#36 [Update] 로그아웃 방식 변경

Access Token을 가지고 로그아웃 하는 방식에서 Access Token 없이 로그아웃 하는 방식으로 변경

src/main/java/com/mpnp/baechelin/config/security/SecurityConfig.java

@@ -60,7 +60,7 @@ protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .and()
                 .authorizeRequests()
                 .requestMatchers(CorsUtils::isPreFlightRequest).permitAll() // cors 요청 허용
-                .antMatchers("/review", "/api/bookmark", "/store/register", "/userinfo", "/user/logout").hasAnyAuthority(RoleType.USER.getCode(), RoleType.ADMIN.getCode())
+                .antMatchers("/review", "/api/bookmark", "/store/register", "/userinfo").hasAnyAuthority(RoleType.USER.getCode(), RoleType.ADMIN.getCode())
                 .antMatchers("/admin/**").hasAnyAuthority(RoleType.ADMIN.getCode())
                 .antMatchers("/**").permitAll() // 그 외 요청은 모두 허용
                 .anyRequest().authenticated() // 위의 요청 외의 요청은 무조건 권한검사

src/main/java/com/mpnp/baechelin/login/jwt/filter/TokenAuthenticationFilter.java

@@ -1,5 +1,6 @@
 package com.mpnp.baechelin.login.jwt.filter;
 
+import com.mpnp.baechelin.exception.CustomException;
 import com.mpnp.baechelin.exception.ErrorCode;
 import com.mpnp.baechelin.login.jwt.AuthToken;
 import com.mpnp.baechelin.login.jwt.AuthTokenProvider;

src/main/java/com/mpnp/baechelin/login/jwt/repository/UserRefreshTokenRepository.java

@@ -8,5 +8,5 @@
 public interface UserRefreshTokenRepository extends JpaRepository<UserRefreshToken, Long> {
     UserRefreshToken findBySocialId(String socialId);
     UserRefreshToken findBySocialIdAndRefreshToken(String socialId, String refreshToken);
-    void deleteBySocialId(String socialId);
+    void deleteByRefreshToken(String refreshToken);
 }

src/main/java/com/mpnp/baechelin/user/controller/UserController.java

@@ -25,10 +25,9 @@ public class UserController {
     @RequestMapping("/logout")
     public SuccessResponse logout(
             HttpServletRequest request,
-            HttpServletResponse response,
-            @AuthenticationPrincipal User user
+            HttpServletResponse response
             ) {
-        userService.logout(request, response, user.getUsername());
+        userService.logout(request, response);
 
         return new SuccessResponse("로그아웃");
     }

src/main/java/com/mpnp/baechelin/user/service/UserService.java

@@ -1,5 +1,7 @@
 package com.mpnp.baechelin.user.service;
 
+import com.mpnp.baechelin.exception.CustomException;
+import com.mpnp.baechelin.exception.ErrorCode;
 import com.mpnp.baechelin.login.jwt.AuthToken;
 import com.mpnp.baechelin.login.jwt.AuthTokenProvider;
 import com.mpnp.baechelin.login.jwt.repository.UserRefreshTokenRepository;
@@ -11,6 +13,7 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.transaction.Transactional;
@@ -23,12 +26,20 @@ public class UserService {
     private final UserRefreshTokenRepository userRefreshTokenRepository;
     private final AuthTokenProvider tokenProvider;
 
-    public void logout(HttpServletRequest request, HttpServletResponse response, String socialId) {
+    public void logout(HttpServletRequest request, HttpServletResponse response) {
+        String refreshToken = CookieUtil.getCookie(request, "refresh_token")
+                .map(Cookie::getValue)
+                .orElse((null));
+
+        if (refreshToken == null) {
+            throw new CustomException(ErrorCode.REFRESH_TOKEN_NOT_EXIST);
+        }
+
         // Cookie에 담겨있는 refresh token 삭제
         CookieUtil.deleteCookie(request, response, "refresh_token");
 
         // DB에 저장되어 있는 refresh token 삭제
-        userRefreshTokenRepository.deleteBySocialId(socialId);
+        userRefreshTokenRepository.deleteByRefreshToken(refreshToken);
     }
 
     public UserResponseDto getUserInfo(String socialId) {