Merge pull request #20 from SafeNet-2024/feature/logout

LGTM~👍🏻
SafeNet-2024 · Jun 7, 2024 · ddc4036 · ddc4036
2 parents c85b9de + 835d7d2
commit ddc4036
Show file tree

Hide file tree

Showing 8 changed files with 73 additions and 498 deletions.
diff --git a/.gitignore b/.gitignore
@@ -27,6 +27,9 @@ out/
 !**/src/main/**/out/
 !**/src/test/**/out/
 src/main/resources/application.properties
+src/main/resources/test
+src/main/resources/initial_region_data.sql
+src/main/resources/update_region_data.sql
 ### NetBeans ###
 /nbproject/private/
 /nbbuild/

diff --git a/src/main/java/com/SafeNet/Backend/domain/member/controller/MemberController.java b/src/main/java/com/SafeNet/Backend/domain/member/controller/MemberController.java
@@ -3,6 +3,7 @@
 import com.SafeNet.Backend.domain.member.dto.*;
 import com.SafeNet.Backend.domain.member.entity.UserDetailsImpl;
 import com.SafeNet.Backend.domain.member.service.EmailService;
+import com.SafeNet.Backend.domain.member.service.JwtBlacklistService;
 import com.SafeNet.Backend.domain.member.service.MemberService;
 import com.SafeNet.Backend.global.exception.CustomException;
 import io.swagger.v3.oas.annotations.Operation;
@@ -28,6 +29,7 @@ public class MemberController {
 
     private final MemberService memberService;
     private final EmailService mailService;
+    private final JwtBlacklistService jwtBlacklistService;
 
     @Operation(summary = "회원가입", description = "회원가입을 승인합니다.")
     @PostMapping("/signup")
@@ -91,7 +93,7 @@ public ResponseEntity<Void> logout(            @RequestHeader(name = "ACCESS_TOK
         UserDetailsImpl userDetails = (UserDetailsImpl) principal;
         String email = userDetails.getUsername();
         log.info("토큰으로부터 이메일을 추출하였습니다.: "+email);
-        memberService.logout(email);
+        memberService.logout(email, accessToken);
         return ResponseEntity.ok().build();
     }
 

diff --git a/src/main/java/com/SafeNet/Backend/domain/member/service/JwtBlacklistService.java b/src/main/java/com/SafeNet/Backend/domain/member/service/JwtBlacklistService.java
@@ -0,0 +1,26 @@
+package com.SafeNet.Backend.domain.member.service;
+
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.stereotype.Service;
+
+import java.util.concurrent.TimeUnit;
+
+@Service
+public class JwtBlacklistService {
+    private RedisTemplate<String, String> redisTemplate;
+
+    public JwtBlacklistService(@Qualifier("tokenRedisTemplate") RedisTemplate<String, String> redisTemplate) {
+        this.redisTemplate = redisTemplate;
+    }
+
+    public void addToBlacklist(String token, long expirationTime) {
+        redisTemplate.opsForValue().set(token, "logout", expirationTime, TimeUnit.MILLISECONDS);
+    }
+
+    public boolean isBlacklisted(String token) {
+        return redisTemplate.hasKey(token);
+    }
+}
diff --git a/src/main/java/com/SafeNet/Backend/domain/member/service/MemberService.java b/src/main/java/com/SafeNet/Backend/domain/member/service/MemberService.java
@@ -118,10 +118,10 @@ public TokenResponseDto login(LoginRequestDto loginRequestDto) throws Exception
     /*
      ** 로그아웃
      */
-    public void logout(String email) {
+    public void logout(String email, String atk) {
         //Token에서 로그인한 사용자 정보 get해 로그아웃 처리
         try {
-            jwtTokenProvider.logout("JWT_TOKEN:" + email); //Token 삭제
+            jwtTokenProvider.logout(email, atk); //Token 삭제
         }catch (CustomException ex) {
             throw new CustomException("이미 로그아웃된 유저입니다");
         }

diff --git a/src/main/java/com/SafeNet/Backend/global/auth/JwtFilter.java b/src/main/java/com/SafeNet/Backend/global/auth/JwtFilter.java
@@ -13,6 +13,7 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.data.redis.RedisConnectionFailureException;
 import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.OncePerRequestFilter;
 
