Feature/auth jwt system

api-test.http

@@ -0,0 +1,50 @@
+### 전역 변수 설정 (필요시 변경)
+@auth_host = http://localhost:8080
+@trip_host = http://localhost:8081
+@email = test@naver.com
+@password = password1234
+
+### 1. [Auth] 회원가입
+POST {{auth_host}}/users
+Content-Type: application/json
+
+{
+  "email": "{{email}}",
+  "password": "{{password}}",
+  "name": "테스터"
+}
+
+### 2. [Auth] 로그인 및 토큰 발급
+# 주의: LoginAuthenticationFilter 구현에 따라 id, password를 헤더로 전송합니다.
+POST {{auth_host}}/login
+Content-Type: application/json
+id: {{email}}
+password: {{password}}
+
+> {%
+    // 응답에서 accessToken을 추출하여 전역 변수 'auth_token'에 저장
+    client.global.set("auth_token", response.body.data.accessToken);
+    client.log("Acquired Token: " + response.body.data.accessToken);
+%}
+
+### 3. [Trip] 여행 생성 (토큰 사용)
+POST {{trip_host}}/trips
+Content-Type: application/json
+Authorization: Bearer {{auth_token}}
+
+{
+  "locationId": "550e8400-e29b-41d4-a716-446655440001",
+  "title": "제주도 우정 여행",
+  "description": "친구들과 함께하는 즐거운 제주도 여행입니다.",
+  "start": "2026-07-01",
+  "end": "2026-07-05",
+  "open": true,
+  "maxParticipants": 4,
+  "category": "DOMESTIC",
+  "hashTags": ["제주도", "우정여행", "맛집탐방"]
+}
+
+### 4. [Trip] 생성된 여행 목록 조회 (검증)
+GET {{trip_host}}/trips
+Content-Type: application/json
+Authorization: Bearer {{auth_token}}

build.gradle

@@ -1,6 +1,6 @@
 plugins {
     id 'java'
-    id 'org.springframework.boot' version '3.5.0'
+    id 'org.springframework.boot' version '3.4.1'
     id 'io.spring.dependency-management' version '1.1.7'
 }
 
@@ -28,6 +28,11 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-security'
     implementation 'org.springframework.boot:spring-boot-starter-validation'
     implementation 'org.springframework.boot:spring-boot-starter-web'
+
+    // [신규 추가] OAuth2 클라이언트 및 WebClient 의존성
+    implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
+    implementation 'org.springframework.boot:spring-boot-starter-webflux'
+
     implementation "org.springdoc:springdoc-openapi-starter-webmvc-api:2.8.5"
     implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.5"
     compileOnly 'org.projectlombok:lombok'
@@ -47,4 +52,4 @@ dependencies {
 
 tasks.named('test') {
     useJUnitPlatform()
-}
+}

settings.gradle

@@ -1 +1,4 @@
+plugins {
+    id 'org.gradle.toolchains.foojay-resolver-convention' version '0.8.0'
+}
 rootProject.name = 'auth'

src/main/java/com/retrip/auth/application/config/CustomUserDetails.java

@@ -1,23 +1,33 @@
 package com.retrip.auth.application.config;
 
-
 import com.retrip.auth.domain.entity.Member;
+import lombok.Getter;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.oauth2.core.user.OAuth2User;
 
 import java.util.Collection;
+import java.util.Map;
 import java.util.stream.Collectors;
 
-
-public class CustomUserDetails implements UserDetails {
+@Getter
+public class CustomUserDetails implements UserDetails, OAuth2User {
 
     private final Member member;
+    private Map<String, Object> attributes;
+
 
     public CustomUserDetails(Member member) {
         this.member = member;
     }
 
+
+    public CustomUserDetails(Member member, Map<String, Object> attributes) {
+        this.member = member;
+        this.attributes = attributes;
+    }
+
     @Override
     public Collection<? extends GrantedAuthority> getAuthorities() {
         return member.getAuthorities().getValues().stream()
@@ -27,11 +37,23 @@ public Collection<? extends GrantedAuthority> getAuthorities() {
 
     @Override
     public String getPassword() {
+
         return member.getPassword().getValue();
     }
 
     @Override
     public String getUsername() {
         return member.getEmail().getValue();
     }
-}
+
+
+    @Override
+    public Map<String, Object> getAttributes() {
+        return attributes;
+    }
+
+    @Override
+    public String getName() {
+        return member.getId().toString();
+    }
+}

src/main/java/com/retrip/auth/application/config/JwtConfig.java

@@ -4,12 +4,14 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 
-
 @Getter
 @RequiredArgsConstructor
 @ConfigurationProperties("token.jwt")
 public class JwtConfig {
-    private final String secret;
+
+    private final String privateKey;
+    private final String publicKey;
+
     private final String header;
     private final String prefix;
     private final AccessConfig access;
@@ -26,4 +28,4 @@ public static class AccessConfig {
     public static class RefreshConfig {
         private final int expireMin;
     }
-}
+}

