Update TODO

README.md

@@ -28,9 +28,8 @@ public AuthenticationManager authenticationManager(AuthenticationConfiguration a
 
 # TODO
 
-- [ ] Implement Refresh Token
-- [ ] Control Response Entity
 
 ### Done ✓
 
-- [x] Post on Blog
+- [x] Post on Blog
+- [x] Implement regenerate refresh token test code

build.gradle

@@ -60,6 +60,11 @@ dependencies {
 	Jwt (JSON Web Token Support For The JVM)
 	 */
 	implementation 'io.jsonwebtoken:jjwt:0.9.1'
+
+	/*
+	Redis
+	 */
+	implementation 'org.springframework.boot:spring-boot-starter-data-redis'
 }
 
 tasks.named('test') {

src/main/java/demo/api/auth/AuthController.java

@@ -1,63 +1,37 @@
 package demo.api.auth;
 
+import demo.api.auth.dtos.SignUpRes;
+import demo.api.jwt.dtos.RegenerateTokenDto;
 import demo.api.jwt.dtos.TokenDto;
-import demo.api.user.domain.User;
-import demo.api.user.dtos.UserSignInRequest;
-import demo.api.user.dtos.UserSignUpRequest;
-import java.util.Objects;
-import javax.servlet.http.Cookie;
+import demo.api.auth.dtos.SignInReq;
+import demo.api.auth.dtos.SignUpReq;
 import javax.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
 import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 
-@Controller
+@RestController
 @RequestMapping("/auth")
 @RequiredArgsConstructor
 public class AuthController {
   private final AuthService authService;
 
-  @GetMapping("/signUp")
-  public String signUp() {
-    return "user/signUp";
-  }
-
   @PostMapping("/signUp")
-  public String signUp(@Validated UserSignUpRequest signUpReq) throws Exception {
-    User user = authService.signUp(signUpReq);
-
-    if(!Objects.isNull(user)) {
-      return "redirect:/user/signIn";
-    }
-
-    return "redirect:/user/signUp";
-  }
-
-  @GetMapping("/signIn")
-  public String signIn(@RequestParam(value = "fail", required = false) String flag, Model model) {
-    model.addAttribute("failed", flag != null);
-
-    return "user/signIn";
+  public SignUpRes signUp(@Validated SignUpReq signUpReq) {
+    return authService.signUp(signUpReq);
   }
 
   @PostMapping("/signIn")
-  public String signIn(@Validated UserSignInRequest signInReq, HttpServletResponse res) {
-    ResponseEntity<TokenDto> tokenDtoResponseEntity = authService.signIn(signInReq);
-    Cookie cookie = new Cookie(
-        "access_token",
-        tokenDtoResponseEntity.getBody().getAccess_token()
-    );
+  public ResponseEntity<TokenDto> signIn(@Validated SignInReq signInReq) {
+    return authService.signIn(signInReq);
+  }
 
-    cookie.setPath("/");
-    cookie.setMaxAge(Integer.MAX_VALUE);
-
-    res.addCookie(cookie);
-    return "redirect:/user/profile";
+  @PostMapping("/regenerateToken")
+  public ResponseEntity<TokenDto> regenerateToken(@Validated RegenerateTokenDto refreshTokenDto) {
+    return authService.regenerateToken(refreshTokenDto);
   }
 }

src/main/java/demo/api/auth/AuthService.java

@@ -1,9 +1,10 @@
 package demo.api.auth;
 
+import demo.api.auth.dtos.SignUpRes;
+import demo.api.jwt.dtos.RegenerateTokenDto;
 import demo.api.jwt.dtos.TokenDto;
-import demo.api.user.domain.User;
-import demo.api.user.dtos.UserSignInRequest;
-import demo.api.user.dtos.UserSignUpRequest;
+import demo.api.auth.dtos.SignInReq;
+import demo.api.auth.dtos.SignUpReq;
 import org.springframework.http.ResponseEntity;
 
 public interface AuthService {
@@ -12,12 +13,14 @@ public interface AuthService {
    * @param signUpReq 가입할 유저의 정보 Dto
    * @return 가입된 유저 정보
    */
-  User signUp(UserSignUpRequest signUpReq) throws Exception;
+  SignUpRes signUp(SignUpReq signUpReq);
 
   /**
    * 유저 정보로 로그인
    * @param signInReq 유저의 이메일과 비밀번호
    * @return json web token
    */
-  ResponseEntity<TokenDto> signIn(UserSignInRequest signInReq);
+  ResponseEntity<TokenDto> signIn(SignInReq signInReq);
+
+  ResponseEntity<TokenDto> regenerateToken(RegenerateTokenDto refreshTokenDto);
 }

src/main/java/demo/api/auth/AuthServiceImpl.java

@@ -1,15 +1,19 @@
 package demo.api.auth;
 
