Merge pull request #16 from Y-edu/fix/adminLogin

Fix/admin login JWT방식 변경
Y-edu · Feb 6, 2025 · 1e5d81c · 1e5d81c
2 parents 00b1877 + e19c4e8
commit 1e5d81c
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 57 deletions.
diff --git a/src/main/java/com/yedu/backend/admin/application/usecase/AdminManageUseCase.java b/src/main/java/com/yedu/backend/admin/application/usecase/AdminManageUseCase.java
@@ -9,6 +9,7 @@
 import com.yedu.backend.domain.parents.domain.entity.ApplicationForm;
 import com.yedu.backend.domain.parents.domain.entity.Parents;
 import com.yedu.backend.domain.teacher.domain.entity.Teacher;
+import com.yedu.backend.global.config.security.jwt.dto.JwtResponse;
 import com.yedu.backend.global.config.security.jwt.usecase.JwtUseCase;
 import com.yedu.backend.global.config.security.util.EncryptorUtils;
 import jakarta.servlet.http.HttpServletRequest;
@@ -43,20 +44,20 @@ public void updateTeacherIssue(long teacherId, TeacherIssueRequest request) {
         adminUpdateService.updateTeacherIssue(teacher, request.issue());
     }
 
-    public void loginAdmin(LoginRequest request, HttpServletResponse response) {
+    public JwtResponse loginAdmin(LoginRequest request, HttpServletResponse response) {
         Admin admin = adminGetService.adminByLoginId(request.id());
         if (!encryptorUtils.checkBCryptData(request.password(), admin.getPassword()))
             throw new IllegalArgumentException();
-        jwtUseCase.signIn(admin, response);
+        return jwtUseCase.signIn(admin, response);
     }
 
-    public void logout(Admin admin, HttpServletResponse response) {
+    public void logout(Admin admin) {
         if (admin == null)
             throw new IllegalArgumentException();
-        jwtUseCase.logout(admin, response);
+        jwtUseCase.logout(admin);
     }
 
-    public void regenerate(Admin admin, HttpServletRequest request, HttpServletResponse response) {
-        jwtUseCase.regenerateToken(admin, request, response);
+    public JwtResponse regenerate(Admin admin, HttpServletRequest request, HttpServletResponse response) {
+        return jwtUseCase.regenerateToken(admin, request, response);
     }
 }
diff --git a/src/main/java/com/yedu/backend/admin/presentation/AdminController.java b/src/main/java/com/yedu/backend/admin/presentation/AdminController.java
@@ -10,6 +10,7 @@
 import com.yedu.backend.admin.domain.entity.Admin;
 import com.yedu.backend.domain.parents.domain.entity.constant.ClassType;
 import com.yedu.backend.domain.teacher.domain.entity.constant.TeacherGender;
+import com.yedu.backend.global.config.security.jwt.dto.JwtResponse;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
@@ -83,21 +84,21 @@ public ResponseEntity<AllFilteringTeacher> searchTeachers(
     }
 
     @PostMapping("/login")
-    public ResponseEntity login(@RequestBody LoginRequest request, HttpServletResponse httpServletResponse) {
-        adminManageUseCase.loginAdmin(request, httpServletResponse);
-        return ResponseEntity.ok().build();
+    public ResponseEntity<JwtResponse> login(@RequestBody LoginRequest request, HttpServletResponse httpServletResponse) {
+        JwtResponse jwtResponse = adminManageUseCase.loginAdmin(request, httpServletResponse);
+        return ResponseEntity.ok(jwtResponse);
     }
 
     @PostMapping("/logout")
-    public ResponseEntity logout(@AuthenticationPrincipal Admin admin, HttpServletResponse response) {
-        adminManageUseCase.logout(admin, response);
+    public ResponseEntity logout(@AuthenticationPrincipal Admin admin) {
+        adminManageUseCase.logout(admin);
         return ResponseEntity.ok().build();
     }
 
     @PostMapping("/regenerate")
-    public ResponseEntity regenerate(@AuthenticationPrincipal Admin admin, HttpServletResponse response, HttpServletRequest request) {
-        adminManageUseCase.regenerate(admin, request, response);
-        return ResponseEntity.ok().build();
+    public ResponseEntity<JwtResponse> regenerate(@AuthenticationPrincipal Admin admin, HttpServletResponse response, HttpServletRequest request) {
+        JwtResponse jwtResponse = adminManageUseCase.regenerate(admin, request, response);
+        return ResponseEntity.ok(jwtResponse);
     }
 
