[#15] Feat: 로그인/회원가입 API 구현

build.gradle

@@ -29,8 +29,14 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 
 	// Spring Security
-//	implementation 'org.springframework.boot:spring-boot-starter-security'
-//	testImplementation 'org.springframework.security:spring-security-test'
+	implementation 'org.springframework.boot:spring-boot-starter-security'
+	testImplementation 'org.springframework.security:spring-security-test'
+
+	// Jwt
+	implementation 'io.jsonwebtoken:jjwt-api:0.12.3'
+	implementation 'io.jsonwebtoken:jjwt-impl:0.12.3'
+	implementation 'io.jsonwebtoken:jjwt-jackson:0.12.3'
+	implementation 'org.springframework.boot:spring-boot-configuration-processor'
 
 	// Spring Web
 	implementation 'org.springframework.boot:spring-boot-starter-web'

src/main/java/com/example/triptalk/TriptalkApplication.java

@@ -2,7 +2,9 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
 
+@EnableJpaAuditing
 @SpringBootApplication
 public class TriptalkApplication {
 

src/main/java/com/example/triptalk/domain/user/controller/AuthController.java

@@ -0,0 +1,47 @@
+package com.example.triptalk.domain.user.controller;
+
+import com.example.triptalk.domain.user.dto.AuthRequest;
+import com.example.triptalk.domain.user.dto.AuthResponse;
+import com.example.triptalk.domain.user.service.AuthService;
+import com.example.triptalk.global.apiPayload.ApiResponse;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.web.bind.annotation.*;
+
+@Tag(name = "Auth", description = "인증 관련 API")
+@RestController
+@RequestMapping("/api/auth")
+@RequiredArgsConstructor
+public class AuthController {
+
+    private final AuthService authService;
+
+    @Operation(summary = "회원가입", description = "이메일, 비밀번호, 닉네임으로 회원가입합니다.")
+    @PostMapping("/signup")
+    public ApiResponse<AuthResponse.SignUpDTO> signUp(@RequestBody AuthRequest.SignUpDTO request) {
+        return ApiResponse.onSuccess(authService.signUp(request));
+    }
+
+    @Operation(summary = "로그인", description = "이메일과 비밀번호로 로그인하여 토큰을 발급받습니다.")
+    @PostMapping("/login")
+    public ApiResponse<AuthResponse.TokenDTO> login(@RequestBody AuthRequest.LoginDTO request) {
+        return ApiResponse.onSuccess(authService.login(request));
+    }
+
+    @Operation(summary = "토큰 재발급", description = "Refresh Token으로 Access Token을 재발급받습니다.")
+    @PostMapping("/refresh")
+    public ApiResponse<AuthResponse.TokenDTO> reissue(@RequestBody AuthRequest.ReissueDTO request) {
+        return ApiResponse.onSuccess(authService.reissue(request));
+    }
+
+    @Operation(summary = "로그아웃", description = "로그아웃하여 Refresh Token을 삭제합니다.")
+    @PostMapping("/logout")
+    public ApiResponse<Void> logout(@AuthenticationPrincipal UserDetails userDetails) {
+        authService.logout(userDetails.getUsername());
+        return ApiResponse.onSuccess(null);
+    }
+}
+

src/main/java/com/example/triptalk/domain/user/converter/AuthConverter.java

@@ -0,0 +1,36 @@
+package com.example.triptalk.domain.user.converter;
+
+import com.example.triptalk.domain.user.dto.AuthRequest;
+import com.example.triptalk.domain.user.dto.AuthResponse;
+import com.example.triptalk.domain.user.entity.User;
+import org.springframework.stereotype.Component;
+
+@Component
+public class AuthConverter {
+
+    public User toUser(AuthRequest.SignUpDTO request, String encodedPassword) {
+        return User.builder()
+                .email(request.getEmail())
+                .password(encodedPassword)
+                .nickName(request.getNickName())
+                .completedTravelCount(0)
+                .plannedTravelCount(0)
+                .build();
+    }
+
+    public AuthResponse.SignUpDTO toSignUpResponse(User user) {
+        return AuthResponse.SignUpDTO.builder()
+                .userId(user.getId())
+                .email(user.getEmail())
+                .nickName(user.getNickName())
+                .build();
+    }
+
+    public AuthResponse.TokenDTO toTokenResponse(String accessToken, String refreshToken) {
+        return AuthResponse.TokenDTO.builder()
+                .accessToken(accessToken)
+                .refreshToken(refreshToken)
+                .build();
+    }
+}
+

