[BE] issue384: Refresh Token 제거

.github/workflows/devploy-frontend-prod.yml

@@ -0,0 +1,37 @@
+name: Deploy Frontend Prod
+
+on:
+  push:
+    branches: [ "main" ]
+
+defaults:
+  run:
+    working-directory: frontend
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [16.x]
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v3
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: 'npm'
+        cache-dependency-path: "./frontend/package-lock.json"
+
+    - name: Install
+      run: npm install
+
+    - name: Build
+      run: npm run build
+
+    - name: Deploy
+      run: curl ${{ secrets.FE_PROD_DEPLOY_REQUEST_URL }}

backend/src/docs/asciidoc/index.adoc

@@ -12,12 +12,6 @@
 === Github 로그인
 operation::auth/login[snippets='http-request,request-parameters,http-response,response-fields']
 
-=== 리프래시 토큰
-operation::auth/refresh[snippets='http-request,http-response']
-
-=== 로그아웃
-operation::auth/logout[snippets='http-request,http-response']
-
 [[Member]]
 == 회원
 

backend/src/main/java/com/woowacourse/moamoa/auth/config/AuthConfig.java

@@ -1,7 +1,6 @@
 package com.woowacourse.moamoa.auth.config;
 
 import com.woowacourse.moamoa.auth.controller.AuthenticatedMemberResolver;
-import com.woowacourse.moamoa.auth.controller.AuthenticatedRefreshArgumentResolver;
 import com.woowacourse.moamoa.auth.controller.interceptor.AuthenticationInterceptor;
 import com.woowacourse.moamoa.auth.controller.interceptor.PathMatcherContainer;
 import com.woowacourse.moamoa.auth.controller.interceptor.PathMatcherInterceptor;
@@ -21,7 +20,6 @@
 @RequiredArgsConstructor
 public class AuthConfig implements WebMvcConfigurer {
 
-    private final AuthenticatedRefreshArgumentResolver authenticatedRefreshArgumentResolver;
     private final AuthenticatedMemberResolver authenticatedMemberResolver;
 
     private final PathMatcherContainer pathMatcherContainer;
@@ -30,7 +28,6 @@ public class AuthConfig implements WebMvcConfigurer {
     @Override
     public void addArgumentResolvers(final List<HandlerMethodArgumentResolver> resolvers) {
         resolvers.add(authenticatedMemberResolver);
-        resolvers.add(authenticatedRefreshArgumentResolver);
     }
 
     @Override

backend/src/main/java/com/woowacourse/moamoa/auth/controller/AuthController.java

@@ -1,15 +1,10 @@
 package com.woowacourse.moamoa.auth.controller;
 
 import com.woowacourse.moamoa.auth.config.AuthenticatedMemberId;
-import com.woowacourse.moamoa.auth.config.AuthenticatedRefresh;
 import com.woowacourse.moamoa.auth.service.AuthService;
 import com.woowacourse.moamoa.auth.service.response.AccessTokenResponse;
-import com.woowacourse.moamoa.auth.service.response.TokensResponse;
 import lombok.RequiredArgsConstructor;
-import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CookieValue;
-import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -19,50 +14,15 @@
 @RequiredArgsConstructor
 public class AuthController {
 
-    private static final String REFRESH_TOKEN = "refreshToken";
-    private static final int REFRESH_TOKEN_EXPIRATION = 7 * 24 * 60 * 60;
-
     private final AuthService authService;
 
     @PostMapping("/api/auth/login")
     public ResponseEntity<AccessTokenResponse> login(@RequestParam final String code) {
-        final TokensResponse tokenResponse = authService.createToken(code);
-
-        final AccessTokenResponse response = new AccessTokenResponse(tokenResponse.getAccessToken(), authService.getExpireTime());
-        final ResponseCookie cookie = putTokenInCookie(tokenResponse);
-
-        return ResponseEntity.ok().header("Set-Cookie", cookie.toString()).body(response);
+        return ResponseEntity.ok().body(authService.createToken(code));
     }
 
     @GetMapping("/api/auth/refresh")
-    public ResponseEntity<AccessTokenResponse> refreshToken(@AuthenticatedRefresh Long memberId, @CookieValue String refreshToken) {
-        return ResponseEntity.ok().body(authService.refreshToken(memberId, refreshToken));
-    }
-
-    @DeleteMapping("/api/auth/logout")
-    public ResponseEntity<Void> logout(@AuthenticatedMemberId Long memberId) {
-        authService.logout(memberId);
-
-        return ResponseEntity.noContent().header("Set-Cookie", removeCookie().toString()).build();
-    }
-
-    private ResponseCookie putTokenInCookie(final TokensResponse tokenResponse) {
-        return ResponseCookie.from(REFRESH_TOKEN, tokenResponse.getRefreshToken())
-                .maxAge(REFRESH_TOKEN_EXPIRATION)
-                .path("/")
-                .sameSite("None")
-                .secure(true)
-                .httpOnly(true)
-                .build();
-    }
-
-    private ResponseCookie removeCookie() {
-        return ResponseCookie.from(REFRESH_TOKEN, null)
-                .maxAge(0)
-                .path("/")
-                .sameSite("None")
-                .secure(true)
-                .httpOnly(true)
-                .build();
+    public ResponseEntity<AccessTokenResponse> refresh(@AuthenticatedMemberId Long memberId) {
+        return ResponseEntity.ok().body(authService.refreshToken(memberId));
     }
 }

backend/src/main/java/com/woowacourse/moamoa/auth/controller/interceptor/AuthenticationInterceptor.java

