Merge pull request #88 from SynergyX-AI-Pattern/feat/#85_login

[FEAT] 회원가입, 로그인, 로그아웃 구현 #85

Author: eldeoddt

src/main/java/com/synergyx/trading/apiPayload/code/status/ErrorStatus.java

@@ -63,6 +63,12 @@ public enum ErrorStatus implements BaseErrorCode {
     IMAGE_FILE_MISSING(HttpStatus.BAD_REQUEST, "IMAGE4001", "업로드된 이미지가 없습니다."),
     IMAGE_FILE_TOO_LARGE(HttpStatus.BAD_REQUEST, "IMAGE4002", "업로드 가능한 최대 용량은 5MB입니다."),
     INVALID_IMAGE_FILE_TYPE(HttpStatus.BAD_REQUEST, "IMAGE4003", "지원하지 않는 이미지 형식입니다."),
+
+    // 인증 관련 예외 처리
+    AUTH_DUPLICATE_EMAIL(HttpStatus.CONFLICT, "AUTH4001", "이미 사용 중인 이메일입니다."),
+    AUTH_INVALID_EMAIL_FORMAT(HttpStatus.BAD_REQUEST, "AUTH4002", "올바른 이메일 형식이 아닙니다."),
+    AUTH_INVALID_TOKEN(HttpStatus.UNAUTHORIZED, "AUTH4003", "인증 정보가 유효하지 않습니다."),
+    AUTH_INVALID_CREDENTIALS(HttpStatus.UNAUTHORIZED, "AUTH4004", "이메일 또는 비밀번호가 잘못되었습니다."),
     ;
 
     private final HttpStatus httpStatus;

src/main/java/com/synergyx/trading/apiPayload/code/status/SuccessStatus.java

@@ -48,6 +48,11 @@ public enum SuccessStatus implements BaseCode {
     // 감정 투자 일기
     SUCCESS_WRITE_EMOTION_DIARY(HttpStatus.OK, "DIARY200", "감정 투자 일기 작성 성공"),
     SUCCESS_DELETE_EMOTION_DIARY(HttpStatus.OK, "DIARY2002", "감정 투자 일기가 삭제되었습니다."),
+
+    // 인증
+    AUTH_LOGIN_SUCCESS(HttpStatus.OK, "AUTH200", "로그인 성공"),
+    AUTH_SIGNUP_SUCCESS(HttpStatus.OK, "AUTH201", "회원가입 성공"),
+    AUTH_LOGOUT_SUCCESS(HttpStatus.OK, "AUTH202", "로그아웃 성공")
     ;
 
     private final HttpStatus httpStatus;

src/main/java/com/synergyx/trading/config/context/SecurityUserContext.java

@@ -0,0 +1,46 @@
+package com.synergyx.trading.config.context;
+
+import com.synergyx.trading.apiPayload.code.status.ErrorStatus;
+import com.synergyx.trading.apiPayload.exception.GeneralException;
+import com.synergyx.trading.config.security.UserAuthentication;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Service;
+
+@Service
+@RequiredArgsConstructor
+@Slf4j
+public class SecurityUserContext implements UserContext {
+
+    /**
+     * 현재 인증된 User의 Id를 가져옵니다.
+     */
+    @Override
+    public Long getCurrentUserId() {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        if (authentication == null) {
+            log.warn("[SecurityUserContext] 인증 객체가 null입니다.");
+            throw new GeneralException(ErrorStatus._UNAUTHORIZED);
+        }
+
+        if (!(authentication instanceof UserAuthentication)) {
+            log.warn("[SecurityUserContext] 인증 객체 타입이 예상과 다릅니다. 현재 타입: {}",
+                    authentication.getClass().getName());
+            log.debug("[SecurityUserContext] authentication 전체 정보: {}", authentication);
+            throw new GeneralException(ErrorStatus._UNAUTHORIZED);
+        }
+
+        UserAuthentication userAuthentication = (UserAuthentication) authentication;
+        Long userId = userAuthentication.getUserId();
+
+        if (userId == null) {
+            log.warn("[SecurityUserContext] 인증된 사용자 ID가 null입니다.");
+            throw new GeneralException(ErrorStatus._UNAUTHORIZED);
+        }
+
+        return userId;
+    }
+}

src/main/java/com/synergyx/trading/config/context/UserContext.java

@@ -0,0 +1,5 @@
+package com.synergyx.trading.config.context;
+
+public interface UserContext {
+    Long getCurrentUserId();
+}

src/main/java/com/synergyx/trading/config/security/CustomAccessDeniedHandler.java