src/main/java/com/retrip/auth/application/config/JwtProvider.java

@@ -0,0 +1,185 @@
+package com.retrip.auth.application.config;
+
+import com.retrip.auth.application.in.response.LoginResponse;
+import io.jsonwebtoken.*;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.stereotype.Component;
+
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.*;
+import java.util.stream.Collectors;
+import com.retrip.auth.application.config.CustomUserDetails;
+
+/**
+ * JWT 토큰의 생성(Sign) 및 검증(Verify)을 담당하는 클래스 (RSA 방식)
+ */
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class JwtProvider {
+
+    private final JwtConfig jwtConfig;
+
+    /**
+     * [생성] 인증 정보를 기반으로 RSA 서명된 Access/Refresh Token 생성
+     */
+    public LoginResponse.TokenResponse generateTokens(Authentication authentication) {
+        Instant now = Instant.now();
+        String authorities = String.join(",", getAuthorities(authentication));
+
+        String memberId = authentication.getName();
+        String email = authentication.getName();
+
+        Object principal = authentication.getPrincipal();
+        if (principal instanceof CustomUserDetails userDetails) {
+            memberId = userDetails.getName();      // CustomUserDetails.getName()은 UUID(String) 반환
+            email = userDetails.getUsername();     // CustomUserDetails.getUsername()은 이메일 반환
+        }
+
+        String accessToken = createToken(
+                memberId,   // sub (UUID)
+                email,      // claim: username (Email)
+                authorities,
+                now,
+                jwtConfig.getAccess().getExpireMin()
+        );
+
+        String refreshToken = createToken(
+                memberId,   // sub (UUID)
+                email,      // claim: username (Email)
+                authorities,
+                now,
+                jwtConfig.getRefresh().getExpireMin()
+        );
+
+        return new LoginResponse.TokenResponse(accessToken, refreshToken);
+    }
+
+    private String createToken(String subject, String username, String authorities, Instant issuedAt, long expirationMinutes) {
+        try {
+            PrivateKey privateKey = getPrivateKey(jwtConfig.getPrivateKey());
+            Instant expiration = issuedAt.plus(expirationMinutes, ChronoUnit.MINUTES);
+
+            return Jwts.builder()
+                    .subject(subject)
+                    .claims(
+                            Map.of(
+                                    "username", username,
+                                    "authorities", authorities
+                            )
+                    )
+                    .issuedAt(Date.from(issuedAt))
+                    .expiration(Date.from(expiration))
+                    .signWith(privateKey, Jwts.SIG.RS256)
+                    .compact();
+        } catch (Exception e) {
+            throw new RuntimeException("토큰 생성 실패", e);
+        }
+    }
+
+    /**
+     * [검증] 토큰 유효성 검사 (RSA Public Key 사용)
+     */
+    public boolean validateToken(String token) {
+        try {
+            PublicKey publicKey = getPublicKey(jwtConfig.getPublicKey());
+            Jwts.parser()
+                    .verifyWith(publicKey)
+                    .build()
+                    .parseSignedClaims(token);
+            return true;
+        } catch (SecurityException | MalformedJwtException e) {
+            log.info("Invalid JWT Token", e);
+        } catch (ExpiredJwtException e) {
+            log.info("Expired JWT Token", e);
+        } catch (UnsupportedJwtException e) {
+            log.info("Unsupported JWT Token", e);
+        } catch (IllegalArgumentException e) {
+            log.info("JWT claims string is empty.", e);
+        } catch (Exception e) {
+            log.error("JWT validation error", e);
+        }
+        return false;
+    }
+
+    /**
+     * [파싱] 토큰에서 인증 객체 추출
+     */
+    public Authentication getAuthentication(String token) {
+        try {
+            PublicKey publicKey = getPublicKey(jwtConfig.getPublicKey());
+            Claims claims = Jwts.parser()
+                    .verifyWith(publicKey)
+                    .build()
+                    .parseSignedClaims(token)
+                    .getPayload();
+
+            String username = claims.get("username", String.class);
+            String authoritiesStr = claims.get("authorities", String.class);
+
+            List<GrantedAuthority> authorities = Arrays.stream(authoritiesStr.split(","))
+                    .map(String::trim)
+                    .map(SimpleGrantedAuthority::new)
+                    .collect(Collectors.toList());
+
+            return new UsernamePasswordAuthenticationToken(username, null, authorities);
+
+        } catch (Exception e) {
+            throw new RuntimeException("인증 정보 추출 실패", e);
+        }
+    }
+
+    public Claims parseClaims(String token) {
+        try {
+            PublicKey publicKey = getPublicKey(jwtConfig.getPublicKey());
+            return Jwts.parser()
+                    .verifyWith(publicKey)
+                    .build()
+                    .parseSignedClaims(token)
+                    .getPayload();
+        } catch (ExpiredJwtException e) {
+            // 만료된 토큰이어도 정보를 꺼내기 위해 Claims 반환
+            return e.getClaims();
+        } catch (Exception e) {
+            throw new RuntimeException("토큰 파싱 실패", e);
+        }
+    }
+
+//키 파싱 헬퍼
+    private PrivateKey getPrivateKey(String key) throws Exception {
+        String sanitizedKey = key
+                .replace("-----BEGIN PRIVATE KEY-----", "")
+                .replace("-----END PRIVATE KEY-----", "")
+                .replaceAll("\\s", "");
+        byte[] keyBytes = Base64.getDecoder().decode(sanitizedKey);
+        PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
+        return KeyFactory.getInstance("RSA").generatePrivate(spec);
+    }
+
+    private PublicKey getPublicKey(String key) throws Exception {
+        String sanitizedKey = key
+                .replace("-----BEGIN PUBLIC KEY-----", "")
+                .replace("-----END PUBLIC KEY-----", "")
+                .replaceAll("\\s", "");
+        byte[] keyBytes = Base64.getDecoder().decode(sanitizedKey);
+        X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
+        return KeyFactory.getInstance("RSA").generatePublic(spec);
+    }
+
+    private List<String> getAuthorities(Authentication authentication) {
+        return authentication.getAuthorities().stream()
+                .map(GrantedAuthority::getAuthority)
+                .toList();
+    }
+}