From b7802fea33469bbb0fe8f69ce30de48fb8995ef5 Mon Sep 17 00:00:00 2001 From: xb205 <62425964+devxb@users.noreply.github.com> Date: Fri, 8 Mar 2024 20:11:10 +0900 Subject: [PATCH] =?UTF-8?q?fix:=20JWT=20decrypt=20=EC=98=88=EC=99=B8?= =?UTF-8?q?=EC=8B=9C=20AuthException=EC=9D=84=20=EB=8D=98=EC=A7=80?= =?UTF-8?q?=EB=8F=84=EB=A1=9D=ED=95=98=EA=B3=A0,=20=EC=A0=84=EC=97=AD=20Ad?= =?UTF-8?q?vice=EB=A5=BC=20=EB=93=B1=EB=A1=9D=20(#403)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/exception/AuthException.java | 8 ++++++++ .../application/common/utils/JwtUtils.java | 17 ++++++++++++++++- .../src/main/java/module-info.java | 1 + auth/auth-web-adaptor/build.gradle | 1 + .../adaptor/advice/AuthControllerAdvice.java | 19 +++++++++++++++++++ .../src/main/java/module-info.java | 1 + .../src/main/java/module-info.java | 2 ++ 7 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 auth/auth-application/src/main/java/me/nalab/auth/application/common/exception/AuthException.java create mode 100644 auth/auth-web-adaptor/src/main/java/me/nalab/auth/web/adaptor/advice/AuthControllerAdvice.java diff --git a/auth/auth-application/src/main/java/me/nalab/auth/application/common/exception/AuthException.java b/auth/auth-application/src/main/java/me/nalab/auth/application/common/exception/AuthException.java new file mode 100644 index 00000000..08ff33ca --- /dev/null +++ b/auth/auth-application/src/main/java/me/nalab/auth/application/common/exception/AuthException.java @@ -0,0 +1,8 @@ +package me.nalab.auth.application.common.exception; + +public class AuthException extends RuntimeException { + + public AuthException(String message) { + super(message); + } +} diff --git a/auth/auth-application/src/main/java/me/nalab/auth/application/common/utils/JwtUtils.java b/auth/auth-application/src/main/java/me/nalab/auth/application/common/utils/JwtUtils.java index b038ef4b..b98eddeb 100644 --- a/auth/auth-application/src/main/java/me/nalab/auth/application/common/utils/JwtUtils.java +++ b/auth/auth-application/src/main/java/me/nalab/auth/application/common/utils/JwtUtils.java @@ -1,10 +1,16 @@ package me.nalab.auth.application.common.utils; +import com.auth0.jwt.exceptions.AlgorithmMismatchException; +import com.auth0.jwt.exceptions.IncorrectClaimException; +import com.auth0.jwt.exceptions.MissingClaimException; +import com.auth0.jwt.exceptions.SignatureVerificationException; +import com.auth0.jwt.exceptions.TokenExpiredException; import java.time.Instant; import java.util.HashMap; import java.util.Map; import java.util.Set; +import me.nalab.auth.application.common.exception.AuthException; import org.springframework.stereotype.Component; import com.auth0.jwt.JWT; @@ -33,7 +39,16 @@ public DecodedJWT verify(String jwt) { var algorithm = getAlgorithm(); var verifier = getVerifier(algorithm); - return verifier.verify(jwt); + try { + return verifier.verify(jwt); + } catch (TokenExpiredException tokenExpiredException) { + throw new AuthException("Expired token"); + } catch (IncorrectClaimException + | MissingClaimException + | SignatureVerificationException + | AlgorithmMismatchException invalidTokenException) { + throw new AuthException("Invalid token"); + } } private JWTVerifier getVerifier(Algorithm algorithm) { diff --git a/auth/auth-application/src/main/java/module-info.java b/auth/auth-application/src/main/java/module-info.java index e15d8ffe..34202880 100644 --- a/auth/auth-application/src/main/java/module-info.java +++ b/auth/auth-application/src/main/java/module-info.java @@ -3,6 +3,7 @@ exports me.nalab.auth.application.port.in.web; exports me.nalab.auth.application.port.in; exports me.nalab.auth.application.port.out; + exports me.nalab.auth.application.common.exception; requires lombok; requires com.fasterxml.jackson.annotation; diff --git a/auth/auth-web-adaptor/build.gradle b/auth/auth-web-adaptor/build.gradle index ce7d85cd..4f15b56d 100644 --- a/auth/auth-web-adaptor/build.gradle +++ b/auth/auth-web-adaptor/build.gradle @@ -1,6 +1,7 @@ dependencies { implementation project(':auth:auth-application') implementation project(':auth:oauth-application') + implementation project(':core:exception-handler') testImplementation project(':auth:auth-application') implementation 'org.springframework.boot:spring-boot-starter-web' diff --git a/auth/auth-web-adaptor/src/main/java/me/nalab/auth/web/adaptor/advice/AuthControllerAdvice.java b/auth/auth-web-adaptor/src/main/java/me/nalab/auth/web/adaptor/advice/AuthControllerAdvice.java new file mode 100644 index 00000000..3c2cfd71 --- /dev/null +++ b/auth/auth-web-adaptor/src/main/java/me/nalab/auth/web/adaptor/advice/AuthControllerAdvice.java @@ -0,0 +1,19 @@ +package me.nalab.auth.web.adaptor.advice; + +import me.nalab.auth.application.common.exception.AuthException; +import me.nalab.core.exception.handler.ErrorTemplate; +import org.springframework.http.HttpStatus; +import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.bind.annotation.ResponseStatus; +import org.springframework.web.bind.annotation.RestControllerAdvice; + +@RestControllerAdvice +public class AuthControllerAdvice { + + @ExceptionHandler(AuthException.class) + @ResponseStatus(HttpStatus.UNAUTHORIZED) + public ErrorTemplate handleAuthException(AuthException authException) { + return ErrorTemplate.of(authException.getMessage()); + } + +} diff --git a/auth/auth-web-adaptor/src/main/java/module-info.java b/auth/auth-web-adaptor/src/main/java/module-info.java index 14ccca98..ca16a0e4 100644 --- a/auth/auth-web-adaptor/src/main/java/module-info.java +++ b/auth/auth-web-adaptor/src/main/java/module-info.java @@ -3,6 +3,7 @@ requires luffy.auth.auth.application.main; requires luffy.auth.oauth.application.main; + requires luffy.core.exception.handler.main; requires lombok; requires java.validation; diff --git a/core/exception-handler/src/main/java/module-info.java b/core/exception-handler/src/main/java/module-info.java index 6a97ed6e..f1b49a4f 100644 --- a/core/exception-handler/src/main/java/module-info.java +++ b/core/exception-handler/src/main/java/module-info.java @@ -1,4 +1,6 @@ module luffy.core.exception.handler.main { + exports me.nalab.core.exception.handler; + requires spring.web; requires lombok; requires com.fasterxml.jackson.annotation;