@@ -0,0 +1,22 @@
+package com.synergyx.trading.config.security;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+public class CustomAccessDeniedHandler implements AccessDeniedHandler {
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
+        setResponse(response);
+    }
+
+    private void setResponse(HttpServletResponse response) {
+        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+    }
+}

src/main/java/com/synergyx/trading/config/security/CustomJwtAuthenticationEntryPoint.java

@@ -0,0 +1,20 @@
+package com.synergyx.trading.config.security;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+@Component
+public class CustomJwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) {
+        setResponse(response);
+    }
+
+    private void setResponse(HttpServletResponse response) {
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+    }
+}

src/main/java/com/synergyx/trading/config/security/JwtAuthenticationFilter.java

@@ -0,0 +1,151 @@
+package com.synergyx.trading.config.security;
+
+import com.synergyx.trading.apiPayload.code.status.ErrorStatus;
+import com.synergyx.trading.apiPayload.exception.GeneralException;
+import com.synergyx.trading.config.token.JwtTokenProvider;
+import com.synergyx.trading.model.User;
+import com.synergyx.trading.repository.UserRepository;
+import com.synergyx.trading.util.ErrorResponseUtil;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.NonNull;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.Collection;
+import java.util.List;
+import java.util.Collections;
+
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+
+    private final JwtTokenProvider jwtTokenProvider;
+    private final UserRepository userRepository;
+    private final AntPathMatcher pathMatcher = new AntPathMatcher();
+
+    // no auth 허용 url
+    private static final List<String> NO_AUTH_URLS = List.of(
+            "/auth/login/**",
+            "/auth/signup/**",
+            "/swagger-ui/**",
+            "/v3/api-docs/**",
+            "/test/**"
+    );
+
+    /**
+     * JWT 인증 필터 처리 메서드
+     * <p>
+     * Access Token을 추출하고, 토큰 유효성을 검증합니다.
+     * SecurityContext에 인증 정보를 등록합니다.
+     * 유효하지 않은 토큰의 경우 {@link ErrorResponseUtil} 을 통해 인증 실패 응답을 반환합니다.
+     *
+     * @param request
+     * @param response
+     * @param filterChain
+     * @throws ServletException
+     * @throws IOException
+     */
+    @Override
+    protected void doFilterInternal(@NonNull HttpServletRequest request,
+                                    @NonNull HttpServletResponse response,
+                                    @NonNull FilterChain filterChain) throws ServletException, IOException {
+
+        String requestURI = request.getRequestURI();
+        log.info("Request URI: {}", request.getRequestURI());
+
+        // 인증이 필요 없는 URI 필터 통과
+        if (isExcludedPath(requestURI)) {
+            log.debug("[JWT] 필터 제외 대상: {}", requestURI);
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        String header = request.getHeader("Authorization");
+        // 401 error
+        if (header == null || !header.startsWith("Bearer ")) {
+            log.warn("[JWT] Authorization 헤더 없음 또는 형식 오류 - IP: {}", request.getRemoteAddr());
+            sendUnauthorized(response);
+            return;
+        }
+
+        // JWT 추출
+        String token = header.substring(7);
+        if (token.isBlank()) {
+            log.warn("[JWT] 토큰이 비어 있음");
+            sendUnauthorized(response);
+            return;
+        }
+
+        try {
+//            log.debug("Extracted JWT: {}", token);
+
+            // validate
+            JwtValidationType result = jwtTokenProvider.validateToken(token);
+
+            if (result != JwtValidationType.VALID_JWT) {
+                // Invalid token 관련 디테일 로그
+                log.warn("[JWT] 인증 실패 - validationType: {}, user-agent: {}", result.name(), request.getHeader("User-Agent"));
+                throw new GeneralException(ErrorStatus.AUTH_INVALID_TOKEN);
+            }
+
+            Long userId = jwtTokenProvider.parseUserId(token);
+
+            // DB에서 AccessToken 일치여부 확인
+            User user = userRepository.findById(userId)
+                    .orElseThrow(() -> new GeneralException(ErrorStatus.AUTH_INVALID_TOKEN));
+
+            if (user.getAccessToken() == null || !user.getAccessToken().equals(token)) {
+                log.warn("[JWT] DB에 저장된 토큰과 불일치 - userId={}", userId);
+                throw new GeneralException(ErrorStatus.AUTH_INVALID_TOKEN);
+            }
+
+            // authentication 생성 -> principal에 userId 저장
+            UserAuthentication authentication = new UserAuthentication(userId, null, Collections.emptyList());
+            authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+
+            filterChain.doFilter(request, response);
+
+        } catch (GeneralException exception) {
+            // Invalid token 관련 응답 통일
+            sendUnauthorized(response);
+        } catch (Exception exception) {
+            log.error("JWT 처리 중 알 수 없는 에러: {}", exception.getMessage(), exception);
+            // Invalid token 관련 응답 통일
+            sendUnauthorized(response);
+        }
+    }
+
+    /**
+     * URI가 인증 제외 경로인지 확인합니다.
+     *
+     * @param requestURI
+     * @return
+     */
+    private boolean isExcludedPath(String requestURI) {
+        return NO_AUTH_URLS.stream().anyMatch(pattern -> pathMatcher.match(pattern, requestURI));
+    }
+
+    /**
+     * 인증 실패 응답을 클라이언트에 전송합니다.
+     * <p>
+     * 공통 응답 포맷 형식을 사용합니다.
+     *
+     * @param response
+     * @throws IOException
+     */
+    private void sendUnauthorized(HttpServletResponse response) throws IOException {
+        SecurityContextHolder.clearContext(); // 인증 정보 제거
+        ErrorResponseUtil.writeErrorResponse(response, ErrorStatus.AUTH_INVALID_TOKEN);
+    }
+}

