refactor: import 정리

* feat: 티켓 구매, 환불 메서드 분산 락 적용

* refactor: aop 를 통한 lock 검증 메서드 분리

* fix: @TicketLock annotations delete

server/.gitignore

@@ -6,6 +6,7 @@
 # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
 
 HELP.md
+bin/**
 
 # User-specific stuff
 .idea/**/workspace.xml

server/Dockerfile

@@ -0,0 +1,12 @@
+FROM openjdk:11-jre-slim
+
+ENV APP_HOME=/usr/app/
+
+WORKDIR $APP_HOME
+
+COPY build/libs/server-0.0.1-SNAPSHOT.jar application.jar
+
+EXPOSE 8443
+EXPOSE 8080
+
+CMD ["java", "-jar", "application.jar"]

server/src/intTest/java/com/ticketing/server/movie/aop/TicketLockAspectTest.java

@@ -49,7 +49,7 @@ class TicketLockAspectTest {
 
 		assertAll(
 			() -> assertThat(result1).isNotEqualTo(result2),
-			() -> assertThat(unlockCount > 1).isTrue()
+			() -> assertThat(unlockCount > 0).isTrue()
 		);
 	}
 

server/src/intTest/java/com/ticketing/server/user/application/AuthControllerTest.java

@@ -1,5 +1,7 @@
 package com.ticketing.server.user.application;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertAll;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
@@ -9,8 +11,11 @@ import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.ticketing.server.global.redis.RefreshRedisRepository;
 import com.ticketing.server.user.application.request.LoginRequest;
+import com.ticketing.server.user.application.request.RefreshRequest;
 import com.ticketing.server.user.application.request.SignUpRequest;
+import com.ticketing.server.user.application.response.TokenResponse;
 import com.ticketing.server.user.service.interfaces.UserService;
+import java.util.concurrent.TimeUnit;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
@@ -30,8 +35,12 @@ import org.springframework.web.context.WebApplicationContext;
 class AuthControllerTest {
 
 	private static final String LOGIN_URL = "/api/auth/token";
+	private static final String REFRESH_URL = "/api/auth/refresh";
+	private static final String LOGOUT_URL = "/api/auth/logout";
 	private static final String REGISTER_URL = "/api/users";
+
 	private static final String USER_EMAIL = "ticketing@gmail.com";
+	private static final String USER_PW = "qwe123";
 
 	@Autowired
 	WebApplicationContext context;
@@ -54,7 +63,7 @@ class AuthControllerTest {
 	@DisplayName("로그인 인증 성공")
 	void loginSuccess() throws Exception {
 		// given
-		LoginRequest request = new LoginRequest(USER_EMAIL, "qwe123");
+		LoginRequest request = new LoginRequest(USER_EMAIL, USER_PW);
 
 		// when
 		ResultActions actions = mvc.perform(post(LOGIN_URL)
@@ -82,6 +91,69 @@ class AuthControllerTest {
 			.andExpect(status().isUnauthorized());
 	}
 
