was/gotcha-socket/src/main/java/socket_server/common/auth/JwtChannelInterceptor.java at bd3fbd2c8c412b7feae88dafc3895e0d651bad48 · GotchaAI/was · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
package socket_server.common.auth;

import gotcha_auth.exception.JwtExceptionCode;
import gotcha_auth.jwt.JwtAuthService;
import gotcha_common.exception.exceptionCode.ExceptionCode;
import gotcha_common.exception.exceptionCode.GlobalExceptionCode;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.security.SignatureException;
import lombok.RequiredArgsConstructor;
import org.springframework.messaging.MessagingException;
import org.springframework.messaging.simp.stomp.StompCommand;
import org.springframework.messaging.simp.stomp.StompHeaderAccessor;
import org.springframework.messaging.support.MessageHeaderAccessor;
import org.springframework.messaging.support.ChannelInterceptor;
import org.springframework.messaging.Message;
import org.springframework.messaging.MessageChannel;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;

@Component
@RequiredArgsConstructor
public class JwtChannelInterceptor implements ChannelInterceptor {
    public static final String AUTHORIZATION = "Authorization";
    private final JwtAuthService jwtAuthService;

    @Override
    public Message<?> preSend(Message<?> message, MessageChannel channel) {
        StompHeaderAccessor accessor = MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);

        if (accessor != null && StompCommand.CONNECT.equals(accessor.getCommand())) {
            try {

                String tokenHeader = accessor.getFirstNativeHeader(AUTHORIZATION);
                Authentication authentication = jwtAuthService.authenticate(tokenHeader);
                accessor.setUser(authentication);

            } catch (ExpiredJwtException e) {
                throw new MessagingException(toErrorPayload(JwtExceptionCode.ACCESS_TOKEN_EXPIRED));
            } catch (SignatureException e) {
                throw new MessagingException(toErrorPayload(JwtExceptionCode.INVALID_TOKEN_SIGNATURE));
            } catch (JwtException | IllegalArgumentException e) {
                throw new MessagingException(toErrorPayload(JwtExceptionCode.UNKNOWN_TOKEN_ERROR));
            } catch (UsernameNotFoundException e) {
                throw new MessagingException(toErrorPayload(GlobalExceptionCode.USER_NOT_FOUND));
            } catch (AuthenticationServiceException e) {
                throw new MessagingException(toErrorPayload(JwtExceptionCode.ACCESS_TOKEN_NOT_FOUND));
            } catch (Throwable e) {
                System.err.println("=== [DEBUG][JwtChannelInterceptor] 예외 발생 ===");
                e.printStackTrace();

                throw new MessagingException(toErrorPayload(GlobalExceptionCode.INTERNAL_SERVER_ERROR));
            }
        }
        return message;
    }

    private String toErrorPayload(ExceptionCode code) {
        return String.format(
                "{\"errorCode\":\"%s\", \"status\":%d, \"message\":\"%s\"}",
                code.getCode(),
                code.getStatus().value(),
                code.getMessage()
        );
    }


}