관리자 계정에 다중 refreshToken을 지원한다

backend/src/main/java/moadong/user/entity/User.java

@@ -2,8 +2,12 @@
 
 import jakarta.validation.constraints.NotNull;
 import jakarta.validation.constraints.Size;
+
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Date;
+import java.util.List;
+
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Getter;
@@ -51,8 +55,9 @@ public class User implements UserDetails {
 
     private Date lastLoginAt;
 
-    @Field("refreshToken")
-    private RefreshToken refreshToken;
+    @Builder.Default
+    @Field("refreshTokens")
+    private List<RefreshToken> refreshTokens = new ArrayList<>();
 
     @Field("userInformation")
     private UserInformation userInformation;
@@ -92,8 +97,38 @@ public void updateClubId(String clubId) {
         this.clubId = clubId;
     }
 
-    public void updateRefreshToken(RefreshToken refreshToken) {
-        this.refreshToken = refreshToken;
+    public void addRefreshToken(RefreshToken refreshToken) {
+        if (this.refreshTokens == null) {
+            this.refreshTokens = new ArrayList<>();
+        }
+        this.refreshTokens.add(refreshToken);
+    }
+
+    public void replaceRefreshToken(String oldToken, RefreshToken newToken) {
+        if (this.refreshTokens == null) {
+            this.refreshTokens = new ArrayList<>();
+            return;
+        }
+        for (int i = 0; i < this.refreshTokens.size(); i++) {
+            if (this.refreshTokens.get(i).getToken().equals(oldToken)) {
+                this.refreshTokens.set(i, newToken);
+                return;
+            }
+        }
+    }
+
+    public void removeRefreshToken(String refreshToken) {
+        if (this.refreshTokens == null) {
+            return;
+        }
+        this.refreshTokens.removeIf(t -> t.getToken().equals(refreshToken));
     }
 
+    public void removeAllRefreshTokens() {
+        if (this.refreshTokens == null) {
+            this.refreshTokens = new ArrayList<>();
+            return;
+        }
+        this.refreshTokens.clear();
+    }
 }

backend/src/main/java/moadong/user/repository/UserRepository.java

@@ -9,5 +9,5 @@
 public interface UserRepository extends MongoRepository<User, String> {
     Optional<User> findUserByUserId(String userId);
 
-    Optional<User> findUserByRefreshToken_Token(String token);
+    Optional<User> findUserByRefreshTokens_Token(String token);
 }

backend/src/main/java/moadong/user/service/UserCommandService.java

@@ -76,7 +76,7 @@ public LoginResponse loginUser(UserLoginRequest userLoginRequest,
             ResponseCookie cookie = cookieMaker.makeRefreshTokenCookie(refreshToken.getToken());
             response.addHeader("Set-Cookie", cookie.toString());
 
-            user.updateRefreshToken(refreshToken);
+            user.addRefreshToken(refreshToken);
             userRepository.save(user);
             return new LoginResponse(accessToken, club.getId());
         } catch (MongoWriteException e) {
@@ -85,10 +85,10 @@ public LoginResponse loginUser(UserLoginRequest userLoginRequest,
     }
 
     public void logoutUser(String refreshToken) {
-        User user = userRepository.findUserByRefreshToken_Token(refreshToken)
+        User user = userRepository.findUserByRefreshTokens_Token(refreshToken)
             .orElseThrow(() -> new RestApiException(ErrorCode.USER_NOT_EXIST));
 
-        user.updateRefreshToken(null);
+        user.removeRefreshToken(refreshToken);
         userRepository.save(user);
     }
 
@@ -102,14 +102,25 @@ public RefreshResponse refreshAccessToken(String refreshToken,
         User user = userRepository.findUserByUserId(userId)
             .orElseThrow(() -> new RestApiException(ErrorCode.USER_NOT_EXIST));
 
-        if (!user.getRefreshToken().getToken().equals(refreshToken)
-            || jwtProvider.isTokenExpired(refreshToken)) {
+        boolean hasToken = false;
+        if (user.getRefreshTokens() != null) {
+            for (RefreshToken t : user.getRefreshTokens()) {
+                if (t.getToken().equals(refreshToken)) {
+                    hasToken = true;
+                    break;
+                }
+            }
+        }
+        if (!hasToken) {
+            throw new RestApiException(ErrorCode.TOKEN_INVALID);
+        }
+        if (jwtProvider.isTokenExpired(refreshToken)) {
             throw new RestApiException(ErrorCode.TOKEN_INVALID);
         }
         String accessToken = jwtProvider.generateAccessToken(userId);
         String newRefreshToken = jwtProvider.generateRefreshToken(userId).getToken();
 
-        user.updateRefreshToken(new RefreshToken(newRefreshToken, new Date()));
+        user.replaceRefreshToken(refreshToken, new RefreshToken(newRefreshToken, new Date()));
         userRepository.save(user);
 
         ResponseCookie cookie = cookieMaker.makeRefreshTokenCookie(newRefreshToken);
@@ -134,10 +145,13 @@ public void update(String userId,
 
         user.updateUserProfile(userUpdateRequest.encryptPassword(passwordEncoder));
 
+        user.removeAllRefreshTokens();
+        RefreshToken newRefreshToken = jwtProvider.generateRefreshToken(user.getUsername());
+        user.addRefreshToken(newRefreshToken);
+
         userRepository.save(user);
 
-        String newRefreshToken = jwtProvider.generateRefreshToken(user.getUsername()).getToken();
-        ResponseCookie cookie = cookieMaker.makeRefreshTokenCookie(newRefreshToken);
+        ResponseCookie cookie = cookieMaker.makeRefreshTokenCookie(newRefreshToken.getToken());
         response.addHeader("Set-Cookie", cookie.toString());
     }
 
@@ -152,7 +166,7 @@ public TempPasswordResponse reset(String userId) {
         //암호화
         user.resetPassword(passwordEncoder.encode(tempPwdResponse.tempPassword()));
 
-        user.updateRefreshToken(null);
+        user.removeAllRefreshTokens();
         userRepository.save(user);
 
         return tempPwdResponse;