Merge pull request #55 from FlipNoteTeam/feat/access-token

Feat: AccessToken 쿠키에 저장되도록 수정

Author: dungbik

src/main/java/project/flipnote/auth/controller/AuthController.java

@@ -23,11 +23,10 @@
 import project.flipnote.auth.model.request.EmailVerifyRequest;
 import project.flipnote.auth.model.request.PasswordResetCreateRequest;
 import project.flipnote.auth.model.request.PasswordResetRequest;
-import project.flipnote.auth.model.vo.TokenPair;
 import project.flipnote.auth.model.request.UserLoginRequest;
-import project.flipnote.auth.model.response.UserLoginResponse;
 import project.flipnote.auth.model.request.UserRegisterRequest;
 import project.flipnote.auth.model.response.UserRegisterResponse;
+import project.flipnote.auth.model.vo.TokenPair;
 import project.flipnote.auth.service.AuthService;
 import project.flipnote.common.security.dto.AuthPrinciple;
 import project.flipnote.common.security.jwt.JwtConstants;
@@ -51,11 +50,18 @@ public ResponseEntity<UserRegisterResponse> register(@Valid @RequestBody UserReg
 	}
 
 	@PostMapping("/login")
-	public ResponseEntity<UserLoginResponse> login(
+	public ResponseEntity<Void> login(
 		@Valid @RequestBody UserLoginRequest req
 	) {
 		TokenPair tokenPair = authService.login(req);
 
+		long accessTokenExpire = jwtProperties.getAccessTokenExpiration().toSeconds();
+		ResponseCookie accessCookie = cookieUtil.createCookie(
+			JwtConstants.ACCESS_TOKEN,
+			tokenPair.accessToken(),
+			Math.toIntExact(accessTokenExpire)
+		);
+
 		long expirationSeconds = jwtProperties.getRefreshTokenExpiration().toSeconds();
 		ResponseCookie cookie = cookieUtil.createCookie(
 			JwtConstants.REFRESH_TOKEN,
@@ -64,8 +70,9 @@ public ResponseEntity<UserLoginResponse> login(
 		);
 
 		return ResponseEntity.ok()
+			.header(HttpHeaders.SET_COOKIE, accessCookie.toString())
 			.header(HttpHeaders.SET_COOKIE, cookie.toString())
-			.body(UserLoginResponse.from(tokenPair.accessToken()));
+			.build();
 	}
 
 	@PostMapping("/logout")
@@ -94,11 +101,18 @@ public ResponseEntity<Void> verifyEmail(
 	}
 
 	@PostMapping("/token/refresh")
-	public ResponseEntity<UserLoginResponse> refreshToken(
+	public ResponseEntity<Void> refreshToken(
 		@CookieValue(name = JwtConstants.REFRESH_TOKEN) String refreshToken
 	) {
 		TokenPair tokenPair = authService.refreshToken(refreshToken);
 
+		long accessTokenExpire = jwtProperties.getAccessTokenExpiration().toSeconds();
+		ResponseCookie accessCookie = cookieUtil.createCookie(
+			JwtConstants.ACCESS_TOKEN,
+			tokenPair.accessToken(),
+			Math.toIntExact(accessTokenExpire)
+		);
+
 		long expirationSeconds = jwtProperties.getRefreshTokenExpiration().toSeconds();
 		ResponseCookie cookie = cookieUtil.createCookie(
 			JwtConstants.REFRESH_TOKEN,
@@ -107,8 +121,9 @@ public ResponseEntity<UserLoginResponse> refreshToken(
 		);
 
 		return ResponseEntity.ok()
+			.header(HttpHeaders.SET_COOKIE, accessCookie.toString())
 			.header(HttpHeaders.SET_COOKIE, cookie.toString())
-			.body(UserLoginResponse.from(tokenPair.accessToken()));
+			.build();
 	}
 
 	@PostMapping("/password-reset/request")

src/main/java/project/flipnote/auth/controller/OAuthController.java

@@ -42,7 +42,7 @@ public class OAuthController implements OAuthControllerDocs {
 	private final CookieUtil cookieUtil;
 
 	@GetMapping("/oauth2/authorization/{provider}")
-	public ResponseEntity<Void> redirectToProviderAuthorization(
+	public ResponseEntity<String> redirectToProviderAuthorization(
 		@PathVariable("provider") String provider,
 		HttpServletRequest request,
 		@AuthenticationPrincipal AuthPrinciple userAuth

src/main/java/project/flipnote/auth/controller/docs/AuthControllerDocs.java

@@ -10,7 +10,6 @@
 import project.flipnote.auth.model.request.PasswordResetCreateRequest;
 import project.flipnote.auth.model.request.PasswordResetRequest;
 import project.flipnote.auth.model.request.UserLoginRequest;
-import project.flipnote.auth.model.response.UserLoginResponse;
 import project.flipnote.auth.model.request.UserRegisterRequest;
 import project.flipnote.auth.model.response.UserRegisterResponse;
 import project.flipnote.common.security.dto.AuthPrinciple;
@@ -22,9 +21,9 @@ public interface AuthControllerDocs {
 	ResponseEntity<UserRegisterResponse> register(UserRegisterRequest req);
 
