feat: token exception (작업중)

2024-08-02 16:07:27 +09:00 · 2024-08-02 16:07:27 +09:00 · d280424d55
commit d280424d55
parent 176a68dfb8
5 changed files with 52 additions and 21 deletions
--- a/backend/src/main/java/com/edufocus/edufocus/user/controller/UserController.java
+++ b/backend/src/main/java/com/edufocus/edufocus/user/controller/UserController.java
@ -4,6 +4,7 @@ import com.edufocus.edufocus.user.model.entity.InfoDto;
 import com.edufocus.edufocus.user.model.entity.PasswordDto;
 import com.edufocus.edufocus.user.model.entity.User;
 import com.edufocus.edufocus.user.model.exception.ExpriedTokenException;
 import com.edufocus.edufocus.user.model.exception.RefreshTokenExpiredException;
 import com.edufocus.edufocus.user.model.exception.UnAuthorizedException;
 import com.edufocus.edufocus.user.model.service.UserService;
 import com.edufocus.edufocus.user.util.JWTUtil;
@ -76,7 +77,7 @@ public class UserController {
            @RequestBody @Parameter(description = "로그인 시 필요한 회원정보(아이디, 비밀번호).", required = true) User user, HttpServletRequest request, HttpServletResponse response) {
        String token = request.getHeader("Authorization");
-        if(jwtUtil.checkToken(token)){
+        if(jwtUtil.checkToken(token, false)){
            return new ResponseEntity<>(HttpStatus.FORBIDDEN);
        }
@ -132,7 +133,7 @@ public class UserController {
        Map<String, Object> resultMap = new HashMap<>();
        HttpStatus status = HttpStatus.ACCEPTED;
-        if (jwtUtil.checkToken(request.getHeader("Authorization"))) {
+        if (jwtUtil.checkToken(request.getHeader("Authorization"), false)) {
            log.info("사용 가능한 토큰!!!");
            try {
                User member = userService.userInfo(userId);
@ -144,7 +145,7 @@ public class UserController {
                status = HttpStatus.INTERNAL_SERVER_ERROR;
            }
        } else {
-            System.out.println(jwtUtil.checkToken(request.getHeader("Authorization")));
+            System.out.println(jwtUtil.checkToken(request.getHeader("Authorization"), false));
            log.error("사용 불가능 토큰!!!");
            resultMap.put("message", "Unauthorized token");
            status = HttpStatus.UNAUTHORIZED;
@ -166,7 +167,7 @@ public class UserController {
        } catch (Exception e) {
            log.error("로그아웃 실패 : {}", e);
            resultMap.put("message", e.getMessage());
-            status = HttpStatus.INTERNAL_SERVER_ERROR;
+            status = HttpStatus.UNAUTHORIZED;
        }
        return new ResponseEntity<Map<String, Object>>(resultMap, status);
    }
@ -192,12 +193,16 @@ public class UserController {
            }
        }
        Long userId = Long.parseLong(jwtUtil.getUserId(token));
-
+        if(jwtUtil.isExpired(token)){
-        if (jwtUtil.checkToken(token)) {
+            throw new RefreshTokenExpiredException();
        }
-            if (token.equals(userService.getRefreshToken(userId))) {
+        try {
            if (token == null || jwtUtil.checkToken(token, true) || !token.equals(userService.getRefreshToken(userId))) {
                throw new RefreshTokenExpiredException();
            }
                String accessToken = jwtUtil.createAccessToken(String.valueOf(userId));
                String refreshToken = jwtUtil.createRefreshToken(String.valueOf(userId));
@ -219,11 +224,10 @@ public class UserController {
                System.out.println("바뀐 리프레쉬랑 지금꺼 비교 "+ refreshToken.equals(token));
                resultMap.put("access-token", accessToken);
                status = HttpStatus.CREATED;
-
+        } catch (Exception e) {
            }
        } else {
            log.debug("refresh token 도 사용 불가!!!!!!!");
-            status = HttpStatus.UNAUTHORIZED;
+            System.out.println("refresh token 도 사용 불가!!!!!!!");
            status = HttpStatus.FORBIDDEN;
        }