src/main/java/com/synergyx/trading/config/security/JwtValidationType.java

@@ -0,0 +1,10 @@
+package com.synergyx.trading.config.security;
+
+public enum JwtValidationType {
+    VALID_JWT,              // 유효한 JWT
+    INVALID_JWT_SIGNATURE,      // 유효하지 않은 서명
+    INVALID_JWT_TOKEN,          // 유효하지 않은 토큰
+    EXPIRED_JWT_TOKEN,          // 만료된 토큰
+    UNSUPPORTED_JWT_TOKEN,      // 지원하지 않는 형식의 토큰
+    EMPTY_JWT                   // 빈 JWT
+}

src/main/java/com/synergyx/trading/config/security/SecurityConfig.java

@@ -6,6 +6,8 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
@@ -14,10 +16,19 @@
 @EnableWebSecurity
 public class SecurityConfig {
 
+    private final JwtAuthenticationFilter jwtAuthenticationFilter;
+    private final CustomJwtAuthenticationEntryPoint customJwtAuthenticationEntryPoint;
+    private final CustomAccessDeniedHandler customAccessDeniedHandler;
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
     private static final String[] AUTH_WHITELIST = {
             "/auth/signup",
             "/auth/login",
-            "/**"
+            "/test/**"
     };
 
     private static final String[] SWAGGER_WHITELIST = {
@@ -34,12 +45,15 @@ SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
                         session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 )
                 .exceptionHandling(exception -> {
+                    exception.authenticationEntryPoint(customJwtAuthenticationEntryPoint);
+                    exception.accessDeniedHandler(customAccessDeniedHandler);
                 })
                 .authorizeHttpRequests(auth -> {
                     auth.requestMatchers(AUTH_WHITELIST).permitAll();
                     auth.requestMatchers(SWAGGER_WHITELIST).permitAll();
                     auth.anyRequest().authenticated();
-                });
+                })
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
 
         return http.build();
     }

src/main/java/com/synergyx/trading/config/security/UserAuthentication.java

@@ -0,0 +1,36 @@
+package com.synergyx.trading.config.security;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+
+import java.util.Collection;
+
+public class UserAuthentication extends UsernamePasswordAuthenticationToken {
+
+    /**
+     * 인증된 사용자를 생성합니다.
+     *
+     * @param userId      사용자 ID (Principal로 사용)
+     * @param credentials 인증 자격 정보 (일반적으로 null)
+     * @param authorities 권한 목록 (ROLE_USER 등)
+     */
+    public UserAuthentication(Long userId,
+                              Object credentials,
+                              Collection<? extends GrantedAuthority> authorities) {
+        super(userId, credentials, authorities);
+    }
+
+    /**
+     * 인증된 사용자 ID를 반환합니다.
+     *
+     * @return userId (Long)
+     * @throws IllegalStateException principal이 Long이 아닐 경우
+     */
+    public Long getUserId() {
+        Object principal = getPrincipal();
+        if (principal instanceof Long) {
+            return (Long) principal;
+        }
+        throw new IllegalStateException("Authentication principal is not a Long (userId).");
+    }
+}