From 82e8bb4cbc5a7214c4b0e4b62d452ea3c4cae087 Mon Sep 17 00:00:00 2001 From: junpakPark <112045553+junpakPark@users.noreply.github.com> Date: Sun, 17 Sep 2023 17:46:19 +0900 Subject: [PATCH 1/4] =?UTF-8?q?fix:=20RefreshToken=20Payload=20=EC=B6=94?= =?UTF-8?q?=EA=B0=80=20=EB=B0=8F=20CORS=20=EC=99=84=ED=99=94?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../mapbefine/auth/infrastructure/JwtTokenProvider.java | 7 ++++--- .../com/mapbefine/mapbefine/common/config/WebConfig.java | 2 -- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/backend/src/main/java/com/mapbefine/mapbefine/auth/infrastructure/JwtTokenProvider.java b/backend/src/main/java/com/mapbefine/mapbefine/auth/infrastructure/JwtTokenProvider.java index 2e11a2eb..f3ec2a3e 100644 --- a/backend/src/main/java/com/mapbefine/mapbefine/auth/infrastructure/JwtTokenProvider.java +++ b/backend/src/main/java/com/mapbefine/mapbefine/auth/infrastructure/JwtTokenProvider.java @@ -11,14 +11,13 @@ import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import java.util.Date; +import java.util.UUID; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; @Component public class JwtTokenProvider implements TokenProvider { - private static final String EMPTY = ""; - private final String secretKey; private final long accessExpirationTime; private final long refreshExpirationTime; @@ -41,7 +40,9 @@ public String createAccessToken(String payload) { } public String createRefreshToken() { - return createToken(EMPTY, refreshExpirationTime); + UUID payload = UUID.randomUUID(); + + return createToken(payload.toString(), refreshExpirationTime); } private String createToken(String payload, Long validityInMilliseconds) { diff --git a/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java b/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java index 2af70d48..e60ac989 100644 --- a/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java +++ b/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java @@ -16,9 +16,7 @@ public class WebConfig implements WebMvcConfigurer { public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("http://localhost:3000", "https://mapbefine.kro.kr", "https://mapbefine.com") - .allowedHeaders("refresh-token") .allowedMethods("*") - .allowCredentials(true) .exposedHeaders(LOCATION, SET_COOKIE); } From da5bfc12ea91d759c4e4f5ef4c53295f0da93ddd Mon Sep 17 00:00:00 2001 From: junpakPark <112045553+junpakPark@users.noreply.github.com> Date: Sun, 17 Sep 2023 18:02:17 +0900 Subject: [PATCH 2/4] =?UTF-8?q?fix:=20Refresh=20Token=20Header=20=ED=97=88?= =?UTF-8?q?=EC=9A=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/mapbefine/mapbefine/common/config/WebConfig.java | 1 + 1 file changed, 1 insertion(+) diff --git a/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java b/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java index e60ac989..a6629c6a 100644 --- a/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java +++ b/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java @@ -16,6 +16,7 @@ public class WebConfig implements WebMvcConfigurer { public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("http://localhost:3000", "https://mapbefine.kro.kr", "https://mapbefine.com") + .allowedHeaders("refresh-token") .allowedMethods("*") .exposedHeaders(LOCATION, SET_COOKIE); } From 4f570273b6448df0badfef3b058a154542712e6e Mon Sep 17 00:00:00 2001 From: junpakPark <112045553+junpakPark@users.noreply.github.com> Date: Sun, 17 Sep 2023 19:19:18 +0900 Subject: [PATCH 3/4] =?UTF-8?q?fix:=20CORS=20=EC=9E=AC=EC=84=A4=EC=A0=95?= =?UTF-8?q?=20=EB=B0=8F=20sameSite=20None?