Merge branch 'dev' into 10-be-oauth-구현체-구현

Author: anzmin

backend/.eslintrc.js

@@ -17,6 +17,6 @@ module.exports = {
 		'@typescript-eslint/interface-name-prefix': 'off',
 		'@typescript-eslint/explicit-function-return-type': 'off',
 		'@typescript-eslint/explicit-module-boundary-types': 'off',
-		'@typescript-eslint/no-explicit-any': 'off'	
+		'@typescript-eslint/no-explicit-any': 'off',
 	},
 };

backend/package.json

@@ -24,15 +24,23 @@
     "@nestjs/common": "^9.0.0",
     "@nestjs/config": "^2.2.0",
     "@nestjs/core": "^9.0.0",
+    "@nestjs/jwt": "^9.0.0",
+    "@nestjs/passport": "^9.0.0",
     "@nestjs/platform-express": "^9.0.0",
     "@nestjs/swagger": "^6.1.3",
     "@nestjs/typeorm": "^9.0.1",
     "@types/cookie-parser": "^1.4.3",
     "@types/helmet": "^4.0.0",
     "axios": "^1.1.3",
+    "class-transformer": "^0.5.1",
+    "class-validator": "^0.13.2",
     "cookie-parser": "^1.4.6",
     "helmet": "^6.0.0",
+    "joi": "^17.7.0",
     "mysql2": "^2.3.3",
+    "passport": "^0.6.0",
+    "passport-jwt": "^4.0.0",
+    "passport-local": "^1.0.0",
     "reflect-metadata": "^0.1.13",
     "rimraf": "^3.0.2",
     "rxjs": "^7.2.0",
@@ -46,6 +54,8 @@
     "@types/express": "^4.17.13",
     "@types/jest": "28.1.8",
     "@types/node": "^16.0.0",
+    "@types/passport-jwt": "^3.0.7",
+    "@types/passport-local": "^1.0.34",
     "@types/supertest": "^2.0.11",
     "@typescript-eslint/eslint-plugin": "^5.0.0",
     "@typescript-eslint/parser": "^5.0.0",

backend/src/auth/auth.module.ts

@@ -7,6 +7,10 @@ import { UserModule } from 'src/user/user.module';
 import { OauthNaverService } from './service/oauth/naver-oauth.service';
 import { TypeOrmModule } from '@nestjs/typeorm';
 import { OauthKakaoService } from './service/oauth/kakao-oauth.service';
+import { JwtService } from '@nestjs/jwt';
+import { ConfigService } from '@nestjs/config';
+import { JwtAccessStrategy } from './jwt/access-jwt.strategy';
+import { JwtRefreshStrategy } from './jwt/refresh-jwt.strategy';
 
 export const UserRepository: ClassProvider = {
 	provide: USER_REPOSITORY_INTERFACE,
@@ -17,5 +21,15 @@ export const UserRepository: ClassProvider = {
 	imports: [UserModule, TypeOrmModule.forFeature([TypeormUserRepository])],
 	controllers: [AuthController],
 	providers: [AuthService, UserRepository, OauthKakaoService, OauthNaverService],
+	providers: [
+		AuthService,
+		userRepository,
+		OauthGoogleService,
+		OauthNaverService,
+		JwtService,
+		ConfigService,
+		JwtAccessStrategy,
+		JwtRefreshStrategy,
+	],
 })
 export class AuthModule {}

backend/src/auth/controller/auth.controller.ts

@@ -1,6 +1,28 @@
-import { Controller, Get, HttpCode, Param, Query, Res } from '@nestjs/common';
 import { Response } from 'express';
+import {
+	Controller,
+	Get,
+	HttpCode,
+	Param,
+	Query,
+	Redirect,
+	Req,
+	Res,
+	UseGuards,
+} from '@nestjs/common';
 import { AuthService } from '../service/auth.service';
+import { Request, Response } from 'express';
+import {
+	ACCESS_TOKEN,
+	JWT_ACCESS_TOKEN_EXPIRATION_TIME,
+	JWT_ACCESS_TOKEN_SECRET,
+	JWT_REFRESH_TOKEN_EXPIRATION_TIME,
+	JWT_REFRESH_TOKEN_SECRET,
+	OK,
+	REFRESH_TOKEN,
+	tokenCookieOptions,
+} from '@constant';
+import { JwtAuthGuard } from '../guard/jwt.guard';
 
