refactor : refreshToken 비교 로직 추가

app/api/common-api/src/main/java/org/example/repository/RedisRepository.java → app/api/common-api/src/main/java/org/example/repository/TokenRepository.java

@@ -3,7 +3,9 @@
 import org.springframework.stereotype.Component;
 
 @Component
-public interface RedisRepository {
+public interface TokenRepository {
 
     void save(String userId, String refreshToken);
+
+    String getOldRefreshToken(String userId);
 }

app/api/common-api/src/main/java/org/example/security/token/JWTGenerator.java

@@ -4,6 +4,7 @@
 import java.util.Date;
 import lombok.RequiredArgsConstructor;
 import org.example.property.TokenProperty;
+import org.example.repository.TokenRepository;
 import org.example.security.dto.TokenParam;
 import org.example.security.dto.UserParam;
 import org.springframework.stereotype.Component;
@@ -13,12 +14,16 @@
 public class JWTGenerator {
 
     private final TokenProperty tokenProperty;
+    private final TokenRepository tokenRepository;
 
     public TokenParam generate(UserParam userParam, Date from) {
-        return TokenParam.builder()
+        TokenParam tokenParam = TokenParam.builder()
             .accessToken(createAccessToken(userParam, from))
             .refreshToken(createRefreshToken(userParam, from))
             .build();
+
+        tokenRepository.save(userParam.userId().toString(), tokenParam.refreshToken());
+        return tokenParam;
     }
 
     private String createAccessToken(UserParam userParam, Date from) {

app/api/common-api/src/main/java/org/example/security/token/RefreshTokenProcessor.java

@@ -3,9 +3,11 @@
 import jakarta.servlet.http.HttpServletRequest;
 import java.util.Date;
 import lombok.RequiredArgsConstructor;
-import org.example.repository.RedisRepository;
+import org.example.exception.BusinessException;
+import org.example.repository.TokenRepository;
 import org.example.security.dto.TokenParam;
 import org.example.security.dto.UserParam;
+import org.example.security.vo.TokenError;
 import org.springframework.stereotype.Component;
 
 @Component
@@ -14,17 +16,20 @@ public class RefreshTokenProcessor {
 
     private final JWTHandler jwtHandler;
     private final JWTGenerator jwtGenerator;
-    private final RedisRepository redisRepository;
+    private final TokenRepository tokenRepository;
 
     public TokenParam reissueToken(HttpServletRequest request) {
         String refreshToken = jwtHandler.extractRefreshToken(request);
         UserParam userParam = jwtHandler.extractUserFrom(refreshToken);
 
-        // 기존 redis의 Refresh토큰과 비교해서 맞는 refresh인지 확인 해야함
+        String oldRefreshToken = tokenRepository.getOldRefreshToken(userParam.userId().toString());
+        if (!refreshToken.equals(oldRefreshToken)) {
+            throw new BusinessException(TokenError.INVALID_TOKEN);
+        }
 
         TokenParam newTokenParam = jwtGenerator.generate(userParam, new Date());
 
-        redisRepository.save(userParam.userId().toString(), newTokenParam.refreshToken());
+        tokenRepository.save(userParam.userId().toString(), newTokenParam.refreshToken());
         return newTokenParam;
     }
 }

app/api/common-api/src/test/java/org/example/security/token/JWTGeneratorTest.java

@@ -1,10 +1,13 @@
 package org.example.security.token;
 
+import static org.mockito.Mockito.mock;
+
 import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.Jwts;
 import java.util.Date;
 import java.util.UUID;
 import org.example.property.TokenProperty;
+import org.example.repository.TokenRepository;
 import org.example.security.dto.TokenParam;
 import org.example.security.dto.UserParam;
 import org.example.vo.UserRoleApiType;
@@ -23,8 +26,8 @@ class JWTGeneratorTest {
         hour,
         twoWeeks
     );
-
-    JWTGenerator tokenGenerator = new JWTGenerator(tokenProperty);
+    TokenRepository tokenRepository = mock(TokenRepository.class);
+    JWTGenerator tokenGenerator = new JWTGenerator(tokenProperty, tokenRepository);
     UserParam userParam = new UserParam(
         UUID.randomUUID(),
         UserRoleApiType.USER

app/api/common-api/src/test/java/org/example/security/token/JWTHandlerTest.java

@@ -2,11 +2,13 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.Mockito.mock;
 
 import java.util.Date;
 import java.util.UUID;
 import org.example.exception.BusinessException;
 import org.example.property.TokenProperty;
+import org.example.repository.TokenRepository;
 import org.example.security.dto.TokenParam;
 import org.example.security.dto.UserParam;
 import org.example.security.vo.TokenError;
@@ -22,8 +24,9 @@ class JWTHandlerTest {
         3600000L,
         1209600000L
     );
+    TokenRepository tokenRepository = mock(TokenRepository.class);
     JWTHandler jwtHandler = new JWTHandler(tokenProperty);
-    JWTGenerator jwtGenerator = new JWTGenerator(tokenProperty);
+    JWTGenerator jwtGenerator = new JWTGenerator(tokenProperty, tokenRepository);
     UserParam userParam = new UserParam(
         UUID.randomUUID(),
         UserRoleApiType.USER

app/api/user-api/src/main/java/org/example/service/UserService.java

@@ -3,7 +3,6 @@
 import java.util.Date;
 import lombok.RequiredArgsConstructor;
 import org.example.entity.User;
-import org.example.repository.RedisRepository;
 import org.example.security.dto.TokenParam;
 import org.example.security.dto.UserParam;
 import org.example.security.token.JWTGenerator;
@@ -18,19 +17,16 @@ public class UserService {
 
     private final UserUseCase userUseCase;
     private final JWTGenerator jwtGenerator;
-    private final RedisRepository redisRepository;
+
 
     public TokenParam login(final LoginServiceRequest loginServiceRequest) {
         User createdUser = userUseCase.save(loginServiceRequest.toLoginServiceDto().toUser());
         UserParam userParam = UserParam.builder()
             .userId(createdUser.getId())
             .role(UserRoleApiType.valueOf(createdUser.getUserRole().name()))
             .build();
-        TokenParam tokenParam = jwtGenerator.generate(userParam, new Date());
-
-        redisRepository.save(userParam.userId().toString(), tokenParam.refreshToken());
 
-        return tokenParam;
+        return jwtGenerator.generate(userParam, new Date());
     }
 
     public String findNickname(final User user) {

app/infrastructure/redis/build.gradle

@@ -2,7 +2,6 @@ bootJar.enabled = false
 jar.enabled = true
 
 dependencies {
-    implementation project(":app:api:user-api")
     implementation project(":app:api:common-api")
 
     //redis

app/infrastructure/redis/src/main/java/org/example/repository/LettuceRedisRepository.java

@@ -7,12 +7,18 @@
 
 @Component
 @RequiredArgsConstructor
-public class LettuceRedisRepository implements RedisRepository {
+public class LettuceRedisRepository implements TokenRepository {
 
     private final StringRedisTemplate stringRedisTemplate;
 
+    @Override
     public void save(String userId, String refreshToken) {
         stringRedisTemplate.opsForValue().set("userId:" + userId, refreshToken, 14, TimeUnit.DAYS);
     }
 
+    @Override
+    public String getOldRefreshToken(String userId) {
+        return stringRedisTemplate.opsForValue().get("userId:" + userId);
+    }
+
 }