From 995edf9e12aaf22b6f74a111a72e162654558fc2 Mon Sep 17 00:00:00 2001 From: thun0514 Date: Wed, 17 Jul 2024 00:47:08 +0900 Subject: [PATCH 1/2] =?UTF-8?q?refactor:=20=ED=86=A0=ED=81=B0=20=EC=9E=AC?= =?UTF-8?q?=EB=B0=9C=EA=B8=89=EC=8B=9C=20username=20=EC=82=AD=EC=A0=9C?= =?UTF-8?q?=EB=A1=9C=20=EC=9D=B8=ED=95=9C=20=EA=B4=80=EB=A0=A8=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../HandTris/application/impl/ReissueServiceImpl.java | 6 ++++-- .../HandTris/application/service/ReissueService.java | 2 +- .../HandTris/global/config/security/SecurityConfig.java | 7 ++----- .../jungle/HandTris/presentation/ReissueController.java | 6 +++--- 4 files changed, 10 insertions(+), 11 deletions(-) diff --git a/src/main/java/jungle/HandTris/application/impl/ReissueServiceImpl.java b/src/main/java/jungle/HandTris/application/impl/ReissueServiceImpl.java index c6b8ff0..69d2958 100644 --- a/src/main/java/jungle/HandTris/application/impl/ReissueServiceImpl.java +++ b/src/main/java/jungle/HandTris/application/impl/ReissueServiceImpl.java @@ -4,6 +4,7 @@ import jungle.HandTris.application.service.ReissueService; import jungle.HandTris.domain.Member; import jungle.HandTris.domain.exception.InvalidTokenFormatException; +import jungle.HandTris.domain.exception.MemberNotFoundException; import jungle.HandTris.domain.exception.RefreshTokenExpiredException; import jungle.HandTris.domain.exception.UnauthorizedAccessException; import jungle.HandTris.domain.repo.MemberRepository; @@ -19,7 +20,7 @@ public class ReissueServiceImpl implements ReissueService { private final JWTUtil jwtUtil; private final MemberRepository memberRepository; - public ReissueTokenRes reissue (HttpServletRequest request, String requestUsername) { + public ReissueTokenRes reissue (HttpServletRequest request) { String refreshToken = jwtUtil.resolveRefreshToken(request); //토큰 소멸 시간 검증 @@ -34,7 +35,8 @@ public ReissueTokenRes reissue (HttpServletRequest request, String requestUserna } String nickname = jwtUtil.getNickname(refreshToken); - Member member = memberRepository.findByUsername(requestUsername); + Member member = memberRepository.findByNickname(nickname). + orElseThrow(MemberNotFoundException::new); if(!member.getRefreshToken().equals(refreshToken)) { throw new UnauthorizedAccessException(); diff --git a/src/main/java/jungle/HandTris/application/service/ReissueService.java b/src/main/java/jungle/HandTris/application/service/ReissueService.java index ebeb775..55c614e 100644 --- a/src/main/java/jungle/HandTris/application/service/ReissueService.java +++ b/src/main/java/jungle/HandTris/application/service/ReissueService.java @@ -4,5 +4,5 @@ import jungle.HandTris.presentation.dto.response.ReissueTokenRes; public interface ReissueService { - ReissueTokenRes reissue (HttpServletRequest request, String requestUsername); + ReissueTokenRes reissue (HttpServletRequest request); } diff --git a/src/main/java/jungle/HandTris/global/config/security/SecurityConfig.java b/src/main/java/jungle/HandTris/global/config/security/SecurityConfig.java index 79c7a6f..6dbb3fe 100644 --- a/src/main/java/jungle/HandTris/global/config/security/SecurityConfig.java +++ b/src/main/java/jungle/HandTris/global/config/security/SecurityConfig.java @@ -2,10 +2,7 @@ import jungle.HandTris.application.service.CustomOAuth2MemberService; import jungle.HandTris.global.filter.JWTFilter; -import jungle.HandTris.global.handler.JWTAccessDeniedHandler; -import jungle.HandTris.global.handler.JWTAuthenticateDeniedHandler; -import jungle.HandTris.global.handler.OAuth2FailureHandler; -import jungle.HandTris.global.handler.OAuth2SuccessHandler; +import jungle.HandTris.global.handler.*; import jungle.HandTris.global.jwt.JWTUtil; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; @@ -47,7 +44,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .httpBasic((auth) -> auth.disable() ) .authorizeHttpRequests((auth) -> auth - .requestMatchers("/", "/auth/signin", "/auth/signup", "/reissue/**", "/oauth2/loginSuccess", "ws/**").permitAll() + .requestMatchers("/", "/auth/signin", "/auth/signup", "/reissue", "/oauth2/loginSuccess", "ws/**").permitAll() .anyRequest().authenticated() ) .cors(Customizer.withDefaults() diff --git a/src/main/java/jungle/HandTris/presentation/ReissueController.java b/src/main/java/jungle/HandTris/presentation/ReissueController.java index 47685d2..b4ac202 100644 --- a/src/main/java/jungle/HandTris/presentation/ReissueController.java +++ b/src/main/java/jungle/HandTris/presentation/ReissueController.java @@ -15,9 +15,9 @@ public class ReissueController { private final ReissueService reissueService; - @PostMapping("/reissue/{username}") - public ResponseEnvelope reissue (HttpServletRequest request, @PathVariable("username") String requestUsername) { - ReissueTokenRes token = reissueService.reissue(request, requestUsername); + @PostMapping("/reissue") + public ResponseEnvelope reissue (HttpServletRequest request) { + ReissueTokenRes token = reissueService.reissue(request); return ResponseEnvelope.of(token); } From 96937900e6a03b3a5886e3969dd2d32f4b5ede90 Mon Sep 17 00:00:00 2001 From: thun0514 Date: Wed, 17 Jul 2024 01:34:35 +0900 Subject: [PATCH 2/2] =?UTF-8?q?refactor:=20=EA=B6=8C=ED=95=9C=EC=9D=B4=20?= =?UTF-8?q?=ED=95=84=EC=9A=94=20=EC=97=86=EB=8A=94=20=EA=B2=BD=EB=A1=9C=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../jungle/HandTris/global/config/security/SecurityConfig.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/jungle/HandTris/global/config/security/SecurityConfig.java b/src/main/java/jungle/HandTris/global/config/security/SecurityConfig.java index 6dbb3fe..4139436 100644 --- a/src/main/java/jungle/HandTris/global/config/security/SecurityConfig.java +++ b/src/main/java/jungle/HandTris/global/config/security/SecurityConfig.java @@ -44,7 +44,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .httpBasic((auth) -> auth.disable() ) .authorizeHttpRequests((auth) -> auth - .requestMatchers("/", "/auth/signin", "/auth/signup", "/reissue", "/oauth2/loginSuccess", "ws/**").permitAll() + .requestMatchers("/", "/auth/signin", "/auth/signup", + "/reissue", "/oauth2/loginSuccess", "ws/**", "/actuator/prometheus").permitAll() .anyRequest().authenticated() ) .cors(Customizer.withDefaults()