+import demo.api.auth.dtos.SignUpRes;
 import demo.api.exception.CustomException;
-import demo.api.jwt.JwtTokenFilter;
 import demo.api.jwt.JwtTokenProvider;
+import demo.api.jwt.dtos.RegenerateTokenDto;
 import demo.api.jwt.dtos.TokenDto;
 import demo.api.user.domain.User;
-import demo.api.user.dtos.UserSignInRequest;
-import demo.api.user.dtos.UserSignUpRequest;
+import demo.api.auth.dtos.SignInReq;
+import demo.api.auth.dtos.SignUpReq;
 import demo.api.user.repository.UserRepository;
-import java.util.Optional;
+import java.util.Objects;
+import java.util.concurrent.TimeUnit;
 import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -28,22 +32,31 @@ public class AuthServiceImpl implements AuthService {
   private final PasswordEncoder bCryptPasswordEncoder;
   private final JwtTokenProvider jwtTokenProvider;
   private final AuthenticationManager authenticationManager;
+  private final RedisTemplate<String, String> redisTemplate;
+
+  @Value("${jwt.token.refresh-token-expire-length}")
+  private long refresh_token_expire_time;
 
   @Override
   @Transactional
-  public User signUp(UserSignUpRequest signUpReq) throws Exception {
+  public SignUpRes signUp(SignUpReq signUpReq){
     System.out.println("signUpReq = " + signUpReq.toString());
 
     if(userRepository.existsByEmail(signUpReq.getEmail())) {
-      throw new Exception("Your Mail already Exist.");
+      return new SignUpRes(false, "Your Mail already Exist.");
     }
     User newUser = signUpReq.toUserEntity();
     newUser.hashPassword(bCryptPasswordEncoder);
-    return userRepository.save(newUser);
+
+    User user = userRepository.save(newUser);
+    if(!Objects.isNull(user)) {
+      return new SignUpRes(true, null);
+    }
+    return new SignUpRes(false, "Fail to Sign Up");
   }
 
   @Override
-  public ResponseEntity<TokenDto> signIn(UserSignInRequest signInReq) {
+  public ResponseEntity<TokenDto> signIn(SignInReq signInReq) {
     try {
       Authentication authentication = authenticationManager.authenticate(
           new UsernamePasswordAuthenticationToken(
@@ -51,14 +64,69 @@ public class AuthServiceImpl implements AuthService {
               signInReq.getPassword()
           )
       );
-      TokenDto tokenDto = new TokenDto(jwtTokenProvider.generateToken(authentication));
+
+      String refresh_token = jwtTokenProvider.generateRefreshToken(authentication);
+
+      TokenDto tokenDto = new TokenDto(
+          jwtTokenProvider.generateAccessToken(authentication),
+          refresh_token
+      );
+
+      // Redis에 저장 - 만료 시간 설정을 통해 자동 삭제 처리
+      redisTemplate.opsForValue().set(
+              authentication.getName(),
+              refresh_token,
+              refresh_token_expire_time,
+              TimeUnit.MILLISECONDS
+          );
 
       HttpHeaders httpHeaders = new HttpHeaders();
       httpHeaders.add("Authorization", "Bearer " + tokenDto.getAccess_token());
 
       return new ResponseEntity<>(tokenDto, httpHeaders, HttpStatus.OK);
     } catch (AuthenticationException e) {
-      throw new CustomException("Invalid credentials supplied", HttpStatus.UNPROCESSABLE_ENTITY);
+      throw new CustomException("Invalid credentials supplied", HttpStatus.BAD_REQUEST);
+    }
+  }
+
+  @Override
+  public ResponseEntity<TokenDto> regenerateToken(RegenerateTokenDto refreshTokenDto) {
+    String refresh_token = refreshTokenDto.getRefresh_token();
+    try {
+      // Refresh Token 검증
+      if (!jwtTokenProvider.validateRefreshToken(refresh_token)) {
+        throw new CustomException("Invalid refresh token supplied", HttpStatus.BAD_REQUEST);
+      }
+
+      // Access Token 에서 User email를 가져온다.
+      Authentication authentication = jwtTokenProvider.getAuthenticationByRefreshToken(refresh_token);
+
+      // Redis에서 저장된 Refresh Token 값을 가져온다.
+      String refreshToken = redisTemplate.opsForValue().get(authentication.getName());
+      if(!refreshToken.equals(refresh_token)) {
+        throw new CustomException("Refresh Token doesn't match.", HttpStatus.BAD_REQUEST);
+      }
+
+      // 토큰 재발행
+      String new_refresh_token = jwtTokenProvider.generateRefreshToken(authentication);
+      TokenDto tokenDto = new TokenDto(
+          jwtTokenProvider.generateAccessToken(authentication),
+          new_refresh_token
+      );
+
+      // RefreshToken Redis에 업데이트
+      redisTemplate.opsForValue().set(
+          authentication.getName(),
+          new_refresh_token,
+          refresh_token_expire_time,
+          TimeUnit.MILLISECONDS
+      );
+
+      HttpHeaders httpHeaders = new HttpHeaders();
+
+      return new ResponseEntity<>(tokenDto, httpHeaders, HttpStatus.OK);
+    } catch (AuthenticationException e) {
+      throw new CustomException("Invalid refresh token supplied", HttpStatus.BAD_REQUEST);
     }
   }
 }

