고생하셨습니다.

🎉 PR 머지 완료! 🎉

Author: heehunjung

src/main/java/roomescape/auth/AuthController.java

@@ -2,37 +2,39 @@
 
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
 import jakarta.validation.Valid;
-import java.util.Arrays;
+import java.time.Duration;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
-import roomescape.global.exception.RoomescapeUnauthorizedException;
-
+import roomescape.auth.client.cookie.CookieResolver;
+import roomescape.auth.client.cookie.CookieProvider;
 
 @Controller
 public class AuthController {
 
-    public static final String TOKEN = "token";
+    private static final String EXPIRED_TOKEN = "";
+    private static final Long DEFAULT_TIME = 60L;
 
     private final AuthService authService;
+    private final CookieProvider cookieProvider;
+    private final CookieResolver cookieResolver;
 
-    public AuthController(AuthService authService) {
+    public AuthController(AuthService authService, CookieProvider cookieProvider, CookieResolver cookieResolver) {
         this.authService = authService;
+        this.cookieProvider = cookieProvider;
+        this.cookieResolver = cookieResolver;
     }
 
     @PostMapping("/login")
     public ResponseEntity<Void> login(@RequestBody @Valid LoginRequest loginRequest) {
         String accessToken = authService.generateAccessToken(loginRequest);
-        ResponseCookie responseCookie = ResponseCookie.from(TOKEN, accessToken)
-                .path("/")
-                .httpOnly(true)
-                .build();
+        ResponseCookie responseCookie = cookieProvider.generateCookie(accessToken,
+                Duration.ofMinutes(DEFAULT_TIME));
 
         return ResponseEntity.noContent()
                 .header(HttpHeaders.SET_COOKIE, responseCookie.toString())
@@ -42,7 +44,7 @@ public ResponseEntity<Void> login(@RequestBody @Valid LoginRequest loginRequest)
     @GetMapping("/login/check")
     public ResponseEntity<LoginCheckResponse> loginCheck(HttpServletRequest request) {
         Cookie[] cookies = request.getCookies();
-        String accessToken = getToken(cookies);
+        String accessToken = cookieResolver.getToken(cookies);
 
         LoginCheckResponse result = authService.checkAccessToken(accessToken);
         return ResponseEntity.ok()
@@ -51,27 +53,10 @@ public ResponseEntity<LoginCheckResponse> loginCheck(HttpServletRequest request)
 
     @PostMapping("/logout")
     public ResponseEntity<Void> logout() {
-        ResponseCookie responseCookie = ResponseCookie.from(TOKEN, "")
-                .path("/")
-                .httpOnly(true)
-                .maxAge(0)
-                .build();
+        ResponseCookie responseCookie = cookieProvider.generateCookie(EXPIRED_TOKEN, Duration.ZERO);
 
         return ResponseEntity.noContent()
                 .header(HttpHeaders.SET_COOKIE, responseCookie.toString())
                 .build();
     }
-
-    private String getToken(Cookie[] cookies) {
-        String accessToken = Arrays.stream(cookies)
-                .filter(cookie -> cookie.getName().equals(TOKEN))
-                .map(Cookie::getValue)
-                .findFirst()
-                .orElse(null);
-
-        if (accessToken == null) {
-            throw new RoomescapeUnauthorizedException("로그인 되어있지 않습니다.");
-        }
-        return accessToken;
-    }
 }

src/main/java/roomescape/auth/AuthMember.java

@@ -0,0 +1,11 @@
+package roomescape.auth;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(ElementType.PARAMETER)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface AuthMember {
+}

src/main/java/roomescape/auth/AuthService.java

@@ -2,22 +2,23 @@
 
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.security.Keys;
-import org.springframework.dao.EmptyResultDataAccessException;
 import org.springframework.dao.IncorrectResultSizeDataAccessException;
 import org.springframework.stereotype.Service;
+import roomescape.auth.client.jwt.JwtProperties;
+import roomescape.auth.client.jwt.JwtProvider;
 import roomescape.global.exception.RoomescapeUnauthorizedException;
 import roomescape.member.Member;
 import roomescape.member.MemberDao;
 
 @Service
 public class AuthService {
 
-    public static final String SECRET_KEY = "Yn2kjibddFAWtnPJ2AFlL8WXmohJMCvigQggaEypa5E=";
-
     private final MemberDao memberDao;
+    private final JwtProvider jwtProvider;
 
-    public AuthService(MemberDao memberDao) {
+    public AuthService(MemberDao memberDao, JwtProvider jwtProvider) {
         this.memberDao = memberDao;
+        this.jwtProvider = jwtProvider;
     }
 
     public String generateAccessToken(LoginRequest loginRequest) {
@@ -29,27 +30,21 @@ public String generateAccessToken(LoginRequest loginRequest) {
             throw new RoomescapeUnauthorizedException("회원 정보를 찾을 수 없습니다.");
         }
 