+	@Test
+	@DisplayName("리프레쉬 토큰 발급 성공")
+	void refreshTokenSuccess() throws Exception {
+		// given
+		LoginRequest loginRequest = new LoginRequest(USER_EMAIL, USER_PW);
+
+		// when
+		// 로그인
+		String loginResponseBody = mvc.perform(post(LOGIN_URL)
+				.content(asJsonString(loginRequest))
+				.contentType(MediaType.APPLICATION_JSON))
+			.andReturn()
+			.getResponse()
+			.getContentAsString();
+
+		TokenResponse loginResponse = objectMapper.readValue(loginResponseBody, TokenResponse.class);
+		RefreshRequest refreshRequest = new RefreshRequest(loginResponse.getRefreshToken());
+
+		// 토큰재발급
+		String refreshResponseBody = mvc.perform(post(REFRESH_URL)
+				.content(asJsonString(refreshRequest))
+				.contentType(MediaType.APPLICATION_JSON))
+			.andReturn()
+			.getResponse()
+			.getContentAsString();
+
+		TokenResponse refreshBody = objectMapper.readValue(refreshResponseBody, TokenResponse.class);
+
+		// then
+		assertAll(
+			() -> assertThat(refreshBody.getAccessToken()).isNotEmpty(),
+			() -> assertThat(refreshBody.getRefreshToken()).isNotEmpty(),
+			() -> assertThat(loginResponse.getTokenType()).isEqualTo(refreshBody.getTokenType()),
+			() -> assertThat(loginResponse.getExpiresIn()).isEqualTo(refreshBody.getExpiresIn())
+		);
+	}
+
+	@Test
+	@DisplayName("로그아웃 성공")
+	void logoutSuccess() throws Exception {
+		// given
+		LoginRequest loginRequest = new LoginRequest(USER_EMAIL, USER_PW);
+
+		// 로그인
+		String loginResponseBody = mvc.perform(post(LOGIN_URL)
+				.content(asJsonString(loginRequest))
+				.contentType(MediaType.APPLICATION_JSON))
+			.andReturn()
+			.getResponse()
+			.getContentAsString();
+
+		TokenResponse loginResponse = objectMapper.readValue(loginResponseBody, TokenResponse.class);
+		String authorization = loginResponse.getTokenType() + " " + loginResponse.getAccessToken();
+
+		// 로그아웃
+		ResultActions actions = mvc.perform(post(LOGOUT_URL)
+			.header("Authorization", authorization));
+
+		// then
+		actions.andDo(print())
+			.andExpect(status().isOk());
+	}
+
 	@BeforeEach
 	void init() throws Exception {
 		mvc = MockMvcBuilders
@@ -89,7 +161,7 @@ class AuthControllerTest {
 			.apply(springSecurity())
 			.build();
 
-		SignUpRequest signUpRequest = new SignUpRequest("ticketing", USER_EMAIL, "qwe123", "010-1234-5678");
+		SignUpRequest signUpRequest = new SignUpRequest("ticketing", USER_EMAIL, USER_PW, "010-1234-5678");
 
 		mvc.perform(post(REGISTER_URL)
 			.content(asJsonString(signUpRequest))
@@ -102,6 +174,7 @@ class AuthControllerTest {
 	}
 
 	private String asJsonString(Object object) throws JsonProcessingException {
+
 		return objectMapper.writeValueAsString(object);
 	}
 

server/src/intTest/java/com/ticketing/server/user/application/UserControllerTest.java

@@ -69,7 +69,6 @@ class UserControllerTest {
 
 	SignUpRequest signUpRequest;
 
-
 	@Test
 	@DisplayName("회원가입 성공")
 	void registerSuccess() throws Exception {

server/src/main/java/com/ticketing/server/global/redis/RefreshToken.java

@@ -28,8 +28,9 @@ public class RefreshToken {
 		this.token = token;
 	}
 
-	public void changeToken(String token) {
+	public RefreshToken changeToken(String token) {
 		this.token = token;
+		return this;
 	}
 
 }

server/src/main/java/com/ticketing/server/global/security/jwt/JwtProvider.java

@@ -27,6 +27,7 @@ public class JwtProvider {
 
 	private static final String AUTHORITIES_KEY = "auth";
 	private static final String AUTHORITIES_DELIMITER = ",";
+	private static final String ROLE = "ROLE_";
 
 	private final Key key;
 	private final String prefix;
@@ -89,7 +90,7 @@ public class JwtProvider {
 	}
 
 	private String makeRoleName(String role) {
-		return "ROLE_" + role.toUpperCase();
+		return role.contains(ROLE) ? role.toUpperCase() : ROLE + role.toUpperCase();
 	}
 
 	public Authentication getAuthentication(String token) {

server/src/main/java/com/ticketing/server/user/application/AuthController.java

@@ -1,10 +1,11 @@
 package com.ticketing.server.user.application;
 
 import com.ticketing.server.user.application.request.LoginRequest;
+import com.ticketing.server.user.application.request.RefreshRequest;
 import com.ticketing.server.user.application.response.LogoutResponse;
-import com.ticketing.server.user.service.dto.TokenDTO;
 import com.ticketing.server.user.application.response.TokenResponse;
 import com.ticketing.server.user.service.dto.DeleteRefreshTokenDTO;
+import com.ticketing.server.user.service.dto.TokenDTO;
 import com.ticketing.server.user.service.interfaces.AuthenticationService;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -16,7 +17,6 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
@@ -37,8 +37,8 @@ public class AuthController {
 	}
 
