Merge pull request #109 from Leets-Official/refactor/#108

refactor: Redis 도입 후 Github Access,Refresh 토큰 저장 구현

Author: 1winhyun

build.gradle

@@ -32,6 +32,7 @@ dependencies {
     implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0'
     implementation 'javax.validation:validation-api:2.0.1.Final'
     implementation 'org.springframework.boot:spring-boot-starter-data-elasticsearch'
+    implementation 'org.springframework.boot:spring-boot-starter-data-redis'
 
     compileOnly 'org.projectlombok:lombok'
 

src/main/java/com/leets/commitatobe/domain/auth/controller/AuthController.java

@@ -1,14 +1,18 @@
 package com.leets.commitatobe.domain.auth.controller;
 
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
 import com.leets.commitatobe.domain.auth.dto.GitHubDto;
+import com.leets.commitatobe.domain.auth.dto.GithubToken;
 import com.leets.commitatobe.domain.auth.dto.LoginResponse;
 import com.leets.commitatobe.domain.auth.service.AuthService;
 import com.leets.commitatobe.domain.auth.service.AuthQueryService;
+import com.leets.commitatobe.domain.auth.service.GithubTokenService;
 import com.leets.commitatobe.domain.user.service.UserQueryService;
 import com.leets.commitatobe.global.jwt.service.CustomOAuth2UserService;
 import com.leets.commitatobe.global.response.ApiResponse;
@@ -30,7 +34,6 @@ public class AuthController {
 	private final AuthService authService;
 	private final AuthQueryService authQueryService;
 	private final UserQueryService userQueryService;
-
 	private final CustomOAuth2UserService customOAuth2UserService;
 
 	@Operation(
@@ -54,9 +57,9 @@ public void redirectToGitHub(HttpServletResponse response) {
 	)
 	@GetMapping("/callback")
 	public ApiResponse<LoginResponse> githubCallback(@RequestParam("code") String code, HttpServletResponse response) {
-		String gitHubAccessToken = authService.gitHubLogin(code);
+		GithubToken token = authService.gitHubLogin(code);
 
-		LoginResponse loginResponse = customOAuth2UserService.generateJwt(gitHubAccessToken);
+		LoginResponse loginResponse = customOAuth2UserService.generateJwt(token);
 
 		response.setHeader("Authentication", "Bearer " + loginResponse.jwtResponse().accessToken());
 
@@ -68,7 +71,17 @@ public ApiResponse<LoginResponse> githubCallback(@RequestParam("code") String co
 	public ApiResponse<GitHubDto> test() {
 		GitHubDto user = authQueryService.getGitHubUser();
 		String gitHubAccessToken = userQueryService.getUserGitHubAccessToken(user.userId());
-		log.info("깃허브 엑세스 토큰: {}", gitHubAccessToken);
+		log.info("깃허브 엑세스 토큰: {}", authService.encrypt(gitHubAccessToken));
 		return ApiResponse.onSuccess(user);
 	}
+
+	// 1) access만 깨뜨리기
+	private final GithubTokenService githubTokenService;
+	@PostMapping("/invalidate-access")
+	public ApiResponse<String> invalidateAccess(String githubId) {
+		String refresh = githubTokenService.getDecryptedRefreshToken(githubId)
+			.orElseThrow(() -> new RuntimeException("No refresh token."));
+		githubTokenService.saveTokens(githubId, new GithubToken("invalid_access_token", refresh));
+		return ApiResponse.onSuccess("성공");
+	}
 }

src/main/java/com/leets/commitatobe/domain/auth/dto/GithubToken.java

@@ -0,0 +1,7 @@
+package com.leets.commitatobe.domain.auth.dto;
+
+public record GithubToken(
+	String accessToken,
+	String refreshToken
+) {
+}

src/main/java/com/leets/commitatobe/domain/auth/service/AuthService.java

@@ -18,6 +18,7 @@
 import org.springframework.web.reactive.function.client.WebClient;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.leets.commitatobe.domain.auth.dto.GithubToken;
 import com.leets.commitatobe.global.exception.ApiException;
 
 import jakarta.servlet.http.HttpServletResponse;
@@ -49,7 +50,7 @@ public class AuthService {
 	@Value("${jwt.iv-secret}")
 	private String ivSecret;
 
