Skip to content

Feat: [FN-60] 회원 탈퇴시 JWT 토큰 무효화 #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dungbik merged 4 commits into from
Jul 16, 2025
Merged

Feat: [FN-60] 회원 탈퇴시 JWT 토큰 무효화 #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
29e911d
Refactor: JWT 토큰 생성 메서드 파라미터 User로 변경
dungbik Jul 16, 2025
03601d6
Feat: 회원 탈퇴시 JWT 토큰 무효화되게 수정
dungbik Jul 16, 2025
7d0d3f2
Test: 회원 탈퇴 로직 수정에 따른 테스트 코드 수정
dungbik Jul 16, 2025
b4a130e
Fix: import 및 파라미터 타입 실수 수정
dungbik Jul 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion src/main/java/project/flipnote/auth/constants/AuthRedisKey.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,9 @@
@AllArgsConstructor
public enum AuthRedisKey implements RedisKeys {
EMAIL_CODE("auth:email:code:%s", VerificationConstants.CODE_TTL_MINUTES * 60),
EMAIL_VERIFIED("auth:email:verified:%s", 600);
EMAIL_VERIFIED("auth:email:verified:%s", 600),
TOKEN_VERSION("auth:token:version:%d", 3600),
;

private final String pattern;
private final int ttlSeconds;
Expand Down
37 changes: 37 additions & 0 deletions src/main/java/project/flipnote/auth/repository/TokenVersionRedisRepository.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
package project.flipnote.auth.repository;

import java.time.Duration;
import java.util.Optional;

import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Repository;

import lombok.RequiredArgsConstructor;
import project.flipnote.auth.constants.AuthRedisKey;

@RequiredArgsConstructor
@Repository
public class TokenVersionRedisRepository {

private final RedisTemplate<String, Long> tokenVersionRedisTemplate;

public void saveTokenVersion(long userId, long tokenVersion) {
String key = AuthRedisKey.TOKEN_VERSION.key(userId);
Duration ttl = AuthRedisKey.TOKEN_VERSION.getTtl();

tokenVersionRedisTemplate.opsForValue().set(key, tokenVersion, ttl);
}

public Optional<Long> getTokenVersion(long userId) {
String key = AuthRedisKey.TOKEN_VERSION.key(userId);
Long value = tokenVersionRedisTemplate.opsForValue().get(key);

return Optional.ofNullable(value);
}

public void deleteTokenVersion(long userId) {
String key = AuthRedisKey.TOKEN_VERSION.key(userId);

tokenVersionRedisTemplate.delete(key);
}
}
2 changes: 1 addition & 1 deletion src/main/java/project/flipnote/auth/service/AuthService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ public TokenPair login(UserLoginRequest req) {

validatePasswordMatch(req.password(), user.getPassword());

return jwtComponent.generateTokenPair(user.getEmail(), user.getId(), user.getRole().name());
return jwtComponent.generateTokenPair(user);
}

public void sendEmailVerificationCode(EmailVerificationRequest req) {
Expand Down
28 changes: 28 additions & 0 deletions src/main/java/project/flipnote/auth/service/TokenVersionService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
package project.flipnote.auth.service;

import java.util.Optional;

import org.springframework.stereotype.Service;

import lombok.RequiredArgsConstructor;
import project.flipnote.auth.repository.TokenVersionRedisRepository;
import project.flipnote.user.repository.UserRepository;

@RequiredArgsConstructor
@Service
public class TokenVersionService {

private final TokenVersionRedisRepository tokenVersionRedisRepository;
private final UserRepository userRepository;

public Optional<Long> findTokenVersion(long userId) {
return tokenVersionRedisRepository.getTokenVersion(userId)
.or(() -> {
Optional<Long> dbTokenVersion = userRepository.findTokenVersionById(userId);
dbTokenVersion.ifPresent(
tokenVersion -> tokenVersionRedisRepository.saveTokenVersion(userId, tokenVersion)
);
return dbTokenVersion;
});
}
}
10 changes: 10 additions & 0 deletions src/main/java/project/flipnote/common/config/RedisConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.GenericToStringSerializer;
import org.springframework.data.redis.serializer.StringRedisSerializer;

@Configuration
Expand All @@ -17,4 +18,13 @@ public RedisTemplate<String, String> emailRedisTemplate(RedisConnectionFactory c
template.setValueSerializer(new StringRedisSerializer());
return template;
}