src/main/java/demo/api/auth/dtos/SignInReq.java

@@ -1,16 +1,14 @@
-package demo.api.user.dtos;
+package demo.api.auth.dtos;
 
-import demo.api.user.domain.User;
 import javax.validation.constraints.Email;
 import javax.validation.constraints.NotEmpty;
 import lombok.Builder;
 import lombok.Getter;
-import lombok.Setter;
 import lombok.ToString;
 
 @Getter
 @ToString
-public class UserSignInRequest {
+public class SignInReq {
   @NotEmpty(message = "Please enter your Email")
   @Email
   private String email;
@@ -18,7 +16,7 @@ public class UserSignInRequest {
   private String password;
 
   @Builder
-  public UserSignInRequest(String email, String password) {
+  public SignInReq(String email, String password) {
     this.email = email;
     this.password = password;
   }

src/main/java/demo/api/auth/dtos/SignUpReq.java

@@ -1,16 +1,15 @@
-package demo.api.user.dtos;
+package demo.api.auth.dtos;
 
 import demo.api.user.domain.User;
 import javax.validation.constraints.Email;
 import javax.validation.constraints.NotEmpty;
 import lombok.Builder;
 import lombok.Getter;
-import lombok.Setter;
 import lombok.ToString;
 
 @Getter
 @ToString
-public class UserSignUpRequest {
+public class SignUpReq {
   @NotEmpty(message = "Please enter your Email")
   @Email
   private String email;
@@ -20,7 +19,7 @@ public class UserSignUpRequest {
   private String name;
 
   @Builder
-  public UserSignUpRequest(String email, String password, String name) {
+  public SignUpReq(String email, String password, String name) {
     this.email = email;
     this.password = password;
     this.name = name;

src/main/java/demo/api/auth/dtos/SignUpRes.java

@@ -0,0 +1,17 @@
+package demo.api.auth.dtos;
+
+import demo.api.common.dtos.CoreRes;
+import javax.validation.constraints.Email;
+import javax.validation.constraints.NotEmpty;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.ToString;
+
+
+@Getter
+public class SignUpRes extends CoreRes {
+  public SignUpRes(boolean ok, String error) {
+    super(ok, error);
+  }
+}

src/main/java/demo/api/common/dtos/CoreRes.java

@@ -0,0 +1,11 @@
+package demo.api.common.dtos;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@Getter
+@AllArgsConstructor
+public class CoreRes {
+  private boolean ok;
+  private String error;
+}

src/main/java/demo/api/config/RedisConfig.java

@@ -0,0 +1,42 @@
+package demo.api.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
+
+@Configuration
+public class RedisConfig {
+  @Value("${redis.host}")
+  private String redisHost;
+
+  @Value("${redis.port}")
+  private int redisPort;
+
+  /*
+  RedisTemplate을 이용한 방식
+
+  RedisConnectionFactory 인터페이스를 통해
+  LettuceConnectionFactory를 생성하여 반환
+   */
+  @Bean
+  public RedisConnectionFactory redisConnectionFactory() {
+    return new LettuceConnectionFactory(redisHost, redisPort);
+  }
+
+  @Bean
+  public RedisTemplate<String, String> redisTemplate() {
+    // redisTemplate를 받아와서 set, get, delete를 사용
+    RedisTemplate<String, String> redisTemplate = new RedisTemplate<>();
+    // setKeySerializer, setValueSerializer 설정
+    // redis-cli을 통해 직접 데이터를 조회 시 알아볼 수 없는 형태로 출력되는 것을 방지
+    redisTemplate.setKeySerializer(new StringRedisSerializer());
+    redisTemplate.setValueSerializer(new StringRedisSerializer());
+    redisTemplate.setConnectionFactory(redisConnectionFactory());
+
+    return redisTemplate;
+  }
+}

src/main/java/demo/api/config/SecurityConfig.java

@@ -49,6 +49,8 @@ public class SecurityConfig {
             "/auth/signUp",
             "/user/userList",
             "/auth/signIn*",
+            "/user/profile/view/**",
+            "/auth/regenerateToken",
             "/favicon.ico"
         ).permitAll()
         .anyRequest().authenticated();

