feat: 리프레쉬 토큰을 RDBMS에서 관리한다

.github/CODEOWNERS

@@ -1 +1 @@
-* @bbbang105
+* @bbbang105 @anxi01

.github/auto_assign.yaml → .github/auto-assign-config.yaml

@@ -1,4 +1,5 @@
 addReviewers: true
 addAssignees: author
 reviewers:
-  - bbang105
+  - bbbang105
+  - anxi01

.github/workflows/auto-assign.yaml

@@ -0,0 +1,15 @@
+name: Auto Assign
+
+on:
+  pull_request:
+    types: [opened, ready_for_review]
+
+jobs:
+  assign:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - uses: kentaro-m/auto-assign-action@v2.0.1
+        with:
+          configuration-path: '.github/auto-assign-config.yaml'

.github/workflows/commit-labeler.yaml

@@ -21,16 +21,19 @@ jobs:
 
             for (const c of commits.data) {
               const msg = c.commit.message.toLowerCase();
-                if (msg.includes("[feat]")) labels.add("🚀 feat");
-                if (msg.includes("[fix]")) labels.add("🚨 fix");
-                if (msg.includes("[docs]")) labels.add("📄 docs");
-                if (msg.includes("[style]")) labels.add("🌱 style");
-                if (msg.includes("[refactor]")) labels.add("🔄 refactor");
-                if (msg.includes("[chore]")) labels.add("⚒️ chore");
-                if (msg.includes("[hotfix]")) labels.add("🛟 hotfix");
-                if (msg.includes("[release]")) labels.add("💫 release");
-                if (msg.includes("[rename]")) labels.add("🎫 rename");
-                if (msg.includes("[remove]")) labels.add("✂️ remove");
+                if (msg.includes("feat")) labels.add("🚀 feat");
+                if (msg.includes("fix")) labels.add("🚨 fix");
+                if (msg.includes("docs")) labels.add("📄 docs");
+                if (msg.includes("style")) labels.add("🌱 style");
+                if (msg.includes("refactor")) labels.add("🔄 refactor");
+                if (msg.includes("test")) labels.add("✅ test");
+                if (msg.includes("perf")) labels.add("⚡️ perf");
+                if (msg.includes("chore")) labels.add("⚒️ chore");
+                if (msg.includes("ci")) labels.add("🔧 ci");
+                if (msg.includes("hotfix")) labels.add("🛟 hotfix");
+                if (msg.includes("release")) labels.add("💫 release");
+                if (msg.includes("rename")) labels.add("🎫 rename");
+                if (msg.includes("remove")) labels.add("✂️ remove");
             }
 
             if (labels.size > 0) {

.github/workflows/prod-cicd.yaml

@@ -11,6 +11,7 @@ permissions:
 jobs:
   build-and-push:
     name: Build and Push to ECR
+    if: github.event.pull_request.merged == true
     runs-on: ubuntu-latest
     environment: prod
     steps:

.gitignore

@@ -39,3 +39,6 @@ out/
 ### Claude Code ###
 .claude
 /docs
+
+### Auto-generated files ###
+src/main/resources/static/docs/open-api-3.0.1.json

build.gradle

@@ -94,6 +94,12 @@ dependencies {
 
     // Jsoup
     implementation 'org.jsoup:jsoup:1.21.2'
+
+    // Testcontainers
+    testImplementation 'org.springframework.boot:spring-boot-testcontainers'
+    testImplementation 'org.testcontainers:testcontainers'
+    testImplementation 'org.testcontainers:junit-jupiter:1.19.0'
+    testImplementation 'org.testcontainers:mysql:1.20.1'
 }
 
 // QueryDSL 디렉토리

src/main/java/side/onetime/auth/handler/OAuthLoginSuccessHandler.java

@@ -1,14 +1,22 @@
 package side.onetime.auth.handler;
 
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
-import lombok.RequiredArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
+import java.io.IOException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+import java.time.LocalDateTime;
+import java.util.Map;
+import java.util.UUID;
+
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import side.onetime.auth.dto.GoogleUserInfo;
 import side.onetime.auth.dto.KakaoUserInfo;
 import side.onetime.auth.dto.NaverUserInfo;
@@ -17,13 +25,9 @@
 import side.onetime.domain.User;
 import side.onetime.repository.RefreshTokenRepository;
 import side.onetime.repository.UserRepository;
+import side.onetime.util.ClientInfoExtractor;
 import side.onetime.util.JwtUtil;
 
-import java.io.IOException;
-import java.net.URLEncoder;
-import java.nio.charset.StandardCharsets;
-import java.util.Map;
-
 @Slf4j
 @Component
 @RequiredArgsConstructor
@@ -38,6 +42,7 @@ public class OAuthLoginSuccessHandler extends SimpleUrlAuthenticationSuccessHand
     private final JwtUtil jwtUtil;
     private final UserRepository userRepository;
     private final RefreshTokenRepository refreshTokenRepository;
+    private final ClientInfoExtractor clientInfoExtractor;
 
