Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR implements admin authentication by integrating Redis caching alongside JWT-based login/logout functionality for the Admin service following a pattern similar to the Member service.
- Added Redis configuration and properties for token caching.
- Introduced authentication endpoints with login, logout, and token reissue logic.
- Updated error codes and security configurations to support admin-specific authentication.
Reviewed Changes
Copilot reviewed 21 out of 21 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/main/resources/application.yml | Updated configuration to include redis settings. |
| src/main/java/com/doubleo/adminservice/infra/config/redis/RedisProperties.java | Added Redis properties as a record type. |
| src/main/java/com/doubleo/adminservice/infra/config/redis/RedisConfig.java | Configures Redis connection with Lettuce; consider braces in if. |
| src/main/java/com/doubleo/adminservice/infra/config/properties/PropertiesConfig.java | Enabled configuration properties binding for JWT and Redis. |
| src/main/java/com/doubleo/adminservice/infra/config/jwt/JwtProperties.java | Defined JWT properties using record with helper methods. |
| src/main/java/com/doubleo/adminservice/global/exception/errorcode/AdminErrorCode.java | Added new admin-specific error codes. |
| src/main/java/com/doubleo/adminservice/global/config/security/WebSecurityConfig.java | Configured web security with stateless session management. |
| src/main/java/com/doubleo/adminservice/domain/auth/service/JwtTokenServiceImpl.java | Implements token generation, refresh, and blacklist logic. |
| src/main/java/com/doubleo/adminservice/domain/auth/service/AuthServiceImpl.java | Implements admin login and logout with token handling. |
| src/main/java/com/doubleo/adminservice/domain/auth/controller/AuthController.java | Provides REST endpoints for authentication operations. |
| ... (other files supporting auth domain such as DTOs, repositories, and domain models) |
Comments suppressed due to low confidence (1)
src/main/java/com/doubleo/adminservice/domain/auth/controller/AuthController.java:78
- The reissueAccessTokenIfExpired method may return null if the token is not expired, which could lead to a NullPointerException in the subsequent header update. Consider handling the null case before using newAccessTokenDto.
AccessTokenDto newAccessTokenDto = jwtTokenService.reissueAccessTokenIfExpired(oldAccessToken);
Comment on lines
23
to
24
| if (!redisProperties.password().isBlank()) | ||
| redisStandaloneConfig.setPassword(redisProperties.password()); |
There was a problem hiding this comment.
Consider adding braces around the if-statement to improve readability and avoid potential errors in future modifications.
Suggested change
| if (!redisProperties.password().isBlank()) | |
| redisStandaloneConfig.setPassword(redisProperties.password()); | |
| if (!redisProperties.password().isBlank()) { | |
| redisStandaloneConfig.setPassword(redisProperties.password()); | |
| } |
| public LoginResponse loginAdmin(LoginRequest request) { | ||
| Admin admin = validateAdminByEmail(request.email()); | ||
| if (!encoder.matches(request.password(), admin.getPassword())) { | ||
| throw new CommonException(AdminErrorCode.ADMIN_NOT_FOUND); |
There was a problem hiding this comment.
[nitpick] Since an INVALID_PASSWORD error code already exists, consider using it instead of ADMIN_NOT_FOUND to more precisely indicate a password mismatch.
Suggested change
| throw new CommonException(AdminErrorCode.ADMIN_NOT_FOUND); | |
| throw new CommonException(AdminErrorCode.INVALID_PASSWORD); |
Contributor
Author
There was a problem hiding this comment.
Comment: 비밀번호&아이디 중 어느 것이 잘못되었는지, 외부 공격자에게 상세히 노출하지 않는게 좋다고 생각해서 로그인 로직에 한해 ADMIN_NOT_FOUND 코드로 통합해 걸어두었는데, 리뷰하시는 분들이 INVALID_PASSWORD로 구체화하는 것이 좋겠다는 의견 내시면 반영해서 수정하겠습니다.
midday2612
reviewed
May 3, 2025
src/main/java/com/doubleo/adminservice/domain/auth/dto/request/LoginRequest.java
Show resolved
Hide resolved
| public LoginResponse loginAdmin(LoginRequest request) { | ||
| Admin admin = validateAdminByEmail(request.email()); | ||
| if (!encoder.matches(request.password(), admin.getPassword())) { | ||
| throw new CommonException(AdminErrorCode.ADMIN_NOT_FOUND); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🔷 Jira Ticket ID
KW-33
📌 작업 내용 및 특이사항
📚 참고사항