 	@PostMapping("/refresh")
-	public ResponseEntity<TokenResponse> refreshToken(@RequestParam("refreshToken") String refreshToken) {
+	public ResponseEntity<TokenResponse> refreshToken(@RequestBody RefreshRequest request) {
-		TokenDTO tokenDto = authenticationService.reissueTokenDto(refreshToken);
+		TokenDTO tokenDto = authenticationService.reissueTokenDto(request.getRefreshToken());
 
 		return ResponseEntity.status(HttpStatus.OK)
 			.headers(getHttpHeaders())

server/src/main/java/com/ticketing/server/user/application/request/RefreshRequest.java

@@ -0,0 +1,14 @@
+package com.ticketing.server.user.application.request;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Getter
+@NoArgsConstructor
+@AllArgsConstructor
+public class RefreshRequest {
+
+	private String refreshToken;
+
+}

server/src/main/java/com/ticketing/server/user/application/response/TokenResponse.java

@@ -2,14 +2,16 @@ package com.ticketing.server.user.application.response;
 
 import lombok.AllArgsConstructor;
 import lombok.Getter;
+import lombok.NoArgsConstructor;
 
 @Getter
+@NoArgsConstructor
 @AllArgsConstructor
 public class TokenResponse {
 
-	private final String accessToken;
+	private String accessToken;
-	private final String refreshToken;
+	private String refreshToken;
-	private final String tokenType;
+	private String tokenType;
-	private final long expiresIn;
+	private long expiresIn;
 
 }

server/src/main/java/com/ticketing/server/user/service/AuthenticationServiceImpl.java

@@ -3,10 +3,9 @@ package com.ticketing.server.user.service;
 import com.ticketing.server.global.exception.ErrorCode;
 import com.ticketing.server.global.redis.RefreshRedisRepository;
 import com.ticketing.server.global.redis.RefreshToken;
-import com.ticketing.server.global.security.jwt.JwtProperties;
 import com.ticketing.server.global.security.jwt.JwtProvider;
-import com.ticketing.server.user.service.dto.TokenDTO;
 import com.ticketing.server.user.service.dto.DeleteRefreshTokenDTO;
+import com.ticketing.server.user.service.dto.TokenDTO;
 import com.ticketing.server.user.service.interfaces.AuthenticationService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -14,7 +13,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
-import org.springframework.util.StringUtils;
 
 @Service
 @RequiredArgsConstructor
@@ -23,7 +21,6 @@ public class AuthenticationServiceImpl implements AuthenticationService {
 	private final RefreshRedisRepository refreshRedisRepository;
 
 	private final JwtProvider jwtProvider;
-	private final JwtProperties jwtProperties;
 	private final AuthenticationManagerBuilder authenticationManagerBuilder;
 
 	@Override
@@ -40,8 +37,14 @@ public class AuthenticationServiceImpl implements AuthenticationService {
 		// refresh 토큰이 있으면 수정, 없으면 생성
 		refreshRedisRepository.findByEmail(email)
 			.ifPresentOrElse(
-				tokenEntity -> tokenEntity.changeToken(tokenDto.getRefreshToken()),
+				tokenEntity -> refreshRedisRepository.save(
-				() -> refreshRedisRepository.save(new RefreshToken(email, tokenDto.getRefreshToken()))
+					tokenEntity.changeToken(
+						tokenDto.getRefreshToken()
+					)
+				),
+				() -> refreshRedisRepository.save(
+					new RefreshToken(email, tokenDto.getRefreshToken())
+				)
 			);
 
 		return tokenDto;
@@ -49,9 +52,7 @@ public class AuthenticationServiceImpl implements AuthenticationService {
 