src/main/java/demo/api/config/UserDetailsServiceImpl.java

@@ -1,7 +1,7 @@
 package demo.api.config;
 
 import demo.api.user.domain.User;
-import demo.api.user.exception.UserNotFoundException;
+import demo.api.exception.UserNotFoundException;
 import demo.api.user.repository.UserRepository;
 import java.util.HashSet;
 import java.util.Set;

src/main/java/demo/api/exception/UserNotFoundException.java

@@ -1,4 +1,4 @@
-package demo.api.user.exception;
+package demo.api.exception;
 
 public class UserNotFoundException extends RuntimeException {
   public UserNotFoundException() {

src/main/java/demo/api/jwt/JwtTokenFilter.java

@@ -26,8 +26,8 @@ public class JwtTokenFilter extends OncePerRequestFilter {
   ) throws ServletException, IOException {
     String token = jwtTokenProvider.resolveToken(request);
     try {
-      if (token != null && jwtTokenProvider.validateToken(token)) {
-        Authentication auth = jwtTokenProvider.getAuthentication(token);
+      if (token != null && jwtTokenProvider.validateAccessToken(token)) {
+        Authentication auth = jwtTokenProvider.getAuthenticationByAccessToken(token);
         SecurityContextHolder.getContext().setAuthentication(auth); // 정상 토큰이면 SecurityContext에 저장
       }
     } catch (CustomException e) {

src/main/java/demo/api/jwt/JwtTokenProvider.java

@@ -19,48 +19,84 @@ import org.springframework.stereotype.Component;
 // 유저 정보로 JWT 토큰을 만들거나 토큰을 바탕으로 유저 정보를 가져옴
 @Component
 public class JwtTokenProvider {
-  @Value("${jwt.token.secret-key}")
-  private String secret_key;
+  @Value("${jwt.token.access-token-secret-key}")
+  private String access_token_secret_key;
 
-  @Value("${jwt.token.expire-length}")
-  private long expire_time;
+  @Value("${jwt.token.refresh-token-secret-key}")
+  private String refresh_token_secret_key;
+
+  @Value("${jwt.token.access-token-expire-length}")
+  private long access_token_expire_time;
+
+  @Value("${jwt.token.refresh-token-expire-length}")
+  private long refresh_token_expire_time;
 
   @Autowired
   private UserDetailsService userDetailsService;
 
   /**
-   * 적절한 설정을 통해 토큰을 생성하여 반환
+   * 적절한 설정을 통해 Access 토큰을 생성하여 반환
    * @param authentication
-   * @return
+   * @return access token
    */
-  public String generateToken(Authentication authentication) {
-
+  public String generateAccessToken(Authentication authentication) {
     Claims claims = Jwts.claims().setSubject(authentication.getName());
 //    claims.put("auth", appUserRoles.stream().map(s -> new SimpleGrantedAuthority(s.getAuthority())).filter(Objects::nonNull).collect(Collectors.toList()));
 
     Date now = new Date();
-    Date expiresIn = new Date(now.getTime() + expire_time);
+    Date expiresIn = new Date(now.getTime() + access_token_expire_time);
 
     return Jwts.builder()
         .setClaims(claims)
         .setIssuedAt(now)
         .setExpiration(expiresIn)
-        .signWith(SignatureAlgorithm.HS256, secret_key)
+        .signWith(SignatureAlgorithm.HS256, access_token_secret_key)
         .compact();
   }
 
   /**
-   * 토큰으로부터 클레임을 만들고, 이를 통해 User 객체를 생성하여 Authentication 객체를 반환
-   * @param token
+   * 적절한 설정을 통해 Refresh 토큰을 생성하여 반환
+   * @param authentication
+   * @return refresh token
+   */
+  public String generateRefreshToken(Authentication authentication) {
+    Claims claims = Jwts.claims().setSubject(authentication.getName());
+
+    Date now = new Date();
+    Date expiresIn = new Date(now.getTime() + refresh_token_expire_time);
+
+    return Jwts.builder()
+        .setClaims(claims)
+        .setIssuedAt(now)
+        .setExpiration(expiresIn)
+        .signWith(SignatureAlgorithm.HS256, refresh_token_secret_key)
+        .compact();
+  }
+
+  /**
+   * Access 토큰으로부터 클레임을 만들고, 이를 통해 User 객체를 생성하여 Authentication 객체를 반환
+   * @param access_token
    * @return
    */
-  public Authentication getAuthentication(String token) {
-    String username = Jwts.parser().setSigningKey(secret_key).parseClaimsJws(token).getBody().getSubject();
-    UserDetails userDetails = userDetailsService.loadUserByUsername(username);
+  public Authentication getAuthenticationByAccessToken(String access_token) {
+    String userPrincipal = Jwts.parser().setSigningKey(access_token_secret_key).parseClaimsJws(access_token).getBody().getSubject();
+    UserDetails userDetails = userDetailsService.loadUserByUsername(userPrincipal);
     
     return new UsernamePasswordAuthenticationToken(userDetails, "", userDetails.getAuthorities());
   }
 
