카카오 로그인시 휴대폰 번호 반환 추가

src/main/java/com/bit/lot/flower/auth/common/config/WebConfig.java

@@ -1,6 +1,6 @@
 package com.bit.lot.flower.auth.common.config;
 
-import com.bit.lot.flower.auth.common.interceptor.CommonLogoutInterceptor;
+import com.bit.lot.flower.auth.common.http.interceptor.CommonLogoutInterceptor;
 import com.bit.lot.flower.auth.common.security.TokenHandler;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;

src/main/java/com/bit/lot/flower/auth/common/dto/RenewAccessTokenDto.java

@@ -0,0 +1,18 @@
+package com.bit.lot.flower.auth.common.dto;
+
+import com.bit.lot.flower.auth.common.valueobject.BaseId;
+import com.bit.lot.flower.auth.common.valueobject.Role;
+import com.bit.lot.flower.auth.social.valueobject.AuthId;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+@Getter
+public class RenewAccessTokenDto<T extends BaseId> {
+  T authId;
+  Role role;
+
+}

src/main/java/com/bit/lot/flower/auth/common/http/controller/AuthPolicyController.java

@@ -0,0 +1,37 @@
+package com.bit.lot.flower.auth.common.http.controller;
+
+import com.bit.lot.flower.auth.common.dto.RenewAccessTokenDto;
+import com.bit.lot.flower.auth.common.security.TokenHandler;
+import com.bit.lot.flower.auth.common.service.RenewRefreshTokenStrategy;
+import com.bit.lot.flower.auth.common.valueobject.BaseId;
+import com.bit.lot.flower.auth.common.valueobject.SecurityPolicyStaticValue;
+import com.bit.lot.flower.auth.social.valueobject.AuthId;
+import com.bit.lot.flower.auth.social.valueobject.AuthenticationProvider;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RestController;
+
+@RequiredArgsConstructor
+@RestController
+public class AuthPolicyController {
+
+  private final RenewRefreshTokenStrategy<AuthId> renewRefreshTokenStrategy;
+
+  @PostMapping("/api/refresh-token")
+  public ResponseEntity<String> renewRefreshToken(
+      @RequestBody RenewAccessTokenDto<AuthId> renewAccessTokenDto, HttpServletRequest request,
+      HttpServletResponse response) {
+    String accessToken = renewRefreshTokenStrategy.renew(renewAccessTokenDto.getAuthId(),
+        renewAccessTokenDto.getRole(),
+        request, response);
+    response.addHeader(SecurityPolicyStaticValue.TOKEN_AUTHORIZAION_HEADER_NAME,
+        SecurityPolicyStaticValue.TOKEN_AUTHORIZATION_PREFIX + accessToken);
+    return ResponseEntity.ok("재발급 완료");
+  }
+
+
+}

src/main/java/com/bit/lot/flower/auth/common/interceptor/CommonLogoutInterceptor.java → src/main/java/com/bit/lot/flower/auth/common/http/interceptor/CommonLogoutInterceptor.java

@@ -1,4 +1,4 @@
-package com.bit.lot.flower.auth.common.interceptor;
+package com.bit.lot.flower.auth.common.http.interceptor;
 
 import com.bit.lot.flower.auth.common.security.TokenHandler;
 import com.bit.lot.flower.auth.common.util.ExtractAuthorizationTokenUtil;
@@ -18,7 +18,7 @@ public class CommonLogoutInterceptor implements HandlerInterceptor {
 
   @Override
   public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
-      @Nullable ModelAndView modelAndView) throws Exception {
+      @Nullable ModelAndView modelAndView)  {
     String token = ExtractAuthorizationTokenUtil.extractToken(request);
     String id = ExtractAuthorizationTokenUtil.extractUserId(request);
     tokenHandler.invalidateToken(id, token,response);

src/main/java/com/bit/lot/flower/auth/common/filter/ExceptionHandlerFilter.java → src/main/java/com/bit/lot/flower/auth/common/http/interceptor/filter/ExceptionHandlerFilter.java

