-
Notifications
You must be signed in to change notification settings - Fork 1
[feat] Refresh Token 기반 JWT 인증 로직 추가 및 로그아웃/재발급 API 구현 #53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
2e7f225
1714b5a
f0a979c
7afaf7c
6e5f2d3
4a87a81
c14d9a4
f90dc79
7add545
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,3 @@ | ||
| package com.wayble.server.user.dto.token; | ||
|
|
||
| public record TokenResponseDto(String accessToken) {} | ||
| public record TokenResponseDto(String accessToken, String refreshToken) {} |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| package com.wayble.server.user.entity; | ||
|
|
||
| import jakarta.persistence.*; | ||
| import lombok.*; | ||
|
|
||
| @Getter | ||
| @Entity | ||
| @NoArgsConstructor(access = AccessLevel.PROTECTED) | ||
| @AllArgsConstructor | ||
| @Builder | ||
| @Table(name = "refresh_token") | ||
| public class RefreshToken { | ||
|
|
||
| @Id | ||
| @GeneratedValue(strategy = GenerationType.IDENTITY) | ||
| private Long id; | ||
|
|
||
| @Column(nullable = false, unique = true) // 1인 1토큰 | ||
| private Long userId; | ||
|
|
||
| @Column(nullable = false) | ||
| private String token; | ||
|
|
||
| @Column(nullable = false) | ||
| private Long expiry; // 만료 시간 | ||
|
|
||
| public void setToken(String token) { | ||
| this.token = token; | ||
| } | ||
|
|
||
| public void setExpiry(Long expiry) { | ||
| this.expiry = expiry; | ||
| } | ||
| } |
| Original file line number | Diff line number | Diff line change | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,15 @@ | ||||||||||||
| package com.wayble.server.user.repository; | ||||||||||||
|
|
||||||||||||
| import com.wayble.server.user.entity.RefreshToken; | ||||||||||||
| import jakarta.transaction.Transactional; | ||||||||||||
| import org.springframework.data.jpa.repository.JpaRepository; | ||||||||||||
|
|
||||||||||||
| import java.util.Optional; | ||||||||||||
|
|
||||||||||||
| public interface RefreshTokenRepository extends JpaRepository<RefreshToken, Long> { | ||||||||||||
| Optional<RefreshToken> findByUserId(Long userId); | ||||||||||||
| Optional<RefreshToken> findByToken(String token); | ||||||||||||
|
|
||||||||||||
| @Transactional | ||||||||||||
| void deleteByUserId(Long userId); | ||||||||||||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🛠️ Refactor suggestion 삭제 메서드에 @transactional 추가 권장
+import org.springframework.transaction.annotation.Transactional;
+
+@Transactional
void deleteByUserId(Long userId);📝 Committable suggestion
Suggested change
🤖 Prompt for AI Agents |
||||||||||||
| } | ||||||||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
로그아웃 엔드포인트의 보안 설정 재검토 필요
/api/v1/users/logout엔드포인트를 인증 없이 접근 가능하도록 설정하는 것은 보안상 위험할 수 있습니다. 로그아웃은 인증된 사용자만 수행해야 하는 작업입니다.제안사항:
.requestMatchers( "/api/v1/users/signup", "/api/v1/users/login", "/api/v1/users/reissue", - "/api/v1/users/logout", "/swagger-ui/**", "/v3/api-docs/**" ).permitAll()📝 Committable suggestion
🤖 Prompt for AI Agents