+  /**
+   * Refresh 토큰으로부터 클레임을 만들고, 이를 통해 User 객체를 생성하여 Authentication 객체를 반환
+   * @param refresh_token
+   * @return
+   */
+  public Authentication getAuthenticationByRefreshToken(String refresh_token) {
+    String userPrincipal = Jwts.parser().setSigningKey(refresh_token_secret_key).parseClaimsJws(refresh_token).getBody().getSubject();
+    UserDetails userDetails = userDetailsService.loadUserByUsername(userPrincipal);
+
+    return new UsernamePasswordAuthenticationToken(userDetails, "", userDetails.getAuthorities());
+  }
+
   /**
    * http 헤더로부터 bearer 토큰을 가져옴.
    * @param req
@@ -75,17 +111,32 @@ public class JwtTokenProvider {
   }
 
   /**
-   * 토큰을 검증
+   * Access 토큰을 검증
    * @param token
    * @return
    */
-  public boolean validateToken(String token) {
+  public boolean validateAccessToken(String token) {
     try {
-      Jwts.parser().setSigningKey(secret_key).parseClaimsJws(token);
+      Jwts.parser().setSigningKey(access_token_secret_key).parseClaimsJws(token);
       return true;
     } catch (JwtException e) {
       // MalformedJwtException | ExpiredJwtException | IllegalArgumentException
-      throw new CustomException("Error on Token", HttpStatus.INTERNAL_SERVER_ERROR);
+      throw new CustomException("Error on Access Token", HttpStatus.INTERNAL_SERVER_ERROR);
+    }
+  }
+
+  /**
+   * Refresh 토큰을 검증
+   * @param token
+   * @return
+   */
+  public boolean validateRefreshToken(String token) {
+    try {
+      Jwts.parser().setSigningKey(refresh_token_secret_key).parseClaimsJws(token);
+      return true;
+    } catch (JwtException e) {
+      // MalformedJwtException | ExpiredJwtException | IllegalArgumentException
+      throw new CustomException("Error on Refresh Token", HttpStatus.INTERNAL_SERVER_ERROR);
     }
   }
 }

src/main/java/demo/api/jwt/dtos/RegenerateTokenDto.java

@@ -0,0 +1,10 @@
+package demo.api.jwt.dtos;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@AllArgsConstructor
+@Getter
+public class RegenerateTokenDto {
+  private String refresh_token;
+}

src/main/java/demo/api/jwt/dtos/TokenDto.java

@@ -7,4 +7,5 @@ import lombok.Getter;
 @Getter
 public class TokenDto {
   private String access_token;
+  private String refresh_token;
 }

src/main/java/demo/api/user/UserController.java

@@ -1,57 +1,51 @@
 package demo.api.user;
 
 import demo.api.user.domain.User;
-import demo.api.user.dtos.UserSignUpRequest;
-import demo.api.user.exception.UserNotFoundException;
+import demo.api.user.dtos.ProfileDto.ProfileRes;
+import demo.api.exception.UserNotFoundException;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
-import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 
 /**
  * User 관련 HTTP 요청 처리
  */
-@Controller
+@RestController
 @RequestMapping("/user")
 @RequiredArgsConstructor
 public class UserController {
   private final UserService userService;
 
   @GetMapping("/profile")
-  public String profile(Model model, @AuthenticationPrincipal UserDetails userDetails) {
+  public ProfileRes profile(@AuthenticationPrincipal UserDetails userDetails) throws UserNotFoundException {
     System.out.println("userDetails = " + userDetails);
-    if (userDetails != null) {
-      User userDetail = userService.findByEmail(userDetails.getUsername())
-          .orElseThrow(() -> new UserNotFoundException());
+    User userDetail = userService.findByEmail(userDetails.getUsername())
+        .orElseThrow(() -> new UserNotFoundException());
 
-      model.addAttribute("userDetail", userDetail);
-    }
-
-    return "user/profile";
+    return ProfileRes.builder()
+        .email(userDetail.getEmail())
+        .name(userDetail.getName())
+        .build();
   }
 
-  @GetMapping("/profile/{username}")
-  public String userProfile(Model model, @PathVariable String username) {
+  @GetMapping("/profile/view/{username}")
+  public ProfileRes userProfile(@PathVariable String username) throws UserNotFoundException {
     User user = userService.findByName(username)
-        .orElseThrow(() -> new UserNotFoundException());
-    model.addAttribute("userDetail", user);
+        .orElseThrow(UserNotFoundException::new);
 