@@ -20,16 +20,13 @@ public class AuthenticationInterceptor implements HandlerInterceptor {
     @Override
     public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler) {
         final String token = AuthenticationExtractor.extract(request);
-        validateToken(token, request.getRequestURI());
+        validateToken(token);
 
         request.setAttribute("payload", token);
         return true;
     }
 
-    private void validateToken(final String token, final String requestURI) {
-        if (requestURI.equals("/api/auth/refresh") && token != null) {
-            return;
-        }
+    private void validateToken(final String token) {
         if (token == null || !tokenProvider.validateToken(token)) {
             throw new UnauthorizedException(String.format("유효하지 않은 토큰[%s]입니다.", token));
         }

backend/src/main/java/com/woowacourse/moamoa/auth/infrastructure/JwtTokenProvider.java

@@ -1,9 +1,8 @@
 package com.woowacourse.moamoa.auth.infrastructure;
 
-import com.woowacourse.moamoa.auth.exception.RefreshTokenExpirationException;
-import com.woowacourse.moamoa.auth.service.response.TokensResponse;
+import com.woowacourse.moamoa.auth.exception.TokenExpirationException;
+import com.woowacourse.moamoa.auth.service.response.TokenResponse;
 import io.jsonwebtoken.Claims;
-import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.Jws;
 import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.Jwts;
@@ -18,8 +17,6 @@
 @Component
 public class JwtTokenProvider implements TokenProvider {
 
-    private static final long REFRESH_TOKEN_EXPIRATION = 7 * 24 * 60 * 60 * 1000L; // 7일
-
     private final SecretKey key;
     private final long validityInMilliseconds;
 
@@ -32,7 +29,7 @@ public JwtTokenProvider(
     }
 
     @Override
-    public TokensResponse createToken(final Long payload) {
+    public TokenResponse createToken(final Long payload) {
         final Date now = new Date();
 
         String accessToken = Jwts.builder()
@@ -42,13 +39,7 @@ public TokensResponse createToken(final Long payload) {
                 .signWith(key, SignatureAlgorithm.HS256)
                 .compact();
 
-        String refreshToken =  Jwts.builder()
-                .setIssuedAt(now)
-                .setExpiration(new Date(now.getTime() + REFRESH_TOKEN_EXPIRATION))
-                .signWith(key, SignatureAlgorithm.HS256)
-                .compact();
-
-        return new TokensResponse(accessToken, refreshToken);
+        return new TokenResponse(accessToken);
     }
 
     @Override
@@ -61,20 +52,6 @@ public String getPayload(final String token) {
                 .getSubject();
     }
 
-    @Override
-    public String getPayloadWithExpiredToken(final String token) {
-        try {
-            return Jwts.parserBuilder()
-                    .setSigningKey(key)
-                    .build()
-                    .parseClaimsJws(token)
-                    .getBody()
-                    .getSubject();
-        } catch (ExpiredJwtException e) {
-            return e.getClaims().getSubject();
-        }
-    }
-
     @Override
     public boolean validateToken(final String token) {
         try {
@@ -92,36 +69,12 @@ public boolean validateToken(final String token) {
         }
     }
 
-    @Override
-    public String recreationAccessToken(final Long memberId, final String refreshToken) {
-        Jws<Claims> claims = Jwts.parserBuilder()
-                .setSigningKey(key)
-                .build()
-                .parseClaimsJws(refreshToken);
-
-        Date tokenExpirationDate = claims.getBody().getExpiration();
-        validateTokenExpiration(tokenExpirationDate);
-
-        return createAccessToken(memberId);
-    }
-
     private void validateTokenExpiration(Date tokenExpirationDate) {
         if (tokenExpirationDate.before(new Date())) {
-            throw new RefreshTokenExpirationException();
+            throw new TokenExpirationException();
         }
     }
 
-    private String createAccessToken(final Long memberId) {
-        final Date now = new Date();
-
-        return Jwts.builder()
-                .setSubject(Long.toString(memberId))
-                .setIssuedAt(now)
-                .setExpiration(new Date(now.getTime() + validityInMilliseconds))
-                .signWith(key, SignatureAlgorithm.HS256)
-                .compact();
-    }
-
     @Override
     public long getValidityInMilliseconds() {
         return validityInMilliseconds;