Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BE] HotFix/#426 Refresh Token 중복 저장 방지 로직 수정 #431

Merged
merged 4 commits into from
Sep 18, 2023
Merged

[BE] HotFix/#426 Refresh Token 중복 저장 방지 로직 수정 #431

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
82e8bb4
fix: RefreshToken Payload 추가 및 CORS 완화
junpakPark Sep 17, 2023
da5bfc1
fix: Refresh Token Header 허용
junpakPark Sep 17, 2023
4f57027
fix: CORS 재설정 및 sameSite None
junpakPark Sep 17, 2023
d19d77d
fix: refreshToken 존재 시 삭제 로직 변경
junpakPark Sep 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions backend/src/main/java/com/mapbefine/mapbefine/auth/application/TokenService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,9 @@ public LoginTokens issueTokens(Long memberId) {
String accessToken = tokenProvider.createAccessToken(String.valueOf(memberId));
String refreshToken = tokenProvider.createRefreshToken();

refreshTokenRepository.findByMemberId(memberId)
.ifPresent(refreshTokenRepository::delete);
if (refreshTokenRepository.existsByMemberId(memberId)) {
refreshTokenRepository.deleteByMemberId(memberId);
}

refreshTokenRepository.save(new RefreshToken(refreshToken, memberId));

Expand Down Expand Up @@ -58,5 +59,4 @@ public void removeRefreshToken(String refreshToken, String accessToken) {
}



}
3 changes: 1 addition & 2 deletions backend/src/main/java/com/mapbefine/mapbefine/auth/domain/token/RefreshTokenRepository.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
package com.mapbefine.mapbefine.auth.domain.token;

import java.util.Optional;
import org.springframework.data.jpa.repository.JpaRepository;

public interface RefreshTokenRepository extends JpaRepository<RefreshToken, String> {

Optional<RefreshToken> findByMemberId(Long memberId);
boolean existsByMemberId(Long memberId);

void deleteByMemberId(Long memberId);

Expand Down
7 changes: 4 additions & 3 deletions backend/src/main/java/com/mapbefine/mapbefine/auth/infrastructure/JwtTokenProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,13 @@
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Date;
import java.util.UUID;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
public class JwtTokenProvider implements TokenProvider {

private static final String EMPTY = "";

private final String secretKey;
private final long accessExpirationTime;
private final long refreshExpirationTime;
Expand All @@ -41,7 +40,9 @@ public String createAccessToken(String payload) {
}

public String createRefreshToken() {
return createToken(EMPTY, refreshExpirationTime);
UUID payload = UUID.randomUUID();

return createToken(payload.toString(), refreshExpirationTime);
}

private String createToken(String payload, Long validityInMilliseconds) {
Expand Down
2 changes: 1 addition & 1 deletion backend/src/main/java/com/mapbefine/mapbefine/auth/presentation/LoginController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ private ResponseCookie createCookie(String refreshToken) {
return ResponseCookie.from("refresh-token", refreshToken)
.httpOnly(true)
.maxAge(TWO_WEEKS)
.sameSite("Lax")
.sameSite("None")
.secure(true)
.path("/")
.build();
Expand Down
3 changes: 2 additions & 1 deletion backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.mapbefine.mapbefine.common.config;

import static org.springframework.http.HttpHeaders.COOKIE;
import static org.springframework.http.HttpHeaders.LOCATION;
import static org.springframework.http.HttpHeaders.SET_COOKIE;

Expand All @@ -16,7 +17,7 @@ public class WebConfig implements WebMvcConfigurer {
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("http://localhost:3000", "https://mapbefine.kro.kr", "https://mapbefine.com")
.allowedHeaders("refresh-token")
.allowedHeaders(COOKIE)
.allowedMethods("*")
.allowCredentials(true)
.exposedHeaders(LOCATION, SET_COOKIE);
Expand Down