Merge branch 'develop' into deploy/cors

TEAM-DHS · Nov 22, 2023 · 4b60f4b · 4b60f4b
2 parents 046c991 + b134b8d
commit 4b60f4b
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 2 deletions.
diff --git a/src/main/java/com/efub/dhs/domain/member/controller/AuthController.java b/src/main/java/com/efub/dhs/domain/member/controller/AuthController.java
@@ -11,6 +11,7 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.server.ResponseStatusException;
 
 import com.efub.dhs.domain.member.dto.AuthRequestDto;
 import com.efub.dhs.domain.member.dto.AuthResponseDto;
@@ -47,6 +48,9 @@ public AuthResponseDto logIn(@RequestBody @Valid AuthRequestDto requestDto) {
 	@ResponseStatus(HttpStatus.NO_CONTENT)
 	public void logout(HttpServletRequest request) {
 		String accessToken = resolveToken(request);
+		if (accessToken == null) {
+			throw new ResponseStatusException(HttpStatus.FORBIDDEN, "Empty Access Token.");
+		}
 		jwtService.removeJwtToken(accessToken);
 	}
 

diff --git a/src/main/java/com/efub/dhs/global/config/SecurityConfig.java b/src/main/java/com/efub/dhs/global/config/SecurityConfig.java
@@ -34,6 +34,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws
 			.authorizeRequests()
 			.antMatchers(HttpMethod.GET).permitAll()
 			.antMatchers(HttpMethod.OPTIONS).permitAll()
+			.antMatchers("/auth/logout").authenticated()
 			.antMatchers("/auth/**", "/oauth/**").permitAll()
 			.anyRequest().authenticated()
 			.and()

diff --git a/src/main/java/com/efub/dhs/global/jwt/entity/JwtToken.java b/src/main/java/com/efub/dhs/global/jwt/entity/JwtToken.java
@@ -9,7 +9,7 @@
 
 @Getter
 @AllArgsConstructor
-@RedisHash(value = "jwtToken", timeToLive = 60 * 60 * 24 * 2)
+@RedisHash(value = "jwtToken", timeToLive = 60 * 60 * 24 * 14)
 public class JwtToken {
 
 	@Id

diff --git a/src/main/java/com/efub/dhs/global/jwt/service/JwtService.java b/src/main/java/com/efub/dhs/global/jwt/service/JwtService.java
@@ -1,6 +1,8 @@
 package com.efub.dhs.global.jwt.service;
 
+import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Service;
+import org.springframework.web.server.ResponseStatusException;
 
 import com.efub.dhs.global.jwt.auth.JwtAuthProvider;
 import com.efub.dhs.global.jwt.entity.JwtToken;
@@ -34,6 +36,6 @@ public JwtToken refreshToken(String accessToken) {
 
 	private JwtToken getJwtToken(String accessToken) {
 		return jwtRepository.findByAccessToken(accessToken)
-			.orElseThrow(() -> new SecurityException("JWT token is invalid."));
+			.orElseThrow(() -> new ResponseStatusException(HttpStatus.FORBIDDEN, "Invalid Access Token."));
 	}
 }