diff --git a/backend/pms/src/main/java/com/mini/pms/configuration/SecurityConfig.java b/backend/pms/src/main/java/com/mini/pms/configuration/SecurityConfig.java index b1aa04d..7604459 100644 --- a/backend/pms/src/main/java/com/mini/pms/configuration/SecurityConfig.java +++ b/backend/pms/src/main/java/com/mini/pms/configuration/SecurityConfig.java @@ -69,6 +69,8 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws ) .permitAll() + .requestMatchers(contextPath + "/auth/token/refresh") + .authenticated() .requestMatchers(contextPath + "/admins/**") .hasAuthority("Admin") .requestMatchers(contextPath + "/owners/**") diff --git a/backend/pms/src/main/java/com/mini/pms/restcontroller/AuthRenewTokenRestController.java b/backend/pms/src/main/java/com/mini/pms/restcontroller/AuthRenewTokenRestController.java new file mode 100644 index 0000000..f0538d4 --- /dev/null +++ b/backend/pms/src/main/java/com/mini/pms/restcontroller/AuthRenewTokenRestController.java @@ -0,0 +1,26 @@ +package com.mini.pms.restcontroller; + +import com.mini.pms.restcontroller.response.TokenResponse; +import com.mini.pms.service.AuthService; +import lombok.RequiredArgsConstructor; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import java.security.Principal; + + +@RestController +@RequestMapping("api/v1/token/refresh") +@RequiredArgsConstructor +public class AuthRenewTokenRestController { + + private final AuthService authService; + + @PostMapping + public TokenResponse refresh(Principal principal) { + + return authService.issueAccessToken(principal); + } + +} diff --git a/backend/pms/src/main/java/com/mini/pms/restcontroller/AuthRestController.java b/backend/pms/src/main/java/com/mini/pms/restcontroller/AuthRestController.java index 08f7248..380405f 100644 --- a/backend/pms/src/main/java/com/mini/pms/restcontroller/AuthRestController.java +++ b/backend/pms/src/main/java/com/mini/pms/restcontroller/AuthRestController.java @@ -8,15 +8,18 @@ import com.mini.pms.restcontroller.response.MemberResponse; import com.mini.pms.restcontroller.response.TokenResponse; import com.mini.pms.service.AuthService; - import com.mini.pms.service.MemberService; import com.mini.pms.util.Util; import jakarta.transaction.Transactional; import lombok.RequiredArgsConstructor; - import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.ResponseStatus; +import org.springframework.web.bind.annotation.RestController; @RestController @RequestMapping("api/v1/auth") @@ -31,11 +34,6 @@ public TokenResponse token(@RequestBody AuthRequest authRequest) { return authService.issueAccessToken(authRequest); } - // @PostMapping("/token/refresh") - // public String refresh(@RequestBody AuthRequest authRequest) { - // return authService.issueAccessToken(authRequest); - // } - @PostMapping("owner/register") @ResponseStatus(HttpStatus.CREATED) public MemberResponse registerOwner(@RequestBody RegisterRequest registerRequest) { diff --git a/backend/pms/src/main/java/com/mini/pms/service/AuthService.java b/backend/pms/src/main/java/com/mini/pms/service/AuthService.java index 9544582..bd9cf72 100644 --- a/backend/pms/src/main/java/com/mini/pms/service/AuthService.java +++ b/backend/pms/src/main/java/com/mini/pms/service/AuthService.java @@ -7,14 +7,18 @@ import com.mini.pms.restcontroller.response.TokenResponse; import org.springframework.security.core.Authentication; +import java.security.Principal; + public interface AuthService { Member getAuthenticatedUser(); Authentication authenticate(String email, String password); - String createToken(AuthRequest authRequest, TokenType tokenType, long expired); + String createToken(Authentication auth, String email, TokenType tokenType, long expired); TokenResponse issueAccessToken(AuthRequest authRequest); + TokenResponse issueAccessToken(Principal principal); + Member registerCustomer(RegisterRequest authRequest); Member registerOwner(RegisterRequest authRequest); diff --git a/backend/pms/src/main/java/com/mini/pms/service/impl/AuthServiceImpl.java b/backend/pms/src/main/java/com/mini/pms/service/impl/AuthServiceImpl.java index e447ecf..0561b48 100644 --- a/backend/pms/src/main/java/com/mini/pms/service/impl/AuthServiceImpl.java +++ b/backend/pms/src/main/java/com/mini/pms/service/impl/AuthServiceImpl.java @@ -28,6 +28,7 @@ import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import java.security.Principal; import java.util.*; @Service @@ -72,11 +73,11 @@ public Authentication authenticate(String email, String password) { } @Override - public String createToken(AuthRequest authRequest, TokenType tokenType, long expired) { - var email = authRequest.getEmail(); - var password = authRequest.getPassword(); + public String createToken(Authentication auth, String email, TokenType tokenType, long expired) { - var auth = authenticate(email, password); + if (!auth.isAuthenticated()) { + throw new PlatformException("Unauthorized user", HttpStatus.UNAUTHORIZED); + } var now = new Date(); var expireAt = new Date(now.getTime()); @@ -105,9 +106,26 @@ public TokenResponse issueAccessToken(AuthRequest authRequest) { var tokenRes = TokenResponse.builder(); - tokenRes.accessToken(createToken(authRequest, TokenType.ACCESS_TOKEN, ACCESS_TOKEN_EXPIRED)) + var email = authRequest.getEmail(); + var password = authRequest.getPassword(); + var auth = authenticate(email, password); + tokenRes.accessToken(createToken(auth, email, TokenType.ACCESS_TOKEN, ACCESS_TOKEN_EXPIRED)) + .refreshToken( + createToken(auth, email, TokenType.REFRESH_TOKEN, REFRESH_TOKEN_EXPIRED)); + + return tokenRes.build(); + } + + @Override + public TokenResponse issueAccessToken(Principal principal) { + + var auth = SecurityContextHolder.getContext().getAuthentication(); + + var tokenRes = TokenResponse.builder(); + + tokenRes.accessToken(createToken(auth, principal.getName(), TokenType.ACCESS_TOKEN, ACCESS_TOKEN_EXPIRED)) .refreshToken( - createToken(authRequest, TokenType.REFRESH_TOKEN, REFRESH_TOKEN_EXPIRED)); + createToken(auth, principal.getName(), TokenType.REFRESH_TOKEN, REFRESH_TOKEN_EXPIRED)); return tokenRes.build(); } @@ -132,7 +150,7 @@ public Member registerAdmin(RegisterRequest authRequest) { } private Member register(RegisterRequest authRequest) { - Role role = roleRepo.findByName(authRequest.getRole()); + Role role = roleRepo.findByName(authRequest.getRole()); Member member = Member.builder() .name(authRequest.getName()) .email(authRequest.getEmail()) @@ -140,8 +158,7 @@ private Member register(RegisterRequest authRequest) { .password(passwordEncoder.encode(authRequest.getPassword())) .roles(List.of(role)) .build(); - return memberRepo.save(member); + return memberRepo.save(member); } - }