src/main/java/com/example/triptalk/domain/user/dto/AuthRequest.java

@@ -0,0 +1,46 @@
+package com.example.triptalk.domain.user.dto;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+public class AuthRequest {
+
+    @Getter
+    @NoArgsConstructor
+    @AllArgsConstructor
+    @Schema(description = "회원가입 요청")
+    public static class SignUpDTO {
+        @Schema(description = "이메일", example = "[email protected]")
+        private String email;
+
+        @Schema(description = "비밀번호", example = "password123")
+        private String password;
+
+        @Schema(description = "닉네임", example = "여행자")
+        private String nickName;
+    }
+
+    @Getter
+    @NoArgsConstructor
+    @AllArgsConstructor
+    @Schema(description = "로그인 요청")
+    public static class LoginDTO {
+        @Schema(description = "이메일", example = "[email protected]")
+        private String email;
+
+        @Schema(description = "비밀번호", example = "password123")
+        private String password;
+    }
+
+    @Getter
+    @NoArgsConstructor
+    @AllArgsConstructor
+    @Schema(description = "토큰 재발급 요청")
+    public static class ReissueDTO {
+        @Schema(description = "리프레시 토큰")
+        private String refreshToken;
+    }
+}
+

src/main/java/com/example/triptalk/domain/user/dto/AuthResponse.java

@@ -0,0 +1,37 @@
+package com.example.triptalk.domain.user.dto;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+
+public class AuthResponse {
+
+    @Getter
+    @Builder
+    @AllArgsConstructor
+    @Schema(description = "토큰 응답")
+    public static class TokenDTO {
+        @Schema(description = "액세스 토큰")
+        private String accessToken;
+
+        @Schema(description = "리프레시 토큰")
+        private String refreshToken;
+    }
+
+    @Getter
+    @Builder
+    @AllArgsConstructor
+    @Schema(description = "회원가입 응답")
+    public static class SignUpDTO {
+        @Schema(description = "사용자 ID", example = "1")
+        private Long userId;
+
+        @Schema(description = "이메일", example = "[email protected]")
+        private String email;
+
+        @Schema(description = "닉네임", example = "여행자")
+        private String nickName;
+    }
+}
+

src/main/java/com/example/triptalk/domain/user/entity/RefreshToken.java

@@ -0,0 +1,32 @@
+package com.example.triptalk.domain.user.entity;
+
+import jakarta.persistence.*;
+import lombok.*;
+
+import java.time.LocalDateTime;
+
+@Entity
+@Getter
+@Builder
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+@AllArgsConstructor
+public class RefreshToken {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @Column(nullable = false, unique = true)
+    private String token;
+
+    @Column(nullable = false)
+    private Long userId;
+
+    @Column(nullable = false)
+    private LocalDateTime expiryDate;
+
+    public boolean isExpired() {
+        return LocalDateTime.now().isAfter(expiryDate);
+    }
+}
+

src/main/java/com/example/triptalk/domain/user/repository/RefreshTokenRepository.java

@@ -0,0 +1,13 @@
+package com.example.triptalk.domain.user.repository;
+
+import com.example.triptalk.domain.user.entity.RefreshToken;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.Optional;
+
+public interface RefreshTokenRepository extends JpaRepository<RefreshToken, Long> {
+    Optional<RefreshToken> findByToken(String token);
+    Optional<RefreshToken> findByUserId(Long userId);
+    void deleteByUserId(Long userId);
+}
+

src/main/java/com/example/triptalk/domain/user/repository/UserRepository.java

@@ -10,5 +10,7 @@ public interface UserRepository extends JpaRepository<User, Long> {
     // email로 유저 조회
     Optional<User> findByEmail(String email);
 
+    // email 중복 체크
+    boolean existsByEmail(String email);
 }
 

src/main/java/com/example/triptalk/domain/user/service/AuthService.java

@@ -0,0 +1,16 @@
+package com.example.triptalk.domain.user.service;
+
+import com.example.triptalk.domain.user.dto.AuthRequest;
+import com.example.triptalk.domain.user.dto.AuthResponse;
+
+public interface AuthService {
+
+    AuthResponse.SignUpDTO signUp(AuthRequest.SignUpDTO request);
+
+    AuthResponse.TokenDTO login(AuthRequest.LoginDTO request);
+
+    AuthResponse.TokenDTO reissue(AuthRequest.ReissueDTO request);
+
+    void logout(String email);
+}
+

