feat: jwt payload 수정 (#125)

SystemConsultantGroup · Nov 24, 2024 · fc389c5 · fc389c5
1 parent c8e4b24
commit fc389c5
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 11 deletions.
diff --git a/src/main/java/com/scg/stop/auth/JwtUtil.java b/src/main/java/com/scg/stop/auth/JwtUtil.java
@@ -3,9 +3,11 @@
 import com.scg.stop.auth.domain.UserToken;
 import com.scg.stop.global.exception.ExceptionCode;
 import com.scg.stop.global.exception.SocialLoginException;
+import com.scg.stop.user.domain.User;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.Jws;
+import io.jsonwebtoken.JwtBuilder;
 import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.security.Keys;
@@ -34,24 +36,27 @@ public JwtUtil(
     }
 
     // 토큰 생성 //
-    public UserToken createLoginToken(String subject) {
-        String refreshToken = createToken("",refreshTokenExpiry);
-        String accessToken = createToken(subject, accessTokenExpiry);
+    public UserToken createLoginToken(String subject, User user) {
+        String refreshToken = createToken("",refreshTokenExpiry, null);
+        String accessToken = createToken(subject, accessTokenExpiry, user);
         return new UserToken(accessToken, refreshToken);
     }
-    public String createToken(String subject, Long expiredMs) {
+    public String createToken(String subject, Long expiredMs, User user) {
         final Date now = new Date();
         final Date expiredDate = new Date(now.getTime() + expiredMs);
-        return Jwts.builder()
+        JwtBuilder jwtBuilder = Jwts.builder()
                 .setSubject(subject)
                 .setIssuedAt(now)
                 .setExpiration(expiredDate)
-                .signWith(secretKey)
-                .compact();
+                .signWith(secretKey);
+        if (user != null) {
+            jwtBuilder.claim("userType", user.getUserType());
+        }
+        return jwtBuilder.compact();
     }
 
-    public String reissueAccessToken(String subject) {
-        return createToken(subject, accessTokenExpiry);
+    public String reissueAccessToken(String subject, User user) {
+        return createToken(subject, accessTokenExpiry, user);
     }
 
     // 토근 정보 추출 //

diff --git a/src/main/java/com/scg/stop/auth/service/AuthService.java b/src/main/java/com/scg/stop/auth/service/AuthService.java
@@ -43,7 +43,7 @@ public UserToken login(String accessCode) {
 
         User user = findOrCreateUser(userInfo.getSocialLoginId());
 
-        UserToken userToken = jwtUtil.createLoginToken(user.getId().toString());
+        UserToken userToken = jwtUtil.createLoginToken(user.getId().toString(), user);
         RefreshToken refreshToken = new RefreshToken(userToken.getRefreshToken(), user.getId());
         refreshTokenRepository.save(refreshToken);
         return userToken;
@@ -106,7 +106,9 @@ public String reissueAccessToken(String refreshToken, String authHeader) {
         if (jwtUtil.isAccessTokenExpired(accessToken)) {
             RefreshToken foundRefreshToken = refreshTokenRepository.findById(refreshToken)
                     .orElseThrow(() -> new InvalidJwtException(ExceptionCode.INVALID_REFRESH_TOKEN));
-            return jwtUtil.reissueAccessToken(foundRefreshToken.getUserId().toString());
+            User user = userRepository.findById(foundRefreshToken.getUserId())
+                    .orElseThrow(() -> new BadRequestException(ExceptionCode.NOT_FOUND_USER_ID));
+            return jwtUtil.reissueAccessToken(foundRefreshToken.getUserId().toString(), user);
         }
         throw new InvalidJwtException(ExceptionCode.FAILED_TO_VALIDATE_TOKEN);
     }

diff --git a/src/test/java/com/scg/stop/auth/infrastructure/JwtUtilTest.java b/src/test/java/com/scg/stop/auth/infrastructure/JwtUtilTest.java
@@ -0,0 +1,44 @@
+package com.scg.stop.auth.infrastructure;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import com.scg.stop.auth.JwtUtil;
+import com.scg.stop.auth.domain.UserToken;
+import com.scg.stop.user.domain.User;
+import com.scg.stop.user.domain.UserType;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jws;
+import io.jsonwebtoken.Jwt;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.test.context.ContextConfiguration;
+
+public class JwtUtilTest {
+
+    private JwtUtil jwtUtil = new JwtUtil(
+            "your-test-secret-key-1234567890123456",
+            60000L,
+            120000L
+    );
+    @Test
+    @DisplayName("jwt 페이로드에 유저타입이 포함되어있다.")
+    void createTokenShouldIncludeUserType() {
+        // Given: User 객체 생성
+        User user = new User("social");
+        user.register("name", "email","010", UserType.ADMIN, "source");
+        // When: JWT 생성
+        UserToken userToken = jwtUtil.createLoginToken("12345", user);
+
+        // Then: Access Token에서 Claims 추출
+        Jws<Claims> claimsJws = jwtUtil.parseToken(userToken.getAccessToken());
+        Claims claims = claimsJws.getBody();
+
+        // 검증: Subject와 userType 확인
+        assertThat(claims.getSubject()).isEqualTo("12345");
+        assertThat(claims.get("userType", String.class)).isEqualTo("ADMIN");
+    }
+
+}