refactor(be): replace in-memory refresh token with redis (#44)

* refactor: replace in-memory refresh token with redis

Co-authored-by: 유영재 <[email protected]>
Co-authored-by: Choi Jeongmin <[email protected]>
Co-authored-by: 이지호 <[email protected]>

* chore: auto-fix linting and formatting issues

---------

Co-authored-by: shl0501 <[email protected]>
Co-authored-by: 유영재 <[email protected]>
Co-authored-by: Choi Jeongmin <[email protected]>
Co-authored-by: 이지호 <[email protected]>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

Author: 6 people

apps/server/src/auth/auth.controller.ts

@@ -20,13 +20,13 @@ export class AuthController {
   @LoginSwagger()
   async login(@Body() loginDto: LoginDto, @Res({ passthrough: true }) response: Response) {
     const { userId, nickname } = await this.authService.validateUser(loginDto);
-    const refreshToken = this.authService.generateRefreshToken(userId, nickname);
+    const refreshToken = await this.authService.generateRefreshToken(userId, nickname);
     const accessToken = await this.authService.generateAccessToken(refreshToken);
 
     response.cookie(this.REFRESH_TOKEN, refreshToken, {
       httpOnly: true,
-      secure: false, //TODO : https
-      maxAge: this.authService.getRefreshTokenExpireTime(),
+      secure: true,
+      maxAge: this.authService.getRefreshTokenExpireTime() * 1000,
     });
 
     return { accessToken, userId };
@@ -43,7 +43,7 @@ export class AuthController {
 
   @Post('logout')
   @LogoutSwagger()
-  logout(@Req() request: Request, @Res({ passthrough: true }) response: Response) {
+  async logout(@Req() request: Request, @Res({ passthrough: true }) response: Response) {
     const refreshToken = request.cookies[this.REFRESH_TOKEN];
     this.authService.removeRefreshToken(refreshToken);
     response.clearCookie(this.REFRESH_TOKEN);

apps/server/src/auth/auth.service.ts

@@ -1,6 +1,7 @@
-import { Injectable, OnModuleInit } from '@nestjs/common';
+import { Inject, Injectable, OnModuleInit } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import * as bcrypt from 'bcrypt';
+import Redis from 'ioredis';
 import { v4 as uuid4 } from 'uuid';
 
 import { LoginDto } from './dto/login.dto';
@@ -11,48 +12,25 @@ import { UsersRepository } from '@users/users.repository';
 interface RefreshTokenData {
   userId: number;
   nickname: string;
-  expiredAt: Date;
 }
 
 @Injectable()
-export class AuthService implements OnModuleInit {
-  private refreshTokens: Record<string, RefreshTokenData> = {};
-  private readonly REFRESH_TOKEN_CONFIG = {
-    EXPIRE_INTERVAL: 7 * 24 * 60 * 60 * 1000, // 7일
-    CLEANUP_INTERVAL: 60 * 60 * 1000, // 1시간
-  } as const;
+export class AuthService {
+  private readonly REFRESH_TOKEN_TTL = 7 * 24 * 60 * 60;
 
   constructor(
     private readonly jwtService: JwtService,
     private readonly usersRepository: UsersRepository,
+    @Inject('REDIS_REFRESH_TOKEN') private readonly refreshTokensRedisClient: Redis,
   ) {}
 
-  getInfo(refreshToken: string) {
-    const user = this.refreshTokens[refreshToken];
-    return user ? user.userId : null;
+  async getInfo(refreshToken: string) {
+    const refreshTokenData: RefreshTokenData = JSON.parse(await this.refreshTokensRedisClient.get(refreshToken));
+    return refreshTokenData ? refreshTokenData.userId : null;
   }
 
   getRefreshTokenExpireTime() {
-    return this.REFRESH_TOKEN_CONFIG.EXPIRE_INTERVAL;
-  }
-
-  onModuleInit() {
-    this.startPeriodicCleanup();
-  }
-
-  private startPeriodicCleanup() {
-    setInterval(() => {
-      this.cleanupExpiredTokens();
-    }, this.REFRESH_TOKEN_CONFIG.CLEANUP_INTERVAL);
-  }
-
-  private cleanupExpiredTokens() {
-    const now = new Date();
-    const expiredTokens = Object.keys(this.refreshTokens).filter((token) => this.refreshTokens[token].expiredAt < now);
-
-    expiredTokens.forEach((token) => {
-      this.removeRefreshToken(token);
-    });
+    return this.REFRESH_TOKEN_TTL;
   }
 
   async validateUser(loginDto: LoginDto) {
@@ -65,35 +43,32 @@ export class AuthService implements OnModuleInit {
     return { userId: user.userId, nickname: user.nickname };
   }
 
-  generateRefreshToken(userId: number, nickname: string) {
+  async generateRefreshToken(userId: number, nickname: string) {
     const token = uuid4();
-    this.refreshTokens[token] = {
+    const tokenData: RefreshTokenData = {
       userId,
       nickname,
-      expiredAt: new Date(Date.now() + this.REFRESH_TOKEN_CONFIG.EXPIRE_INTERVAL),
     };
+
+    await this.refreshTokensRedisClient.set(token, JSON.stringify(tokenData), 'EX', this.REFRESH_TOKEN_TTL);
     return token;
   }
 
   async generateAccessToken(refreshToken: string) {
-    await this.validateRefreshToken(refreshToken);
-    return this.jwtService.sign(this.refreshTokens[refreshToken], {
+    const tokenData: RefreshTokenData = await this.validateRefreshToken(refreshToken);
+    return this.jwtService.sign(tokenData, {
       expiresIn: '2d',
       secret: process.env.JWT_ACCESS_SECRET,
     });
   }
 
   private async validateRefreshToken(refreshToken: string) {
-    const tokenData = this.refreshTokens[refreshToken];
+    const tokenData = await this.refreshTokensRedisClient.get(refreshToken);
     if (!tokenData) throw RefreshTokenException.invalid();
-
-    if (tokenData.expiredAt < new Date()) {
-      this.removeRefreshToken(refreshToken);
-      throw RefreshTokenException.expired();
-    }
+    return JSON.parse(tokenData);
   }
 
-  removeRefreshToken(refreshToken: string) {
-    delete this.refreshTokens[refreshToken];
+  async removeRefreshToken(refreshToken: string) {
+    await this.refreshTokensRedisClient.del(refreshToken);
   }
 }

apps/server/src/common/redis.module.ts

@@ -24,7 +24,17 @@ import Redis from 'ioredis';
         });
       },
     },
+    {
+      provide: 'REDIS_REFRESH_TOKEN',
+      useFactory: () => {
+        return new Redis({
+          host: process.env.REDIS_HOST,
+          port: Number(process.env.REDIS_PORT),
+          db: 2,
+        });
+      },
+    },
   ],
-  exports: ['REDIS_SESSION', 'REDIS_TOKEN'],
+  exports: ['REDIS_SESSION', 'REDIS_TOKEN', 'REDIS_REFRESH_TOKEN'],
 })
 export class RedisModule {}

apps/server/src/main.ts

@@ -34,4 +34,6 @@ if (args.includes('http')) {
   bootstrap(Number(process.env.API_SERVER_PORT ?? '3000'));
 } else if (args.includes('ws')) {
   bootstrap(Number(process.env.SOCKET_SERVER_PORT ?? '4000'));
+} else {
+  bootstrap(Number(process.env.API_SERVER_PORT ?? '3000'));
 }