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../mapbefine/auth/presentation/LoginController.java | 2 +- .../java/com/mapbefine/mapbefine/common/config/WebConfig.java | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/backend/src/main/java/com/mapbefine/mapbefine/auth/presentation/LoginController.java b/backend/src/main/java/com/mapbefine/mapbefine/auth/presentation/LoginController.java index b7ca5d0b..58a608e4 100644 --- a/backend/src/main/java/com/mapbefine/mapbefine/auth/presentation/LoginController.java +++ b/backend/src/main/java/com/mapbefine/mapbefine/auth/presentation/LoginController.java @@ -64,7 +64,7 @@ private ResponseCookie createCookie(String refreshToken) { return ResponseCookie.from("refresh-token", refreshToken) .httpOnly(true) .maxAge(TWO_WEEKS) - .sameSite("Lax") + .sameSite("None") .secure(true) .path("/") .build(); diff --git a/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java b/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java index a6629c6a..6cfddd36 100644 --- a/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java +++ b/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java @@ -1,5 +1,6 @@ package com.mapbefine.mapbefine.common.config; +import static org.springframework.http.HttpHeaders.COOKIE; import static org.springframework.http.HttpHeaders.LOCATION; import static org.springframework.http.HttpHeaders.SET_COOKIE; @@ -16,8 +17,9 @@ public class WebConfig implements WebMvcConfigurer { public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("http://localhost:3000", "https://mapbefine.kro.kr", "https://mapbefine.com") - .allowedHeaders("refresh-token") + .allowedHeaders(COOKIE) .allowedMethods("*") + .allowCredentials(true) .exposedHeaders(LOCATION, SET_COOKIE); } From 75087f1c1794f6665207472a5e872b22712d13e8 Mon Sep 17 00:00:00 2001 From: junpakPark <112045553+junpakPark@users.noreply.github.com> Date: Tue, 19 Sep 2023 20:27:46 +0900 Subject: [PATCH 4/4] =?UTF-8?q?fix:=20=EB=94=94=EB=B2=84=EA=B9=85=EC=9D=84?= =?UTF-8?q?=20=EC=9C=84=ED=95=9C=20=EC=97=90=EB=9F=AC=EC=BD=94=EB=93=9C=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/mapbefine/mapbefine/auth/exception/AuthErrorCode.java | 3 ++- .../mapbefine/auth/infrastructure/JwtTokenProvider.java | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/backend/src/main/java/com/mapbefine/mapbefine/auth/exception/AuthErrorCode.java b/backend/src/main/java/com/mapbefine/mapbefine/auth/exception/AuthErrorCode.java index 50150b86..31eb8b91 100644 --- a/backend/src/main/java/com/mapbefine/mapbefine/auth/exception/AuthErrorCode.java +++ b/backend/src/main/java/com/mapbefine/mapbefine/auth/exception/AuthErrorCode.java @@ -8,7 +8,8 @@ public enum AuthErrorCode { ILLEGAL_TOKEN("01101", "로그인에 실패하였습니다."), FORBIDDEN_ADMIN_ACCESS("01102", "로그인에 실패하였습니다."), BLOCKING_MEMBER_ACCESS("01103", "로그인에 실패하였습니다."), - EXPIRED_TOKEN("01104", "기간이 만료된 토큰입니다.") + EXPIRED_TOKEN("01104", "기간이 만료된 토큰입니다."), + BAD_REQUEST_TOKEN("01005", "잘못된 요청입니다.") ; private final String code; diff --git a/backend/src/main/java/com/mapbefine/mapbefine/auth/infrastructure/JwtTokenProvider.java b/backend/src/main/java/com/mapbefine/mapbefine/auth/infrastructure/JwtTokenProvider.java index f3ec2a3e..01f64a96 100644 --- a/backend/src/main/java/com/mapbefine/mapbefine/auth/infrastructure/JwtTokenProvider.java +++ b/backend/src/main/java/com/mapbefine/mapbefine/auth/infrastructure/JwtTokenProvider.java @@ -1,5 +1,6 @@ package com.mapbefine.mapbefine.auth.infrastructure; +import static com.mapbefine.mapbefine.auth.exception.AuthErrorCode.BAD_REQUEST_TOKEN; import static com.mapbefine.mapbefine.auth.exception.AuthErrorCode.EXPIRED_TOKEN; import static com.mapbefine.mapbefine.auth.exception.AuthErrorCode.ILLEGAL_TOKEN; @@ -75,7 +76,7 @@ public void validateTokensForRemoval(String refreshToken, String accessToken) { if (canRemoveRefreshToken) { return; } - throw new AuthUnauthorizedException(EXPIRED_TOKEN); + throw new AuthUnauthorizedException(BAD_REQUEST_TOKEN); } public void validateAccessToken(String accessToken) {