-        return Jwts.builder()
-                .setSubject(findMember.getId().toString())
-                .claim("name", findMember.getName())
-                .claim("role", findMember.getRole())
-                .signWith(Keys.hmacShaKeyFor(SECRET_KEY.getBytes()))
-                .compact();
+        return jwtProvider.generateToken(findMember.getId(), findMember.getName(), findMember.getRole());
     }
 
     public LoginCheckResponse checkAccessToken(String accessToken) {
         String name = Jwts.parserBuilder()
-                .setSigningKey(Keys.hmacShaKeyFor(SECRET_KEY.getBytes()))
+                .setSigningKey(Keys.hmacShaKeyFor(JwtProperties.SECRET_KEY.getBytes()))
                 .build()
                 .parseClaimsJws(accessToken)
                 .getBody()
                 .get("name", String.class);
-
         try {
             memberDao.findByName(name);
             return new LoginCheckResponse(name);
         } catch (IncorrectResultSizeDataAccessException exception) {
-            throw new RoomescapeUnauthorizedException("회원 정보를 찾을 수 없습니다.");
+            throw new RoomescapeUnauthorizedException("회원 정보를 찾을 수 없습니다." + name);
         }
     }
 }

src/main/java/roomescape/auth/LoginRequest.java

@@ -9,12 +9,14 @@ public record LoginRequest(
         @NotNull(message = "이메일은 필수 입력값입니다.")
         @NotBlank(message = "이메일은 비어 있을 수 없습니다.")
         @Email(message = "이메일 양식에 맞지 않습니다.")
-        @Size(max = 255, message = "이메일은 255자 이하여야 합니다.")
+        @Size(max = MAX_EMAIL_LENGTH, message = "이메일은 20자 이하여야 합니다.")
         String email,
 
         @NotNull(message = "비밀번호는 필수 입력값입니다.")
         @NotBlank(message = "비밀번호는 비어 있을 수 없습니다.")
-        @Size(max = 20, message = "비밀번호는 20자 이하여야 합니다.")
+        @Size(max = MAX_PASSWORD_LENGTH, message = "비밀번호는 255자 이하여야 합니다.")
         String password
 ) {
+        public static final int MAX_PASSWORD_LENGTH = 255;
+        public static final int MAX_EMAIL_LENGTH = 20;
 }

src/main/java/roomescape/auth/client/cookie/CookieProperties.java

@@ -0,0 +1,6 @@
+package roomescape.auth.client.cookie;
+
+public class CookieProperties {
+    public static final String TOKEN = "token";
+    public static final String PATH = "/";
+}

src/main/java/roomescape/auth/client/cookie/CookieProvider.java

@@ -0,0 +1,17 @@
+package roomescape.auth.client.cookie;
+
+import java.time.Duration;
+import org.springframework.http.ResponseCookie;
+import org.springframework.stereotype.Component;
+
+@Component
+public class CookieProvider {
+
+    public ResponseCookie generateCookie(String value, Duration duration) {
+        return ResponseCookie.from(CookieProperties.TOKEN, value)
+                .path(CookieProperties.PATH)
+                .httpOnly(true)
+                .maxAge(duration)
+                .build();
+    }
+}

src/main/java/roomescape/auth/client/cookie/CookieResolver.java

@@ -0,0 +1,20 @@
+package roomescape.auth.client.cookie;
+
+import jakarta.servlet.http.Cookie;
+import java.util.Arrays;
+import org.springframework.stereotype.Component;
+import roomescape.global.exception.RoomescapeUnauthorizedException;
+
+@Component
+public class CookieResolver {
+
+    public String getToken(Cookie[] cookies) {
+        String accessToken = Arrays.stream(cookies)
+                .filter(cookie -> cookie.getName().equals(CookieProperties.TOKEN))
+                .map(Cookie::getValue)
+                .findFirst()
+                .orElseThrow(() -> new RoomescapeUnauthorizedException("로그인 되어있지 않습니다."));
+
+        return accessToken;
+    }
+}

src/main/java/roomescape/auth/client/jwt/JwtProperties.java

@@ -0,0 +1,8 @@
+package roomescape.auth.client.jwt;
+
+public class JwtProperties {
+    public static final String SECRET_KEY = "Yn2kjibddFAWtnPJ2AFlL8WXmohJMCvigQggaEypa5E=";
+    public static final String NAME = "name";
+    public static final String ROLE = "role";
+    public static final String ADMIN = "ADMIN";
+}

