Skip to content

Commit

Permalink
feat :: 외부 발급 토큰 인증
Browse files Browse the repository at this point in the history
  • Loading branch information
@4mjeo
4mjeo committed Mar 2, 2024
1 parent fe3604a commit d024681
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 33 deletions.
25 changes: 14 additions & 11 deletions src/main/kotlin/com/example/mergebackend/global/config/filter/TokenFilter.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,27 +2,30 @@ package com.example.mergebackend.global.config.filter

import com.example.mergebackend.global.config.jwt.JwtTokenResolver
import com.example.mergebackend.global.config.jwt.TokenProvider
import com.example.mergebackend.global.config.security.principal.AuthDetails
import com.example.mergebackend.global.config.security.principal.AuthDetailsService
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.context.SecurityContextHolder
import org.springframework.web.filter.OncePerRequestFilter
import javax.servlet.FilterChain
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse

class TokenFilter(
private val tokenResolver: JwtTokenResolver,
private val tokenProvider: TokenProvider
): OncePerRequestFilter() {
private val tokenResolver: JwtTokenResolver,
private val tokenProvider: TokenProvider
) : OncePerRequestFilter() {

@Throws(Exception::class)
override fun doFilterInternal(
request: HttpServletRequest,
response: HttpServletResponse,
filterChain: FilterChain
request: HttpServletRequest,
response: HttpServletResponse,
filterChain: FilterChain
) {
tokenResolver.resolveToken(request)
?.let {
SecurityContextHolder.getContext().authentication = tokenProvider.getAuthentication(it)
}
tokenResolver.resolveToken(request)?.let { token ->
val authentication = tokenProvider.getAuthentication(token)
SecurityContextHolder.getContext().authentication = authentication
}
filterChain.doFilter(request, response)
}
}
}
49 changes: 27 additions & 22 deletions src/main/kotlin/com/example/mergebackend/global/config/jwt/TokenProvider.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package com.example.mergebackend.global.config.jwt
import com.example.mergebackend.domain.auth.entity.RefreshToken
import com.example.mergebackend.domain.auth.presentation.dto.response.TokenResponse
import com.example.mergebackend.domain.auth.repository.RefreshTokenRepository
import com.example.mergebackend.domain.user.service.UserService
import com.example.mergebackend.global.config.error.exception.ExpiredTokenException
import com.example.mergebackend.global.config.error.exception.InvalidTokenException
import com.example.mergebackend.global.config.security.principal.AuthDetails
Expand All @@ -20,17 +21,18 @@ import java.util.*

@Component
class TokenProvider(
private val refreshTokenRepository: RefreshTokenRepository,
private val property: TokenProperty,
private val authDetailsService: AuthDetailsService
private val refreshTokenRepository: RefreshTokenRepository,
private val property: TokenProperty,
private val authDetailsService: AuthDetailsService,
private val userService: UserService
) {
private fun generateAccessToken(sub: String): String {
return Jwts.builder()
.signWith(SignatureAlgorithm.HS256, property.secretKey)
.setSubject(sub)
.setIssuedAt(Date())
.setExpiration(Date(Date().time.plus(property.accessExp)))
.compact()
.signWith(SignatureAlgorithm.HS256, property.secretKey)
.setSubject(sub)
.setIssuedAt(Date())
.setExpiration(Date(Date().time.plus(property.accessExp)))
.compact()
}

private fun generateRefreshToken(sub: String): String {
Expand All @@ -41,30 +43,30 @@ class TokenProvider(
}

val refreshToken = Jwts.builder()
.signWith(SignatureAlgorithm.HS256, property.secretKey)
.setIssuedAt(Date())
.setExpiration(Date(Date().time.plus(property.refreshExp)))
.compact()
.signWith(SignatureAlgorithm.HS256, property.secretKey)
.setIssuedAt(Date())
.setExpiration(Date(Date().time.plus(property.refreshExp)))
.compact()

refreshTokenRepository.save(RefreshToken(refreshToken, sub))

return refreshToken
}

fun receiveToken(sub: String) = TokenResponse(
generateAccessToken(sub),
getExp(property.accessExp),
generateRefreshToken(sub),
getExp(property.refreshExp)
generateAccessToken(sub),
getExp(property.accessExp),
generateRefreshToken(sub),
getExp(property.refreshExp)
)

private fun getExp(exp: Long) = LocalDateTime.now().withNano(0).plusSeconds(exp/1000)
private fun getExp(exp: Long) = LocalDateTime.now().withNano(0).plusSeconds(exp / 1000)

private fun getSubject(token: String): String {
private fun getSubject(token: String): String {
return try {
Jwts.parser()
.setSigningKey(property.secretKey)
.parseClaimsJws(token).body.subject
.setSigningKey(property.secretKey)
.parseClaimsJws(token).body.subject
} catch (e: Exception) {
when (e) {
is ExpiredJwtException -> throw ExpiredTokenException
Expand All @@ -73,17 +75,20 @@ class TokenProvider(
}
}


fun getAuthentication(token: String): Authentication {
val subject = getSubject(token)

val authDetails = authDetailsService.loadUserByUsername(subject) as AuthDetails
val userInformationDto = userService.getUserByAccountId(subject)

val authDetails = authDetailsService.loadUserByUsername(userInformationDto.accountId)

return UsernamePasswordAuthenticationToken(authDetails, "", authDetails.authorities)
}

fun reissue(token: String): TokenResponse {
val refreshToken = refreshTokenRepository.findByIdOrNull(token)
?: throw InvalidTokenException
?: throw InvalidTokenException

return receiveToken(refreshToken.accountId)
}
Expand Down

0 comments on commit d024681

Please sign in to comment.