refresh token 요청시 token 자체 검증만 진행

11 months ago · 38d210acd3
3 changed files with 39 additions and 2 deletions
--- a/pav-server/src/main/java/com/palnet/biz/api/acnt/jwt/service/JwtService.java
+++ b/pav-server/src/main/java/com/palnet/biz/api/acnt/jwt/service/JwtService.java
@ -15,6 +15,7 @@ import com.palnet.comn.code.ErrorCode;
 import com.palnet.comn.exception.CustomException;
 import com.palnet.comn.utils.EncryptUtils;
 import com.palnet.comn.utils.HttpUtils;
 import io.jsonwebtoken.Claims;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
@ -217,12 +218,22 @@ public class JwtService {
     * @return
     */
    public JwtRsModel findRefreshtoken(int cstmrSno, String refreshToken) throws Exception {
        // refresh 토큰 검증 - DB에서 저장한 refresh token 비교 - 최근 로그인한 정보만 가지고 있음
        /*
        JwtUserModel userDetails = query.findRefreshtoken(cstmrSno, refreshToken);
        if (userDetails == null) {
            return null;
        }
         */
        // refresh 토큰 검증 - refresh token의 유효성만 판단.
        Claims claims = jwtTokenUtil.getAllClaimsFromToken(refreshToken);
        Integer cstmrSnoByRefreshToken = claims.get("cstmrSno", Integer.class);
        if(cstmrSnoByRefreshToken != cstmrSno) return null;
        JwtUserModel userDetails = query.findByIdForrefreshToken(cstmrSno);
        String createAccessToken = jwtTokenUtil.generateToken(userDetails);
        String createRefreshToken = jwtTokenUtil.generateRefreshToken(userDetails);
--- a/pav-server/src/main/java/com/palnet/biz/api/acnt/jwt/utils/JwtTokenUtil.java
+++ b/pav-server/src/main/java/com/palnet/biz/api/acnt/jwt/utils/JwtTokenUtil.java
@ -51,15 +51,16 @@ public class JwtTokenUtil implements Serializable {
    }
    //for retrieveing any information from token we will need the secret key
-    private Claims getAllClaimsFromToken(String token) {
+    public Claims getAllClaimsFromToken(String token) {
        return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
    }
    //check if the token has expired
    // 토큰이 만료되었는지 확인한다.
    private Boolean isTokenExpired(String token) {
        final Date expiration = getExpirationDateFromToken(token);
-//        log.debug(">>>" + expiration);
+//        log.debug(">>>" + expiration);getExpirationDateFromToken
        return expiration.before(new Date());
    }
--- a/pav-server/src/main/java/com/palnet/biz/jpa/repository/pty/PtyCstmrQueryRepository.java
+++ b/pav-server/src/main/java/com/palnet/biz/jpa/repository/pty/PtyCstmrQueryRepository.java
@ -238,6 +238,31 @@ public class PtyCstmrQueryRepository {
        }
    }
    public JwtUserModel findByIdForrefreshToken(int cstmrSno) {
        QPtyCstmrBas basEntity = QPtyCstmrBas.ptyCstmrBas;
        BooleanBuilder builder = new BooleanBuilder();
        builder.and(basEntity.cstmrSno.eq(cstmrSno));
        PtyCstmrBas entity = query.select(basEntity)
                .from(basEntity)
                .where(builder)
                .fetchFirst();
        if (entity != null) {
            JwtUserModel model = new JwtUserModel();
            model.setAuth(entity.getAuthId());
            model.setUserId(entity.getUserId());
            model.setCstmrSno(entity.getCstmrSno());
            model.setCstmrStatusCd(entity.getCstmrStatusCd());
            model.setUserPswd(entity.getUserPswd());
            return model;
        } else {
            return null;
        }
    }
    public List<AnctCstmerRlModel> list(int cstmrSno) {
        QPtyCstmrBas bas = QPtyCstmrBas.ptyCstmrBas;
        QPtyCstmrDtl dtl = QPtyCstmrDtl.ptyCstmrDtl;