src/main/java/roomescape/auth/client/jwt/JwtProvider.java

@@ -0,0 +1,18 @@
+package roomescape.auth.client.jwt;
+
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.stereotype.Component;
+
+@Component
+public class JwtProvider {
+
+    public String generateToken(Long id, String name, String role) {
+        return Jwts.builder()
+                .setSubject(id.toString())
+                .claim(JwtProperties.NAME, name)
+                .claim(JwtProperties.ROLE, role)
+                .signWith(Keys.hmacShaKeyFor(JwtProperties.SECRET_KEY.getBytes()))
+                .compact();
+    }
+}

src/main/java/roomescape/auth/client/jwt/JwtResolver.java

@@ -0,0 +1,35 @@
+package roomescape.auth.client.jwt;
+
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.stereotype.Component;
+import roomescape.global.exception.RoomescapeUnauthorizedException;
+
+@Component
+public class JwtResolver {
+
+    public String getName(String token) {
+        return resolveToken(token, JwtProperties.NAME);
+    }
+
+    public String getRole(String token) {
+        return resolveToken(token, JwtProperties.ROLE);
+    }
+
+    private String resolveToken(String token, String target) {
+        try {
+            String name = Jwts.parserBuilder()
+                    .setSigningKey(Keys.hmacShaKeyFor(JwtProperties.SECRET_KEY.getBytes()))
+                    .build()
+                    .parseClaimsJws(token)
+                    .getBody()
+                    .get(target, String.class);
+            return name;
+        } catch (ExpiredJwtException exception) {
+            throw new RoomescapeUnauthorizedException("만료된 토큰입니다.");
+        } catch (Exception exception) {
+            throw new RoomescapeUnauthorizedException("잘못된 토큰입니다. 다시 로그인 해주세요.");
+        }
+    }
+}

src/main/java/roomescape/global/configuration/WebConfiguration.java

@@ -0,0 +1,41 @@
+package roomescape.global.configuration;
+
+import java.util.List;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import roomescape.auth.client.cookie.CookieResolver;
+import roomescape.auth.client.jwt.JwtResolver;
+import roomescape.global.interceptor.AuthInterceptor;
+import roomescape.global.resolver.MemberArgumentResolver;
+import roomescape.member.MemberService;
+
+@Configuration
+public class WebConfiguration implements WebMvcConfigurer {
+
+    private final MemberService memberService;
+    private final JwtResolver jwtResolver;
+    private final CookieResolver cookieResolver;
+    private final AuthInterceptor authInterceptor;
+
+    public WebConfiguration(MemberService memberService, JwtResolver jwtResolver, CookieResolver cookieResolver,
+                            AuthInterceptor authInterceptor) {
+        this.memberService = memberService;
+        this.jwtResolver = jwtResolver;
+        this.cookieResolver = cookieResolver;
+        this.authInterceptor = authInterceptor;
+    }
+
+    @Override
+    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> memberArgumentResolver) {
+        memberArgumentResolver.add(new MemberArgumentResolver(memberService, jwtResolver, cookieResolver));
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(authInterceptor)
+                .order(1)
+                .addPathPatterns("/admin/**");
+    }
+}

src/main/java/roomescape/global/exception/RoomescapeNotFoundException.java

@@ -0,0 +1,10 @@
+package roomescape.global.exception;
+
+import org.springframework.http.HttpStatus;
+
+public class RoomescapeNotFoundException extends RoomescapeException {
+
+    public RoomescapeNotFoundException(String message) {
+        super(HttpStatus.NOT_FOUND, message);
+    }
+}

src/main/java/roomescape/global/interceptor/AuthInterceptor.java

@@ -0,0 +1,35 @@
+package roomescape.global.interceptor;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+import roomescape.auth.client.cookie.CookieResolver;
+import roomescape.auth.client.jwt.JwtProperties;
+import roomescape.auth.client.jwt.JwtResolver;
+
+@Component
+public class AuthInterceptor implements HandlerInterceptor {
+
+    private final JwtResolver jwtResolver;
+    private final CookieResolver cookieResolver;
+
+    public AuthInterceptor(JwtResolver jwtResolver, final CookieResolver cookieResolver) {
+        this.jwtResolver = jwtResolver;
+        this.cookieResolver = cookieResolver;
+    }
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+            throws Exception {
+        String token = cookieResolver.getToken(request.getCookies());
+        String name = jwtResolver.getName(token);
+        String role = jwtResolver.getRole(token);
+
+        if (name == null || role == null || !role.equals(JwtProperties.ADMIN)) {
+            response.setStatus(404);
+            return false;
+        }
+        return true;
+    }
+}