-	public String gitHubLogin(String authCode) {
+	public GithubToken gitHubLogin(String authCode) {
 		WebClient webClient = WebClient.builder()
 			.baseUrl("https://github.com")
 			.defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE)
@@ -72,11 +73,14 @@ public String gitHubLogin(String authCode) {
 
 		// JSON 형식의 응답 파싱
 		String accessToken;
+		String refreshToken;
 
 		try {
 			ObjectMapper mapper = new ObjectMapper();
 			Map<String, String> resultMap = mapper.readValue(responseBody, Map.class);
+
 			accessToken = resultMap.get("access_token");
+			refreshToken = resultMap.get("refresh_token");
 		} catch (Exception e) {
 			throw new ApiException(_GITHUB_JSON_PARSING_ERROR);
 		}
@@ -85,7 +89,7 @@ public String gitHubLogin(String authCode) {
 			throw new ApiException(_GITHUB_TOKEN_GENERATION_ERROR);
 		}
 
-		return accessToken;
+		return new GithubToken(accessToken, refreshToken);
 	}
 
 	public void redirect(HttpServletResponse response) {
@@ -98,6 +102,39 @@ public void redirect(HttpServletResponse response) {
 		}
 	}
 
+	public GithubToken refreshAccessToken(String refreshToken) {
+		WebClient webClient = WebClient.builder()
+			.baseUrl("https://github.com")
+			.defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE)
+			.defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
+			.build();
+
+		String responseBody = webClient.post()
+			.uri("/login/oauth/access_token")
+			.bodyValue("client_id=" + clientId +
+				"&client_secret=" + clientSecret +
+				"&grant_type=refresh_token" +
+				"&refresh_token=" + refreshToken)
+			.retrieve()
+			.bodyToMono(String.class)
+			.block();
+
+		String newAccessToken;
+		String newRefreshToken;
+		try {
+			ObjectMapper mapper = new ObjectMapper();
+			Map<String, Object> resultMap = mapper.readValue(responseBody, Map.class);
+
+			newAccessToken = (String)resultMap.get("access_token");
+			newRefreshToken = (String)resultMap.get("refresh_token");
+
+		} catch (Exception e) {
+			throw new ApiException(_GITHUB_JSON_PARSING_ERROR);
+		}
+
+		return new GithubToken(newAccessToken, newRefreshToken);
+	}
+
 	public String encrypt(String token) {
 		byte[] encrypted;
 		try {

src/main/java/com/leets/commitatobe/domain/auth/service/GithubTokenService.java

@@ -0,0 +1,53 @@
+package com.leets.commitatobe.domain.auth.service;
+
+import java.util.Optional;
+
+import org.springframework.stereotype.Service;
+
+import com.leets.commitatobe.domain.auth.dto.GithubToken;
+import com.leets.commitatobe.domain.token.entity.GithubTokenRedis;
+import com.leets.commitatobe.domain.token.repository.GithubTokenRedisRepository;
+import com.leets.commitatobe.global.exception.ApiException;
+import com.leets.commitatobe.global.response.code.status.ErrorStatus;
+
+import lombok.RequiredArgsConstructor;
+
+@Service
+@RequiredArgsConstructor
+public class GithubTokenService {
+	private final GithubTokenRedisRepository githubTokenRedisRepository;
+	private final AuthService authService;
+
+	public void saveTokens(String githubId, GithubToken token) {
+		GithubTokenRedis tokenRedis = GithubTokenRedis.builder()
+			.githubId(githubId)
+			.accessToken(authService.encrypt(token.accessToken()))
+			.refreshToken(authService.encrypt(token.refreshToken()))
+			.build();
+
+		githubTokenRedisRepository.save(tokenRedis);
+	}
+
+	public GithubToken updateAccessTokenByRefreshToken(String githubId) {
+		String refreshToken = getDecryptedRefreshToken(githubId)
+			.orElseThrow(() -> new ApiException(ErrorStatus._REFRESH_TOKEN_EXPIRED));
+
+		GithubToken newToken = authService.refreshAccessToken(refreshToken);
+
+		saveTokens(githubId, newToken);
+
+		return newToken;
+	}
+
+	public Optional<String> getDecryptedAccessToken(String githubId) {
+		return githubTokenRedisRepository.findById(githubId)
+			.map(GithubTokenRedis::getAccessToken)
+			.map(authService::decrypt);
+	}
+
+	public Optional<String> getDecryptedRefreshToken(String githubId) {
+		return githubTokenRedisRepository.findById(githubId)
+			.map(GithubTokenRedis::getRefreshToken)
+			.map(authService::decrypt);
+	}
+}

