = "userId"),
+                @Index(name = "idx_password_token", columnList = "token")
         }
 )
 public class PasswordResetToken extends BaseEntity {

src/main/java/back/kalender/domain/auth/entity/PasswordResetToken.java

@@ -15,8 +15,8 @@
 @Table(
         name = "refresh_tokens",
         indexes = {
-                @Index(name = "idx_user_id", columnList = "userId"),
-                @Index(name = "idx_token", columnList = "token")
+                @Index(name = "idx_refresh_user_id", columnList = "userId"),
+                @Index(name = "idx_refresh_token", columnList = "token")
         }
 )
 public class RefreshToken extends BaseEntity {

src/main/java/back/kalender/domain/auth/entity/RefreshToken.java

@@ -0,0 +1,19 @@
+package back.kalender.domain.auth.service;
+
+import back.kalender.domain.auth.dto.request.*;
+import back.kalender.domain.auth.dto.response.EmailStatusResponse;
+import back.kalender.domain.auth.dto.response.UserLoginResponse;
+import back.kalender.domain.auth.dto.response.VerifyEmailResponse;
+import jakarta.servlet.http.HttpServletResponse;
+
+public interface AuthService {
+    UserLoginResponse login(UserLoginRequest request, HttpServletResponse response);
+    void logout(String refreshToken);
+    void refreshToken(String refreshToken, HttpServletResponse response);
+    void sendPasswordResetEmail(UserPasswordResetSendRequest request);
+    void resetPassword(UserPasswordResetRequest request);
+    void sendVerifyEmail(VerifyEmailSendRequest request);
+    VerifyEmailResponse verifyEmail(VerifyEmailRequest request);
+    EmailStatusResponse getEmailStatus(Long userId);
+}
+

