Merge pull request #49 from prgrms-web-devcourse-final-project/QUZ-94-user-refactoring

[QUZ-94][FIX][REFACTOR] 유저 서비스 버그 수정

Author: HMWG

gateway-service/src/main/kotlin/com/grepp/quizy/global/AuthGlobalFilter.kt

@@ -4,8 +4,10 @@ import com.grepp.quizy.exception.CustomJwtException
 import com.grepp.quizy.jwt.JwtProvider
 import com.grepp.quizy.jwt.JwtValidator
 import com.grepp.quizy.user.RedisTokenRepository
+import com.grepp.quizy.user.UserId
 import com.grepp.quizy.user.api.global.util.CookieUtils
 import com.grepp.quizy.web.UserClient
+import org.slf4j.LoggerFactory
 import org.springframework.cloud.gateway.filter.GatewayFilterChain
 import org.springframework.cloud.gateway.filter.GlobalFilter
 import org.springframework.core.annotation.Order
@@ -25,12 +27,14 @@ class AuthGlobalFilter(
     private val jwtValidator: JwtValidator,
     private val userClient: UserClient,
 ) : GlobalFilter {
+    private val log = LoggerFactory.getLogger(this::class.java)
 
     override fun filter(
         exchange: ServerWebExchange,
         chain: GatewayFilterChain,
     ): Mono<Void> {
         val request = exchange.request
+        log.info("Incoming request: ${request.method} ${request.uri}")
 
         // JWT 토큰 추출 시도
         val token = extractToken(request)
@@ -46,21 +50,26 @@ class AuthGlobalFilter(
             }
             // 토큰이 없고 Secured 경로인 경우
             else -> {
+                log.warn("Access denied: No token found for secured path ${request.uri.path}")
                 Mono.error(CustomJwtException.JwtNotFountException)
             }
         }
     }
 
+    // 토큰 추출
     private fun extractToken(request: ServerHttpRequest): String? = try {
         if (request.headers.containsKey(HttpHeaders.AUTHORIZATION)) {
             resolveToken(request)
         } else {
-            CookieUtils.getCookieValue(request, "refreshToken")
+            val refreshToken = CookieUtils.getCookieValue(request, "refreshToken") ?: ""
+            jwtValidator.validateRefreshToken(refreshToken)
+            refreshToken
         }
     } catch (e: Exception) {
         null
     }
 
+    // 토큰 가공
     private fun resolveToken(request: ServerHttpRequest): String? {
         val authHeader = request.headers[HttpHeaders.AUTHORIZATION]?.get(0) ?: ""
         return if (authHeader.startsWith("Bearer ")) {
@@ -70,14 +79,21 @@ class AuthGlobalFilter(
         }
     }
 
+    // 검증 후 헤더에 추가
     private fun addHeader(
         token: String,
         exchange: ServerWebExchange,
         chain: GatewayFilterChain,
     ): Mono<Void> {
         jwtValidator.validateToken(token)
+
         val userId = jwtProvider.getUserIdFromToken(token).value
 
+        if (!redisTokenRepository.isAlreadyLogin(UserId(userId), token)) {
+            log.warn("Token validation failed: User $userId is not logged in")
+            throw CustomJwtException.JwtLoggedOutException
+        }
+
         // 실제로 존재하는 유저인지 검증이 성공하면 헤더를 추가하고 체인 실행
         return userClient.validateUser(userId)
             .then(Mono.defer {

gateway-service/src/main/kotlin/com/grepp/quizy/global/RedisUtil.kt

@@ -1,22 +1,22 @@
 package com.grepp.quizy.global
 
-import java.util.concurrent.TimeUnit
 import org.springframework.data.redis.core.RedisTemplate
 import org.springframework.stereotype.Component
+import java.util.concurrent.TimeUnit
 
