[fix] 소셜 로그인 오류 수정 (#47)

* [fix] only authenticated by access token

* [fix] fix encoding method for secret key

* [refac] delete unnecessary code

* [refac] delete unnecessary code

* [chore] update yml

src/main/java/org/hankki/hankkiserver/api/auth/service/AuthService.java

@@ -51,12 +51,12 @@ public UserLoginResponse login(
         return UserLoginResponse.of(issuedToken, isRegistered);
     }
 
-    public void logOut(final long userId) {
+    public void logOut(final Long userId) {
         UserInfo findUserInfo = userInfoFinder.getUserInfo(userId);
         findUserInfo.updateRefreshToken(null);
     }
 
-    public void withdraw(final long userId, final String code) {
+    public void withdraw(final Long userId, final String code) {
         User user = userFinder.getUser(userId);
         if (APPLE == user.getPlatform()){
             try {
@@ -72,21 +72,26 @@ public void withdraw(final long userId, final String code) {
 
     @Transactional(noRollbackFor = UnauthorizedException.class)
     public UserReissueResponse reissue(final String refreshToken) {
-        long userId = jwtProvider.getSubject(refreshToken.substring(BEARER.length()));
+        Long userId = jwtProvider.getSubject(refreshToken.substring(BEARER.length()));
         validateRefreshToken(refreshToken, userId);
         UserInfo findUserInfo = userInfoFinder.getUserInfo(userId);
-        Token issuedTokens = jwtProvider.issueTokens(userId);
+        Token issuedTokens = jwtProvider.issueTokens(userId, getUserRole(userId));
         findUserInfo.updateRefreshToken(issuedTokens.refreshToken());
         return UserReissueResponse.of(issuedTokens);
     }
 
-    private Token generateTokens(final long userId) {
-        Token issuedTokens = jwtProvider.issueTokens(userId);
+    private Token generateTokens(final Long userId) {
+        String role = userFinder.getUser(userId).getUserRole().getValue();
+        Token issuedTokens = jwtProvider.issueTokens(userId, getUserRole(userId));
         UserInfo findUserInfo = userInfoFinder.getUserInfo(userId);
         findUserInfo.updateRefreshToken(issuedTokens.refreshToken());
         return issuedTokens;
     }
 
+    private String getUserRole(Long userId) {
+        return userFinder.getUser(userId).getUserRole().getValue();
+    }
+
     private SocialInfoDto getSocialInfo(
             final String providerToken,
             final Platform platform,
@@ -119,8 +124,7 @@ private User updateUserInfo(final User user) {
     }
 
     private String getRefreshToken(final Long userId) {
-        return userInfoFinder.getUserInfo(userId)
-                .getRefreshToken();
+        return userInfoFinder.getUserInfo(userId).getRefreshToken();
     }
 
     private void saveUserAndUserInfo(final User user) {
@@ -129,7 +133,7 @@ private void saveUserAndUserInfo(final User user) {
         userInfoSaver.saveUserInfo(userInfo);
     }
 
-    private void validateRefreshToken(final String refreshToken, final long userId) {
+    private void validateRefreshToken(final String refreshToken, final Long userId) {
         try {
             jwtValidator.validateRefreshToken(refreshToken);
             String storedRefreshToken = getRefreshToken(userId);

src/main/java/org/hankki/hankkiserver/auth/JwtAuthenticationEntryPoint.java

@@ -12,33 +12,25 @@
 import org.springframework.stereotype.Component;
 
 import java.io.IOException;
-import java.io.PrintWriter;
 
 @Component
 public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
 
     private final ObjectMapper objectMapper = new ObjectMapper();
 
     @Override
-    public void commence(
-            HttpServletRequest request,
-            HttpServletResponse response,
-            AuthenticationException authException) throws IOException {
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException {
         handleException(response);
     }
 
     private void handleException(HttpServletResponse response) throws IOException {
         setResponse(response, HttpStatus.UNAUTHORIZED, AuthErrorCode.UNAUTHORIZED);
     }
 
-    private void setResponse(
-            HttpServletResponse response,
-            HttpStatus httpStatus,
-            AuthErrorCode authErrorCode) throws IOException {
+    private void setResponse(HttpServletResponse response, HttpStatus httpStatus, AuthErrorCode authErrorCode) throws IOException {
         response.setContentType(MediaType.APPLICATION_JSON_VALUE);
         response.setCharacterEncoding("utf-8");
         response.setStatus(httpStatus.value());
-        PrintWriter writer = response.getWriter();
-        writer.write(objectMapper.writeValueAsString(HankkiResponse.fail(authErrorCode)));
+        response.getWriter().write(objectMapper.writeValueAsString(HankkiResponse.fail(authErrorCode)));
     }
 }

src/main/java/org/hankki/hankkiserver/auth/filter/JwtAuthenticationFilter.java

@@ -9,6 +9,7 @@
 import org.hankki.hankkiserver.auth.jwt.JwtProvider;
 import org.hankki.hankkiserver.auth.jwt.JwtValidator;
 import org.hankki.hankkiserver.common.code.AuthErrorCode;
+import org.hankki.hankkiserver.common.code.ErrorCode;
 import org.hankki.hankkiserver.common.exception.UnauthorizedException;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -29,10 +30,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
     private final JwtProvider jwtProvider;
 
     @Override
-    protected void doFilterInternal(
-            HttpServletRequest request,
-            HttpServletResponse response,
-            FilterChain filterChain) throws ServletException, IOException {
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
         final String accessToken = getAccessToken(request);
         jwtValidator.validateAccessToken(accessToken);
         doAuthentication(request, jwtProvider.getSubject(accessToken));

src/main/java/org/hankki/hankkiserver/auth/jwt/JwtGenerator.java

@@ -1,9 +1,6 @@
 package org.hankki.hankkiserver.auth.jwt;
 