@@ -44,23 +45,24 @@ protected void doFilterInternal(
             // 2. validateToken 으로 토큰 유효성 검사
             if (token != null && jwtTokenProvider.validateToken(token)) {
                 log.info("dofilterInternal : [토큰유효성 검사 통과.]");
-                Authentication auth = jwtTokenProvider.getAuthentication(token);
-                SecurityContextHolder.getContext().setAuthentication(auth); // 정상 토큰이면 SecurityContext에 저장
                 //Redis 에 해당 accessToken logout 여부 확인 : Logout이면 Redis에 특정값이 저장되어있음
                 String isLogout = (String)redisTemplate.opsForValue().get(token);
-                if (ObjectUtils.isEmpty(isLogout)) { //로그아웃 상태라면,
+                if (ObjectUtils.isEmpty(isLogout)) { // 로그아웃 상태가 아니라면
                     // 토큰이 유효할 경우 토큰에서 Authentication 객체를 가지고 와서 SecurityContext 에 저장
                     Authentication authentication = jwtTokenProvider.getAuthentication(token);
                     SecurityContextHolder.getContext().setAuthentication(authentication);
+                }else {
+                    log.info("유효한 JWT 토큰이 없습니다. (로그아웃된 토큰) ");
+                    throw new AuthenticationException("로그아웃된 토큰입니다.") {};
                 }
             }
         } catch (RedisConnectionFailureException e) {
             SecurityContextHolder.clearContext();
             writeErrorResponse(response, HttpStatus.INTERNAL_SERVER_ERROR, "REDIS_ERROR", e);
-        } catch (Exception e) {
-            writeErrorResponse(response, HttpStatus.BAD_REQUEST, "INVALID_JWT", e);
+        } catch (AuthenticationException e) {
+            SecurityContextHolder.clearContext();
+            writeErrorResponse(response, HttpStatus.UNAUTHORIZED, "로그아웃된 계정입니다.", e);
         }
-
         try {
             filterChain.doFilter(request, response);
         } catch (Exception e) {

diff --git a/src/main/java/com/SafeNet/Backend/global/auth/JwtTokenProvider.java b/src/main/java/com/SafeNet/Backend/global/auth/JwtTokenProvider.java
@@ -1,5 +1,6 @@
 package com.SafeNet.Backend.global.auth;
 
+import ch.qos.logback.core.status.Status;
 import com.SafeNet.Backend.domain.member.dto.TokenResponseDto;
 import com.SafeNet.Backend.domain.member.service.UserDetailsServiceImpl;
 import com.SafeNet.Backend.global.exception.CustomException;
@@ -9,19 +10,22 @@
 import jakarta.annotation.PostConstruct;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import lombok.RequiredArgsConstructor;
+import jdk.jshell.Snippet;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Component;
 
 
 import java.security.Key;
+import java.time.Duration;
 import java.util.Date;
 import java.util.concurrent.TimeUnit;
 @Component
@@ -142,8 +146,9 @@ public boolean validateToken(String token){
             throw new CustomException("INVALID_JWT");
         }
     }
-
-    // 모든 토큰 헤더 설정
+    /*
+     * 모든 토큰 헤더 설정
+     */
     public void setHeaderToken(HttpServletResponse response, TokenResponseDto dto) {
         response.setHeader("Access_Token", dto.getAccessToken());
         response.setHeader("Refresh_Token", dto.getRefreshToken());
@@ -152,9 +157,30 @@ public void setHeaderToken(HttpServletResponse response, TokenResponseDto dto) {
     /*
      * 로그아웃 로직 - Refresh 토큰을 redis에서 삭제
      */
-    public void logout(String email) {
-        if(tokenRedisTemplate.opsForValue().get("JWT_TOKEN:" + email) != null) {
+    public ResponseEntity<Status> logout(String email, String token) {
+        String atk= token.substring(7);
+        Long expiration = getExpiration(atk);
+        if(tokenRedisTemplate.opsForValue().get(email) != null) {
             tokenRedisTemplate.delete(email);
         }
+        // [ 블랙리스트 생성 단계 ] redis에 가져온 key(JWT 토큰) : value("logout")으로 저장
+        tokenRedisTemplate.opsForValue().set(atk, "logout", Duration.ofMillis(expiration));
+
+        return new ResponseEntity<>(HttpStatus.OK);
+    }
+    /*
+     * 유효기간 가져오기
+     */
+    public Long getExpiration(String accessToken) {
+        // accessToken 남은 유효시간
+        Date expiration = Jwts.parserBuilder()
+                .setSigningKey(key)
+                .build()
+                .parseClaimsJws(accessToken)
+                .getBody()
+                .getExpiration();
+        // 현재 시간
+        Long now = new Date().getTime();
+        return (expiration.getTime() - now);
     }
 }