Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BE] HOTFix/#424 validateTokensForReissue 디버깅을 위한 에러코드 추가 #443

Merged
merged 5 commits into from
Sep 19, 2023
Merged

[BE] HOTFix/#424 validateTokensForReissue 디버깅을 위한 에러코드 추가 #443

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
82e8bb4
fix: RefreshToken Payload 추가 및 CORS 완화
junpakPark Sep 17, 2023
da5bfc1
fix: Refresh Token Header 허용
junpakPark Sep 17, 2023
4f57027
fix: CORS 재설정 및 sameSite None
junpakPark Sep 17, 2023
75087f1
fix: 디버깅을 위한 에러코드 추가
junpakPark Sep 19, 2023
e6c45e2
fix: validateTokensForReissue 디버깅을 위한 에러코드 추가
junpakPark Sep 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion backend/src/main/java/com/mapbefine/mapbefine/auth/exception/AuthErrorCode.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@ public enum AuthErrorCode {
ILLEGAL_TOKEN("01101", "로그인에 실패하였습니다."),
FORBIDDEN_ADMIN_ACCESS("01102", "로그인에 실패하였습니다."),
BLOCKING_MEMBER_ACCESS("01103", "로그인에 실패하였습니다."),
EXPIRED_TOKEN("01104", "기간이 만료된 토큰입니다.")
EXPIRED_TOKEN("01104", "기간이 만료된 토큰입니다."),
BAD_REQUEST_TOKEN("01005", "잘못된 요청입니다.")
;

private final String code;
Expand Down
12 changes: 7 additions & 5 deletions backend/src/main/java/com/mapbefine/mapbefine/auth/infrastructure/JwtTokenProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.mapbefine.mapbefine.auth.infrastructure;

import static com.mapbefine.mapbefine.auth.exception.AuthErrorCode.BAD_REQUEST_TOKEN;
import static com.mapbefine.mapbefine.auth.exception.AuthErrorCode.EXPIRED_TOKEN;
import static com.mapbefine.mapbefine.auth.exception.AuthErrorCode.ILLEGAL_TOKEN;

Expand All @@ -11,14 +12,13 @@
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Date;
import java.util.UUID;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
public class JwtTokenProvider implements TokenProvider {

private static final String EMPTY = "";

private final String secretKey;
private final long accessExpirationTime;
private final long refreshExpirationTime;
Expand All @@ -41,7 +41,9 @@ public String createAccessToken(String payload) {
}

public String createRefreshToken() {
return createToken(EMPTY, refreshExpirationTime);
UUID payload = UUID.randomUUID();

return createToken(payload.toString(), refreshExpirationTime);
}

private String createToken(String payload, Long validityInMilliseconds) {
Expand All @@ -66,15 +68,15 @@ public void validateTokensForReissue(String refreshToken, String accessToken) {
if (canReissueAccessToken) {
return;
}
throw new AuthUnauthorizedException(ILLEGAL_TOKEN);
throw new AuthUnauthorizedException(BAD_REQUEST_TOKEN);
}

public void validateTokensForRemoval(String refreshToken, String accessToken) {
boolean canRemoveRefreshToken = !isExpired(refreshToken) && !isExpired(accessToken);
if (canRemoveRefreshToken) {
return;
}
throw new AuthUnauthorizedException(EXPIRED_TOKEN);
throw new AuthUnauthorizedException(BAD_REQUEST_TOKEN);
}

public void validateAccessToken(String accessToken) {
Expand Down
2 changes: 1 addition & 1 deletion backend/src/main/java/com/mapbefine/mapbefine/auth/presentation/LoginController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ private ResponseCookie createCookie(String refreshToken) {
return ResponseCookie.from("refresh-token", refreshToken)
.httpOnly(true)
.maxAge(TWO_WEEKS)
.sameSite("Lax")
.sameSite("None")
.secure(true)
.path("/")
.build();
Expand Down
3 changes: 2 additions & 1 deletion backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.mapbefine.mapbefine.common.config;

import static org.springframework.http.HttpHeaders.COOKIE;
import static org.springframework.http.HttpHeaders.LOCATION;
import static org.springframework.http.HttpHeaders.SET_COOKIE;

Expand All @@ -16,7 +17,7 @@ public class WebConfig implements WebMvcConfigurer {
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("http://localhost:3000", "https://mapbefine.kro.kr", "https://mapbefine.com")
.allowedHeaders("refresh-token")
.allowedHeaders(COOKIE)
.allowedMethods("*")
.allowCredentials(true)
.exposedHeaders(LOCATION, SET_COOKIE);
Expand Down
Loading