        return new ResponseEntity<Map<String, Object>>(resultMap, status);
    }
@ -235,7 +239,7 @@ public class UserController {
        HttpStatus status = HttpStatus.ACCEPTED;
        String token = request.getHeader("Authorization");
-        if (jwtUtil.checkToken(token)) {
+        if (jwtUtil.checkToken(token, false)) {
            String userId = jwtUtil.getUserId(token);
            log.info("사용 가능한 토큰!!! userId: {}", userId);
            try {
--- a/backend/src/main/java/com/edufocus/edufocus/user/model/exception/GlobalExceptionHandler.java
+++ b/backend/src/main/java/com/edufocus/edufocus/user/model/exception/GlobalExceptionHandler.java
@ -16,10 +16,16 @@ public class GlobalExceptionHandler {
        return new ResponseEntity<>(e.getMessage(), HttpStatus.BAD_REQUEST);
    }
-
+    //
    @ExceptionHandler(ExpriedTokenException.class)
    public ResponseEntity<String> handleInvalidTokenException(ExpriedTokenException e) {
        return new ResponseEntity<>(e.getMessage(), HttpStatus.UNAUTHORIZED);
    }
    @ExceptionHandler(RefreshTokenExpiredException.class)
    public ResponseEntity<String> handleInvalidTokenException(RefreshTokenExpiredException e) {
        return new ResponseEntity<>(e.getMessage(), HttpStatus.FORBIDDEN);
    }
 }
--- a/backend/src/main/java/com/edufocus/edufocus/user/model/exception/RefreshTokenExpiredException.java
+++ b/backend/src/main/java/com/edufocus/edufocus/user/model/exception/RefreshTokenExpiredException.java
@ -0,0 +1,9 @@
 package com.edufocus.edufocus.user.model.exception;
 public class RefreshTokenExpiredException  extends RuntimeException {
    private static final long serialVersionUID = 1L;
    public RefreshTokenExpiredException() {
        super("REFRESH TOKEN 만료\n다시 로그인을 하세요.");
    }
 }
--- a/backend/src/main/java/com/edufocus/edufocus/user/util/JWTUtil.java
+++ b/backend/src/main/java/com/edufocus/edufocus/user/util/JWTUtil.java
@ -6,6 +6,7 @@ import java.util.Map;
 import com.edufocus.edufocus.user.model.exception.ExpriedTokenException;
 import com.edufocus.edufocus.user.model.exception.InvalidTokenException;
 import com.edufocus.edufocus.user.model.exception.RefreshTokenExpiredException;
 import com.edufocus.edufocus.user.model.exception.UnAuthorizedException;
 import io.jsonwebtoken.*;
 import org.springframework.beans.factory.annotation.Value;
@ -65,11 +66,6 @@ public class JWTUtil {
                return false;
        }
        catch ( ExpiredJwtException e)
            {
                throw new ExpriedTokenException();
            }
        catch (Exception e) {
                System.out.println(token);
                System.out.println(e.getMessage());
@ -78,6 +74,20 @@ public class JWTUtil {
        }
    }
    public boolean isExpired(String token) {
        try {
            Jws<Claims> claims = Jwts.parserBuilder()
                    .setSigningKey(generateKey())
                    .build()
                    .parseClaimsJws(token);
            return false;
        }catch(ExpiredJwtException e){
            return true;
        }catch(Exception e){
            throw new InvalidTokenException();
        }
    }
    public String getUserId(String authorization) {
        try {
            Jws<Claims> claims = Jwts.parserBuilder()
--- a/backend/src/main/resources/application.properties
+++ b/backend/src/main/resources/application.properties
@ -16,10 +16,12 @@ livekit.api.secret=${LIVEKIT_API_SECRET:secret}
 jwt.salt=${SALT}
 # Access Token ?? ?? (??? ??)
-jwt.access-token.expiretime=3600000
+#jwt.access-token.expiretime=3600000
 jwt.access-token.expiretime=3000
 # Refresh Token ?? ?? (??? ??)
-jwt.refresh-token.expiretime=86400000
+jwt.refresh-token.expiretime=50400000
 #jwt.refresh-token.expiretime=4000
 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
 spring.datasource.url=${DATA_SOURCE_URL}
 spring.datasource.username=${USER_NAME}