Merge pull request #14 from FlipNoteTeam/feat/password-reset [FN-65]

Feat: [FN-65] 비밀번호 재설정 링크 전송

Author: dungbik

src/main/java/project/flipnote/auth/constants/AuthRedisKey.java

@@ -11,6 +11,8 @@ public enum AuthRedisKey implements RedisKeys {
 	EMAIL_VERIFIED("auth:email:verified:%s", 600),
 	TOKEN_VERSION("auth:token:version:%d", 3600),
 	TOKEN_BLACKLIST("auth:token:blacklist:%s", -1),
+	PASSWORD_RESET_TOKEN("auth:password_reset:token:%s", PasswordResetConstants.TOKEN_TTL_MINUTES * 60),
+	PASSWORD_RESET_EMAIL("auth:password_reset:email:%s", PasswordResetConstants.TOKEN_TTL_MINUTES * 60),
 	;
 
 	private final String pattern;

src/main/java/project/flipnote/auth/constants/PasswordResetConstants.java

@@ -0,0 +1,9 @@
+package project.flipnote.auth.constants;
+
+import lombok.AccessLevel;
+import lombok.NoArgsConstructor;
+
+@NoArgsConstructor(access = AccessLevel.PRIVATE)
+public final class PasswordResetConstants {
+	public static final int TOKEN_TTL_MINUTES = 30;
+}

src/main/java/project/flipnote/auth/controller/AuthController.java

@@ -13,6 +13,7 @@
 import lombok.RequiredArgsConstructor;
 import project.flipnote.auth.model.EmailVerificationConfirmRequest;
 import project.flipnote.auth.model.EmailVerificationRequest;
+import project.flipnote.auth.model.PasswordResetCreateRequest;
 import project.flipnote.auth.model.TokenPair;
 import project.flipnote.auth.model.UserLoginRequest;
 import project.flipnote.auth.model.UserLoginResponse;
@@ -89,4 +90,13 @@ public ResponseEntity<UserLoginResponse> refreshToken(
 			.header(HttpHeaders.SET_COOKIE, cookie.toString())
 			.body(UserLoginResponse.from(tokenPair.accessToken()));
 	}
+
+	@PostMapping("/password-resets")
+	public ResponseEntity<Void> requestPasswordReset(
+		@Valid @RequestBody PasswordResetCreateRequest req
+	) {
+		authService.requestPasswordReset(req);
+
+		return ResponseEntity.noContent().build();
+	}
 }

src/main/java/project/flipnote/auth/event/PasswordResetCreateEvent.java

@@ -0,0 +1,7 @@
+package project.flipnote.auth.event;
+
+public record PasswordResetCreateEvent(
+	String to,
+	String link
+) {
+}

src/main/java/project/flipnote/auth/exception/AuthErrorCode.java

@@ -16,7 +16,8 @@ public enum AuthErrorCode implements ErrorCode {
 	INVALID_VERIFICATION_CODE(HttpStatus.FORBIDDEN, "AUTH_004", "잘못된 인증번호입니다. 입력한 인증번호를 확인해 주세요."),
 	EXISTING_EMAIL(HttpStatus.CONFLICT, "AUTH_005", "이미 가입된 이메일입니다. 다른 이메일을 사용해 주세요."),
 	INVALID_REFRESH_TOKEN(HttpStatus.UNAUTHORIZED, "AUTH_006", "인증 정보가 유효하지 않습니다."),
-	UNVERIFIED_EMAIL(HttpStatus.FORBIDDEN, "AUTH_007", "인증되지 않은 이메일입니다. 이메일 인증을 완료해 주세요.");
+	UNVERIFIED_EMAIL(HttpStatus.FORBIDDEN, "AUTH_007", "인증되지 않은 이메일입니다. 이메일 인증을 완료해 주세요."),
+	ALREADY_SENT_PASSWORD_RESET_LINK(HttpStatus.CONFLICT, "AUTH_008", "이미 유효한 비밀번호 재설정 링크가 존재합니다. 이메일을 확인해주세요.");
 
 	private final HttpStatus httpStatus;
 	private final String code;

src/main/java/project/flipnote/auth/listener/EmailVerificationEventListener.java

@@ -34,6 +34,6 @@ public void handleEmailVerificationSendEvent(EmailVerificationSendEvent event) {
 
