Merge pull request #201 from kakao-tech-campus-2nd-step3/Weekly

10주차 산출물(Weekly -> Develop)

.github/workflows/deploy.yml

@@ -19,5 +19,7 @@ jobs:
           ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
 
       - name: Run deployment script on server
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
         run: |
-          ssh -o StrictHostKeyChecking=no ubuntu@${{ secrets.SERVER_IP }} 'bash /home/ubuntu/deploy.sh'
+          ssh -o StrictHostKeyChecking=no ubuntu@${{ secrets.SERVER_IP }} "SLACK_WEBHOOK_URL=${{ secrets.SLACK_WEBHOOK_URL }} bash /home/ubuntu/deploy.sh"

.github/workflows/testcode.yml

@@ -19,6 +19,20 @@ jobs:
           --health-interval 10s
           --health-timeout 5s
           --health-retries 5
+      mysql:
+        image: mysql:8.0
+        ports:
+          - 3306:3306
+        env:
+          MYSQL_DATABASE: ${{ secrets.MYSQL_DATABASE }}
+          MYSQL_USER: ${{ secrets.MYSQL_USERNAME }}
+          MYSQL_PASSWORD: ${{ secrets.MYSQL_PASSWORD }}
+          MYSQL_ROOT_PASSWORD: ${{ secrets.MYSQL_ROOT_PASSWORD }}
+        options: >-
+          --health-cmd "mysqladmin ping --silent"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
 
     steps:
       - name: Checkout code
@@ -32,5 +46,12 @@ jobs:
 
       - name: Run Tests
         env:
+          SPRING_DATASOURCE_URL: ${{ secrets.MYSQL_URL }}
+          SPRING_DATASOURCE_USERNAME: ${{ secrets.MYSQL_USERNAME }}
+          SPRING_DATASOURCE_PASSWORD: ${{ secrets.MYSQL_PASSWORD }}
+          SPRING_JPA_HIBERNATE_DDL_AUTO: "update"
           JWT_SECRET: ${{ secrets.JWT_SECRET }}
+          SLACK_NOTICE_WEBHOOK_URL: ${{ secrets.SLACK_NOTICE_WEBHOOK_URL }}
+          SLACK_CHARGE_REQUEST_URL: ${{ secrets.SLACK_CHARGE_REQUEST_URL }}
+          SLACK_WITHDRAW_REQUEST_URL: ${{ secrets.SLACK_WITHDRAW_REQUEST_URL }}
         run: ./gradlew test

build.gradle

@@ -24,14 +24,17 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-validation'
     implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
     implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.6.0'
-    runtimeOnly 'com.h2database:h2'
     implementation 'io.jsonwebtoken:jjwt-api:0.11.2'
     implementation 'io.jsonwebtoken:jjwt-impl:0.11.2'
     implementation 'io.jsonwebtoken:jjwt-jackson:0.11.2'
     implementation group: 'com.twilio.sdk', name: 'twilio', version: '10.5.0'
     implementation 'org.springframework.boot:spring-boot-starter-data-redis'
     implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
     implementation 'org.apache.httpcomponents.client5:httpclient5:5.2.1'
+    implementation 'org.springframework.boot:spring-boot-starter-actuator'
+    implementation 'ch.qos.logback:logback-classic:1.4.12'
+    runtimeOnly 'com.mysql:mysql-connector-j'
+    testImplementation 'mysql:mysql-connector-java:8.0.33'
 }
 
 tasks.named('test') {

src/main/java/com/example/sinitto/auth/controller/AuthController.java

@@ -56,4 +56,10 @@ public ResponseEntity<LoginResponse> kakaoCallback(@RequestParam("code") String
         return ResponseEntity.ok().body(loginResponse);
     }
 