src/main/java/back/kalender/domain/auth/service/.gitkeep

@@ -0,0 +1,288 @@
+package back.kalender.domain.auth.service;
+
+import back.kalender.domain.auth.dto.request.*;
+import back.kalender.domain.auth.dto.response.EmailStatusResponse;
+import back.kalender.domain.auth.dto.response.UserLoginResponse;
+import back.kalender.domain.auth.dto.response.VerifyEmailResponse;
+import back.kalender.domain.auth.entity.EmailVerification;
+import back.kalender.domain.auth.entity.PasswordResetToken;
+import back.kalender.domain.auth.entity.RefreshToken;
+import back.kalender.domain.auth.repository.EmailVerificationRepository;
+import back.kalender.domain.auth.repository.PasswordResetTokenRepository;
+import back.kalender.domain.auth.repository.RefreshTokenRepository;
+import back.kalender.domain.user.entity.User;
+import back.kalender.domain.user.repository.UserRepository;
+import back.kalender.global.exception.ErrorCode;
+import back.kalender.global.exception.ServiceException;
+import back.kalender.global.security.jwt.JwtProperties;
+import back.kalender.global.security.jwt.JwtTokenProvider;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDateTime;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+
+@Service
+@RequiredArgsConstructor
+@Transactional(readOnly = true)
+public class AuthServiceImpl implements AuthService {
+
+    private final UserRepository userRepository;
+    private final RefreshTokenRepository refreshTokenRepository;
+    private final EmailVerificationRepository emailVerificationRepository;
+    private final PasswordResetTokenRepository passwordResetTokenRepository;
+    private final JwtTokenProvider jwtTokenProvider;
+    private final JwtProperties jwtProperties;
+    private final PasswordEncoder passwordEncoder;
+
+    @Override
+    @Transactional
+    public UserLoginResponse login(UserLoginRequest request, HttpServletResponse response) {
+        // 유저 조회
+        User user = userRepository.findByEmail(request.email())
+                .orElseThrow(() -> new ServiceException(ErrorCode.INVALID_CREDENTIALS));
+
+        // 비밀번호 검증
+        if (!passwordEncoder.matches(request.password(), user.getPassword())) {
+            throw new ServiceException(ErrorCode.INVALID_CREDENTIALS);
+        }
+
+        // 토큰 생성
+        Map<String, Object> claims = new HashMap<>();
+        claims.put("userId", user.getId());
+        claims.put("email", user.getEmail());
+
+        String accessToken = jwtTokenProvider.createAccessToken(user.getEmail(), claims);
+        String refreshToken = jwtTokenProvider.createRefreshToken(user.getEmail(), claims);
+
+        // Refresh Token DB 저장
+        RefreshToken refreshTokenEntity = RefreshToken.create(
+                user.getId(),
+                refreshToken,
+                jwtProperties.getTokenExpiration().getRefresh()
+        );
+        refreshTokenRepository.save(refreshTokenEntity);
+
+        // Access Token을 Response Header에 설정
+        response.setHeader("Authorization", "Bearer " + accessToken);
+
+        // Refresh Token을 httpOnly secure 쿠키로 설정
+        Cookie refreshTokenCookie = new Cookie("refreshToken", refreshToken);
+        refreshTokenCookie.setHttpOnly(true);
+        refreshTokenCookie.setSecure(true);
+        refreshTokenCookie.setPath("/");
+        refreshTokenCookie.setMaxAge((int) (jwtProperties.getTokenExpiration().getRefresh() * 24 * 60 * 60));
+        response.addCookie(refreshTokenCookie);
+
+        return new UserLoginResponse(
+                user.getId(),
+                user.getNickname(),
+                user.getEmail(),
+                user.getProfileImage(),
+                user.getEmailVerified() != null ? user.getEmailVerified() : false
+        );
+    }
+
+    @Override
+    @Transactional
+    public void logout(String refreshToken) {
+        if (refreshToken != null) {
+            refreshTokenRepository.findByToken(refreshToken)
+                    .ifPresent(refreshTokenRepository::delete);
+        }
+    }
+
+    @Override
+    @Transactional
+    public void refreshToken(String refreshToken, HttpServletResponse response) {
+        if (refreshToken == null || !jwtTokenProvider.validateToken(refreshToken)) {
+            throw new ServiceException(ErrorCode.INVALID_REFRESH_TOKEN);
+        }
+
+        // DB에서 Refresh Token 확인
+        RefreshToken refreshTokenEntity = refreshTokenRepository.findByToken(refreshToken)
+                .orElseThrow(() -> new ServiceException(ErrorCode.INVALID_REFRESH_TOKEN));
+
+        // 만료 확인
+        if (refreshTokenEntity.getExpiredAt().isBefore(LocalDateTime.now())) {
+            refreshTokenRepository.delete(refreshTokenEntity);
+            throw new ServiceException(ErrorCode.EXPIRED_REFRESH_TOKEN);
+        }
+
+        // 유저 조회
+        User user = userRepository.findById(refreshTokenEntity.getUserId())
+                .orElseThrow(() -> new ServiceException(ErrorCode.USER_NOT_FOUND));
+
+        // 새 토큰 생성
+        Map<String, Object> claims = new HashMap<>();
+        claims.put("userId", user.getId());
+        claims.put("email", user.getEmail());
+
+        String newAccessToken = jwtTokenProvider.createAccessToken(user.getEmail(), claims);
+        String newRefreshToken = jwtTokenProvider.createRefreshToken(user.getEmail(), claims);
+
+        // 기존 Refresh Token 삭제
+        refreshTokenRepository.delete(refreshTokenEntity);
+
+        // 새 Refresh Token 저장
+        RefreshToken newRefreshTokenEntity = RefreshToken.create(
+                user.getId(),
+                newRefreshToken,
+                jwtProperties.getTokenExpiration().getRefresh()
+        );
+        refreshTokenRepository.save(newRefreshTokenEntity);
+
+        // Access Token을 Response Header에 설정
+        response.setHeader("Authorization", "Bearer " + newAccessToken);
+
+        // Refresh Token을 httpOnly secure 쿠키로 설정
+        Cookie refreshTokenCookie = new Cookie("refreshToken", newRefreshToken);
+        refreshTokenCookie.setHttpOnly(true);
+        refreshTokenCookie.setSecure(true);
+        refreshTokenCookie.setPath("/");
+        refreshTokenCookie.setMaxAge((int) (jwtProperties.getTokenExpiration().getRefresh() * 24 * 60 * 60));
+        response.addCookie(refreshTokenCookie);
+    }
+
+    @Override
+    @Transactional
