Merge branch 'develop' into CLAP-148

Author: hyoseong-Choi

build.gradle

@@ -90,6 +90,9 @@ dependencies {
     // Email Sender
     implementation 'org.springframework.boot:spring-boot-starter-mail'
 
+    // Thymeleaf
+    implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
+
     // Spring aop
     implementation 'org.springframework.boot:spring-boot-starter-aop'
 

src/main/java/clap/server/adapter/inbound/security/filter/JwtAuthenticationFilter.java

@@ -2,6 +2,7 @@
 
 import clap.server.adapter.outbound.jwt.JwtClaims;
 import clap.server.adapter.outbound.jwt.access.AccessTokenClaimKeys;
+import clap.server.application.port.outbound.auth.ForbiddenTokenPort;
 import clap.server.application.port.outbound.auth.JwtProvider;
 import clap.server.exception.JwtException;
 import clap.server.exception.code.AuthErrorCode;
@@ -27,7 +28,6 @@
 
 import java.io.IOException;
 
-// 요청에서 JWT 토큰을 추출하고 유효성을 검사합니다.
 @Slf4j
 @Component
 @RequiredArgsConstructor
@@ -37,6 +37,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
     private final JwtProvider accessTokenProvider;
     private final JwtProvider temporaryTokenProvider;
     private final AccessDeniedHandler accessDeniedHandler;
+    private final ForbiddenTokenPort forbiddenTokenPort;
 
     @Override
     protected void doFilterInternal(
@@ -70,15 +71,15 @@ private String resolveAccessToken(
             HttpServletRequest request
     ) throws ServletException {
         String authHeader = request.getHeader(HttpHeaders.AUTHORIZATION);
-        String token = accessTokenProvider.resolveToken(authHeader);
+        String accessToken = accessTokenProvider.resolveToken(authHeader);
 
-        if (!StringUtils.hasText(token)) {
+        if (!StringUtils.hasText(accessToken)) {
             log.error("EMPTY_ACCESS_TOKEN");
             handleAuthException(AuthErrorCode.EMPTY_ACCESS_KEY);
         }
 
         String requestUrl = request.getRequestURI();
-        boolean isTemporaryToken = isTemporaryToken(token);
+        boolean isTemporaryToken = isTemporaryToken(accessToken);
         JwtProvider tokenProvider = isTemporaryToken ? temporaryTokenProvider : accessTokenProvider;
 
         log.info("Token is Temporary {}", isTemporaryToken);
@@ -88,14 +89,17 @@ private String resolveAccessToken(
             handleAuthException(AuthErrorCode.FORBIDDEN_ACCESS_TOKEN);
         }
 
-        // TODO: 블랙리스트 토큰 처리 로직 추가 필요
+        if (forbiddenTokenPort.getIsForbidden(accessToken)) {
+            log.error("FORBIDDEN_ACCESS_TOKEN");
+            handleAuthException(AuthErrorCode.FORBIDDEN_ACCESS_TOKEN);
+        }
 
-        if (tokenProvider.isTokenExpired(token)) {
+        if (tokenProvider.isTokenExpired(accessToken)) {
             log.error("EXPIRED_TOKEN");
             handleAuthException(AuthErrorCode.EXPIRED_TOKEN);
         }
 
-        return token;
+        return accessToken;
     }
 
 

src/main/java/clap/server/adapter/inbound/web/admin/AddCategoryController.java

@@ -15,7 +15,7 @@
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 
-@Tag(name = "카테고리 추가")
+@Tag(name = "05. Admin")
 @WebAdapter
 @RequiredArgsConstructor
 @RequestMapping("/api/management")

src/main/java/clap/server/adapter/inbound/web/admin/ManageMemberController.java

@@ -15,14 +15,14 @@
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 
-@Tag(name = "회원 관리 - 수정/ 삭제")
+@Tag(name = "05. Admin")
 @WebAdapter
 @RequiredArgsConstructor
 @RequestMapping("/api/managements/members")
 public class ManageMemberController {
     private final ManageMemberUsecase manageMemberUsecase;
 
-    @Operation(summary = "단일 회원 등록 API")
+    @Operation(summary = "회원 정보 수정 API")
     @PostMapping("/{memberId}")
     @Secured("ROLE_ADMIN")
     public void registerMember(@AuthenticationPrincipal SecurityUserDetails userInfo,

src/main/java/clap/server/adapter/inbound/web/admin/RegisterMemberController.java

@@ -14,7 +14,7 @@
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 
-@Tag(name = "회원 관리 - 등록")
+@Tag(name = "05. Admin")
 @WebAdapter
 @RequiredArgsConstructor
 @RequestMapping("/api/managements")

src/main/java/clap/server/adapter/inbound/web/auth/AuthController.java

@@ -1,24 +1,24 @@
 package clap.server.adapter.inbound.web.auth;
 
+import clap.server.adapter.inbound.security.SecurityUserDetails;
 import clap.server.adapter.inbound.web.dto.auth.LoginRequest;
 import clap.server.adapter.inbound.web.dto.auth.LoginResponse;
 import clap.server.application.port.inbound.auth.AuthUsecase;
 import clap.server.common.annotation.architecture.WebAdapter;
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestHeader;
-import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.web.bind.annotation.*;
 
 import static clap.server.common.utils.ClientIpParseUtil.getClientIp;
 
 @Slf4j
-@Tag(name = "로그인 / 로그아웃")
+@Tag(name = "00. Auth", description = "로그인, 로그아웃, 토큰 재발급 API")
 @WebAdapter
 @RequiredArgsConstructor
 @RequestMapping("/api/auths")
@@ -35,5 +35,13 @@ public ResponseEntity<LoginResponse> login(@RequestHeader(name = "sessionId") St
         return ResponseEntity.ok(response);
     }
 
+    @Operation(summary = "로그아웃 API")
+    @DeleteMapping("/logout")
+    public void logout(@AuthenticationPrincipal SecurityUserDetails userInfo,
+                                       @Parameter(hidden = true) @RequestHeader(value = "Authorization") String authHeader,
+                                       @RequestHeader(value = "refreshToken") String refreshToken) {
+        String accessToken = authHeader.split(" ")[1];
+        authUsecase.logout(userInfo.getUserId(), accessToken, refreshToken);
+    }
 
 }

src/main/java/clap/server/adapter/inbound/web/auth/ReissueTokenController.java

@@ -11,7 +11,7 @@
 import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 
-@Tag(name = "토큰 재발급")
+@Tag(name = "00. Auth")
 @WebAdapter
 @RequiredArgsConstructor
 @RequestMapping("/api/auths")

src/main/java/clap/server/adapter/inbound/web/dto/admin/FindManagersResponse.java

@@ -0,0 +1,12 @@
+package clap.server.adapter.inbound.web.dto.common;
+
+
+import java.util.List;
+
+public record SliceResponse<T> (
+        List<T> content,
+        boolean hasNext,
+        boolean isFirst,
+        boolean isLast
+) {
+}

src/main/java/clap/server/adapter/inbound/web/dto/common/SliceResponse.java

@@ -0,0 +1,11 @@
+package clap.server.adapter.inbound.web.dto.notification;
+
+import clap.server.adapter.outbound.persistense.entity.notification.constant.NotificationType;
+
+public record SseRequest(
+        String taskTitle,
+        NotificationType notificationType,
+        Long receiverId,
+        String message
+) {
+}