@@ -1,4 +1,4 @@
-package com.bit.lot.flower.auth.common.filter;
+package com.bit.lot.flower.auth.common.http.interceptor.filter;
 
 import com.bit.lot.flower.auth.common.exception.ErrorDTO;
 import com.bit.lot.flower.auth.common.util.JsonBinderUtil;

src/main/java/com/bit/lot/flower/auth/common/http/interceptor/filter/JwtAuthenticationFilter.java

@@ -0,0 +1,83 @@
+package com.bit.lot.flower.auth.common.http.interceptor.filter;
+
+import com.bit.lot.flower.auth.common.dto.RenewAccessTokenDto;
+import com.bit.lot.flower.auth.common.util.ExtractAuthorizationTokenUtil;
+import com.bit.lot.flower.auth.common.util.JsonBinderUtil;
+import com.bit.lot.flower.auth.common.util.JwtUtil;
+import com.bit.lot.flower.auth.common.util.RedisBlackListTokenUtil;
+import com.bit.lot.flower.auth.common.valueobject.JWTAuthenticationShouldNotFilterAntMatcher;
+import com.bit.lot.flower.auth.common.valueobject.KakaoOAuthURLAntURI;
+import com.bit.lot.flower.auth.common.valueobject.Role;
+import com.bit.lot.flower.auth.common.valueobject.SecurityPolicyStaticValue;
+import com.bit.lot.flower.auth.common.valueobject.SwaggerRequestURI;
+import com.bit.lot.flower.auth.social.valueobject.AuthId;
+import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
+import io.jsonwebtoken.ExpiredJwtException;
+import java.io.IOException;
+import javax.security.sasl.AuthenticationException;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+@RequiredArgsConstructor
+@Component
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+
+  private final RedisBlackListTokenUtil redisBlackListTokenUtil;
+
+  private boolean shouldNotFilterSwaggerURI(HttpServletRequest request)  {
+    String requestURI = request.getRequestURI();
+    return requestURI.contains(SwaggerRequestURI.UI_URI) || requestURI.contains(SwaggerRequestURI.API_DOCS_URI)
+        || requestURI.contains(SwaggerRequestURI.WEB_JARS) || requestURI.contains(SwaggerRequestURI.FAVICON)
+        || requestURI.contains(SwaggerRequestURI.RESOURCES);
+  }
+
+  private boolean shouldNotFilterKakaoOauth2(HttpServletRequest request)  {
+
+    String requestURI = request.getRequestURI();
+    return requestURI.contains(KakaoOAuthURLAntURI.KAPI)
+        || requestURI.contains(KakaoOAuthURLAntURI.KAUTH) || requestURI.contains(KakaoOAuthURLAntURI.REDIRECT)
+        || requestURI.contains(KakaoOAuthURLAntURI.OAUTH);
+  }
+
+  @Override
+  protected boolean shouldNotFilter(HttpServletRequest request)  {
+    String requestURI = request.getRequestURI();
+    return shouldNotFilterSwaggerURI(request) || shouldNotFilterKakaoOauth2(request)
+        || requestURI.contains(JWTAuthenticationShouldNotFilterAntMatcher.SIGNUP_ANT)
+        || requestURI.contains(JWTAuthenticationShouldNotFilterAntMatcher.LOGIN_ANT)
+        || requestURI.contains(JWTAuthenticationShouldNotFilterAntMatcher.EMAIL_ANT);
+  }
+
+  @Override
+  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+      FilterChain filterChain) throws ServletException, IOException {
+    String token = ExtractAuthorizationTokenUtil.extractToken(request);
+    if (redisBlackListTokenUtil.isTokenBlacklisted(token)) {
+      throw new AuthenticationException("해당 토큰은 이미 로그아웃 처리된 토큰이라 사용할 수 없는 토큰입니다.");
+    }
+    try {
+      JwtUtil.isTokenValid(token);
+    } catch (ExpiredJwtException e) {
+      setResponseWhenTokenIsExpiredForCheckingRefreshToken(response, e);
+      throw new ExpiredJwtException(e.getHeader(), e.getClaims(), "만료된 토큰입니다. Refresh토큰을 확인하세요");
+    }
+    filterChain.doFilter(request, response);
+  }
+
+  private void setResponseWhenTokenIsExpiredForCheckingRefreshToken(
+      HttpServletResponse response, ExpiredJwtException e) throws IOException {
+    JsonBinderUtil.setResponseWithJson(response, 403, createDtoByToken(e));
+  }
+
+
+  private RenewAccessTokenDto<AuthId> createDtoByToken(ExpiredJwtException e) {
+    return RenewAccessTokenDto.<AuthId>builder()
+        .authId(new AuthId(Long.valueOf(e.getClaims().getSubject())))
+        .role(Role.valueOf(e.getClaims().get(
+            SecurityPolicyStaticValue.CLAIMS_ROLE_KEY_NAME, String.class))).build();
+  }
+}

