From f387500e43a329b66823a77d77b49f31d10f5cd6 Mon Sep 17 00:00:00 2001 From: devmizz Date: Sat, 20 Jul 2024 16:58:29 +0900 Subject: [PATCH] feat: Reflect review --- .../main/java/org/example/filter/JWTFilter.java | 10 +--------- .../org/example/repository/TokenRepository.java | 6 +++--- .../org/example/security/token/JWTGenerator.java | 2 +- .../org/example/security/token/TokenProcessor.java | 10 +++++++--- .../main/java/org/example/service/UserService.java | 2 +- .../example/repository/LettuceRedisRepository.java | 14 +++++++------- 6 files changed, 20 insertions(+), 24 deletions(-) diff --git a/app/api/common-api/src/main/java/org/example/filter/JWTFilter.java b/app/api/common-api/src/main/java/org/example/filter/JWTFilter.java index 5aa7df64..48640f86 100644 --- a/app/api/common-api/src/main/java/org/example/filter/JWTFilter.java +++ b/app/api/common-api/src/main/java/org/example/filter/JWTFilter.java @@ -8,12 +8,10 @@ import java.io.IOException; import java.util.List; import lombok.RequiredArgsConstructor; -import org.example.exception.BusinessException; import org.example.repository.TokenRepository; import org.example.security.dto.AuthenticatedUser; import org.example.security.dto.TokenParam; import org.example.security.dto.UserParam; -import org.example.security.error.TokenError; import org.example.security.token.JWTHandler; import org.example.security.token.TokenProcessor; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; @@ -52,16 +50,10 @@ protected void doFilterInternal( private void handleAccessToken(HttpServletRequest request) { String accessToken = jwtHandler.extractAccessToken(request); UserParam userParam = jwtHandler.extractUserFrom(accessToken); - verifyAccessTokenBlacklist(userParam, accessToken); + tokenProcessor.verifyAccessTokenBlacklist(userParam, accessToken); saveOnSecurityContextHolder(userParam); } - private void verifyAccessTokenBlacklist(UserParam userParam, String accessKey) { - if (tokenRepository.existAccessToken(userParam.userId(), accessKey)) { - throw new BusinessException(TokenError.BLACKLIST_ACCESS_TOKEN); - } - } - private void saveOnSecurityContextHolder(UserParam userParam) { AuthenticatedUser authenticatedUser = AuthenticatedUser.builder() .userId(userParam.userId()) diff --git a/app/api/common-api/src/main/java/org/example/repository/TokenRepository.java b/app/api/common-api/src/main/java/org/example/repository/TokenRepository.java index c31a74c7..49e12493 100644 --- a/app/api/common-api/src/main/java/org/example/repository/TokenRepository.java +++ b/app/api/common-api/src/main/java/org/example/repository/TokenRepository.java @@ -9,11 +9,11 @@ public interface TokenRepository { void saveBlacklistAccessToken(UUID userId, String accessToken); - void saveRefreshToken(String userId, String refreshToken); + void saveRefreshToken(UUID userId, String refreshToken); Optional getExistRefreshToken(String userId); - boolean existAccessToken(UUID userId, String accessToken); + boolean existAccessTokenInBlacklist(UUID userId, String accessToken); - void delete(UUID userId); + void deleteRefreshToken(UUID userId); } diff --git a/app/api/common-api/src/main/java/org/example/security/token/JWTGenerator.java b/app/api/common-api/src/main/java/org/example/security/token/JWTGenerator.java index debc53a3..f02b117f 100644 --- a/app/api/common-api/src/main/java/org/example/security/token/JWTGenerator.java +++ b/app/api/common-api/src/main/java/org/example/security/token/JWTGenerator.java @@ -22,7 +22,7 @@ public TokenParam generate(UserParam userParam, Date from) { .refreshToken(createRefreshToken(userParam, from)) .build(); - tokenRepository.saveRefreshToken(userParam.userId().toString(), tokenParam.refreshToken()); + tokenRepository.saveRefreshToken(userParam.userId(), tokenParam.refreshToken()); return tokenParam; } diff --git a/app/api/common-api/src/main/java/org/example/security/token/TokenProcessor.java