[feat] 사용자 로그인 기능 구현

build.gradle

@@ -29,6 +29,7 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-web'
     implementation 'org.springframework.boot:spring-boot-starter-security'
     implementation 'io.jsonwebtoken:jjwt:0.9.1'
+    implementation 'javax.xml.bind:jaxb-api:2.3.1'
     compileOnly 'org.projectlombok:lombok'
     runtimeOnly 'com.h2database:h2'
     runtimeOnly 'com.mysql:mysql-connector-j'

src/main/java/wanted/media/user/config/SecurityConfig.java

@@ -1,7 +1,42 @@
 package wanted.media.user.config;
 
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
+@Configuration
 @EnableWebSecurity
+@RequiredArgsConstructor
 public class SecurityConfig {
+
+    private final TokenProvider tokenProvider;
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+                .httpBasic(AbstractHttpConfigurer::disable)
+                .csrf(AbstractHttpConfigurer::disable)
+                .formLogin(AbstractHttpConfigurer::disable)
+                .sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authorizeHttpRequests((auth) -> auth
+                        .requestMatchers("/user/**").permitAll() // 어떤 사용자든 접근 가능
+                        .anyRequest().authenticated())
+                .exceptionHandling(e -> e
+                        .authenticationEntryPoint((request, response, exception) -> {
+                            response.sendError(HttpStatus.UNAUTHORIZED.value(), "인증이 필요합니다.");
+                        })
+                        .accessDeniedHandler((request, response, exception) -> {
+                            response.sendError(HttpStatus.FORBIDDEN.value(), "접근권한이 없습니다.");
+                        }))
+                .addFilterBefore(new TokenAuthenticationFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class);
+
+        return http.build();
+    }
 }

src/main/java/wanted/media/user/config/TokenAuthenticationFilter.java

@@ -0,0 +1,29 @@
+package wanted.media.user.config;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@RequiredArgsConstructor
+public class TokenAuthenticationFilter extends OncePerRequestFilter {
+
+    private final TokenProvider tokenProvider;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        String token = tokenProvider.resolveToken(request); // 헤더에서 가져온 액세스토큰
+        // 토큰 유효성 검증
+        if (token != null && tokenProvider.validToken(token)) {
+            Authentication authentication = tokenProvider.getAuthentication(token); // 인증 정보
+            SecurityContextHolder.getContext().setAuthentication(authentication); // 인증 정보를 보안 컨텍스트에 설정
+        }
+        filterChain.doFilter(request, response); // 응답과 요청을 다음 필터로 전달
+    }
+}

src/main/java/wanted/media/user/config/TokenProvider.java

@@ -0,0 +1,76 @@
+package wanted.media.user.config;
+
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.Header;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import jakarta.servlet.http.HttpServletRequest;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.stereotype.Component;
+import wanted.media.user.domain.UserDetail;
+import wanted.media.user.service.UserDetailService;
+
+import java.util.Date;
+
+@Component
+@RequiredArgsConstructor
+public class TokenProvider {
+
+    @Value("${jwt.secret_key}")
+    private String key;
+
+    private long tokenValidTime = 1000L * 60 * 60; // 1시간
+    private long RefreshTokenValidTime = 1000L * 60 * 60 * 24 * 7; // 7일
+
+    private final UserDetailService userDetailService;
+
+    public String makeToken(String account, String type) {
+        Date now = new Date();
+        long time = type.equals("access") ? tokenValidTime : RefreshTokenValidTime;
+
+        return Jwts.builder()
+                .setHeaderParam(Header.TYPE, Header.JWT_TYPE) // 헤더 타입
+                .setClaims(Jwts.claims().setSubject(account).setAudience(type).setIssuedAt(now).setExpiration(new Date(now.getTime() + time)))
+                .signWith(SignatureAlgorithm.HS256, key) // HS256 방식으로 key와 함께 암호화
+                .compact();
+    }
+
+    // 토큰 유효성 검증
+    public boolean validToken(String token) {
+        try {
+            Jwts.parser().setSigningKey(key)
+                    .parseClaimsJws(token);
+            return true;
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
+    // 토큰으로 인증 정보 담은 Authentication 반환
+    public Authentication getAuthentication(String token) {
+        UserDetail userDetail = (UserDetail) userDetailService.loadUserByUsername(getUserAccount(token));
+        return new UsernamePasswordAuthenticationToken(userDetail, "", userDetail.getAuthorities());
+        /* principal : 인증된 사용자 정보
+            credentials : 사용자의 인증 자격 증명 (인증 완료된 상태이므로 빈 문자열 사용)
+            authorities : 사용자의 권한목록*/
+    }
+
+    public String getUserAccount(String token) {
+        try { // JWT를 파싱해서 JWT 서명 검증 후 클레임을 반환하여 payload에서 subject 클레임 추출
+            return Jwts.parser().setSigningKey(key).parseClaimsJws(token).getBody().getSubject();
+        } catch (ExpiredJwtException e) {
+            return e.getClaims().getSubject();
+        }
+    }
+
+    // 토큰 Header에서 꺼내오기
+    public String resolveToken(HttpServletRequest request) {
+        String header = request.getHeader("Authorization");
+        if (header != null && header.startsWith("Bearer "))
+            return header.substring(7);
+        return null;
+    }
+}

