DKU-D-Coding · dku19jam · Jan 22, 2023 · Jan 27, 2023 · Jan 27, 2023 · Jan 27, 2023
@@ -35,3 +35,6 @@ out/
 
 ### VS Code ###
 .vscode/
+
+.yml
+.properties
@@ -1,17 +1,26 @@
+buildscript {
+	ext {
+		queryDslVersion = "5.0.0"
+	}
+}
+
 plugins {
 	id 'java'
-	id 'org.springframework.boot' version '3.0.1'
+	id 'org.springframework.boot' version '2.7.1'
 	id 'io.spring.dependency-management' version '1.1.0'
+	id "com.ewerk.gradle.plugins.querydsl" version "1.0.10"
 }
 
 group = 'com.dku'
 version = '0.0.1-SNAPSHOT'
-sourceCompatibility = '17'
+sourceCompatibility = '11'
 
 configurations {
 	compileOnly {
 		extendsFrom annotationProcessor
 	}
+	querydsl.extendsFrom compileClasspath
+
 }
 
 repositories {
@@ -22,13 +31,41 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 	implementation 'org.springframework.boot:spring-boot-starter-security'
 	implementation 'org.springframework.boot:spring-boot-starter-web'
+	implementation 'org.springframework.boot:spring-boot-starter-data-redis:2.3.1.RELEASE'
+
 	compileOnly 'org.projectlombok:lombok'
-	runtimeOnly 'com.mysql:mysql-connector-j'
 	annotationProcessor 'org.projectlombok:lombok'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testImplementation 'org.springframework.security:spring-security-test'
+
+	implementation group: 'io.jsonwebtoken', name: 'jjwt', version: '0.9.1'
+
+	runtimeOnly 'org.postgresql:postgresql'
+
+	implementation "com.querydsl:querydsl-jpa:${queryDslVersion}"
+	annotationProcessor "com.querydsl:querydsl-apt:${queryDslVersion}"
+
+	// Swagger
+	implementation 'io.springfox:springfox-boot-starter:3.0.0'
+	implementation 'io.springfox:springfox-swagger-ui:3.0.0'
 }
 
 tasks.named('test') {
 	useJUnitPlatform()
 }
+
+
+def querydslDir = "$buildDir/generated/querydsl"
+querydsl {
+	jpa = true
+	querydslSourcesDir = querydslDir
+}
+sourceSets {
+	main.java.srcDir querydslDir
+}
+configurations {
+	querydsl.extendsFrom compileClasspath
+}
+compileQuerydsl {
+	options.annotationProcessorPath = configurations.querydsl
+}
@@ -2,8 +2,13 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
 
+/**
+ * @author 최재민
+ */
 @SpringBootApplication
+@EnableJpaAuditing
 public class SpringStudyApplication {
 