     /**
      * OAuth2 인증 성공 처리 메서드.
@@ -141,12 +146,27 @@ private void handleNewUser(HttpServletRequest request, HttpServletResponse respo
     private void handleExistingUser(HttpServletRequest request, HttpServletResponse response, User user) throws IOException {
         Long userId = user.getId();
         String browserId = jwtUtil.hashUserAgent(request.getHeader("User-Agent"));
+        String userIp = clientInfoExtractor.extractClientIp(request);
+        String userAgent = clientInfoExtractor.extractUserAgent(request);
+
+        // 기존 브라우저의 ACTIVE 토큰 revoke
+        refreshTokenRepository.revokeByUserIdAndBrowserId(userId, browserId);
+
+        // 새 토큰 생성
+        String jti = UUID.randomUUID().toString();
+        String accessToken = jwtUtil.generateAccessToken(userId, "USER");
+        String refreshTokenValue = jwtUtil.generateRefreshToken(userId, browserId, jti);
+
+        LocalDateTime now = LocalDateTime.now();
+        LocalDateTime expiryAt = jwtUtil.calculateRefreshTokenExpiryAt(now);
 
-        String accessToken = jwtUtil.generateAccessToken(userId,"USER");
-        String refreshToken = jwtUtil.generateRefreshToken(userId, browserId);
-        refreshTokenRepository.save(new RefreshToken(userId, browserId, refreshToken));
+        RefreshToken refreshToken = RefreshToken.create(
+                userId, jti, browserId, refreshTokenValue,
+                now, expiryAt, userIp, userAgent
+        );
+        refreshTokenRepository.save(refreshToken);
 
-        String redirectUri = String.format(ACCESS_TOKEN_REDIRECT_URI, "true", accessToken, refreshToken);
+        String redirectUri = String.format(ACCESS_TOKEN_REDIRECT_URI, "true", accessToken, refreshTokenValue);
         getRedirectStrategy().sendRedirect(request, response, redirectUri);
     }
 }

src/main/java/side/onetime/controller/TokenController.java

@@ -1,12 +1,14 @@
 package side.onetime.controller;
 
-import jakarta.validation.Valid;
-import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
 import side.onetime.dto.token.request.ReissueTokenRequest;
 import side.onetime.dto.token.response.ReissueTokenResponse;
 import side.onetime.global.common.ApiResponse;
@@ -24,13 +26,15 @@ public class TokenController {
      * 액세스 토큰 재발행 API.
      *
      * @param reissueAccessTokenRequest 리프레쉬 토큰을 포함한 요청 객체
+     * @param httpRequest HttpServletRequest (IP, User-Agent 추출용)
      * @return 재발행된 액세스 토큰과 리프레쉬 토큰을 포함하는 응답 객체
      */
     @PostMapping("/action-reissue")
     public ResponseEntity<ApiResponse<ReissueTokenResponse>> reissueToken(
-            @Valid @RequestBody ReissueTokenRequest reissueAccessTokenRequest) {
+            @Valid @RequestBody ReissueTokenRequest reissueAccessTokenRequest,
+            HttpServletRequest httpRequest) {
 
-        ReissueTokenResponse reissueTokenResponse = tokenService.reissueToken(reissueAccessTokenRequest);
+        ReissueTokenResponse reissueTokenResponse = tokenService.reissueToken(reissueAccessTokenRequest, httpRequest);
         return ApiResponse.onSuccess(SuccessStatus._REISSUE_TOKENS, reissueTokenResponse);
     }
 }

src/main/java/side/onetime/controller/UserController.java

@@ -1,12 +1,31 @@
 package side.onetime.controller;
 
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PatchMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
-import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.*;
 import side.onetime.domain.enums.GuideType;
-import side.onetime.dto.user.request.*;
-import side.onetime.dto.user.response.*;
+import side.onetime.dto.user.request.CreateGuideViewLogRequest;
+import side.onetime.dto.user.request.LogoutUserRequest;
+import side.onetime.dto.user.request.OnboardUserRequest;
+import side.onetime.dto.user.request.UpdateUserPolicyAgreementRequest;
+import side.onetime.dto.user.request.UpdateUserProfileRequest;
+import side.onetime.dto.user.request.UpdateUserSleepTimeRequest;
+import side.onetime.dto.user.response.GetGuideViewLogResponse;
+import side.onetime.dto.user.response.GetUserPolicyAgreementResponse;
+import side.onetime.dto.user.response.GetUserProfileResponse;
+import side.onetime.dto.user.response.GetUserSleepTimeResponse;
+import side.onetime.dto.user.response.OnboardUserResponse;
 import side.onetime.global.common.ApiResponse;
 import side.onetime.global.common.status.SuccessStatus;
 import side.onetime.service.UserService;
@@ -28,9 +47,10 @@ public class UserController {
      */
     @PostMapping("/onboarding")
     public ResponseEntity<ApiResponse<OnboardUserResponse>> onboardUser(
-            @Valid @RequestBody OnboardUserRequest onboardUserRequest) {
+            @Valid @RequestBody OnboardUserRequest onboardUserRequest,
+            HttpServletRequest httpRequest) {
 
-        OnboardUserResponse onboardUserResponse = userService.onboardUser(onboardUserRequest);
+        OnboardUserResponse onboardUserResponse = userService.onboardUser(onboardUserRequest, httpRequest);
         return ApiResponse.onSuccess(SuccessStatus._ONBOARD_USER, onboardUserResponse);
     }