@Bean
public RedisTemplate<String, Long> tokenVersionRedisTemplate(RedisConnectionFactory connectionFactory) {
RedisTemplate<String, Long> template = new RedisTemplate<>();
template.setConnectionFactory(connectionFactory);
template.setKeySerializer(new StringRedisSerializer());
template.setValueSerializer(new GenericToStringSerializer<>(Long.class));
return template;
}
}
3 changes: 2 additions & 1 deletion src/main/java/project/flipnote/common/security/dto/UserAuth.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@
public record UserAuth(
Long userId,
String email,
UserRole userRole
UserRole userRole,
long tokenVersion
) {

public Collection<? extends GrantedAuthority> getAuthorities() {
Expand Down
45 changes: 29 additions & 16 deletions src/main/java/project/flipnote/common/security/jwt/JwtComponent.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,52 +13,53 @@
import jakarta.annotation.PostConstruct;
import lombok.RequiredArgsConstructor;
import project.flipnote.auth.model.TokenPair;
import project.flipnote.auth.service.TokenVersionService;
import project.flipnote.common.security.dto.UserAuth;
import project.flipnote.common.security.exception.SecurityErrorCode;
import project.flipnote.common.security.exception.SecurityException;
import project.flipnote.user.entity.User;
import project.flipnote.user.entity.UserRole;

@RequiredArgsConstructor
@Component
public class JwtComponent {

private final JwtProperties jwtProperties;
private final TokenVersionService tokenVersionService;
private SecretKey secretKey;

@PostConstruct
public void init() {
this.secretKey = Keys.hmacShaKeyFor(jwtProperties.getSecret().getBytes());
}

public TokenPair generateTokenPair(String email, Long userId, String role) {
return TokenPair.from(generateAccessToken(email, userId, role), generateRefreshToken(email, userId, role));
public TokenPair generateTokenPair(User user) {
String accessToken = generateAccessToken(user);
String refreshToken = generateRefreshToken(user);
return TokenPair.from(accessToken, refreshToken);
}

private String generateAccessToken(String email, Long userId, String role) {
private String generateAccessToken(User user) {
return generateToken(
email,
userId,
role,
user,
jwtProperties.getAccessTokenExpiredDate(new Date())
);
}

private String generateRefreshToken(String email, Long userId, String role) {
private String generateRefreshToken(User user) {
return generateToken(
email,
userId,
role,
user,
jwtProperties.getRefreshTokenExpiredDate(new Date())
);
}

private String generateToken(String email, Long userId, String role, Date expiration) {
private String generateToken(User user, Date expiration) {
Date now = new Date();

return Jwts.builder()
.subject(email)
.id(userId.toString())
.claim(JwtConstants.ROLE, role)
.subject(user.getEmail())
.id(String.valueOf(user.getId()))
.claim(JwtConstants.ROLE, user.getRole().name())
.issuedAt(now)
.expiration(expiration)
.signWith(secretKey, Jwts.SIG.HS256)
Expand All @@ -67,8 +68,10 @@ private String generateToken(String email, Long userId, String role, Date expira

public UserAuth extractUserAuthFromToken(String token) {
Claims claims = parseClaims(token);
UserAuth userAuth = extractUserAuthFromClaims(claims);
validateToken(userAuth);

return extractUserAuthFromClaims(claims);
return userAuth;
}

private Claims parseClaims(String token) {
Expand All @@ -85,13 +88,23 @@ private Claims parseClaims(String token) {
}
}

private void validateToken(UserAuth userAuth) {
long currentTokenVersion = tokenVersionService.findTokenVersion(userAuth.userId())
.orElseThrow(() -> new SecurityException(SecurityErrorCode.NOT_VALID_JWT_TOKEN));

if (userAuth.tokenVersion() != currentTokenVersion) {
throw new SecurityException(SecurityErrorCode.NOT_VALID_JWT_TOKEN);
}
}

private UserAuth extractUserAuthFromClaims(Claims claims) {
long userId = Long.parseLong(claims.getId());
UserRole userRole = UserRole.from(
claims.get(JwtConstants.ROLE, String.class)
);
String email = claims.getSubject();
long tokenVersion = claims.get(JwtConstants.TOKEN_VERSION, Long.class);

return new UserAuth(userId, email, userRole);
return new UserAuth(userId, email, userRole, tokenVersion);
}
}
1 change: 1 addition & 0 deletions src/main/java/project/flipnote/common/security/jwt/JwtConstants.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ public final class JwtConstants {
public static final String REFRESH_TOKEN = "refreshToken";

public static final String ROLE = "role";
public static final String TOKEN_VERSION = "token_version";

public static final String AUTH_HEADER = "Authorization";
public static final String TOKEN_PREFIX = "Bearer ";
Expand Down
14 changes: 12 additions & 2 deletions src/main/java/project/flipnote/user/entity/User.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,9 @@ public class User extends SoftDeletableEntity {
@Column(nullable = false)
private UserRole role;

@Column(nullable = false)
private long tokenVersion;

@Builder
public User(
String email,
Expand All @@ -74,11 +77,18 @@ public User(
this.smsAgree = smsAgree;
this.status = UserStatus.ACTIVE;
this.role = UserRole.USER;
this.tokenVersion = 0L;
}