 @Controller('auth')
 export class AuthController {
@@ -14,8 +36,43 @@ export class AuthController {
 	}
 
 	@Get('oauth/callback/:type')
-	async socialStart(@Query('code') authorizationCode: string, @Param('type') type: string) {
-		const userId = await this.authService.socialStart({ type, authorizationCode });
-		return userId;
+	async socialStart(
+		@Query('code') authorizationCode: string,
+		@Param('type') type: string,
+		@Res({ passthrough: true }) res: Response
+	) {
+		const user = await this.authService.socialStart({ type, authorizationCode });
+		const accessToken = this.authService.createJwt({
+			payload: { nickname: 'user.nickname', email: 'user.email' },
+			secret: JWT_ACCESS_TOKEN_SECRET,
+			expirationTime: JWT_ACCESS_TOKEN_EXPIRATION_TIME,
+		});
+		const refreshToken = this.authService.createJwt({
+			payload: { nickname: 'user.nickname', email: 'user.email' },
+			secret: JWT_REFRESH_TOKEN_SECRET,
+			expirationTime: JWT_REFRESH_TOKEN_EXPIRATION_TIME,
+		});
+
+		res.cookie(ACCESS_TOKEN, accessToken, tokenCookieOptions);
+		res.cookie(REFRESH_TOKEN, refreshToken, tokenCookieOptions);
+	}
+
+	@UseGuards(JwtAuthGuard)
+	@Get('login')
+	@HttpCode(OK)
+	loginValidate(@Req() req: Request, @Res({ passthrough: true }) res: Response) {
+		const { accessToken, refreshToken } = req.cookies;
+		res.cookie(ACCESS_TOKEN, accessToken, tokenCookieOptions).cookie(
+			REFRESH_TOKEN,
+			refreshToken,
+			tokenCookieOptions
+		);
+	}
+
+	@UseGuards(JwtAuthGuard)
+	@Get('logout')
+	logout(@Res({ passthrough: true }) res: Response) {
+		res.clearCookie(ACCESS_TOKEN);
+		res.clearCookie(REFRESH_TOKEN);
 	}
 }

backend/src/auth/dto/create-jwt.dto.ts

@@ -0,0 +1,9 @@
+import { IsEmail, IsString } from 'class-validator';
+
+export class CreateJwtDto {
+	@IsString()
+	nickname: string;
+
+	@IsEmail()
+	email: string;
+}

backend/src/auth/guard/jwt.guard.ts

@@ -0,0 +1,5 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class JwtAuthGuard extends AuthGuard(['jwt-access', 'jwt-refresh']) {}

backend/src/auth/jwt/access-jwt.strategy.ts

@@ -0,0 +1,28 @@
+import { JWT_ACCESS_TOKEN_SECRET } from '@constant';
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { PassportStrategy } from '@nestjs/passport';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+import { Request } from 'express';
+import { Payload } from 'src/types/auth.type';
+
+@Injectable()
+export class JwtAccessStrategy extends PassportStrategy(Strategy, 'jwt-access') {
+	constructor(private readonly configService: ConfigService) {
+		super({
+			ignoreExpiration: false,
+			jwtFromRequest: ExtractJwt.fromExtractors([
+				(req) => {
+					const token = req?.cookies.accessToken;
+					return token ?? null;
+				},
+			]),
+			secretOrKey: configService.get(JWT_ACCESS_TOKEN_SECRET),
+			passReqToCallback: true,
+		});
+	}
+
+	async validate(req: Request, payload: Payload) {
+		return payload;
+	}
+}