 	public static void main(String[] args) {

@@ -0,0 +1,52 @@
+package com.dku.springstudy.auth;
+
+
+import com.dku.springstudy.auth.exception.TokenException;
+import com.dku.springstudy.error.ErrorResponse;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+    private final JwtProvider jwtProvider;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+                                    FilterChain chain) throws IOException, ServletException {
+
+        String token = jwtProvider.resolveToken(request);
+
+        try {
+            if (token != null && jwtProvider.validateJwtToken(token)) {
+                Authentication authentication = jwtProvider.getAuthentication(token);
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+            }
+        } catch (TokenException e) {
+            HttpServletResponse errorResponse = (HttpServletResponse) response;
+            errorResponse.setStatus(e.getErrorCode().getHttpStatus());
+            errorResponse.setContentType(MediaType.APPLICATION_JSON_VALUE);
+            ResponseEntity<ErrorResponse> exceptionDto = ResponseEntity.status(e.getErrorCode().getHttpStatus()).body(ErrorResponse.from(e.getErrorCode()));
+
+            ObjectMapper objectMapper = new ObjectMapper();
+            String exceptionMessage = objectMapper.writeValueAsString(exceptionDto);
+
+            errorResponse.getWriter().write(exceptionMessage);
+        }
+        chain.doFilter(request, response);
+    }
+}
@@ -0,0 +1,103 @@
+package com.dku.springstudy.auth;
+
+import com.dku.springstudy.member.service.MemberDetailService;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import io.jsonwebtoken.*;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Service;
+
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.*;
+
+
+@Service
+@RequiredArgsConstructor
+@Slf4j
+public class JwtProvider {
+    private final MemberDetailService memberDetailService;
+    private final SecretKey secretKey;
+
+    public String createAccessToken(String payload) {
+        Claims claims = Jwts.claims().setSubject(payload);
+        Date now = new Date();
+        Date validityTime = new Date(now.getTime() + secretKey.getJwtValidityTime());
+
+        return Jwts.builder()
+                .setClaims(claims)
+                .setIssuedAt(now)
+                .setExpiration(validityTime)
+                .signWith(SignatureAlgorithm.HS256, secretKey.getJwtSecretKey())
+                .compact();
+    }
+
+    public Authentication getAuthentication(String token) {
+        UserDetails userDetails = memberDetailService.loadUserByUsername(this.extractEmail(token));
+        return new UsernamePasswordAuthenticationToken(userDetails, "", userDetails.getAuthorities());
+    }
+
+    public String extractEmail(String token) {
+        return (String) Jwts.parser().setSigningKey(secretKey.getJwtSecretKey()).parseClaimsJws(token).getBody().get("email");
+    }
+
+    public String resolveToken(HttpServletRequest request) {
+        String header = request.getHeader("Authorization");
+        if (header == null) {
+            return null;
+        }
+        return header.replace("Bearer ", "");
+    }
+
+    public boolean validateJwtToken(String token) {
+        try {
+            Jws<Claims> claims = Jwts.parser().setSigningKey(secretKey.getJwtSecretKey())
+                    .parseClaimsJws(token);
+            return !claims.getBody().getExpiration().before(new Date());
+        } catch (JwtException | IllegalArgumentException e) {
+            throw new IllegalArgumentException("유효하지 않은 토큰 정보입니다.");
+        }
+    }
+
+    public Map<String, String> createRefreshToken(String payload) {
+
+        Claims claims = Jwts.claims().setSubject(payload);
+        Date now = new Date();
+        Date validityTime = new Date(now.getTime() + secretKey.getJwtValidityTime());
+        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss", Locale.ENGLISH);
+        String refreshTokenExpirationAt = simpleDateFormat.format(validityTime);
+
+        String jwt = Jwts.builder()
+                .setClaims(claims)
+                .setIssuedAt(now)
+                .setExpiration(validityTime)
+                .signWith(SignatureAlgorithm.HS256, secretKey.getJwtSecretKey())
+                .compact();
+
+        Map<String, String> result = new HashMap<>();
+        result.put("refreshToken", jwt);
+        result.put("refreshTokenExpirationAt", refreshTokenExpirationAt);
+        return result;
+    }
+
+
+    public Long getTokenExpireTime(String accessToken) {
+
+        Base64.Decoder decoder = Base64.getUrlDecoder();
+        String[] parts = accessToken.split("\\.");
+        ObjectMapper mapper = new ObjectMapper();
+        String payload = new String(decoder.decode(parts[1]));
+        Map exp = null;
+
+        try {
+            exp = mapper.readValue(payload, Map.class);
+            return ((Number) exp.get("exp")).longValue();
+        } catch (IOException err) {
+            throw new RuntimeException(err);
+        }
+    }
+}
@@ -0,0 +1,26 @@
+package com.dku.springstudy.auth;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class SecretConfig {
+
+    private final String jwtSecretKey;
+    private final Long jwtValidityTime;
+    private final Long refreshValidityTime;
+
+    @Bean
+    public SecretKey newSecretKey() {
+        return new SecretKey(jwtSecretKey, jwtValidityTime, refreshValidityTime);
+    }
+
+    public SecretConfig(@Value("${security.jwt.token.secret-key}") String jwtSecretKey,
+                        @Value("${security.jwt.token.expire-length}")Long jwtValidityTime,
+                        @Value("${security.jwt.token.expire-length-refresh}") Long refreshValidityTime) {
+        this.jwtSecretKey = jwtSecretKey;
+        this.jwtValidityTime = jwtValidityTime;
+        this.refreshValidityTime = refreshValidityTime;
+    }
+}
@@ -0,0 +1,17 @@
+package com.dku.springstudy.auth;
+
+import lombok.Getter;
+
+@Getter
+public class SecretKey {
+
+    private final String jwtSecretKey;
+    private final Long jwtValidityTime;
+    private final Long refreshValidityTime;
+
+    public SecretKey(String jwtSecretKey, Long jwtValidityTime, Long refreshValidityTime) {
+        this.jwtSecretKey = jwtSecretKey;
+        this.jwtValidityTime = jwtValidityTime;
+        this.refreshValidityTime = refreshValidityTime;
+    }
+}
@@ -0,0 +1,56 @@
+package com.dku.springstudy.auth;
+
+import com.dku.springstudy.member.entity.Member;
+import lombok.Getter;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+import java.util.Collections;
+
+
+@Getter
+public class UserPrincipal implements UserDetails {
+    private Member member;
+
+    public UserPrincipal(Member member) {
+        this.member = member;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        SimpleGrantedAuthority authority = new SimpleGrantedAuthority(member.getMemberRole().name());
+        return Collections.singletonList(authority);
+    }
+
+    @Override
+    public String getPassword() {
+        return member.getPassword();
+    }
+
+    @Override
+    public String getUsername() {
+        return member.getEmail();
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return false;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return false;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return false;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return false;
+    }
+}
@@ -0,0 +1,10 @@
+package com.dku.springstudy.auth.exception;
+
+import com.dku.springstudy.error.ApplicationException;
+import com.dku.springstudy.error.ErrorCode;
+
+public class TokenException extends ApplicationException {
+    public TokenException(ErrorCode errorCode) {
+        super(errorCode);
+    }
+}
@@ -0,0 +1,19 @@
+package com.dku.springstudy.error;
+
+import lombok.Getter;
+
+@Getter
+public class ApplicationException extends RuntimeException {
+
+    private final ErrorCode errorCode;
+
+    public ApplicationException(ErrorCode errorCode) {
+        super(errorCode.getMessage());
+        this.errorCode = errorCode;
+    }
+
+    protected ApplicationException(String message, ErrorCode errorCode) {
+        super(message);
+        this.errorCode = errorCode;
+    }
+}