b/app/api/common-api/src/main/java/org/example/security/token/TokenProcessor.java index 9d476906..42af7012 100644 --- a/app/api/common-api/src/main/java/org/example/security/token/TokenProcessor.java +++ b/app/api/common-api/src/main/java/org/example/security/token/TokenProcessor.java @@ -5,7 +5,6 @@ import java.util.UUID; import lombok.RequiredArgsConstructor; import org.example.exception.BusinessException; -import org.example.property.TokenProperty; import org.example.repository.TokenRepository; import org.example.security.dto.TokenParam; import org.example.security.dto.UserParam; @@ -16,7 +15,6 @@ @RequiredArgsConstructor public class TokenProcessor { - private final TokenProperty tokenProperty; private final JWTHandler jwtHandler; private final JWTGenerator jwtGenerator; private final TokenRepository tokenRepository; @@ -33,12 +31,18 @@ public TokenParam reissueToken(HttpServletRequest request) { return jwtGenerator.generate(userParam, new Date()); } + public void verifyAccessTokenBlacklist(UserParam userParam, String accessKey) { + if (tokenRepository.existAccessTokenInBlacklist(userParam.userId(), accessKey)) { + throw new BusinessException(TokenError.BLACKLIST_ACCESS_TOKEN); + } + } + public void makeAccessTokenBlacklistAndDeleteRefreshToken( String accessToken, UUID userId ) { tokenRepository.saveBlacklistAccessToken(userId, accessToken); - tokenRepository.delete(userId); + tokenRepository.deleteRefreshToken(userId); } private String getExistRefreshToken(UserParam userParam) { diff --git a/app/api/user-api/src/main/java/org/example/service/UserService.java b/app/api/user-api/src/main/java/org/example/service/UserService.java index c112a771..29ec7aa5 100644 --- a/app/api/user-api/src/main/java/org/example/service/UserService.java +++ b/app/api/user-api/src/main/java/org/example/service/UserService.java @@ -23,7 +23,7 @@ public class UserService { private final JWTGenerator jwtGenerator; private final TokenProcessor tokenProcessor; - public TokenParam login(final LoginServiceRequest loginServiceRequest) { + public TokenParam login(LoginServiceRequest loginServiceRequest) { User user = getUser(loginServiceRequest); var userParam = UserParam.from(user); diff --git a/app/infrastructure/redis/src/main/java/org/example/repository/LettuceRedisRepository.java b/app/infrastructure/redis/src/main/java/org/example/repository/LettuceRedisRepository.java index 4947de55..19459581 100644 --- a/app/infrastructure/redis/src/main/java/org/example/repository/LettuceRedisRepository.java +++ b/app/infrastructure/redis/src/main/java/org/example/repository/LettuceRedisRepository.java @@ -16,13 +16,13 @@ public class LettuceRedisRepository implements TokenRepository { @Override public void saveBlacklistAccessToken(UUID userId, String accessToken) { stringRedisTemplate.opsForValue() - .set("AT:" + accessToken, userId.toString(), 14, TimeUnit.DAYS); + .set("AT:" + userId.toString(), accessToken, 1, TimeUnit.HOURS); } @Override - public void saveRefreshToken(String userId, String refreshToken) { + public void saveRefreshToken(UUID userId, String refreshToken) { stringRedisTemplate.opsForValue() - .set("RT:" + userId, refreshToken, 14, TimeUnit.DAYS); + .set("RT:" + userId.toString(), refreshToken, 14, TimeUnit.DAYS); } @Override @@ -31,17 +31,17 @@ public Optional getExistRefreshToken(String userId) { } @Override - public boolean existAccessToken(UUID userId, String accessToken) { - String existAccessKey = stringRedisTemplate.opsForValue().get("AT:" + accessToken); + public boolean existAccessTokenInBlacklist(UUID userId, String accessToken) { + String existAccessKey = stringRedisTemplate.opsForValue().get("AT:" + userId); if (existAccessKey == null) { return false; } - return existAccessKey.equals(userId.toString()); + return existAccessKey.equals(accessToken); } @Override - public void delete(UUID userId) { + public void deleteRefreshToken(UUID userId) { stringRedisTemplate.delete("RT:" + userId); } }