src/main/java/com/leets/commitatobe/domain/commit/service/DailyCommitScheduler.java

@@ -7,30 +7,56 @@
 import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Transactional;
 
-import com.leets.commitatobe.domain.auth.service.AuthService;
+import com.leets.commitatobe.domain.auth.dto.GithubToken;
+import com.leets.commitatobe.domain.auth.service.GithubTokenService;
 import com.leets.commitatobe.domain.commit.domain.Commit;
 import com.leets.commitatobe.domain.commit.repository.CommitRepository;
 import com.leets.commitatobe.domain.user.domain.User;
 import com.leets.commitatobe.domain.user.repository.UserRepository;
+import com.leets.commitatobe.global.exception.ApiException;
+import com.leets.commitatobe.global.response.code.status.ErrorStatus;
 
 import lombok.RequiredArgsConstructor;
 
 @Component
 @RequiredArgsConstructor
 public class DailyCommitScheduler {
+	private static final long SIX_MONTHS = 6L;
+
 	private final UserRepository userRepository;
 	private final GitHubService gitHubService;
 	private final CommitRepository commitRepository;
 	private final ExpService expService;
-	private final AuthService authService;
+	private final GithubTokenService githubTokenService;
 
 	@Scheduled(cron = "0 30 06 * * *")
 	@Transactional
 	public void updateAllUsersCommits() {
-		List<User> users = userRepository.findAll();
+		List<User> users = userRepository.findAllByIsHumanAccountFalse();
+
+		LocalDateTime afterHalfYear = LocalDateTime.now().minusMonths(SIX_MONTHS);
 
 		for (User user : users) {
-			String token = authService.decrypt(user.getGitHubAccessToken());
+			if (user.getLastLoginAt() != null && !user.getLastLoginAt().isAfter(afterHalfYear)) {
+				user.changeHumanAccount();
+				userRepository.save(user);
+				continue;
+			}
+			try {
+				tryCommitUpdate(user);
+			} catch (ApiException e) {
+				GithubToken newToken = githubTokenService.updateAccessTokenByRefreshToken(user.getGithubId());
+				gitHubService.updateToken(newToken.accessToken());
+
+				tryCommitUpdate(user);
+			}
+		}
+	}
+
+	private void tryCommitUpdate(User user) {
+		gitHubService.runWithoutRedirect(() -> {
+			String token = githubTokenService.getDecryptedAccessToken(user.getGithubId())
+				.orElseThrow(() -> new ApiException(ErrorStatus._UNAUTHORIZED));
 			gitHubService.updateToken(token);
 
 			LocalDateTime time = user.getLastCommitUpdateTime();
@@ -56,6 +82,6 @@ public void updateAllUsersCommits() {
 			userRepository.save(user);
 
 			expService.calculateAndSaveExp(user.getGithubId());
-		}
+		});
 	}
 }

src/main/java/com/leets/commitatobe/domain/commit/service/GitHubService.java

@@ -25,6 +25,8 @@
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
+import com.leets.commitatobe.global.exception.ApiException;
+import com.leets.commitatobe.global.response.code.status.ErrorStatus;
 
