hotfix: logout 요청 시 토큰 만료로 인한 비즈니스 로직 실패 케이스 수정

src/main/java/com/ssafy/ssafsound/domain/auth/controller/AuthController.java

@@ -12,8 +12,6 @@
 import com.ssafy.ssafsound.domain.member.dto.PostMemberReqDto;
 import com.ssafy.ssafsound.domain.member.service.MemberService;
 import com.ssafy.ssafsound.global.common.response.EnvelopeResponse;
-import javax.servlet.http.HttpServletResponse;
-import javax.validation.Valid;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.ResponseCookie;
 import org.springframework.web.bind.annotation.CookieValue;
@@ -25,6 +23,9 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import javax.servlet.http.HttpServletResponse;
+import javax.validation.Valid;
+
 @RestController
 @RequestMapping("/auth")
 public class AuthController {
@@ -46,15 +47,14 @@ public void socialLoginRedirect(@PathVariable(name = "oauthName") String oauthNa
     }
 
     @DeleteMapping("/logout")
-    public EnvelopeResponse<Void> logout(@CookieValue(value = "accessToken", defaultValue = "") String accessToken,
-                                   @CookieValue(value = "refreshToken", defaultValue = "") String refreshToken,
-                                   HttpServletResponse response) {
-
-        if (!accessToken.equals("") || !refreshToken.equals("")) {
-            authService.deleteTokens(accessToken, refreshToken);
-            cookieProvider.setResponseWithCookies(response, null, null);
-        }
-        return EnvelopeResponse.<Void>builder().build();
+    public EnvelopeResponse<Void> logout(
+            @CookieValue(value = "accessToken") String accessToken,
+            @CookieValue(value = "refreshToken") String refreshToken,
+            HttpServletResponse response) {
+        authService.deleteTokens(accessToken, refreshToken);
+        cookieProvider.setResponseWithCookies(response, null, null);
+        return EnvelopeResponse.<Void>builder()
+                .build();
     }
 
     @GetMapping("/reissue")

src/main/java/com/ssafy/ssafsound/domain/auth/service/AuthService.java

@@ -17,14 +17,18 @@
 import com.ssafy.ssafsound.domain.member.exception.MemberException;
 import com.ssafy.ssafsound.domain.member.repository.MemberLoginLogRepository;
 import com.ssafy.ssafsound.domain.member.repository.MemberTokenRepository;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.StringUtils;
 
 import javax.servlet.http.HttpServletResponse;
 import java.time.Clock;
 import java.time.LocalDateTime;
+import java.util.Objects;
 
 @Service
+@Slf4j
 public class AuthService {
 
     private final OauthProviderFactory oauthProviderFactory;
@@ -72,13 +76,21 @@ public CreateMemberTokensResDto createToken(AuthenticatedMember authenticatedMem
     @Transactional
     public void deleteTokens(String accessToken, String refreshToken) {
         Long memberId = null;
-        if (jwtTokenProvider.isValid(accessToken)) {
-            AuthenticatedMember authenticatedMember = jwtTokenProvider.getParsedClaims(accessToken);
-            memberId = authenticatedMember.getMemberId();
-        } else if (jwtTokenProvider.isValid(refreshToken)) {
-            memberId = jwtTokenProvider.getMemberIdByRefreshToken(refreshToken);
+
+        try {
+            if (StringUtils.hasText(accessToken)) {
+                AuthenticatedMember authenticatedMember = jwtTokenProvider.getParsedClaimsByAccessToken(accessToken);
+                memberId = authenticatedMember.getMemberId();
+            } else if (StringUtils.hasText(refreshToken)) {
+                memberId = jwtTokenProvider.getMemberIdByRefreshToken(refreshToken);
+            }
+
+            if (Objects.nonNull(memberId)) {
+                memberTokenRepository.deleteById(memberId);
+            }
+        } catch (AuthException e) {
+            log.debug("유효하지 않은 토큰입니다.");
         }
-        if(memberId != null) memberTokenRepository.deleteById(memberId);
     }
 
     @Transactional(readOnly = true)

src/main/java/com/ssafy/ssafsound/domain/auth/service/token/JwtTokenProvider.java

@@ -1,12 +1,17 @@
 package com.ssafy.ssafsound.domain.auth.service.token;
 
 import com.ssafy.ssafsound.domain.auth.dto.AuthenticatedMember;
-import com.ssafy.ssafsound.domain.auth.exception.AuthException;
 import com.ssafy.ssafsound.domain.auth.exception.AuthErrorInfo;
-import io.jsonwebtoken.*;
+import com.ssafy.ssafsound.domain.auth.exception.AuthException;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.Jws;
+import io.jsonwebtoken.JwtException;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
-import io.jsonwebtoken.security.Keys;
+
 import java.nio.charset.StandardCharsets;
 import java.security.Key;
 import java.util.Date;
@@ -68,17 +73,20 @@ public Long getMemberIdByRefreshToken(String token) {
         return claims.get("memberId", Long.class);
     }
 
-    public AuthenticatedMember getParsedClaims(String token) {
+    public AuthenticatedMember getParsedClaimsByAccessToken(String accessToken) {
         Claims claims;
         try {
             claims = Jwts.parserBuilder()
                     .setSigningKey(key)
                     .build()
-                    .parseClaimsJws(token)
+                    .parseClaimsJws(accessToken)
                     .getBody();
         } catch (ExpiredJwtException e) {
             throw new AuthException(AuthErrorInfo.AUTH_TOKEN_EXPIRED);
+        } catch (JwtException | IllegalArgumentException e) {
+            throw new AuthException(AuthErrorInfo.AUTH_TOKEN_INVALID);
         }
+
         Long memberId = claims.get("memberId", Long.class);
         String memberRole = claims.get("memberRole", String.class);
 

src/main/java/com/ssafy/ssafsound/domain/auth/validator/AuthenticationArgumentResolver.java

@@ -24,11 +24,11 @@ public boolean supportsParameter(MethodParameter parameter) {
     @Override
     public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
         HttpServletRequest request = webRequest.getNativeRequest(HttpServletRequest.class);
-        String token = AuthorizationExtractor.extractToken("accessToken", request);
-        if (token == null && request.getMethod().equals("GET")) {
+        String accessToken = AuthorizationExtractor.extractToken("accessToken", request);
+        if (accessToken == null && request.getMethod().equals("GET")) {
             return AuthenticatedMember.builder().build();
         }
 
-        return jwtTokenProvider.getParsedClaims(token);
+        return jwtTokenProvider.getParsedClaimsByAccessToken(accessToken);
     }
 }