src/main/java/wanted/media/user/controller/TokenController.java

@@ -0,0 +1,26 @@
+package wanted.media.user.controller;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import wanted.media.user.dto.TokenRequestDto;
+import wanted.media.user.dto.TokenResponseDto;
+import wanted.media.user.service.TokenService;
+
+@RestController
+@RequestMapping("/api/token")
+@RequiredArgsConstructor
+public class TokenController {
+
+    private final TokenService tokenService;
+
+    @PostMapping("/reissue")
+    public ResponseEntity<TokenResponseDto> reIssueToken(@RequestBody TokenRequestDto requestDto) {
+        TokenResponseDto responseDto = tokenService.reIssueToken(requestDto);
+        return ResponseEntity.status(HttpStatus.CREATED).body(responseDto);
+    }
+}

src/main/java/wanted/media/user/controller/UserController.java

@@ -1,8 +1,13 @@
 package wanted.media.user.controller;
 
 import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import wanted.media.user.dto.UserLoginRequestDto;
+import wanted.media.user.dto.UserLoginResponseDto;
 import wanted.media.user.service.UserService;
 
 @RestController
@@ -11,4 +16,10 @@
 public class UserController {
 
     private final UserService userService;
+
+    @PostMapping("/login")
+    public ResponseEntity<UserLoginResponseDto> loginUser(@RequestBody UserLoginRequestDto requestDto) {
+        UserLoginResponseDto responseDto = userService.loginUser(requestDto);
+        return ResponseEntity.ok().body(responseDto);
+    }
 }

src/main/java/wanted/media/user/domain/Token.java

@@ -23,4 +23,14 @@ public class Token {
     @ManyToOne(fetch = FetchType.LAZY)
     @JoinColumn(name = "user_id", nullable = false)
     private User user;
+
+    public Token(String refreshToken, User user) {
+        this.refreshToken = refreshToken;
+        this.user = user;
+    }
+
+    public Token updateToken(String refreshToken) {
+        this.refreshToken = refreshToken;
+        return this;
+    }
 }

src/main/java/wanted/media/user/domain/UserDetail.java

@@ -0,0 +1,61 @@
+package wanted.media.user.domain;
+
+import lombok.Builder;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+import java.util.List;
+
+public class UserDetail implements UserDetails {
+
+    private String account;
+    private String password;
+    private List<GrantedAuthority> authorities;
+
+    @Builder
+    public UserDetail(String account, String password, List<GrantedAuthority> authorities) {
+        this.account = account;
+        this.password = password;
+        this.authorities = authorities;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return authorities;
+    }
+
+    @Override
+    public String getPassword() {
+        return password;
+    }
+
+    @Override
+    public String getUsername() {
+        return account;
+    }
+
+    // 계정 만료 여부
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    // 계정 잠금 여부
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    // 비밀번호 만료 여부
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    // 계정 사용 가능 여부
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+}

src/main/java/wanted/media/user/dto/TokenRequestDto.java

@@ -0,0 +1,14 @@
+package wanted.media.user.dto;
+
+import lombok.AccessLevel;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Getter
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+@AllArgsConstructor
+public class TokenRequestDto {
+    private String accessToken;
+    private String refreshToken;
+}

src/main/java/wanted/media/user/dto/TokenResponseDto.java

@@ -0,0 +1,14 @@
+package wanted.media.user.dto;
+
+import lombok.AccessLevel;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Getter
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+@AllArgsConstructor
+public class TokenResponseDto {
+    private String accessToken;
+    private String refreshToken;
+}

src/main/java/wanted/media/user/dto/UserLoginRequestDto.java

@@ -0,0 +1,15 @@
+package wanted.media.user.dto;
+
+import lombok.AccessLevel;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Getter
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+@AllArgsConstructor
+public class UserLoginRequestDto {
+
+    private String account;
+    private String password;
+}

src/main/java/wanted/media/user/dto/UserLoginResponseDto.java

@@ -0,0 +1,16 @@
+package wanted.media.user.dto;
+
+import lombok.AccessLevel;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+import java.util.UUID;
+
+@Getter
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+@AllArgsConstructor
+public class UserLoginResponseDto {
+    private UUID userId;
+    private String token;
+}

src/main/java/wanted/media/user/repository/TokenRepository.java

@@ -0,0 +1,14 @@
+package wanted.media.user.repository;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+import wanted.media.user.domain.Token;
+
+import java.util.Optional;
+import java.util.UUID;
+
+public interface TokenRepository extends JpaRepository<Token, Long> {
+    @Query("SELECT t FROM Token t WHERE t.user.userId = :userId")
+    Optional<Token> findByUserId(@Param("userId") UUID userID);
+}

src/main/java/wanted/media/user/repository/UserRepository.java

@@ -3,7 +3,9 @@
 import org.springframework.data.jpa.repository.JpaRepository;
 import wanted.media.user.domain.User;
 
+import java.util.Optional;
 import java.util.UUID;
 
 public interface UserRepository extends JpaRepository<User, UUID> {
+    Optional<User> findByAccount(String account);
 }