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
@@ -37,6 +39,7 @@ public class GitHubService {
 	private final String GITHUB_API_URL = "https://api.github.com";
 	private String AUTH_TOKEN;
 	private final Map<LocalDateTime, Integer> commitsByDate = new HashMap<>();
+	private static final ThreadLocal<Boolean> REDIRECT_ON_401 = ThreadLocal.withInitial(() -> true);
 	private final WebClient webClient = WebClient.builder()
 		.baseUrl(GITHUB_API_URL)
 		.defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE)
@@ -149,17 +152,25 @@ public void countCommits(String fullName, String gitHubUsername, LocalDateTime d
 
 	// http 연결
 	private JsonArray getConnection(String url) {
+		boolean redirect = REDIRECT_ON_401.get();
+
 		Mono<JsonArray> response = webClient.get()
 			.uri(url)
 			.header(HttpHeaders.AUTHORIZATION, "Bearer " + AUTH_TOKEN)
 			.retrieve()
 			.onStatus(status -> status == HttpStatus.UNAUTHORIZED, clientResponse ->
-				// AUTH_TOKEN이 유효하지 않으면 리다이렉트
-				webClient.get()
-					.uri(SERVER_URI + "/login/github")
-					.retrieve()
-					.bodyToMono(Void.class)
-					.then(Mono.error(new RuntimeException("Unauthorized")))
+				{
+					if (redirect) {
+						// AUTH_TOKEN이 유효하지 않으면 리다이렉트
+						return webClient.get()
+							.uri(SERVER_URI + "/login/github")
+							.retrieve()
+							.bodyToMono(Void.class)
+							.then(Mono.error(new ApiException(ErrorStatus._UNAUTHORIZED)));
+					} else {
+						return Mono.error(new ApiException(ErrorStatus._UNAUTHORIZED));
+					}
+				}
 			)
 			.bodyToMono(String.class)
 			.map(res -> JsonParser.parseString(res).getAsJsonArray());
@@ -202,4 +213,26 @@ private String formatToISO8601(LocalDateTime dateTime) {
 	public void updateToken(String accessToken) {
 		this.AUTH_TOKEN = accessToken;
 	}
+
+	public <T> T runWithoutRedirect(java.util.concurrent.Callable<T> work) {
+		boolean prev = REDIRECT_ON_401.get();
+		REDIRECT_ON_401.set(false);
+		try {
+			return work.call();
+		} catch (Exception e) {
+			throw new RuntimeException(e);
+		} finally {
+			REDIRECT_ON_401.set(prev);
+		}
+	}
+
+	public void runWithoutRedirect(Runnable work) {
+		boolean prev = REDIRECT_ON_401.get();
+		REDIRECT_ON_401.set(false);
+		try {
+			work.run();
+		} finally {
+			REDIRECT_ON_401.set(prev);
+		}
+	}
 }

src/main/java/com/leets/commitatobe/domain/token/entity/GithubTokenRedis.java

@@ -0,0 +1,25 @@
+package com.leets.commitatobe.domain.token.entity;
+
+import org.springframework.data.annotation.Id;
+import org.springframework.data.redis.core.RedisHash;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+@Getter
+@Setter
+@NoArgsConstructor
+@AllArgsConstructor
+@Builder
+@RedisHash(value = "token")
+public class GithubTokenRedis {
+	@Id
+	private String githubId;
+
+	private String accessToken;
+
+	private String refreshToken;
+}

src/main/java/com/leets/commitatobe/domain/token/repository/GithubTokenRedisRepository.java

@@ -0,0 +1,8 @@
+package com.leets.commitatobe.domain.token.repository;
+
+import org.springframework.data.repository.CrudRepository;
+
+import com.leets.commitatobe.domain.token.entity.GithubTokenRedis;
+
+public interface GithubTokenRedisRepository extends CrudRepository<GithubTokenRedis, String> {
+}