backend/src/auth/jwt/refresh-jwt.strategy.ts

@@ -0,0 +1,44 @@
+import {
+	JWT_ACCESS_TOKEN_EXPIRATION_TIME,
+	JWT_ACCESS_TOKEN_SECRET,
+	JWT_REFRESH_TOKEN_SECRET,
+} from '@constant';
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { PassportStrategy } from '@nestjs/passport';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+import { Request } from 'express';
+import { AuthService } from '../service/auth.service';
+import { Payload } from 'src/types/auth.type';
+
+@Injectable()
+export class JwtRefreshStrategy extends PassportStrategy(Strategy, 'jwt-refresh') {
+	constructor(
+		private readonly configService: ConfigService,
+		private readonly authService: AuthService
+	) {
+		super({
+			ignoreExpiration: false,
+			jwtFromRequest: ExtractJwt.fromExtractors([
+				(req) => {
+					const token = req?.cookies.accessToken;
+					return token ?? null;
+				},
+			]),
+			secretOrKey: configService.get(JWT_REFRESH_TOKEN_SECRET),
+			passReqToCallback: true,
+		});
+	}
+
+	async validate(req: Request, payload: Payload) {
+		const accessToken = this.authService.createJwt({
+			payload: { nickname: payload.nickname, email: payload.email },
+			secret: JWT_ACCESS_TOKEN_SECRET,
+			expirationTime: JWT_ACCESS_TOKEN_EXPIRATION_TIME,
+		});
+
+		req.cookies = { ...req.cookies, accessToken };
+
+		return payload;
+	}
+}

backend/src/auth/service/auth.service.ts

@@ -6,6 +6,9 @@ import { UserRepository } from 'src/user/repository/interface-user.repository';
 import { OauthNaverService } from './oauth/naver-oauth.service';
 import { OauthService } from './oauth/interface-oauth.service';
 import { OauthKakaoService } from './oauth/kakao-oauth.service';
+import { JwtService } from '@nestjs/jwt';
+import { ConfigService } from '@nestjs/config';
+import { CreateJwtDto } from '../dto/create-jwt.dto';
 
 @Injectable()
 export class AuthService {
@@ -17,6 +20,9 @@ export class AuthService {
 
 		private readonly oauthKakaoService: OauthKakaoService,
 		private readonly oauthNaverService: OauthNaverService
+
+		private jwtService: JwtService,
+		private configService: ConfigService
 	) {}
 
 	/**
@@ -47,8 +53,32 @@ export class AuthService {
 		);
 		const userSocialInfo = await this.oauthInstance.getSocialInfoByAccessToken(accessToken);
 
-		const userId = await this.userRepository.saveUser(userSocialInfo as UserInfo);
-		return userId;
+		const user = await this.userRepository.saveUser(userSocialInfo as UserInfo);
+		return user;
+	}
+
+	/**
+	 * 비밀키와 만료 시간을 기반으로 access token 또는 refresh token을 발급합니다.
+	 * @param payload jwt payload에 입력될 값
+	 * @param secret 서명에 사용될 비밀키
+	 * @param expirationTime token의 만료시간
+	 * @returns access token 또는 refresh token
+	 */
+	createJwt({
+		payload,
+		secret,
+		expirationTime,
+	}: {
+		payload: CreateJwtDto;
+		secret: string;
+		expirationTime: string;
+	}) {
+		const token = this.jwtService.sign(payload, {
+			secret: this.configService.get(secret),
+			expiresIn: `${this.configService.get(expirationTime)}s`,
+		});
+
+		return token;
 	}
 
 	/**

backend/src/config/env.config.ts

@@ -1,7 +1,17 @@
 import { ConfigModuleOptions } from '@nestjs/config';
+import Joi from 'joi';
 
 export const envConfig: ConfigModuleOptions = {
 	isGlobal: true, // 환경 변수를 전역으로 사용
 	envFilePath: '.env',
 	// 루트 경로에서 .env 사용 (cross-env로 환경에 따른 .env 적용도 가능)
+	validationSchema: Joi.object({
+		DB_USER: Joi.string().required(),
+		DB_PASSWORD: Joi.string().required(),
+		DB_NAME: Joi.string().required(),
+		JWT_ACCESS_TOKEN_SECRET: Joi.string().required(),
+		JWT_ACCESS_TOKEN_EXPIRATION_TIME: Joi.string().required(),
+		JWT_REFRESH_TOKEN_SECRET: Joi.string().required(),
+		JWT_REFRESH_TOKEN_EXPIRATION_TIME: Joi.string().required(),
+	}),
 };