src/main/java/com/example/triptalk/domain/user/service/AuthServiceImpl.java

@@ -0,0 +1,121 @@
+package com.example.triptalk.domain.user.service;
+
+import com.example.triptalk.domain.user.converter.AuthConverter;
+import com.example.triptalk.domain.user.dto.AuthRequest;
+import com.example.triptalk.domain.user.dto.AuthResponse;
+import com.example.triptalk.domain.user.entity.RefreshToken;
+import com.example.triptalk.domain.user.entity.User;
+import com.example.triptalk.domain.user.repository.RefreshTokenRepository;
+import com.example.triptalk.domain.user.repository.UserRepository;
+import com.example.triptalk.global.apiPayload.code.status.ErrorStatus;
+import com.example.triptalk.global.apiPayload.exception.handler.ErrorHandler;
+import com.example.triptalk.global.security.jwt.JwtTokenProvider;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDateTime;
+
+@Service
+@RequiredArgsConstructor
+@Transactional
+public class AuthServiceImpl implements AuthService {
+
+    private final UserRepository userRepository;
+    private final RefreshTokenRepository refreshTokenRepository;
+    private final JwtTokenProvider jwtTokenProvider;
+    private final PasswordEncoder passwordEncoder;
+    private final AuthConverter authConverter;
+
+    @Override
+    public AuthResponse.SignUpDTO signUp(AuthRequest.SignUpDTO request) {
+        // 이메일 중복 체크
+        if (userRepository.existsByEmail(request.getEmail())) {
+            throw new ErrorHandler(ErrorStatus.AUTH_DUPLICATE_EMAIL);
+        }
+
+        // 비밀번호 인코딩 후 유저 생성
+        String encodedPassword = passwordEncoder.encode(request.getPassword());
+        User user = authConverter.toUser(request, encodedPassword);
+        User savedUser = userRepository.save(user);
+
+        return authConverter.toSignUpResponse(savedUser);
+    }
+
+    @Override
+    public AuthResponse.TokenDTO login(AuthRequest.LoginDTO request) {
+        // 유저 조회
+        User user = userRepository.findByEmail(request.getEmail())
+                .orElseThrow(() -> new ErrorHandler(ErrorStatus.USER_NOT_FOUND));
+
+        // 비밀번호 검증
+        if (!passwordEncoder.matches(request.getPassword(), user.getPassword())) {
+            throw new ErrorHandler(ErrorStatus.AUTH_INVALID_PASSWORD);
+        }
+
+        // 토큰 생성
+        String accessToken = jwtTokenProvider.createAccessToken(user.getEmail());
+        String refreshToken = jwtTokenProvider.createRefreshToken(user.getEmail());
+
+        // RefreshToken 저장
+        saveRefreshToken(user.getId(), refreshToken);
+
+        return authConverter.toTokenResponse(accessToken, refreshToken);
+    }
+
+    @Override
+    public AuthResponse.TokenDTO reissue(AuthRequest.ReissueDTO request) {
+        // RefreshToken 유효성 검증
+        if (!jwtTokenProvider.validateToken(request.getRefreshToken())) {
+            throw new ErrorHandler(ErrorStatus.AUTH_INVALID_TOKEN);
+        }
+
+        // DB에서 RefreshToken 조회
+        RefreshToken refreshToken = refreshTokenRepository.findByToken(request.getRefreshToken())
+                .orElseThrow(() -> new ErrorHandler(ErrorStatus.AUTH_TOKEN_NOT_FOUND));
+
+        // 만료 여부 확인
+        if (refreshToken.isExpired()) {
+            refreshTokenRepository.delete(refreshToken);
+            throw new ErrorHandler(ErrorStatus.AUTH_EXPIRED_TOKEN);
+        }
+
+        // 유저 조회
+        User user = userRepository.findById(refreshToken.getUserId())
+                .orElseThrow(() -> new ErrorHandler(ErrorStatus.USER_NOT_FOUND));
+
+        // 새로운 토큰 생성
+        String newAccessToken = jwtTokenProvider.createAccessToken(user.getEmail());
+        String newRefreshToken = jwtTokenProvider.createRefreshToken(user.getEmail());
+
+        // 기존 RefreshToken 삭제 후 새로운 토큰 저장
+        refreshTokenRepository.delete(refreshToken);
+        saveRefreshToken(user.getId(), newRefreshToken);
+
+        return authConverter.toTokenResponse(newAccessToken, newRefreshToken);
+    }
+
+    @Override
+    public void logout(String email) {
+        User user = userRepository.findByEmail(email)
+                .orElseThrow(() -> new ErrorHandler(ErrorStatus.USER_NOT_FOUND));
+        refreshTokenRepository.deleteByUserId(user.getId());
+    }
+
+    private void saveRefreshToken(Long userId, String token) {
+        // 기존 토큰 삭제
+        refreshTokenRepository.deleteByUserId(userId);
+
+        // 새 토큰 저장
+        RefreshToken refreshToken = RefreshToken.builder()
+                .token(token)
+                .userId(userId)
+                .expiryDate(LocalDateTime.now().plusSeconds(
+                        jwtTokenProvider.getRefreshTokenExpiration() / 1000))
+                .build();
+
+        refreshTokenRepository.save(refreshToken);
+    }
+}
+