@Override
public void softDelete() {
public void unregister() {
super.softDelete();

this.status = UserStatus.INACTIVE;

increaseTokenVersion();
}

public void increaseTokenVersion() {
this.tokenVersion++;
}
}
5 changes: 5 additions & 0 deletions src/main/java/project/flipnote/user/repository/UserRepository.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@
import java.util.Optional;

import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.query.Param;

import project.flipnote.user.entity.User;
import project.flipnote.user.entity.UserStatus;
Expand All @@ -16,4 +18,7 @@ public interface UserRepository extends JpaRepository<User, Long> {
Optional<User> findByEmailAndStatus(String email, UserStatus status);

Optional<User> findByIdAndStatus(Long userId, UserStatus status);

@Query("SELECT u.tokenVersion FROM User u WHERE u.id = :userId")
Optional<Long> findTokenVersionById(@Param("userId") Long userId);
}
5 changes: 4 additions & 1 deletion src/main/java/project/flipnote/user/service/UserService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
import org.springframework.transaction.annotation.Transactional;

import lombok.RequiredArgsConstructor;
import project.flipnote.auth.repository.TokenVersionRedisRepository;
import project.flipnote.auth.service.AuthService;
import project.flipnote.common.exception.BizException;
import project.flipnote.user.entity.User;
Expand All @@ -24,6 +25,7 @@ public class UserService {
private final UserRepository userRepository;
private final PasswordEncoder passwordEncoder;
private final AuthService authService;
private final TokenVersionRedisRepository tokenVersionRedisRepository;

@Transactional
public UserRegisterResponse register(UserRegisterRequest req) {
Expand Down Expand Up @@ -55,7 +57,8 @@ public UserRegisterResponse register(UserRegisterRequest req) {
public void unregister(Long userId) {
User user = findActiveUserById(userId);

user.softDelete();
user.unregister();
tokenVersionRedisRepository.deleteTokenVersion(userId);
}

private User findActiveUserById(Long userId) {
Expand Down
9 changes: 4 additions & 5 deletions src/test/java/project/flipnote/auth/service/AuthServiceTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,8 +178,7 @@ void success() {
.willReturn(Optional.of(foundUser));
given(passwordEncoder.matches(req.password(), foundUser.getPassword()))
.willReturn(true);
given(jwtComponent.generateTokenPair(foundUser.getEmail(), foundUser.getId(), foundUser.getRole().name()))
.willReturn(expectedTokenPair);
given(jwtComponent.generateTokenPair(foundUser)).willReturn(expectedTokenPair);

TokenPair resultTokenPair = authService.login(req);

Expand All @@ -189,7 +188,7 @@ void success() {

verify(userRepository).findByEmailAndStatus(anyString(), any(UserStatus.class));
verify(passwordEncoder).matches(anyString(), anyString());
verify(jwtComponent).generateTokenPair(anyString(), anyLong(), anyString());
verify(jwtComponent).generateTokenPair(any(User.class));
}

@Test
Expand All @@ -209,7 +208,7 @@ void fail_invalidCredentials_wrongEmail() {
assertThat(exception.getErrorCode()).isEqualTo(AuthErrorCode.INVALID_CREDENTIALS);

verify(passwordEncoder, never()).matches(anyString(), anyString());
verify(jwtComponent, never()).generateTokenPair(anyString(), anyLong(), anyString());
verify(jwtComponent, never()).generateTokenPair(any(User.class));
}

@Test
Expand All @@ -232,7 +231,7 @@ void fail_invalidCredentials_wrongPassword() {
assertThat(exception).isNotNull();
assertThat(exception.getErrorCode()).isEqualTo(AuthErrorCode.INVALID_CREDENTIALS);

verify(jwtComponent, never()).generateTokenPair(anyString(), anyLong(), anyString());
verify(jwtComponent, never()).generateTokenPair(any(User.class));
}
}

Expand Down
6 changes: 5 additions & 1 deletion src/test/java/project/flipnote/user/service/UserServiceTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.test.util.ReflectionTestUtils;

import project.flipnote.auth.exception.AuthErrorCode;
import project.flipnote.auth.repository.TokenVersionRedisRepository;
import project.flipnote.auth.service.AuthService;
import project.flipnote.common.exception.BizException;
import project.flipnote.fixture.UserFixture;
Expand All @@ -44,6 +44,9 @@ class UserServiceTest {
@Mock
private PasswordEncoder passwordEncoder;

@Mock
private TokenVersionRedisRepository tokenVersionRedisRepository;

@DisplayName("회원가입 테스트")
@Nested
class Register {
Expand Down Expand Up @@ -157,6 +160,7 @@ void success() {
assertThat(user.getDeletedAt()).isNotNull();

verify(user, times(1)).softDelete();
verify(tokenVersionRedisRepository, times(1)).deleteTokenVersion(anyLong());
}

@DisplayName("회원 id가 존재하지 않는 경우 예외 발생")
Expand Down
Loading