회원관리 관리 수정

2025-12-10 17:30:54 +09:00
parent 51cffccf4c
commit bdb5ba7011
12 changed files with 470 additions and 502 deletions
--- a/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java
+++ b/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java
@@ -4,6 +4,7 @@ import com.kamco.cd.kamcoback.auth.JwtTokenProvider;
 import com.kamco.cd.kamcoback.auth.RefreshTokenService;
 import com.kamco.cd.kamcoback.config.api.ApiResponseDto;
 import com.kamco.cd.kamcoback.members.dto.SignInRequest;
+import com.kamco.cd.kamcoback.members.service.AuthService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
@@ -13,6 +14,7 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.servlet.http.HttpServletResponse;
 import java.nio.file.AccessDeniedException;
 import java.time.Duration;
+import java.util.UUID;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpHeaders;
@@ -36,6 +38,7 @@ public class AuthController {
  private final AuthenticationManager authenticationManager;
  private final JwtTokenProvider jwtTokenProvider;
  private final RefreshTokenService refreshTokenService;
+  private final AuthService authService;

  @Value("${token.refresh-cookie-name}")
  private String refreshCookieName;
@@ -47,45 +50,49 @@ public class AuthController {
  @Operation(summary = "로그인", description = "사번으로 로그인하여 액세스/리프레시 토큰을 발급.")
  @ApiResponses({
    @ApiResponse(
-        responseCode = "200",
-        description = "로그인 성공",
-        content = @Content(schema = @Schema(implementation = TokenResponse.class))),
+      responseCode = "200",
+      description = "로그인 성공",
+      content = @Content(schema = @Schema(implementation = TokenResponse.class))),
    @ApiResponse(
-        responseCode = "401",
-        description = "ID 또는 비밀번호 불일치",
-        content = @Content(schema = @Schema(implementation = ErrorResponse.class)))
+      responseCode = "401",
+      description = "ID 또는 비밀번호 불일치",
+      content = @Content(schema = @Schema(implementation = ErrorResponse.class)))
  })
  public ApiResponseDto<TokenResponse> signin(
-      @io.swagger.v3.oas.annotations.parameters.RequestBody(
-              description = "로그인 요청 정보",
-              required = true)
-          @RequestBody
-          SignInRequest request,
-      HttpServletResponse response) {
+    @io.swagger.v3.oas.annotations.parameters.RequestBody(
+      description = "로그인 요청 정보",
+      required = true)
+    @RequestBody
+    SignInRequest request,
+    HttpServletResponse response) {
    Authentication authentication =
-        authenticationManager.authenticate(
-            new UsernamePasswordAuthenticationToken(request.getUsername(), request.getPassword()));
+      authenticationManager.authenticate(
+        new UsernamePasswordAuthenticationToken(request.getUsername(), request.getPassword()));

    String username = authentication.getName(); // UserDetailsService 에서 사용한 username

+    // 로그인 시간 저장
+    authService.saveLogin(UUID.fromString(username));
+
    String accessToken = jwtTokenProvider.createAccessToken(username);
    String refreshToken = jwtTokenProvider.createRefreshToken(username);

    // Redis에 RefreshToken 저장 (TTL = 7일)
    refreshTokenService.save(
-        username, refreshToken, jwtTokenProvider.getRefreshTokenValidityInMs());
+      username, refreshToken, jwtTokenProvider.getRefreshTokenValidityInMs());

    // HttpOnly + Secure 쿠키에 RefreshToken 저장
    ResponseCookie cookie =
-        ResponseCookie.from(refreshCookieName, refreshToken)
-            .httpOnly(true)
-            .secure(refreshCookieSecure)
-            .path("/")
-            .maxAge(Duration.ofMillis(jwtTokenProvider.getRefreshTokenValidityInMs()))
-            .sameSite("Strict")
-            .build();
+      ResponseCookie.from(refreshCookieName, refreshToken)
+        .httpOnly(true)
+        .secure(refreshCookieSecure)
+        .path("/")
+        .maxAge(Duration.ofMillis(jwtTokenProvider.getRefreshTokenValidityInMs()))
+        .sameSite("Strict")
+        .build();

    response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
+
    return ApiResponseDto.ok(new TokenResponse(accessToken, refreshToken));
  }