 @Component
 class RedisUtil(
-        private val redisTemplate: RedisTemplate<String, String>
+    private val redisTemplate: RedisTemplate<String, String>
 ) {
     private val operationValue = redisTemplate.opsForValue()
     private val operationSet = redisTemplate.opsForSet()
 
     fun saveValue(key: String, value: String, expirationTime: Long) {
         operationValue.set(
-                key,
-                value,
-                expirationTime,
-                TimeUnit.MICROSECONDS,
+            key,
+            value,
+            expirationTime,
+            TimeUnit.MILLISECONDS,
         )
     }
 

gateway-service/src/main/kotlin/com/grepp/quizy/jwt/JwtValidator.kt

@@ -23,9 +23,6 @@ class JwtValidator(
     )
 
     fun validateToken(token: String) {
-        if (!redisRepository.isAlreadyLogin(token)) {
-            throw CustomJwtException.JwtLoggedOutException
-        }
         try {
             Jwts.parserBuilder()
                 .setSigningKey(secretKey)

gateway-service/src/main/kotlin/com/grepp/quizy/user/RedisTokenRepository.kt

@@ -7,8 +7,8 @@ import org.springframework.stereotype.Repository
 class RedisTokenRepository(private val redisUtil: RedisUtil) {
     companion object {
         private const val REFRESH_TOKEN_KEY_PREFIX = "refresh_token:"
-        private const val LOGOUT_TOKEN_KEY = "logout"
-        private const val USER_KEY = "user"
+        private const val LOGOUT_TOKEN_KEY_PREFIX = "logout:"
+        private const val USER_KEY_PREFIX = "user:"
     }
 
 
@@ -17,32 +17,30 @@ class RedisTokenRepository(private val redisUtil: RedisUtil) {
         refreshToken: String,
         expirationTime: Long,
     ) {
-        val key = generateRefreshTokenKey(userId)
-        redisUtil.saveValue(key, refreshToken, expirationTime)
+        redisUtil.saveValue(generateRefreshTokenKey(userId), refreshToken, expirationTime)
     }
 
     fun getRefreshToken(userId: UserId): String? {
-        val key = generateRefreshTokenKey(userId)
-        return redisUtil.getValue(key)
+        return redisUtil.getValue(generateRefreshTokenKey(userId))
     }
 
     fun deleteRefreshToken(userId: UserId) {
-        val key = generateRefreshTokenKey(userId)
-        redisUtil.deleteValue(key)
+        redisUtil.deleteValue(generateRefreshTokenKey(userId))
     }
 
-    fun saveLogoutToken(accessToken: String) {
-        redisUtil.saveSet(LOGOUT_TOKEN_KEY, accessToken)
+    fun saveLogoutToken(userId: UserId, accessToken: String) {
+        redisUtil.saveSet(generateLogoutTokenKey(userId), accessToken)
     }
 
-    fun isAlreadyLogin(accessToken: String): Boolean {
-        return !redisUtil.isExistSet(LOGOUT_TOKEN_KEY, accessToken)
+    fun isAlreadyLogin(userId: UserId, accessToken: String): Boolean {
+        return !redisUtil.isExistSet(generateLogoutTokenKey(userId), accessToken)
     }
 
     fun isExistUser(userId: UserId): Boolean {
-        return redisUtil.isExistSet(USER_KEY, userId.value.toString())
+        return redisUtil.isExistSet(generateUserKey(userId), userId.value.toString())
     }
 
-    private fun generateRefreshTokenKey(userId: UserId): String =
-        "$REFRESH_TOKEN_KEY_PREFIX${userId.value}"
+    private fun generateRefreshTokenKey(userId: UserId): String = "$REFRESH_TOKEN_KEY_PREFIX${userId.value}"
+    private fun generateLogoutTokenKey(userId: UserId): String = "$LOGOUT_TOKEN_KEY_PREFIX${userId.value}"
+    private fun generateUserKey(userId: UserId): String = "$USER_KEY_PREFIX${userId.value}"
 }

user-service/user-application/app-api/src/main/kotlin/com/grepp/quizy/user/api/auth/AuthApi.kt

@@ -21,7 +21,7 @@ class AuthApi(
 
     @GetMapping("/logout")
     fun logout(
-        @RequestHeader("Authorization") accessToken: String,
+        @RequestHeader("Authorization") accessToken: String = "1234567",
         @AuthUser principal: UserPrincipal,
         request: HttpServletRequest,
         response: HttpServletResponse

user-service/user-application/app-api/src/main/kotlin/com/grepp/quizy/user/api/global/oauth2/CustomOAuth2LoginSuccessHandler.kt