src/main/java/com/bit/lot/flower/auth/common/security/IssueRefreshRefreshTokenInCookie.java

@@ -22,7 +22,6 @@ public class IssueRefreshRefreshTokenInCookie implements
   @Value("${cookie.refresh.token.name}")
   private  String refreshCookieName;
 
-
   private final RedisRefreshTokenUtil redisRefreshTokenUtil;
 
   @Override
@@ -39,4 +38,10 @@ public void invalidateRefreshToken(String id, HttpServletResponse response) {
     CookieUtil.deleteCookie(refreshCookieName, domain);
     redisRefreshTokenUtil.deleteRefreshToken(id);
   }
+
+  @Override
+  public void renewRefreshToken(String id, HttpServletResponse response) {
+
+  }
+
 }

src/main/java/com/bit/lot/flower/auth/common/security/RefreshTokenStrategy.java

@@ -1,11 +1,11 @@
 package com.bit.lot.flower.auth.common.security;
 
-import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.stereotype.Component;
 
 @Component
 public interface RefreshTokenStrategy {
   public void createRefreshToken(String id, HttpServletResponse response);
   public void invalidateRefreshToken(String id, HttpServletResponse response);
+  public void renewRefreshToken(String id, HttpServletResponse response);
 }

src/main/java/com/bit/lot/flower/auth/common/security/RegisterAccessTokenInRedisBlackListWhenLogout.java

@@ -1,18 +1,14 @@
 package com.bit.lot.flower.auth.common.security;
 
-import com.bit.lot.flower.auth.common.util.ExtractAuthorizationTokenUtil;
 import com.bit.lot.flower.auth.common.util.RedisBlackListTokenUtil;
 import com.bit.lot.flower.auth.common.valueobject.SecurityPolicyStaticValue;
-import javax.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Component;
 
 @RequiredArgsConstructor
 @Component
 public class RegisterAccessTokenInRedisBlackListWhenLogout implements
     JwtAccessTokenDeleteStrategy {
-
-
   private final RedisBlackListTokenUtil redisBlackListTokenUtil;
   @Override
   public void invalidateAccessToken(String token) {

src/main/java/com/bit/lot/flower/auth/common/security/TokenHandler.java

@@ -1,8 +1,6 @@
 package com.bit.lot.flower.auth.common.security;
 
-import com.bit.lot.flower.auth.common.valueobject.SecurityPolicyStaticValue;
 import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Component;
@@ -15,6 +13,7 @@ public class TokenHandler {
   private final JwtAccessTokenCreateProcessor accessTokenStrategy;
   private final JwtAccessTokenDeleteStrategy deleteStrategy;
 