-    return "user/profile";
+    return ProfileRes.builder()
+        .email(user.getEmail())
+        .name(user.getName())
+        .build();
   }
 
   @GetMapping("/userList")
-  public String showUserList(Model model) {
-    List<User> userList = userService.findAll();
-    model.addAttribute("userList", userList);
-
-    return "user/userList";
+  public List<User> showUserList() {
+    return userService.findAll();
   }
 }

src/main/java/demo/api/user/UserService.java

@@ -1,7 +1,6 @@
 package demo.api.user;
 
 import demo.api.user.domain.User;
-import demo.api.user.dtos.UserSignUpRequest;
 import java.util.List;
 import java.util.Optional;
 

src/main/java/demo/api/user/UserServiceImpl.java

@@ -29,26 +29,6 @@ public class UserServiceImpl implements UserService {
     return userRepository.findByName(name);
   }
 
-//  @Override
-//  public Optional<User> getMyInfo() {
-//    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-//    String username = null;
-//
-//    if (authentication == null) {
-//      log.debug("Security Context에 인증 정보가 없습니다.");
-//      return Optional.empty();
-//    }
-//
-//    if (authentication.getPrincipal() instanceof UserDetails) {
-//      UserDetails springSecurityUserInfo = (UserDetails) authentication.getPrincipal();
-//      username = springSecurityUserInfo.getUsername();
-//    } else if (authentication.getPrincipal() instanceof String) {
-//      username = (String) authentication.getPrincipal();
-//    }
-//
-//    return Optional.ofNullable(userRepository.findByName(username).orElse(null));
-//  }
-
   @Override
   public User updateUser(User user, String newInfo) {
     return null;

src/main/java/demo/api/user/domain/User.java

@@ -23,7 +23,7 @@ public class User extends CoreEntity {
   private String email;
   @Column(nullable = false)
   private String password;
-  @Column(length = 10, nullable = false)
+  @Column(length = 10, nullable = false, unique = true)
   private String name;
 
 //  @Enumerated(EnumType.STRING)
@@ -47,14 +47,4 @@ public class User extends CoreEntity {
     this.password = passwordEncoder.encode(this.password);
     return this;
   }
-
-  /**
-   * 비밀번호 확인
-   * @param plainPassword 암호화 이전의 비밀번호
-   * @param passwordEncoder 암호화에 사용된 클래스
-   * @return true | false
-   */
-  public boolean checkPassword(String plainPassword, PasswordEncoder passwordEncoder) {
-    return passwordEncoder.matches(plainPassword, this.password);
-  }
 }

src/main/java/demo/api/user/dtos/ProfileDto.java

@@ -0,0 +1,19 @@
+package demo.api.user.dtos;
+
+import lombok.Builder;
+import lombok.Data;
+
+public class ProfileDto {
+  @Data
+  @Builder
+  public static class ProfileReq {
+    private String name;
+  }
+
+  @Data
+  @Builder
+  public static class ProfileRes {
+    private String email;
+    private String name;
+  }
+}

src/main/resources/application.yml

@@ -12,5 +12,10 @@ spring:
       ddl-auto: none
 jwt:
   token:
-    secret-key: aG91Mjctc2ltcGxlLXNwcmluZy1ib290LWFwaS1qd3QK
-    expire-length: 300000
+    access-token-secret-key: aG91Mjctc2ltcGxlLXNwcmluZy1ib290LWFwaS1qd3QK
+    access-token-expire-length: 300000
+    refresh-token-secret-key: cmVmcmVzaHRva2Vuc2VjcmV0a2V5Cg==
+    refresh-token-expire-length: 6000000
+redis:
+  host: localhost
+  port: 6379

src/main/resources/templates/home.html

@@ -1,17 +0,0 @@
-<!DOCTYPE html>
-<html xmlns:th="http://www.thymeleaf.org">
-<body>
-<div class="container">
-  <div>
-    <h1>Test Page</h1>
-    <p>User</p>
-    <p>
-      <a href="/auth/signUp">Sign Up</a>
-      <a href="/auth/signIn">Sign In</a>
-      <br>
-      <a href="/user/profile">Profile</a>
-    </p>
-  </div>
-</div>
-</body>
-</html>

src/main/resources/templates/user/profile.html

@@ -1,24 +0,0 @@
-<!DOCTYPE html>
-<html xmlns:th="http://www.thymeleaf.org">
-<body>
-<div class="container">
-  <div>
-    <table>
-      <thead>
-        <tr>
-          <th>#</th>
-          <th>My Profile</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr th:if="${userDetail}">
-          <td th:text="${userDetail.getEmail()}"></td>
-          <td th:text="${userDetail.getName()}"></td>
-        </tr>
-      </tbody>
-    </table>
-  </div>
-  <a href="/">Home</a>
-</div>
-</body>
-</html>