-import io.jsonwebtoken.Header;
-import io.jsonwebtoken.JwtParser;
-import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.*;
 import io.jsonwebtoken.security.Keys;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
@@ -22,12 +19,20 @@ public class JwtGenerator {
     @Value("${jwt.refresh-token-expiration}")
     private long REFRESH_TOKEN_EXPIRE_TIME;
 
-    public String generateToken(Long userId, boolean isAccessToken) {
+    public static final String USER_ROLE_CLAIM_NAME = "role";
+
+    public String generateToken(Long userId, String role, boolean isAccessToken) {
         final Date now = generateNowDate();
         final Date expiration = generateExpirationDate(isAccessToken, now);
+
+        Claims claims = Jwts.claims().setSubject(String.valueOf(userId));
+        if (isAccessToken) {
+            claims.put(USER_ROLE_CLAIM_NAME, role);
+        }
+
         return Jwts.builder()
                 .setHeaderParam(Header.TYPE, Header.JWT_TYPE)
-                .setSubject(String.valueOf(userId))
+                .setClaims(claims)
                 .setIssuedAt(now)
                 .setExpiration(expiration)
                 .signWith(getSigningKey(), SignatureAlgorithm.HS256)
@@ -49,7 +54,8 @@ private Date generateExpirationDate(boolean isAccessToken, Date now) {
     }
 
     private Key getSigningKey() {
-        return Keys.hmacShaKeyFor(encodeSecretKey().getBytes());
+        byte[] keyBytes = Base64.getDecoder().decode(JWT_SECRET);
+        return Keys.hmacShaKeyFor(keyBytes);
     }
 
     private long calculateExpirationTime(boolean isAccessToken) {
@@ -58,10 +64,4 @@ private long calculateExpirationTime(boolean isAccessToken) {
         }
         return REFRESH_TOKEN_EXPIRE_TIME;
     }
-
-    private String encodeSecretKey() {
-        return Base64.getEncoder()
-                .encodeToString(JWT_SECRET.getBytes());
-    }
 }
-

src/main/java/org/hankki/hankkiserver/auth/jwt/JwtProvider.java

@@ -10,9 +10,9 @@ public class JwtProvider {
 
     private final JwtGenerator jwtGenerator;
 
-    public Token issueTokens(Long userId) {
-        return Token.of(jwtGenerator.generateToken(userId, true),
-                jwtGenerator.generateToken(userId, false));
+    public Token issueTokens(Long userId, String role) {
+        return Token.of(jwtGenerator.generateToken(userId, role, true),
+                jwtGenerator.generateToken(userId, role, false));
     }
 
     public Long getSubject(String token) {

src/main/java/org/hankki/hankkiserver/auth/jwt/JwtValidator.java

@@ -1,12 +1,14 @@
 package org.hankki.hankkiserver.auth.jwt;
 
+import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.ExpiredJwtException;
-import io.jsonwebtoken.JwtParser;
 import lombok.RequiredArgsConstructor;
 import org.hankki.hankkiserver.common.code.AuthErrorCode;
 import org.hankki.hankkiserver.common.exception.UnauthorizedException;
 import org.springframework.stereotype.Component;
 
+import java.net.URI;
+
 import static org.hankki.hankkiserver.auth.filter.JwtAuthenticationFilter.BEARER;
 
 @RequiredArgsConstructor
@@ -17,7 +19,10 @@ public class JwtValidator {
 
     public void validateAccessToken(String accessToken) {
         try {
-            parseToken(accessToken);
+            String role = parseToken(accessToken).get(JwtGenerator.USER_ROLE_CLAIM_NAME, String.class);
+            if (role == null) {
+                throw new UnauthorizedException(AuthErrorCode.INVALID_ACCESS_TOKEN_VALUE);
+            }
         } catch (ExpiredJwtException e) {
             throw new UnauthorizedException(AuthErrorCode.EXPIRED_ACCESS_TOKEN);
         } catch (Exception e) {
@@ -27,6 +32,7 @@ public void validateAccessToken(String accessToken) {
 
     public void validateRefreshToken(final String refreshToken) {
         try {
+            System.out.println("refreshToken" + refreshToken);
             parseToken(getToken(refreshToken));
         } catch (ExpiredJwtException e) {
             throw new UnauthorizedException(AuthErrorCode.EXPIRED_REFRESH_TOKEN);
@@ -43,15 +49,14 @@ public void equalsRefreshToken(
         }
     }
 
-    private void parseToken(String token) {
-        JwtParser jwtParser = jwtGenerator.getJwtParser();
-        jwtParser.parseClaimsJws(token);
-    }
-
     private String getToken(final String refreshToken) {
         if (refreshToken.startsWith(BEARER)) {
             return refreshToken.substring(BEARER.length());
         }
         throw new UnauthorizedException(AuthErrorCode.MISSING_BEARER_PREFIX);
     }
+
+    private Claims parseToken(final String token) {
+        return jwtGenerator.getJwtParser().parseClaimsJws(token).getBody();
+    }
 }

src/main/java/org/hankki/hankkiserver/common/exception/UnauthorizedException.java

@@ -1,7 +1,6 @@
 package org.hankki.hankkiserver.common.exception;
 
 import lombok.Getter;
-import org.hankki.hankkiserver.common.code.AuthErrorCode;
 import org.hankki.hankkiserver.common.code.ErrorCode;
 
 @Getter
@@ -12,6 +11,5 @@ public UnauthorizedException(ErrorCode errorCode) {
         super(errorCode.getMessage());
         this.errorCode = errorCode;
     }
-
 }