+    @Operation(summary = "Redis안의 모든 데이터 제거", description = "발급된 refreshToken을 사용하지 못하게 Redis 안의 모든 데이터를 제거합니다.")
+    @DeleteMapping("/redis")
+    public ResponseEntity<Void> deleteAllDataFromRedis(){
+        tokenService.deleteAllDataFromRedis();
+        return new ResponseEntity<>(HttpStatus.OK);
+    }
 }

src/main/java/com/example/sinitto/auth/dto/KakaoTokenResponse.java

@@ -4,14 +4,17 @@
 import com.fasterxml.jackson.databind.PropertyNamingStrategies;
 import com.fasterxml.jackson.databind.annotation.JsonNaming;
 import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Positive;
 
 @JsonNaming(value = PropertyNamingStrategies.SnakeCaseStrategy.class)
 public record KakaoTokenResponse(
         String accessToken,
         String refreshToken,
         @NotNull
+        @Positive
         int expiresIn,
         @NotNull
+        @Positive
         int refreshTokenExpiresIn
 
 ) {

src/main/java/com/example/sinitto/auth/service/KakaoApiService.java

@@ -19,6 +19,8 @@ public class KakaoApiService {
 
     private static final String KAKAO_AUTH_BASE_URL = "https://kauth.kakao.com/oauth";
     private static final String KAKAO_API_BASE_URL = "https://kapi.kakao.com/v2/user";
+    private static final String LOCALHOST_URL = "localhost:5173";
+
     private final RestTemplate restTemplate;
     private final KakaoProperties kakaoProperties;
 
@@ -34,9 +36,9 @@ public String getAuthorizationUrl(HttpServletRequest httpServletRequest) {
         }
         String redirectUri;
 
-        if (requestUrl.contains("localhost:5173")) {
+        if (requestUrl.contains(LOCALHOST_URL)) {
             redirectUri = kakaoProperties.devRedirectUri();
-        } else if (requestUrl.contains("sinitto.s3-website.ap-northeast-2.amazonaws.com")) {
+        } else if (requestUrl.contains(kakaoProperties.frontUriWithoutHttps())) {
             redirectUri = kakaoProperties.redirectUri();
         } else {
             throw new BadRequestException("해당 도메인에서는 카카오 로그인이 불가합니다. requestUrl : " + requestUrl);
@@ -57,9 +59,9 @@ public KakaoTokenResponse getAccessToken(String authorizationCode, HttpServletRe
         }
         String redirectUri;
 
-        if (requestUrl.contains("localhost:5173")) {
+        if (requestUrl.contains(LOCALHOST_URL)) {
             redirectUri = kakaoProperties.devRedirectUri();
-        } else if (requestUrl.contains("sinitto.s3-website.ap-northeast-2.amazonaws.com")) {
+        } else if (requestUrl.contains(kakaoProperties.frontUriWithoutHttps())) {
             redirectUri = kakaoProperties.redirectUri();
         } else {
             throw new BadRequestException("해당 도메인에서는 카카오 로그인이 불가합니다. requestUrl : " + requestUrl);

src/main/java/com/example/sinitto/auth/service/KakaoTokenService.java

@@ -3,8 +3,7 @@
 import com.example.sinitto.auth.dto.KakaoTokenResponse;
 import com.example.sinitto.auth.entity.KakaoToken;
 import com.example.sinitto.auth.repository.KakaoTokenRepository;
-import com.example.sinitto.common.exception.NotFoundException;
-import com.example.sinitto.common.exception.UnauthorizedException;
+import com.example.sinitto.common.exception.InvalidJwtException;
 import jakarta.transaction.Transactional;
 import org.springframework.stereotype.Service;
 