+    public void sendPasswordResetEmail(UserPasswordResetSendRequest request) {
+        User user = userRepository.findByEmail(request.email())
+                .orElseThrow(() -> new ServiceException(ErrorCode.USER_NOT_FOUND));
+
+        // 기존 토큰 삭제
+        passwordResetTokenRepository.deleteByUserId(user.getId());
+
+        // 새 토큰 생성
+        String token = UUID.randomUUID().toString();
+        PasswordResetToken resetToken = PasswordResetToken.create(user.getId(), token);
+        passwordResetTokenRepository.save(resetToken);
+
+        // TODO: 이메일 발송 로직 구현
+        // emailService.sendPasswordResetEmail(user.getEmail(), token);
+    }
+
+    @Override
+    @Transactional
+    public void resetPassword(UserPasswordResetRequest request) {
+        // 비밀번호 일치 확인
+        if (!request.newPassword().equals(request.newPasswordConfirm())) {
+            throw new ServiceException(ErrorCode.PASSWORD_MISMATCH);
+        }
+
+        // 토큰 조회
+        PasswordResetToken resetToken = passwordResetTokenRepository.findByToken(request.token())
+                .orElseThrow(() -> new ServiceException(ErrorCode.PASSWORD_RESET_TOKEN_NOT_FOUND));
+
+        // 사용 여부 확인
+        if (resetToken.isUsed()) {
+            throw new ServiceException(ErrorCode.PASSWORD_RESET_TOKEN_ALREADY_USED);
+        }
+
+        // 만료 확인
+        if (resetToken.getExpiredAt().isBefore(LocalDateTime.now())) {
+            throw new ServiceException(ErrorCode.EXPIRED_PASSWORD_RESET_TOKEN);
+        }
+
+        // 유저 조회 및 비밀번호 업데이트
+        User user = userRepository.findById(resetToken.getUserId())
+                .orElseThrow(() -> new ServiceException(ErrorCode.USER_NOT_FOUND));
+
+        user.updatePassword(passwordEncoder.encode(request.newPassword()));
+
+        // 토큰 사용 처리
+        resetToken.markUsed();
+    }
+
+    @Override
+    @Transactional
+    public void sendVerifyEmail(VerifyEmailSendRequest request) {
+        User user = userRepository.findByEmail(request.email())
+                .orElseThrow(() -> new ServiceException(ErrorCode.USER_NOT_FOUND));
+
+        // 이미 인증된 경우
+        if (user.getEmailVerified() != null && user.getEmailVerified()) {
+            throw new ServiceException(ErrorCode.EMAIL_ALREADY_VERIFIED);
+        }
+
+        // 최근 5분 이내 발송된 인증 코드 확인 (재발송 제한)
+        emailVerificationRepository.findTopByUserIdOrderByCreatedAtDesc(user.getId())
+                .ifPresent(verification -> {
+                    if (verification.getCreatedAt().isAfter(LocalDateTime.now().minusMinutes(1))) {
+                        throw new ServiceException(ErrorCode.EMAIL_VERIFICATION_LIMIT_EXCEEDED);
+                    }
+                });
+
+        // 인증 코드 생성 (6자리 숫자)
+        String code = String.format("%06d", (int) (Math.random() * 1000000));
+
+        // 기존 인증 코드 삭제
+        emailVerificationRepository.deleteByUserId(user.getId());
+
+        // 새 인증 코드 저장
+        EmailVerification verification = EmailVerification.create(user.getId(), code);
+        emailVerificationRepository.save(verification);
+
+        // TODO: 이메일 발송 로직 구현
+        // emailService.sendVerificationEmail(user.getEmail(), code);
+    }
+
+    @Override
+    @Transactional
+    public VerifyEmailResponse verifyEmail(VerifyEmailRequest request) {
+        User user = userRepository.findByEmail(request.email())
+                .orElseThrow(() -> new ServiceException(ErrorCode.USER_NOT_FOUND));
+
+        // 인증 코드 조회
+        EmailVerification verification = emailVerificationRepository.findByCode(request.code())
+                .orElseThrow(() -> new ServiceException(ErrorCode.EMAIL_VERIFICATION_CODE_NOT_FOUND));
+
+        // 유저 ID 일치 확인
+        if (!verification.getUserId().equals(user.getId())) {
+            throw new ServiceException(ErrorCode.INVALID_EMAIL_VERIFICATION_CODE);
+        }
+
+        // 사용 여부 확인
+        if (verification.isUsed()) {
+            throw new ServiceException(ErrorCode.INVALID_EMAIL_VERIFICATION_CODE);
+        }
+
+        // 만료 확인
+        if (verification.getExpiredAt().isBefore(LocalDateTime.now())) {
+            throw new ServiceException(ErrorCode.EXPIRED_EMAIL_VERIFICATION_CODE);
+        }
+
+        // 인증 처리
+        verification.markUsed();
+        user.verifyEmail();
+
+        return new VerifyEmailResponse(request.email(), true);
+    }
+
+    @Override
+    public EmailStatusResponse getEmailStatus(Long userId) {
+        User user = userRepository.findById(userId)
+                .orElseThrow(() -> new ServiceException(ErrorCode.USER_NOT_FOUND));
+
+        // 이메일 인증 시간 조회
+        LocalDateTime verifiedAt = emailVerificationRepository
+                .findTopByUserIdOrderByCreatedAtDesc(userId)
+                .filter(EmailVerification::isUsed)
+                .map(EmailVerification::getUpdatedAt)
+                .orElse(null);
+
+        return new EmailStatusResponse(
+                user.getId(),
+                user.getEmail(),
+                user.getEmailVerified() != null ? user.getEmailVerified() : false,
+                verifiedAt
+        );
+    }
+}
+

src/main/java/back/kalender/domain/auth/service/AuthService.java

@@ -0,0 +1,44 @@
+package back.kalender.domain.auth.service;
+
+import back.kalender.domain.user.entity.User;
+import back.kalender.domain.user.repository.UserRepository;
+import back.kalender.global.exception.ErrorCode;
+import back.kalender.global.exception.ServiceException;
+import back.kalender.global.security.user.CustomUserDetails;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.Collections;
+import java.util.List;
+
+@Service
+@RequiredArgsConstructor
+@Transactional(readOnly = true)
+public class CustomUserDetailsService implements UserDetailsService {
+
+    private final UserRepository userRepository;
+
+    @Override
+    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
+        User user = userRepository.findByEmail(email)
+                .orElseThrow(() -> new ServiceException(ErrorCode.USER_NOT_FOUND));
+
+        List<GrantedAuthority> authorities = Collections.singletonList(
+                new SimpleGrantedAuthority("ROLE_USER")
+        );
+
+        return new CustomUserDetails(
+                user.getId(),
+                user.getEmail(),
+                user.getPassword(),
+                authorities
+        );
+    }
+}
+