src/main/resources/templates/user/signIn.html

@@ -1,26 +0,0 @@
-<!DOCTYPE html>
-<html xmlns:th="http://www.thymeleaf.org">
-<head>
-  <meta charset="UTF-8">
-  <title>Login</title>
-</head>
-<body>
-  <div class="container">
-    <div>
-      <h2>로그인</h2>
-    </div>
-    <h3 th:if="${failed}">Fail to login</h3>
-    <form action="/auth/signIn" method="post">
-      <div class="form-group">
-        <label for="email">Email</label>
-        <input type="email" id="email" name="email" placeholder="Enter your email">
-        <br/>
-        <label for="password">PW</label>
-        <input type="password" id="password" name="password" placeholder="Enter your password">
-      </div>
-      <button type="submit">Sign In</button>
-    </form>
-  </div>
-  <a href="/">Home</a>
-</body>
-</html>

src/main/resources/templates/user/signUp.html

@@ -1,24 +0,0 @@
-<!DOCTYPE html>
-<html xmlns:th="http://www.thymeleaf.org">
-<body>
-  <div class="container">
-    <div>
-      <h2>회원가입</h2>
-    </div>
-    <form action="/auth/signUp" method="post">
-      <div class="form-group">
-        <label for="email">Email</label>
-        <input type="text" id="email" name="email" placeholder="Enter your email">
-        <br/>
-        <label for="password">PW</label>
-        <input type="text" id="password" name="password" placeholder="Enter your password">
-        <br/>
-        <label for="name">Name</label>
-        <input type="text" id="name" name="name" placeholder="Enter your name">
-      </div>
-      <button type="submit">Sign Up</button>
-    </form>
-  </div>
-  <a href="/">Home</a>
-</body>
-</html>

src/main/resources/templates/user/userList.html

@@ -1,24 +0,0 @@
-<!DOCTYPE html>
-<html xmlns:th="http://www.thymeleaf.org">
-<body>
-<div class="container">
-  <div>
-    <table>
-      <thead>
-      <tr>
-        <th>#</th>
-        <th>User List</th>
-      </tr>
-      </thead>
-      <tbody>
-      <tr th:each="user : ${userList}">
-        <td th:text="${user.id}"></td>
-        <td th:text="${user.name}"></td>
-      </tr>
-      </tbody>
-    </table>
-  </div>
-  <a href="/">Home</a>
-</div>
-</body>
-</html>

src/test/java/demo/api/auth/service/AuthServiceTest.java

@@ -0,0 +1,118 @@
+package demo.api.auth.service;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import demo.api.auth.AuthService;
+import demo.api.auth.dtos.SignInReq;
+import demo.api.auth.dtos.SignUpReq;
+import demo.api.auth.dtos.SignUpRes;
+import demo.api.exception.UserNotFoundException;
+import demo.api.jwt.dtos.RegenerateTokenDto;
+import demo.api.jwt.dtos.TokenDto;
+import demo.api.user.UserService;
+import demo.api.user.domain.User;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.transaction.annotation.Transactional;
+
+@SpringBootTest
+@Transactional
+@DisplayName("Auth Service Test")
+class AuthServiceTest {
+  private static final String EMAIL = "test@email.com";
+  private static final String PASSWORD = "12345";
+  private static final String NAME = "김정호";
+
+  @Autowired
+  private UserService userService;
+  @Autowired
+  private AuthService authService;
+
+  @Test
+  @DisplayName("유저 회원가입")
+  void signUp() {
+    // given
+    SignUpReq user = createSignUpRequest();
+    System.out.println("user = " + user.toString());
+
+    // when
+    SignUpRes signUpRes = authService.signUp(user);
+
+    // then
+    assertThat(signUpRes.isOk()).isEqualTo(true);
+  }
+
+  @Test
+  @DisplayName("유저 로그인")
+  void signIn() {
+    // given
+    SignUpReq user = createSignUpRequest();
+    System.out.println("user = " + user.toString());
+    authService.signUp(user);
+
+    // when
+    ResponseEntity<TokenDto> response = authService.signIn(createSignInRequest());
+
+    // then
+    assertThat(response.getBody().getAccess_token()).isNotEmpty();
+    assertThat(response.getBody().getRefresh_token()).isNotEmpty();
+  }
+
+  @Test
+  @DisplayName("비밀번호는 암호화되어야 한다.")
+  void hashPassword() {
+    // given
+    SignUpReq user = createSignUpRequest();
+
+    // when
+    authService.signUp(user);
+
+    // then
+    User createdUser = userService.findByEmail(EMAIL)
+        .orElseThrow(UserNotFoundException::new);
+    System.out.println("newUser pw = " + createdUser.getPassword());
+
+    assertThat(createdUser.getPassword()).isNotEqualTo(PASSWORD);
+  }
+
+  @Test
+  @DisplayName("토큰 재발행")
+  void regenerateToken() {
+    // given
+    SignUpReq user = createSignUpRequest();
+    System.out.println("user = " + user.toString());
+    authService.signUp(user);
+
+    // when
+    ResponseEntity<TokenDto> response = authService.signIn(createSignInRequest());
+    String prevAccessToken = response.getBody().getAccess_token();
+
+    RegenerateTokenDto regenerateTokenDto = new RegenerateTokenDto(
+        response.getBody().getRefresh_token()
+    );
+
+    ResponseEntity<TokenDto> regeneratedToken = authService.regenerateToken(regenerateTokenDto);
+
+    // then
+    assertThat(regeneratedToken.getBody().getAccess_token()).isNotEqualTo(prevAccessToken);
+  }
+
+  private SignUpReq createSignUpRequest() {
+    return SignUpReq.builder()
+        .email(EMAIL)
+        .password(PASSWORD)
+        .name(NAME)
+        .build();
+  }
+
+  private SignInReq createSignInRequest() {
+    return SignInReq.builder()
+        .email(EMAIL)
+        .password(PASSWORD)
+        .build();
+  }
+}

