Merge pull request #167 from Team-Going/feature/166

SunwoongH · web-flow · commit 91b7918bcc60 · 2024-07-11T13:10:43.000+09:00
[fix] Access Token &amp; Refresh Token 검증 오류 수정
diff --git a/doorip-api/src/main/java/org/doorip/auth/jwt/JwtGenerator.java b/doorip-api/src/main/java/org/doorip/auth/jwt/JwtGenerator.java
@@ -27,6 +27,7 @@ public String generateToken(Long userId, boolean isAccessToken) {
         return Jwts.builder()
                 .setHeaderParam(Header.TYPE, Header.JWT_TYPE)
                 .setSubject(String.valueOf(userId))
+                .setIssuer(setIssuerBy(isAccessToken).toString())
                 .setIssuedAt(now)
                 .setExpiration(expiration)
                 .signWith(getSigningKey(), SignatureAlgorithm.HS256)
@@ -62,4 +63,11 @@ private String encodeSecretKey() {
         return Base64.getEncoder()
                 .encodeToString(secretKey.getBytes());
     }
+
+    private JwtType setIssuerBy(boolean isAccessToken) {
+        if (isAccessToken) {
+            return JwtType.AT;
+        }
+        return JwtType.RT;
+    }
 }
diff --git a/doorip-api/src/main/java/org/doorip/auth/jwt/JwtType.java b/doorip-api/src/main/java/org/doorip/auth/jwt/JwtType.java
@@ -0,0 +1,6 @@
+package org.doorip.auth.jwt;
+
+public enum JwtType {
+    AT,
+    RT;
+}
diff --git a/doorip-api/src/main/java/org/doorip/auth/jwt/JwtValidator.java b/doorip-api/src/main/java/org/doorip/auth/jwt/JwtValidator.java
@@ -1,5 +1,6 @@
 package org.doorip.auth.jwt;
 
+import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.JwtParser;
 import lombok.RequiredArgsConstructor;
@@ -14,7 +15,11 @@ public class JwtValidator {
 
     public void validateAccessToken(String accessToken) {
         try {
-            parseToken(accessToken);
+            Claims claims = parseToken(accessToken);
+            String issuer = claims.getIssuer();
+            if (issuer.equals(JwtType.RT.toString())) {
+                throw new UnauthorizedException(ErrorMessage.INVALID_ACCESS_TOKEN_VALUE);
+            }
         } catch (ExpiredJwtException e) {
             throw new UnauthorizedException(ErrorMessage.EXPIRED_ACCESS_TOKEN);
         } catch (Exception e) {
@@ -24,7 +29,11 @@ public void validateAccessToken(String accessToken) {
 
     public void validateRefreshToken(String refreshToken) {
         try {
-            parseToken(refreshToken);
+            Claims claims = parseToken(refreshToken);
+            String issuer = claims.getIssuer();
+            if (issuer.equals(JwtType.AT.toString())) {
+                throw new UnauthorizedException(ErrorMessage.INVALID_REFRESH_TOKEN_VALUE);
+            }
         } catch (ExpiredJwtException e) {
             throw new UnauthorizedException(ErrorMessage.EXPIRED_REFRESH_TOKEN);
         } catch (Exception e) {
@@ -38,8 +47,9 @@ public void equalsRefreshToken(String refreshToken, String storedRefreshToken) {
         }
     }
 
-    private void parseToken(String token) {
+    private Claims parseToken(String token) {
         JwtParser jwtParser = jwtGenerator.getJwtParser();
-        jwtParser.parseClaimsJws(token);
+        return jwtParser.parseClaimsJws(token)
+                .getBody();
     }
 }