+
   public String createToken(String id,
       Map<String, Object> claimList,HttpServletResponse response) {
     refreshTokenStrategy.createRefreshToken(id,response);
@@ -25,4 +24,6 @@ public void invalidateToken(String id, String token, HttpServletResponse respons
     deleteStrategy.invalidateAccessToken(token);
     refreshTokenStrategy.invalidateRefreshToken(id, response);
   }
+
+
 }

src/main/java/com/bit/lot/flower/auth/common/service/RenewRefreshTokenStrategy.java

@@ -0,0 +1,15 @@
+package com.bit.lot.flower.auth.common.service;
+
+import com.bit.lot.flower.auth.common.valueobject.BaseId;
+import com.bit.lot.flower.auth.common.valueobject.Role;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.springframework.stereotype.Service;
+
+
+@Service
+public interface RenewRefreshTokenStrategy<ID extends BaseId> {
+
+  String renew(ID id, Role role, HttpServletRequest request,
+      HttpServletResponse response);
+}

src/main/java/com/bit/lot/flower/auth/common/service/RenewRefreshTokenWhenRefreshTokenIsMatchedCookieAndRedis.java

@@ -0,0 +1,43 @@
+package com.bit.lot.flower.auth.common.service;
+
+import com.bit.lot.flower.auth.common.security.TokenHandler;
+import com.bit.lot.flower.auth.common.util.CookieUtil;
+import com.bit.lot.flower.auth.common.util.JwtUtil;
+import com.bit.lot.flower.auth.common.util.RedisRefreshTokenUtil;
+import com.bit.lot.flower.auth.common.valueobject.BaseId;
+import com.bit.lot.flower.auth.common.valueobject.Role;
+import com.bit.lot.flower.auth.common.valueobject.SecurityPolicyStaticValue;
+import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.stereotype.Service;
+
+@RequiredArgsConstructor
+@Service
+public class RenewRefreshTokenWhenRefreshTokenIsMatchedCookieAndRedis<ID extends BaseId> implements
+    RenewRefreshTokenStrategy<ID> {
+
+  private final RedisRefreshTokenUtil redisRefreshTokenUtil;
+  private final TokenHandler tokenHandler;
+  @Value("${cookie.refresh.token.name}")
+  private String refreshCookieName;
+
+  @Override
+  public String renew(ID id, Role role, HttpServletRequest request,
+      HttpServletResponse response) {
+    String refreshTokenAtCookie = CookieUtil.getCookieValue(request, refreshCookieName);
+    if (redisRefreshTokenUtil.getRefreshToken(refreshTokenAtCookie) == null) {
+      throw new IllegalArgumentException("유효한 접근이 아닙니다. Refresh토큰을 확인해주세요");
+    }
+    return tokenHandler.createToken(id.getValue().toString(), createClaimsRoleMap(role), response);
+  }
+
+  private Map<String, Object> createClaimsRoleMap(Role role) {
+    return JwtUtil.addClaims(
+        SecurityPolicyStaticValue.CLAIMS_ROLE_KEY_NAME, role);
+  }
+
+}

src/main/java/com/bit/lot/flower/auth/common/util/JwtUtil.java

@@ -30,6 +30,7 @@ public class JwtUtil {
   private static SecretKey refreshSecret;
 
 
+
   public static String generateAccessTokenWithClaims(String subject,
       Map<String, Object> claimsList) {
     Date now = new Date();

src/main/java/com/bit/lot/flower/auth/common/util/OauthInfoConvertor.java

@@ -0,0 +1,12 @@
+package com.bit.lot.flower.auth.common.util;
+
+public class OauthInfoConvertor {
+
+  public static String convertInternationalPhoneNumberToDomestic(String phoneNumber) {
+    String numericPhone = phoneNumber.replaceAll("[^0-9]", "");
+      numericPhone =  0 +numericPhone.substring(2);
+    return numericPhone;
+  }
+
+}
+

src/main/java/com/bit/lot/flower/auth/common/valueobject/BaseId.java

@@ -14,8 +14,6 @@ public abstract class BaseId<T> {
 
   private T value;
 
-
-
   @Override
   public boolean equals(Object o) {
     if (this == o) {