     @GetMapping("/test")

diff --git a/src/main/java/com/yedu/backend/global/config/security/SecurityConfig.java b/src/main/java/com/yedu/backend/global/config/security/SecurityConfig.java
@@ -21,8 +21,6 @@
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
-import java.util.List;
-
 @Configuration
 @EnableWebSecurity
 @RequiredArgsConstructor
@@ -72,10 +70,7 @@ protected SecurityFilterChain config(HttpSecurity http) throws Exception {
     public CorsConfigurationSource source() {
         CorsConfiguration configuration = new CorsConfiguration();
         configuration.addExposedHeader("Authorization");
-
-        // 허용할 프론트엔드 도메인 설정 (여기에 실제 프론트엔드 URL을 입력)
-        configuration.setAllowedOrigins(List.of("https://y-edu-class.com", "https://develop.d22frnw7yy0hnv.amplifyapp.com", "https://dev.yedu-develop.com:8181", "http://localhost:8080", "http://localhost:3000"));
-
+        configuration.addAllowedOriginPattern("*");
         configuration.addAllowedHeader("*");
         configuration.addAllowedMethod("*");
         configuration.setAllowCredentials(true);

diff --git a/src/main/java/com/yedu/backend/global/config/security/jwt/dto/JwtResponse.java b/src/main/java/com/yedu/backend/global/config/security/jwt/dto/JwtResponse.java
@@ -0,0 +1,4 @@
+package com.yedu.backend.global.config.security.jwt.dto;
+
+public record JwtResponse(int accessTokenExpired, int refreshTokenExpired) {
+}
diff --git a/src/main/java/com/yedu/backend/global/config/security/jwt/usecase/JwtUseCase.java b/src/main/java/com/yedu/backend/global/config/security/jwt/usecase/JwtUseCase.java
@@ -2,8 +2,8 @@
 
 import com.yedu.backend.admin.domain.entity.Admin;
 import com.yedu.backend.global.config.security.jwt.constant.Role;
+import com.yedu.backend.global.config.security.jwt.dto.JwtResponse;
 import com.yedu.backend.global.config.security.jwt.util.JwtUtils;
-import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
@@ -18,62 +18,41 @@
 @Transactional(readOnly = true)
 public class JwtUseCase {
     private final JwtUtils jwtUtils;
-    private static final String ACCESS_COOKIE = "accessToken";
-    private static final String REFRESH_COOKIE = "refreshToken";
     @Value("${jwt.refreshExpiration}")
     private int refreshExpiration;
     @Value("${jwt.accessExpiration}")
     private int accessExpiration;
 
-    public void signIn(Admin admin, HttpServletResponse response) {
-        generateAdminToken(admin, response);
+    public JwtResponse signIn(Admin admin, HttpServletResponse response) {
+        return generateAdminToken(admin, response);
     }
 
-    public void logout(Admin admin, HttpServletResponse response) {
-        deleteCookie(response);
+    public void logout(Admin admin) {
         jwtUtils.makeExpired(admin.getAdminId());
     }
 
-    public void regenerateToken(Admin admin, HttpServletRequest request, HttpServletResponse response) {
-        log.info("regenerate 진입");
+    public JwtResponse regenerateToken(Admin admin, HttpServletRequest request, HttpServletResponse response) {
         jwtUtils.checkRedis(admin.getAdminId(), request);
         generateAdminToken(admin, response);
+        return new JwtResponse(accessExpiration, refreshExpiration);
     }
 
 
-    private void generateAdminToken(Admin admin, HttpServletResponse response) {
+    private JwtResponse generateAdminToken(Admin admin, HttpServletResponse response) {
         String accessToken = jwtUtils.generateAccessToken(admin.getAdminId(), Role.ADMIN);
         String refreshToken = jwtUtils.generateRefreshToken(admin.getAdminId(), Role.ADMIN);
-        accessTokenCookie(response, accessToken);
-        refreshTokenCookie(response, refreshToken);
-    }
-
-    private void accessTokenCookie(HttpServletResponse response, String accessToken) {
-        Cookie accessCookie = new Cookie(ACCESS_COOKIE, accessToken);
-        accessCookie.setHttpOnly(true);
-        accessCookie.setPath("/");
-        accessCookie.setMaxAge(accessExpiration);
-        response.addCookie(accessCookie);
+        accessTokenHeader(response, accessToken);
+        refreshTokenHeader(response, refreshToken);
+        return new JwtResponse(accessExpiration, refreshExpiration);
     }
 
-    private void refreshTokenCookie(HttpServletResponse response, String refreshToken) {
-        Cookie refreshCookie = new Cookie(REFRESH_COOKIE, refreshToken);
-        refreshCookie.setHttpOnly(true);
-        refreshCookie.setPath("/");
-        refreshCookie.setMaxAge(refreshExpiration);
-        response.addCookie(refreshCookie);
+    // 헤더에 AccessToken 추가
+    private void accessTokenHeader(HttpServletResponse response, String accessToken) {
+        response.setHeader("Authorization", "Bearer " + accessToken);
     }
 
-    private void deleteCookie(HttpServletResponse response) {
-        Cookie refreshCookie = new Cookie(REFRESH_COOKIE, null);
-        refreshCookie.setHttpOnly(true);
-        refreshCookie.setPath("/");
-        refreshCookie.setMaxAge(0);
-        response.addCookie(refreshCookie);
-        Cookie accessCookie = new Cookie(ACCESS_COOKIE, null);
-        accessCookie.setHttpOnly(true);
-        accessCookie.setPath("/");
-        accessCookie.setMaxAge(0);
-        response.addCookie(accessCookie);
+    // 헤더에 RefreshToken 추가
+    private void refreshTokenHeader(HttpServletResponse response, String refreshToken) {
+        response.setHeader("RefreshToken", refreshToken);
     }
 }