@@ -36,11 +35,15 @@ public void saveKakaoToken(String email, KakaoTokenResponse kakaoTokenResponse)
     @Transactional
     public String getValidAccessTokenInServer(String email) {
         KakaoToken kakaoToken = kakaoTokenRepository.findByMemberEmail(email)
-                .orElseThrow(() -> new NotFoundException("email에 해당하는 카카오 토큰이 없습니다."));
+                .orElse(null);
+
+        if (kakaoToken == null) {
+            return null;
+        }
 
         if (kakaoToken.isAccessTokenExpired()) {
             if (kakaoToken.isRefreshTokenExpired()) {
-                throw new UnauthorizedException("카카오 리프레쉬 토큰이 만료되었습니다. 카카오 재 로그인 필요");
+                throw new InvalidJwtException("카카오 리프레쉬 토큰이 만료되었습니다. 카카오 재 로그인 필요");
             }
             KakaoTokenResponse kakaoTokenResponse = kakaoApiService.refreshAccessToken(kakaoToken.getRefreshToken());
             kakaoToken.updateKakaoToken(kakaoTokenResponse.accessToken(), kakaoTokenResponse.refreshToken(), kakaoTokenResponse.expiresIn(), kakaoTokenResponse.refreshTokenExpiresIn());

src/main/java/com/example/sinitto/auth/service/TokenService.java

@@ -1,13 +1,12 @@
 package com.example.sinitto.auth.service;
 
 import com.example.sinitto.auth.dto.TokenResponse;
-import com.example.sinitto.common.exception.AccessTokenExpiredException;
-import com.example.sinitto.common.exception.InvalidJwtException;
-import com.example.sinitto.common.exception.RefreshTokenStolenException;
+import com.example.sinitto.common.exception.*;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.redis.connection.DataType;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.stereotype.Service;
 
@@ -20,13 +19,14 @@
 @Service
 public class TokenService {
 
-    private static final long ACCESS_TEN_HOURS = 1000 * 60 * 60 * 10;
+    private static final long ACCESS_FIVE_MINUTES = 1000 * 60 * 5;
+
     private static final long REFRESH_SEVEN_DAYS = 1000 * 60 * 60 * 24 * 7;
 
     private final Key secretKey;
-    private final RedisTemplate<String, String> redisTemplate;
+    private final RedisTemplate<String, Object> redisTemplate;
 
-    public TokenService(@Value("${jwt.secret}") String secretKey, RedisTemplate<String, String> redisTemplate) {
+    public TokenService(@Value("${jwt.secret}") String secretKey, RedisTemplate<String, Object> redisTemplate) {
         byte[] decodedKey = Base64.getDecoder().decode(secretKey);
         this.secretKey = new SecretKeySpec(decodedKey, 0, decodedKey.length, "HmacSHA256");
         this.redisTemplate = redisTemplate;
@@ -35,48 +35,74 @@ public TokenService(@Value("${jwt.secret}") String secretKey, RedisTemplate<Stri
     public String generateAccessToken(String email) {
         return Jwts.builder()
                 .setSubject(email)
+                .claim("tokenType", "access")
                 .setIssuedAt(new Date())
-                .setExpiration(new Date(System.currentTimeMillis() + ACCESS_TEN_HOURS))
+                .setExpiration(new Date(System.currentTimeMillis() + ACCESS_FIVE_MINUTES))
                 .signWith(secretKey, SignatureAlgorithm.HS256)
                 .compact();
     }
 
     public String generateRefreshToken(String email) {
+        DataType keyType = redisTemplate.type(email);
+        if (keyType != null && keyType != DataType.HASH) {
+            redisTemplate.delete(email);
+        }
         String refreshToken = Jwts.builder()
                 .setSubject(email)
+                .claim("tokenType", "refresh")
                 .setIssuedAt(new Date())
                 .setExpiration(new Date(System.currentTimeMillis() + REFRESH_SEVEN_DAYS))
                 .signWith(secretKey, SignatureAlgorithm.HS256)
                 .compact();
 
-        redisTemplate.opsForValue().set(email, refreshToken, REFRESH_SEVEN_DAYS, TimeUnit.MILLISECONDS);
+        redisTemplate.opsForHash().put(email, "refreshToken", refreshToken);
+        redisTemplate.opsForHash().put(email, "createdAt", System.currentTimeMillis());
+
+        redisTemplate.expire(email, REFRESH_SEVEN_DAYS, TimeUnit.MILLISECONDS);
         return refreshToken;
     }
 
