feat: 스프링 인터셉터을 이용하여 토큰 유효성 검증 로직 구현 (#17)

darass-team · Aug 9, 2021 · 65845f7 · 65845f7
1 parent fc3fe18
commit 65845f7
Show file tree

Hide file tree

Showing 5 changed files with 101 additions and 8 deletions.
diff --git a/backend/src/main/java/com/darass/darass/auth/oauth/AuthControllerAdvice.java b/backend/src/main/java/com/darass/darass/auth/oauth/AuthControllerAdvice.java
@@ -0,0 +1,14 @@
+package com.darass.darass.auth.oauth;
+
+import com.darass.darass.auth.oauth.exception.AuthenticationException;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+
+@RestControllerAdvice
+public class AuthControllerAdvice {
+
+    @ExceptionHandler(AuthenticationException.class)
+    public String authenticationExceptionHandler(AuthenticationException exception) {
+        return exception.getMessage();
+    }
+}
diff --git a/backend/src/main/java/com/darass/darass/auth/oauth/AuthenticationPrincipalConfig.java b/backend/src/main/java/com/darass/darass/auth/oauth/AuthenticationPrincipalConfig.java
@@ -0,0 +1,31 @@
+package com.darass.darass.auth.oauth;
+
+import com.darass.darass.auth.oauth.infrastructure.JwtTokenProvider;
+import com.darass.darass.auth.oauth.infrastructure.LoginInterceptor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class AuthenticationPrincipalConfig implements WebMvcConfigurer {
+
+    private final JwtTokenProvider jwtTokenProvider;
+
+    public AuthenticationPrincipalConfig(JwtTokenProvider jwtTokenProvider) {
+        this.jwtTokenProvider = jwtTokenProvider;
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(loginInterceptor())
+            .addPathPatterns("/api/v1/**")
+            .excludePathPatterns("/api/v1/login/oauth");
+    }
+
+    @Bean
+    public HandlerInterceptor loginInterceptor() {
+        return new LoginInterceptor(jwtTokenProvider);
+    }
+}
diff --git a/backend/src/main/java/com/darass/darass/auth/oauth/controller/OAuthController.java b/backend/src/main/java/com/darass/darass/auth/oauth/controller/OAuthController.java
@@ -1,15 +1,15 @@
 package com.darass.darass.auth.oauth.controller;
 
-import com.darass.darass.auth.oauth.exception.AuthenticationException;
 import com.darass.darass.auth.oauth.service.OAuthService;
 import lombok.RequiredArgsConstructor;
-import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
-@RestController
 @RequiredArgsConstructor
+@RestController
+@RequestMapping("/api/v1")
 public class OAuthController {
 
     private final OAuthService oAuthService;
@@ -19,9 +19,4 @@ public String login(@RequestParam String accessToken) {
         return oAuthService.login(accessToken);
     }
 
-    @ExceptionHandler(AuthenticationException.class)
-    public String authenticationExceptionHandler(AuthenticationException exception) {
-        return exception.getMessage();
-    }
-
 }
diff --git a/...end/src/main/java/com/darass/darass/auth/oauth/infrastructure/AuthorizationExtractor.java b/...end/src/main/java/com/darass/darass/auth/oauth/infrastructure/AuthorizationExtractor.java
@@ -0,0 +1,29 @@
+package com.darass.darass.auth.oauth.infrastructure;
+
+import java.util.Enumeration;
+import javax.servlet.http.HttpServletRequest;
+
+public class AuthorizationExtractor {
+
+    public static final String AUTHORIZATION = "Authorization";
+    public static final String ACCESS_TOKEN_TYPE = AuthorizationExtractor.class.getSimpleName() + ".ACCESS_TOKEN_TYPE";
+    public static String BEARER_TYPE = "Bearer";
+
+    public static String extract(HttpServletRequest request) {
+        Enumeration<String> headers = request.getHeaders(AUTHORIZATION);
+        while (headers.hasMoreElements()) {
+            String value = headers.nextElement();
+            if ((value.toLowerCase().startsWith(BEARER_TYPE.toLowerCase()))) {
+                String authHeaderValue = value.substring(BEARER_TYPE.length()).trim();
+                request.setAttribute(ACCESS_TOKEN_TYPE, value.substring(0, BEARER_TYPE.length()).trim());
+                int commaIndex = authHeaderValue.indexOf(',');
+                if (commaIndex > 0) {
+                    authHeaderValue = authHeaderValue.substring(0, commaIndex);
+                }
+                return authHeaderValue;
+            }
+        }
+
+        return null;
+    }
+}
diff --git a/backend/src/main/java/com/darass/darass/auth/oauth/infrastructure/LoginInterceptor.java b/backend/src/main/java/com/darass/darass/auth/oauth/infrastructure/LoginInterceptor.java
@@ -0,0 +1,24 @@
+package com.darass.darass.auth.oauth.infrastructure;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+public class LoginInterceptor implements HandlerInterceptor {
+
+    private final JwtTokenProvider jwtTokenProvider;
+
+    public LoginInterceptor(JwtTokenProvider jwtTokenProvider) {
+        this.jwtTokenProvider = jwtTokenProvider;
+    }
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        if ("OPTIONS".equals(request.getMethod())) {
+            return true;
+        }
+        final String accessToken = AuthorizationExtractor.extract(request);
+        jwtTokenProvider.validateToken(accessToken);
+        return true;
+    }
+}