#36 [Update] 로그아웃 구현 완료

프론트에게 access token 삭제 해달라고 부탁하기

src/main/java/com/mpnp/baechelin/config/security/SecurityConfig.java

@@ -60,7 +60,7 @@ protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .and()
                 .authorizeRequests()
                 .requestMatchers(CorsUtils::isPreFlightRequest).permitAll() // cors 요청 허용
-                .antMatchers("/review", "/api/bookmark", "/store/register", "/userinfo").hasAnyAuthority(RoleType.USER.getCode(), RoleType.ADMIN.getCode())
+                .antMatchers("/review", "/api/bookmark", "/store/register", "/userinfo", "/user/logout").hasAnyAuthority(RoleType.USER.getCode(), RoleType.ADMIN.getCode())
                 .antMatchers("/admin/**").hasAnyAuthority(RoleType.ADMIN.getCode())
                 .antMatchers("/**").permitAll() // 그 외 요청은 모두 허용
                 .anyRequest().authenticated() // 위의 요청 외의 요청은 무조건 권한검사

src/main/java/com/mpnp/baechelin/login/jwt/repository/UserRefreshTokenRepository.java

@@ -8,4 +8,5 @@
 public interface UserRefreshTokenRepository extends JpaRepository<UserRefreshToken, Long> {
     UserRefreshToken findBySocialId(String socialId);
     UserRefreshToken findBySocialIdAndRefreshToken(String socialId, String refreshToken);
+    void deleteBySocialId(String socialId);
 }

src/main/java/com/mpnp/baechelin/user/controller/UserController.java

@@ -1,10 +1,13 @@
 package com.mpnp.baechelin.user.controller;
 
+import com.mpnp.baechelin.common.SuccessResponse;
 import com.mpnp.baechelin.user.service.UserService;
 import com.mpnp.baechelin.util.CookieUtil;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -19,8 +22,13 @@ public class UserController {
     private final UserService userService;
 
     @RequestMapping("/logout")
-    public ResponseEntity<String> logout(HttpServletRequest request, HttpServletResponse response) {
-        CookieUtil.deleteCookie(request, response, "refresh_token");
-        return new ResponseEntity<>("로그아웃 완료", HttpStatus.OK);
+    public SuccessResponse logout(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            @AuthenticationPrincipal User user
+            ) {
+        userService.logout(request, response, user.getUsername());
+
+        return new SuccessResponse("로그아웃");
     }
 }

src/main/java/com/mpnp/baechelin/user/service/UserService.java

@@ -1,17 +1,26 @@
 package com.mpnp.baechelin.user.service;
 
+import com.mpnp.baechelin.login.jwt.repository.UserRefreshTokenRepository;
 import com.mpnp.baechelin.user.domain.User;
 import com.mpnp.baechelin.user.repository.UserRepository;
+import com.mpnp.baechelin.util.CookieUtil;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.transaction.Transactional;
+
 @Service
 @RequiredArgsConstructor
+@Transactional
 public class UserService {
     private final UserRepository userRepository;
+    private final UserRefreshTokenRepository userRefreshTokenRepository;
 
-    public User getUser(String socialId) {
-        return userRepository.findBySocialId(socialId);
+    public void logout(HttpServletRequest request, HttpServletResponse response, String socialId) {
+        userRefreshTokenRepository.deleteBySocialId(socialId);
+        CookieUtil.deleteCookie(request, response, "refresh_token");
     }
 }