 	@Operation(summary = "로그인")
-	ResponseEntity<UserLoginResponse> login(UserLoginRequest req);
+	ResponseEntity<Void> login(UserLoginRequest req);
 
-	@Operation(summary = "로그아웃", security = { @SecurityRequirement(name = "access-token") })
+	@Operation(summary = "로그아웃", security = {@SecurityRequirement(name = "access-token")})
 	ResponseEntity<Void> logout();
 
 	@Operation(summary = "이메일 인증번호 전송")
@@ -34,20 +33,20 @@ public interface AuthControllerDocs {
 	ResponseEntity<Void> verifyEmail(EmailVerifyRequest req);
 
 	@Operation(summary = "토큰 갱신")
-	ResponseEntity<UserLoginResponse> refreshToken(String refreshToken);
+	ResponseEntity<Void> refreshToken(String refreshToken);
 
 	@Operation(summary = "비밀번호 재설정 링크 전송")
 	ResponseEntity<Void> requestPasswordReset(PasswordResetCreateRequest req);
 
 	@Operation(summary = "비밀번호 재설정")
 	ResponseEntity<Void> resetPassword(PasswordResetRequest req);
 
-	@Operation(summary = "내 비밀번호 변경", security = { @SecurityRequirement(name = "access-token") })
+	@Operation(summary = "내 비밀번호 변경", security = {@SecurityRequirement(name = "access-token")})
 	ResponseEntity<Void> updatePassword(AuthPrinciple userAuth, ChangePasswordRequest req);
 
-	@Operation(summary = "내 소셜 연동 계정 목록 조회", security = { @SecurityRequirement(name = "access-token") })
+	@Operation(summary = "내 소셜 연동 계정 목록 조회", security = {@SecurityRequirement(name = "access-token")})
 	ResponseEntity<SocialLinksResponse> getSocialLinks(AuthPrinciple userAuth);
 
-	@Operation(summary = "소셜 연동 해제", security = { @SecurityRequirement(name = "access-token") })
+	@Operation(summary = "소셜 연동 해제", security = {@SecurityRequirement(name = "access-token")})
 	ResponseEntity<Void> deleteSocialLink(AuthPrinciple userAuth, Long socialLinkId);
 }

src/main/java/project/flipnote/auth/controller/docs/OAuthControllerDocs.java

@@ -11,7 +11,7 @@
 public interface OAuthControllerDocs {
 
 	@Operation(summary = "소셜 인증 URL로 리다이렉트")
-	ResponseEntity<Void> redirectToProviderAuthorization(
+	ResponseEntity<String> redirectToProviderAuthorization(
 		String provider,
 		HttpServletRequest request,
 		AuthPrinciple userAuth

src/main/java/project/flipnote/common/security/filter/JwtAuthenticationFilter.java

@@ -11,6 +11,7 @@
 
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
+import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
@@ -33,6 +34,7 @@ protected void doFilterInternal(
 		FilterChain filterChain
 	) throws ServletException, IOException {
 		String token = extractToken(request);
+		System.out.println(token);
 
 		if (StringUtils.hasText(token)) {
 			AuthPrinciple userAuth = jwtComponent.extractUserAuthFromToken(token);
@@ -45,9 +47,16 @@ protected void doFilterInternal(
 	}
 
 	private String extractToken(HttpServletRequest request) {
-		String bearerToken = request.getHeader(JwtConstants.AUTH_HEADER);
-		if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(JwtConstants.TOKEN_PREFIX)) {
-			return bearerToken.substring(JwtConstants.TOKEN_PREFIX.length());
+		Cookie[] cookies = request.getCookies();
+		if (cookies != null) {
+			for (Cookie cookie : cookies) {
+				if (JwtConstants.ACCESS_TOKEN.equals(cookie.getName())) {
+					String token = cookie.getValue();
+					if (StringUtils.hasText(token)) {
+						return token;
+					}
+				}
+			}
 		}
 		return null;
 	}

src/main/java/project/flipnote/common/security/jwt/JwtConstants.java

@@ -6,13 +6,11 @@
 @NoArgsConstructor(access = AccessLevel.PRIVATE)
 public final class JwtConstants {
 
+	public static final String ACCESS_TOKEN = "accessToken";
 	public static final String REFRESH_TOKEN = "refreshToken";
 
 	public static final String ROLE = "role";
 	public static final String TOKEN_VERSION = "token_version";
 	public static final String AUTH_ID = "auth_id";
 	public static final String USER_ID = "user_id";
-
-	public static final String AUTH_HEADER = "Authorization";
-	public static final String TOKEN_PREFIX = "Bearer ";
 }