 
-    public String extractEmail(String token) {
-        Claims claims;
+    public String extractEmailFromAccessToken(String accessToken) {
+        Claims claims = parseClaims(accessToken);
+        if (!"access".equals(claims.get("tokenType", String.class))) {
+            throw new BadRequestException("사용된 토큰이 엑세스 토큰이 아닙니다. 요청하신 로직에서는 엑세스 토큰으로만 처리가 가능합니다.");
+        }
+        if (claims.getExpiration().before(new Date())) {
+            throw new AccessTokenExpiredException("액세스 토큰이 만료되었습니다. 리프레시 토큰으로 다시 액세스 토큰을 발급받으세요.");
+        }
+        return claims.getSubject();
+    }
+
+    public String extractEmailFromRefreshToken(String refreshToken) {
+        Claims claims = parseClaims(refreshToken);
+        if (!"refresh".equals(claims.get("tokenType", String.class))) {
+            throw new BadRequestException("해당 토큰은 리프레쉬 토큰이 아닙니다. 요청하신 로직에서는 리프레쉬 토큰만 사용이 가능합니다.");
+        }
+        return claims.getSubject();
+    }
+
+    private Claims parseClaims(String token) {
         try {
-            claims = Jwts.parserBuilder()
+            return Jwts.parserBuilder()
                     .setSigningKey(secretKey)
                     .build()
                     .parseClaimsJws(token)
                     .getBody();
         } catch (Exception e) {
-            throw new InvalidJwtException(e.getMessage());
-        }
-
-        if (claims.getExpiration().before(new Date())) {
-            throw new AccessTokenExpiredException("액세스 토큰이 만료되었습니다. 리프레시 토큰으로 다시 액세스 토큰을 발급받으세요.");
+            throw new AccessTokenExpiredException(e.getMessage());
         }
-
-        return claims.getSubject();
     }
 
     public TokenResponse refreshAccessToken(String refreshToken) {
-        String email = extractEmail(refreshToken);
+        String email = extractEmailFromRefreshToken(refreshToken);
+
+        String storedRefreshToken = (String) redisTemplate.opsForHash().get(email, "refreshToken");
+        Long createdAt = Long.parseLong((String) redisTemplate.opsForHash().get(email, "createdAt"));
 
-        String storedRefreshToken = redisTemplate.opsForValue().get(email);
+        if (((System.currentTimeMillis() - createdAt) / 1000 / 60) < 1) {
+            throw new ConflictException("1분 이내에 발급받은 refresh Token이 있습니다.");
+        }
 
         if (storedRefreshToken == null) {
             throw new InvalidJwtException("토큰이 만료되었습니다. 재로그인이 필요합니다.");
@@ -93,4 +119,11 @@ public TokenResponse refreshAccessToken(String refreshToken) {
 
         return new TokenResponse(newAccessToken, newRefreshToken);
     }
+
+    public void deleteAllDataFromRedis(){
+        redisTemplate.getConnectionFactory()
+                .getConnection()
+                .serverCommands()
+                .flushAll();
+    }
 }

src/main/java/com/example/sinitto/callback/repository/CallbackRepository.java

@@ -20,7 +20,7 @@ public interface CallbackRepository extends JpaRepository<Callback, Long> {
 
     Page<Callback> findAllBySeniorIn(List<Senior> seniors, Pageable pageable);
 
-    List<Callback> findAllByStatusAndPendingCompleteTimeBefore(Callback.Status status, LocalDateTime dateTime);
+    List<Callback> findAllByStatusAndPendingCompleteTimeBetween(Callback.Status status, LocalDateTime startDateTime, LocalDateTime endDateTime);
 
     boolean existsBySeniorAndStatusIn(Senior senior, List<Callback.Status> statuses);
 }