Redis 제거 (#9)

src/main/java/com/stempo/api/domain/application/service/LoginServiceImpl.java

@@ -1,6 +1,5 @@
 package com.stempo.api.domain.application.service;
 
-import com.stempo.api.domain.domain.model.RedisToken;
 import com.stempo.api.domain.domain.model.User;
 import com.stempo.api.domain.presentation.dto.response.TokenInfo;
 import com.stempo.api.global.auth.exception.TokenForgeryException;
@@ -15,39 +14,41 @@
 public class LoginServiceImpl implements LoginService {
 
     private final UserService userService;
-    private final RedisTokenService redisTokenService;
     private final JwtTokenProvider jwtTokenProvider;
 
     @Override
     public TokenInfo loginOrRegister(String deviceTag, String password) {
         User user = userService.findById(deviceTag)
                 .orElseGet(() -> userService.registerUser(deviceTag, password));
-        return generateAndSaveToken(user);
+        return generateToken(user);
     }
 
     @Override
     public TokenInfo reissueToken(HttpServletRequest request) {
         String refreshToken = jwtTokenProvider.resolveToken(request);
-        Authentication authentication = jwtTokenProvider.getAuthentication(refreshToken);
-        RedisToken redisToken = redisTokenService.findByRefreshToken(refreshToken);
+        validateRefreshToken(refreshToken);
+        return reissueToken(refreshToken);
+    }
 
-        validateUserExistence(authentication);
+    private TokenInfo generateToken(User loginUser) {
+        return jwtTokenProvider.generateToken(loginUser.getDeviceTag(), loginUser.getRole());
+    }
 
-        TokenInfo newTokenInfo = jwtTokenProvider.generateToken(redisToken.getId(), redisToken.getRole());
-        redisTokenService.saveToken(redisToken.getId(), redisToken.getRole(), newTokenInfo);
-        return newTokenInfo;
+    private void validateRefreshToken(String refreshToken) {
+        if (!jwtTokenProvider.isRefreshToken(refreshToken)) {
+            throw new TokenForgeryException("Invalid refresh token.");
+        }
     }
 
-    private TokenInfo generateAndSaveToken(User loginUser) {
-        TokenInfo tokenInfo = jwtTokenProvider.generateToken(loginUser.getDeviceTag(), loginUser.getRole());
-        redisTokenService.saveToken(loginUser.getDeviceTag(), loginUser.getRole(), tokenInfo);
-        return tokenInfo;
+    private TokenInfo reissueToken(String refreshToken) {
+        Authentication authentication = jwtTokenProvider.getAuthentication(refreshToken);
+        User user = getTokenUserInfo(authentication);
+        return jwtTokenProvider.generateToken(user.getDeviceTag(), user.getRole());
     }
 
-    private void validateUserExistence(Authentication authentication) {
+    private User getTokenUserInfo(Authentication authentication) {
         String id = authentication.getName();
-        if (!userService.existsById(id)) {
-            throw new TokenForgeryException("Non-existent user token.");
-        }
+        return userService.findById(id)
+                .orElseThrow(() -> new TokenForgeryException("Non-existent user token."));
     }
 }

src/main/java/com/stempo/api/global/auth/filter/JwtAuthenticationFilter.java

@@ -1,49 +1,38 @@
 package com.stempo.api.global.auth.filter;
 
-import com.stempo.api.domain.application.service.RedisTokenService;
-import com.stempo.api.domain.domain.model.RedisToken;
 import com.stempo.api.global.auth.jwt.JwtTokenProvider;
-import com.stempo.api.global.util.ResponseUtil;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.ServletRequest;
 import jakarta.servlet.ServletResponse;
 import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.GenericFilterBean;
 
 import java.io.IOException;
+import java.util.Objects;
 
 @RequiredArgsConstructor
 @Slf4j
 public class JwtAuthenticationFilter extends GenericFilterBean {
 
-    private final RedisTokenService redisTokenService;
     private final JwtTokenProvider jwtTokenProvider;
 
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
         HttpServletRequest httpServletRequest = (HttpServletRequest) request;
-        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
-        if (!authenticateToken(httpServletRequest, httpServletResponse)) {
+        if (!authenticateToken(httpServletRequest)) {
             return;
         }
         chain.doFilter(request, response);
     }
 
-    private boolean authenticateToken(HttpServletRequest request, HttpServletResponse response) throws IOException {
+    private boolean authenticateToken(HttpServletRequest request) throws IOException {
         String token = jwtTokenProvider.resolveToken(request);
-        if (token != null && jwtTokenProvider.validateToken(token)) {
-            RedisToken redisToken = jwtTokenProvider.isRefreshToken(token) ? redisTokenService.findByRefreshToken(token) : redisTokenService.findByAccessToken(token);
-            if (redisToken == null) {
-                log.warn("Token not found in redis");
-                ResponseUtil.sendErrorResponse(response, HttpServletResponse.SC_UNAUTHORIZED);
-                return false;
-            }
+        if (Objects.nonNull(token) && jwtTokenProvider.validateTokenSilently(token)) {
             Authentication authentication = jwtTokenProvider.getAuthentication(token);
             SecurityContextHolder.getContext().setAuthentication(authentication);
         }

src/main/java/com/stempo/api/global/auth/jwt/JwtTokenProvider.java

@@ -129,6 +129,18 @@ public boolean validateToken(String token) {
         return false;
     }
 
+    public boolean validateTokenSilently(String token) {
+        try {
+            Jwts.parser()
+                    .setSigningKey(key)
+                    .build()
+                    .parseClaimsJws(token);
+            return true;
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
     public Claims parseClaims(String accessToken) {
         try {
             return Jwts.parser()

src/main/java/com/stempo/api/global/config/SecurityConfig.java

@@ -1,6 +1,5 @@
 package com.stempo.api.global.config;
 
-import com.stempo.api.domain.application.service.RedisTokenService;
 import com.stempo.api.global.auth.filter.JwtAuthenticationFilter;
 import com.stempo.api.global.auth.jwt.JwtTokenProvider;
 import lombok.RequiredArgsConstructor;
@@ -20,7 +19,6 @@
 @EnableGlobalMethodSecurity(securedEnabled = true)
 public class SecurityConfig {
 
-    private final RedisTokenService redisTokenService;
     private final JwtTokenProvider jwtTokenProvider;
 
     @Bean
@@ -34,7 +32,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         authorizeRequests.anyRequest().permitAll()
                 )
                 .addFilterBefore(
-                        new JwtAuthenticationFilter(redisTokenService, jwtTokenProvider),
+                        new JwtAuthenticationFilter(jwtTokenProvider),
                         UsernamePasswordAuthenticationFilter.class
                 );
         return http.build();