feat: 토큰 claim에 기수 정보 추가 및 role 세팅 방식 변경 (#142)

depromeet · Jan 14, 2025 · 38917dc · 38917dc
1 parent 7a0e728
commit 38917dc
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 8 deletions.
diff --git a/src/main/kotlin/com/depromeet/makers/domain/model/Member.kt b/src/main/kotlin/com/depromeet/makers/domain/model/Member.kt
@@ -15,6 +15,8 @@ data class Member(
         passCord = passCord
     )
 
+    fun currentRole(generation: Int) = generations.find { it.generationId == generation }?.role ?: MemberRole.GRADUATE
+
     companion object {
         fun newMember(
             name: String,

diff --git a/src/main/kotlin/com/depromeet/makers/domain/model/MemberRole.kt b/src/main/kotlin/com/depromeet/makers/domain/model/MemberRole.kt
@@ -4,5 +4,6 @@ enum class MemberRole(
     val roleName: String
 ) {
     ORGANIZER("ROLE_ORGANIZER"),
-    MEMBER("ROLE_MEMBER");
+    MEMBER("ROLE_MEMBER"),
+    GRADUATE("ROLE_GRADUATE");
 }
diff --git a/src/main/kotlin/com/depromeet/makers/infrastructure/gateway/TokenGatewayImpl.kt b/src/main/kotlin/com/depromeet/makers/infrastructure/gateway/TokenGatewayImpl.kt
@@ -3,20 +3,22 @@ package com.depromeet.makers.infrastructure.gateway
 import com.depromeet.makers.domain.gateway.TokenGateway
 import com.depromeet.makers.domain.model.Member
 import com.depromeet.makers.infrastructure.token.JWTTokenProvider
+import com.depromeet.makers.properties.DepromeetProperties
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.authority.SimpleGrantedAuthority
 import org.springframework.stereotype.Component
 
 @Component
 class TokenGatewayImpl(
     private val tokenProvider: JWTTokenProvider,
+    private val depromeetProperties: DepromeetProperties,
 ) : TokenGateway {
     override fun generateAccessToken(member: Member): String {
-        val authorities = member.generations.map { SimpleGrantedAuthority(it.role.roleName) }
+        val role = member.currentRole(depromeetProperties.generation)
         val authentication = UsernamePasswordAuthenticationToken(
             member.memberId,
             null,
-            authorities,
+            listOf(SimpleGrantedAuthority(role.roleName)),
         )
         return tokenProvider.generateAccessToken(authentication)
     }

diff --git a/src/main/kotlin/com/depromeet/makers/infrastructure/token/JWTTokenProvider.kt b/src/main/kotlin/com/depromeet/makers/infrastructure/token/JWTTokenProvider.kt
@@ -2,17 +2,14 @@ package com.depromeet.makers.infrastructure.token
 
 import com.depromeet.makers.domain.exception.AuthenticationTokenExpiredException
 import com.depromeet.makers.domain.exception.AuthenticationTokenNotValidException
+import com.depromeet.makers.properties.DepromeetProperties
 import io.jsonwebtoken.ExpiredJwtException
 import io.jsonwebtoken.Jwts
-import io.jsonwebtoken.MalformedJwtException
-import io.jsonwebtoken.UnsupportedJwtException
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.authority.SimpleGrantedAuthority
 import org.springframework.stereotype.Component
-import java.lang.IllegalArgumentException
-import java.security.SignatureException
 import java.util.*
 import javax.crypto.SecretKey
 import javax.crypto.spec.SecretKeySpec
@@ -22,6 +19,7 @@ class JWTTokenProvider(
     @Value("\${app.token.secretKey}") private val verifyKey: String,
     @Value("\${app.token.expiration.access}") private val accessTokenExpiration: Long,
     @Value("\${app.token.expiration.refresh}") private val refreshTokenExpiration: Long,
+    private val depromeetProperties: DepromeetProperties,
 ) {
     private final val signKey: SecretKey = SecretKeySpec(verifyKey.toByteArray(), "AES")
     private val jwtParser = Jwts
@@ -40,6 +38,7 @@ class JWTTokenProvider(
             .claims()
             .add(USER_ID_CLAIM_KEY, authentication.name)
             .add(AUTHORITIES_CLAIM_KEY, authorities)
+            .add(GENERATION_KEY, depromeetProperties.generation)
             .and()
             .expiration(generateAccessTokenExpiration())
             .encryptWith(signKey, Jwts.ENC.A128CBC_HS256)
@@ -63,7 +62,7 @@ class JWTTokenProvider(
         val claims = runCatching {
             jwtParser.parseEncryptedClaims(accessToken)
         }.getOrElse {
-            when(it) {
+            when (it) {
                 is ExpiredJwtException -> throw AuthenticationTokenExpiredException()
                 else -> throw AuthenticationTokenNotValidException()
             }
@@ -99,6 +98,7 @@ class JWTTokenProvider(
     companion object {
         const val USER_ID_CLAIM_KEY = "user_id"
         const val AUTHORITIES_CLAIM_KEY = "authorities"
+        const val GENERATION_KEY = "generation"
 
         const val TOKEN_TYPE_HEADER_KEY = "token_type"
         const val ACCESS_TOKEN_TYPE_VALUE = "access_token"