src/test/java/demo/api/user/service/UserServiceTest.java

@@ -1,13 +1,14 @@
 package demo.api.user.service;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.InstanceOfAssertFactories.completableFuture;
 import static org.junit.jupiter.api.Assertions.*;
 
 import demo.api.auth.AuthService;
+import demo.api.auth.dtos.SignUpRes;
 import demo.api.user.UserService;
 import demo.api.user.domain.User;
-import demo.api.user.dtos.UserSignUpRequest;
-import demo.api.user.repository.UserRepository;
+import demo.api.auth.dtos.SignUpReq;
 import java.util.List;
 import java.util.Optional;
 import org.junit.jupiter.api.DisplayName;
@@ -32,57 +33,13 @@ class UserServiceTest {
   @Autowired
   private AuthService authService;
 
-  @Test
-  @DisplayName("유저 회원가입")
-  void signUp() throws Exception {
-    // given
-    UserSignUpRequest user = createSignUpRequest();
-    System.out.println("user = " + user.toString());
-
-    // when
-    User newUser = authService.signUp(user);
-
-    // then
-    System.out.println("newUser = " + newUser.toString());
-    assertThat(newUser.getEmail()).isEqualTo(EMAIL);
-  }
-
-  @Test
-  @DisplayName("비밀번호는 암호화되어야 한다.")
-  void hashPassword() throws Exception {
-    // given
-    UserSignUpRequest user = createSignUpRequest();
-
-    // when
-    User newUser = authService.signUp(user);
-
-    // then
-    System.out.println("newUser pw = " + newUser.getPassword());
-    assertThat(newUser.getPassword()).isNotEqualTo(PASSWORD);
-  }
-
-  @Test
-  @DisplayName("유저 로그인")
-  void signIn() throws Exception {
-    // given
-    UserSignUpRequest user = createSignUpRequest();
-    System.out.println("user = " + user.toString());
-    User newUser = authService.signUp(user);
-
-    // when
-    boolean flag = newUser.checkPassword(PASSWORD, bCryptPasswordEncoder);
-    System.out.println("flag = " + flag);
-
-    // then
-  }
-
   @Test
   @DisplayName("모든 유저 리스트를 반환")
-  void findAll() throws Exception {
+  void findAll() {
     // given
     List<User> prevUserList = userService.findAll();
     int prevLen = prevUserList.size();
-    UserSignUpRequest user1 = createSignUpRequest();
+    SignUpReq user1 = createSignUpRequest();
     authService.signUp(user1);
 
     // when
@@ -94,9 +51,9 @@ class UserServiceTest {
 
   @Test
   @DisplayName("이메일로 유저 찾기")
-  void findByEmail() throws Exception {
+  void findByEmail() {
     // given
-    UserSignUpRequest user1 = createSignUpRequest();
+    SignUpReq user1 = createSignUpRequest();
     authService.signUp(user1);
 
     // when
@@ -110,8 +67,8 @@ class UserServiceTest {
   void updateUser() {
   }
 
-  private UserSignUpRequest createSignUpRequest() {
-    return UserSignUpRequest.builder()
+  private SignUpReq createSignUpRequest() {
+    return SignUpReq.builder()
         .email(EMAIL)
         .password(PASSWORD)
         .name(NAME)