 	@Override
 	@Transactional
-	public TokenDTO reissueTokenDto(String bearerRefreshToken) {
+	public TokenDTO reissueTokenDto(String refreshToken) {
-		String refreshToken = resolveToken(bearerRefreshToken);
-
 		// 토큰 검증
 		jwtProvider.validateToken(refreshToken);
 
@@ -61,7 +62,7 @@ public class AuthenticationServiceImpl implements AuthenticationService {
 		RefreshToken findTokenEntity = refreshRedisRepository.findByEmail(authentication.getName())
 			.orElseThrow(ErrorCode::throwRefreshTokenNotFound);
 
-		// redis 토큰과 input 토큰이 일치한지 확인
+		// input 토큰이 최신 토큰이 아닐 경우 예외 처리
 		if (!refreshToken.equals(findTokenEntity.getToken())) {
 			throw ErrorCode.throwUnavailableRefreshToken();
 		}
@@ -88,11 +89,4 @@ public class AuthenticationServiceImpl implements AuthenticationService {
 			);
 	}
 
-	private String resolveToken(String bearerToken) {
-		if (StringUtils.hasText(bearerToken) && jwtProperties.hasTokenStartsWith(bearerToken)) {
-			return bearerToken.substring(7);
-		}
-		throw ErrorCode.throwTokenType();
-	}
-
 }

server/src/main/resources/application-prod.yml

@@ -0,0 +1,30 @@
+server:
+  port: 8443
+  address: 0.0.0.0
+
+  http:
+    port: 8080
+
+  ssl:
+    key-store: classpath:keystore/ticketing.p12
+    key-store-password: ENC(OMvGcpZLpggFTiGNkqNe66Zq/SmJXF6o)
+    key-store-type: PKCS12
+
+spring:
+  datasource:
+    url: jdbc:mysql://ticketing-db/ticketing?serverTimezone=Asia/Seoul&characterEncoding=UTF-8
+    username: ENC(LowN1n4w0Ep/DqLD8+q5Bq6AXM4b8e3V)
+    password: ENC(OMvGcpZLpggFTiGNkqNe66Zq/SmJXF6o)
+    driver-class-name: com.mysql.cj.jdbc.Driver
+
+  jpa:
+    properties:
+      hibernate:
+        show_sql: true
+        format_sql: true
+    hibernate:
+      ddl-auto: validate
+
+  redis:
+    host: 172.18.0.3
+    port: 6379

server/src/test/java/com/ticketing/server/user/service/AuthenticationServiceImplTest.java

@@ -10,8 +10,8 @@ import com.ticketing.server.global.redis.RefreshRedisRepository;
 import com.ticketing.server.global.redis.RefreshToken;
 import com.ticketing.server.global.security.jwt.JwtProperties;
 import com.ticketing.server.global.security.jwt.JwtProvider;
-import com.ticketing.server.user.service.dto.TokenDTO;
 import com.ticketing.server.user.domain.UserGrade;
+import com.ticketing.server.user.service.dto.TokenDTO;
 import java.util.Collections;
 import java.util.Optional;
 import org.junit.jupiter.api.BeforeEach;
@@ -62,7 +62,7 @@ class AuthenticationServiceImplTest {
 	@DisplayName("토큰 재발급 성공")
 	void reissueAccessToken() {
 		// given
-		String refreshToken = "Bearer eyJhbGciOiJIUzUxMiJ9";
+		String refreshToken = "eyJhbGciOiJIUzUxMiJ9";
 		when(jwtProvider.validateToken(any())).thenReturn(true);
 		when(jwtProvider.getAuthentication(any())).thenReturn(authenticationToken);
 		when(jwtProvider.generateTokenDto(any())).thenReturn(useJwtProvider.generateTokenDto(authenticationToken));