feat: 로그아웃 기능 추가

로그아웃 시 access token을 blacklist에 저장하여 로그아웃하는 기능을 추가함

src/main/java/likelion/MZConnent/api/member/LoginController.java

@@ -14,10 +14,7 @@
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.validation.BindingResult;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 import java.util.Map;
 
@@ -57,6 +54,18 @@ public ResponseEntity<ApiResponseJson> login(@Valid @RequestBody LoginMemberRequ
         ));
     }
 
+    @PostMapping("/user/logout")
+    public ResponseEntity<ApiResponseJson> logout(@AuthenticationPrincipal UserPrinciple userPrinciple, @RequestHeader("Authorization") String authHeader) {
+        String email = userPrinciple.getEmail();
+
+        log.info("로그아웃 이메일: {}", email);
+
+        // Bearer 를 문자열에서 제외하기 위해 substring을 사용
+        loginService.logoout(authHeader.substring(7), email);
+
+        return ResponseEntity.ok(new ApiResponseJson(HttpStatus.OK, "로그아웃 성공"));
+    }
+
     @GetMapping("/user/info")
     public ResponseEntity<ApiResponseJson> getMemberInfo(@AuthenticationPrincipal UserPrinciple userPrinciple){
         String email = userPrinciple.getEmail();

src/main/java/likelion/MZConnent/jwt/JwtFilter.java

@@ -53,7 +53,11 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 
 
         if (tokenValidationResult.getTokenType().equals(TokenType.ACCESS)) {         // access token인 경우
-            // TODO: blacklist에 있는지 확인
+            if (tokenProvider.isAccessTokenBlackList(token)) {
+                handleBlackListToken(request, response, filterChain);
+                return;
+            }
+
             // 정상 토큰 처리
             handleValidAccessToken(token, tokenValidationResult);
             filterChain.doFilter(request, response);
@@ -65,6 +69,11 @@ else if (tokenValidationResult.getTokenType().equals(TokenType.REFRESH)){ // TOD
         }
     }
 
+    private void handleBlackListToken(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        request.setAttribute("result", new TokenValidationResult(TokenStatus.TOKEN_IS_BLACKLIST, null, null, null));
+        filterChain.doFilter(request, response);
+    }
+
 
     private void handleValidAccessToken(String token, TokenValidationResult tokenValidationResult) {
         // securityContext에 authentication을 넣어주어 사용자 인증 처리

src/main/java/likelion/MZConnent/jwt/token/TokenProvider.java

@@ -128,7 +128,7 @@ public TokenValidationResult validateToken(String token) {
         } catch (UnsupportedJwtException e) {
             log.info("지원하지 않는 JWT 서명");
             return new TokenValidationResult(TokenStatus.TOKEN_HASH_NOT_SUPPORTED, null, null, null);
-        } catch (SecurityException | MalformedJwtException | IllegalArgumentException e) {
+        } catch (SecurityException | MalformedJwtException | IllegalArgumentException | SignatureException e) {
             log.info("잘못된 JWT 토큰");
             return new TokenValidationResult(TokenStatus.TOKEN_WRONG_SIGNATURE, null, null, null);
         }
@@ -145,4 +145,13 @@ public Authentication getAuthentication(String token, Claims claims) {
 
         return new UsernamePasswordAuthenticationToken(principle, token, authorities);
     }
+
+    // blacklist에 존재하는 token인지 확인하는 함수
+    public boolean isAccessTokenBlackList(String accessToken) {
+        if (accessTokenBlackList.isTokenBlackList(accessToken)) {
+            log.info("이 access token이 블랙리스트에 존재함");
+            return true;
+        }
+        return false;
+    }
 }

src/main/java/likelion/MZConnent/service/LoginService.java

@@ -78,6 +78,11 @@ public TokenResponse loginUser(String email, String password) {
         }
     }
 
+    // 로그아웃
+    public void logoout(String accessToken, String email) {
+        accessTokenBlackList.setBlackList(accessToken, email);
+    }
+
     public MemberInfoDto getMemberInfo(String email) {
         return MemberInfoDto.toDto(findMemberByEmail(email));
     }