@@ -6,14 +6,12 @@ import com.grepp.quizy.user.api.global.util.CookieUtils
 import com.grepp.quizy.user.domain.user.RedisTokenRepository
 import com.grepp.quizy.user.domain.user.UserLoginManager
 import com.grepp.quizy.user.domain.user.UserReader
-import com.grepp.quizy.user.domain.user.exception.CustomUserException
 import jakarta.servlet.http.HttpServletRequest
 import jakarta.servlet.http.HttpServletResponse
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.security.core.Authentication
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
 import org.springframework.stereotype.Component
-import java.net.URLEncoder
 
 @Component
 class CustomOAuth2LoginSuccessHandler(
@@ -42,21 +40,23 @@ class CustomOAuth2LoginSuccessHandler(
 
         val accessToken = jwtGenerator.generateAccessToken(user)
         val refreshToken = jwtGenerator.generateRefreshToken(user)
+        val accessTokenExpirationTime = jwtProvider.getExpiration(accessToken)
         val refreshTokenExpirationTime = jwtProvider.getExpiration(refreshToken)
 
         // 이미 로그인 되어있는 유저는 로그인 X
-        try {
-            userLoginManager.login(user.id, refreshTokenExpirationTime)
-        } catch (e: CustomUserException) {
-            logger.error("Failed to login user", e)
-            val errorMessage = URLEncoder.encode(e.message, "UTF-8")
-            response.sendRedirect(
-                "${frontendUrl}/oauth/${
-                    customOAuth2User.getProvider().toString().lowercase()
-                }/callback?error=${errorMessage}"
-            )
-            return
-        }
+//        try {
+//            userLoginManager.login(user.id, accessTokenExpirationTime)
+//        } catch (e: CustomUserException) {
+//            logger.error("Failed to login user", e)
+//            val errorMessage = URLEncoder.encode(e.message, "UTF-8")
+//            response.sendRedirect(
+//                "${frontendUrl}/oauth/${
+//                    customOAuth2User.getProvider().toString().lowercase()
+//                }/callback?error=${errorMessage}"
+//            )
+//            return
+//        }
+        // TODO: 로그인 중복 처리 일단 막아놓음
 
         redisTokenRepository.saveRefreshToken(user.id, refreshToken, refreshTokenExpirationTime)
 

user-service/user-domain/src/main/kotlin/com/grepp/quizy/user/domain/game/UserRating.kt

@@ -1,5 +1,5 @@
 package com.grepp.quizy.user.domain.game
 
 data class UserRating(
-    val rating: Int
+    val rating: Int = 0
 )

user-service/user-domain/src/main/kotlin/com/grepp/quizy/user/domain/quiz/UserQuizScore.kt

@@ -1,7 +1,7 @@
 package com.grepp.quizy.user.domain.quiz
 
 data class UserQuizScore(
-    val solvedProblems: Int,
-    val correctAnswerRate: Double,
-    val achievements: List<String>
+    val solvedProblems: Int = 0,
+    val correctAnswerRate: Double = 0.0,
+    val achievements: List<String> = emptyList()
 )

user-service/user-domain/src/main/kotlin/com/grepp/quizy/user/domain/user/RedisTokenRepository.kt

@@ -5,9 +5,9 @@ interface RedisTokenRepository {
     fun removeSession(userId: UserId)
     fun hasLoggedInUser(userId: UserId): Boolean
     fun deleteRefreshToken(userId: UserId)
-    fun saveLogoutToken(accessToken: String)
     fun saveSession(userId: UserId, expirationTime: Long)
     fun saveUser(userId: UserId)
     fun removeUser(userId: UserId)
     fun isExistUser(userId: UserId): Boolean
+    fun saveLogoutToken(userId: UserId, accessToken: String)
 }

user-service/user-domain/src/main/kotlin/com/grepp/quizy/user/domain/user/UserLogoutManager.kt

@@ -7,7 +7,7 @@ class UserLogoutManager(
     private val redisRepository: RedisTokenRepository
 ) {
     fun logout(userId: UserId, accessToken: String) {
-        redisRepository.saveLogoutToken(accessToken)
+        redisRepository.saveLogoutToken(userId, accessToken)
         redisRepository.deleteRefreshToken(userId)
         redisRepository.removeSession(userId)
     }