@@ -93,16 +100,16 @@ public class AuthController {
  @Operation(summary = "토큰 재발급", description = "리프레시 토큰으로 새로운 액세스/리프레시 토큰을 재발급합니다.")
  @ApiResponses({
    @ApiResponse(
-        responseCode = "200",
-        description = "재발급 성공",
-        content = @Content(schema = @Schema(implementation = TokenResponse.class))),
+      responseCode = "200",
+      description = "재발급 성공",
+      content = @Content(schema = @Schema(implementation = TokenResponse.class))),
    @ApiResponse(
-        responseCode = "401",
-        description = "만료되었거나 유효하지 않은 리프레시 토큰",
-        content = @Content(schema = @Schema(implementation = ErrorResponse.class)))
+      responseCode = "401",
+      description = "만료되었거나 유효하지 않은 리프레시 토큰",
+      content = @Content(schema = @Schema(implementation = ErrorResponse.class)))
  })
  public ResponseEntity<TokenResponse> refresh(String refreshToken, HttpServletResponse response)
-      throws AccessDeniedException {
+    throws AccessDeniedException {
    if (refreshToken == null || !jwtTokenProvider.isValidToken(refreshToken)) {
      throw new AccessDeniedException("만료되었거나 유효하지 않은 리프레시 토큰 입니다.");
    }
@@ -120,17 +127,17 @@ public class AuthController {

    // Redis 갱신
    refreshTokenService.save(
-        username, newRefreshToken, jwtTokenProvider.getRefreshTokenValidityInMs());
+      username, newRefreshToken, jwtTokenProvider.getRefreshTokenValidityInMs());

    // 쿠키 갱신
    ResponseCookie cookie =
-        ResponseCookie.from(refreshCookieName, newRefreshToken)
-            .httpOnly(true)
-            .secure(refreshCookieSecure)
-            .path("/")
-            .maxAge(Duration.ofMillis(jwtTokenProvider.getRefreshTokenValidityInMs()))
-            .sameSite("Strict")
-            .build();
+      ResponseCookie.from(refreshCookieName, newRefreshToken)
+        .httpOnly(true)
+        .secure(refreshCookieSecure)
+        .path("/")
+        .maxAge(Duration.ofMillis(jwtTokenProvider.getRefreshTokenValidityInMs()))
+        .sameSite("Strict")
+        .build();
    response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());

    return ResponseEntity.ok(new TokenResponse(newAccessToken, newRefreshToken));
@@ -140,12 +147,12 @@ public class AuthController {
  @Operation(summary = "로그아웃", description = "현재 사용자의 토큰을 무효화(리프레시 토큰 삭제)합니다.")
  @ApiResponses({
    @ApiResponse(
-        responseCode = "200",
-        description = "로그아웃 성공",
-        content = @Content(schema = @Schema(implementation = Void.class)))
+      responseCode = "200",
+      description = "로그아웃 성공",
+      content = @Content(schema = @Schema(implementation = Void.class)))
  })
  public ApiResponseDto<ResponseEntity<Object>> logout(
-      Authentication authentication, HttpServletResponse response) {
+    Authentication authentication, HttpServletResponse response) {
    if (authentication != null) {
      String username = authentication.getName();
      // Redis에서 RefreshToken 삭제
@@ -154,17 +161,19 @@ public class AuthController {

    // 쿠키 삭제 (Max-Age=0)
    ResponseCookie cookie =
-        ResponseCookie.from(refreshCookieName, "")
-            .httpOnly(true)
-            .secure(refreshCookieSecure)
-            .path("/")
-            .maxAge(0)
-            .sameSite("Strict")
-            .build();
+      ResponseCookie.from(refreshCookieName, "")
+        .httpOnly(true)
+        .secure(refreshCookieSecure)
+        .path("/")
+        .maxAge(0)
+        .sameSite("Strict")
+        .build();
    response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());

    return ApiResponseDto.createOK(ResponseEntity.noContent().build());
  }

-  public record TokenResponse(String accessToken, String refreshToken) {}
+  public record TokenResponse(String accessToken, String refreshToken) {
+
+  }
 }