 	@Recover
 	public void recover(EmailSendException ex, EmailVerificationSendEvent event) {
-		log.error("이메일 인증번호 전송 3회 실패: to={}", event.to(), ex);
+		log.error("이메일 인증번호 전송 실패: to={}", event.to(), ex);
 	}
 }

src/main/java/project/flipnote/auth/listener/PasswordResetCreateEventListener.java

@@ -0,0 +1,39 @@
+package project.flipnote.auth.listener;
+
+import org.springframework.context.event.EventListener;
+import org.springframework.retry.annotation.Backoff;
+import org.springframework.retry.annotation.Recover;
+import org.springframework.retry.annotation.Retryable;
+import org.springframework.scheduling.annotation.Async;
+import org.springframework.stereotype.Component;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import project.flipnote.auth.constants.PasswordResetConstants;
+import project.flipnote.auth.event.PasswordResetCreateEvent;
+import project.flipnote.common.exception.EmailSendException;
+import project.flipnote.infra.email.EmailService;
+
+@Slf4j
+@RequiredArgsConstructor
+@Component
+public class PasswordResetCreateEventListener {
+
+	private final EmailService emailService;
+
+	@Async
+	@Retryable(
+		maxAttempts = 3,
+		retryFor = { EmailSendException.class },
+		backoff = @Backoff(delay = 2000, multiplier = 2)
+	)
+	@EventListener
+	public void handlePasswordResetCreateEvent(PasswordResetCreateEvent event) {
+		emailService.sendPasswordResetLink(event.to(), event.link(), PasswordResetConstants.TOKEN_TTL_MINUTES);
+	}
+
+	@Recover
+	public void recover(EmailSendException ex, PasswordResetCreateEvent event) {
+		log.error("비밀번호 재설정 링크 전송 실패: to={}", event.to(), ex);
+	}
+}

src/main/java/project/flipnote/auth/model/PasswordResetCreateRequest.java

@@ -0,0 +1,10 @@
+package project.flipnote.auth.model;
+
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotBlank;
+
+public record PasswordResetCreateRequest(
+	@Email @NotBlank
+	String email
+) {
+}

src/main/java/project/flipnote/auth/repository/PasswordResetRedisRepository.java

@@ -0,0 +1,62 @@
+package project.flipnote.auth.repository;
+
+import java.time.Duration;
+import java.util.List;
+import java.util.Optional;
+
+import org.springframework.dao.DataAccessException;
+import org.springframework.data.redis.core.RedisOperations;
+import org.springframework.data.redis.core.SessionCallback;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.stereotype.Repository;
+
+import lombok.RequiredArgsConstructor;
+import project.flipnote.auth.constants.AuthRedisKey;
+
+@RequiredArgsConstructor
+@Repository
+public class PasswordResetRedisRepository {
+
+	private final StringRedisTemplate stringRedisTemplate;
+
+	public void saveToken(String email, String token) {
+		stringRedisTemplate.execute(new SessionCallback<List<Object>>() {
+			@Override
+			public List<Object> execute(RedisOperations operations) throws DataAccessException {
+				operations.multi();
+
+				String tokenKey = AuthRedisKey.PASSWORD_RESET_TOKEN.key(token);
+				Duration tokenTtl = AuthRedisKey.PASSWORD_RESET_TOKEN.getTtl();
+				operations.opsForValue().set(tokenKey, email, tokenTtl);
+
+				String emailKey = AuthRedisKey.PASSWORD_RESET_EMAIL.key(email);
+				Duration emailTtl = AuthRedisKey.PASSWORD_RESET_EMAIL.getTtl();
+				operations.opsForValue().set(emailKey, "1", emailTtl);
+
+				return operations.exec();
+			}
+		});
+	}
+
+	public Optional<String> findEmailByToken(String token) {
+		String key = AuthRedisKey.PASSWORD_RESET_TOKEN.key(token);
+
+		String email = stringRedisTemplate.opsForValue().get(key);
+
+		return Optional.ofNullable(email);
+	}
+
+	public void deleteToken(String email, String token) {
+		String tokenKey = AuthRedisKey.PASSWORD_RESET_TOKEN.key(token);
+		stringRedisTemplate.delete(tokenKey);
+
+		String emailKey = AuthRedisKey.PASSWORD_RESET_EMAIL.key(email);
+		stringRedisTemplate.delete(emailKey);
+	}
+
+	public boolean hasActiveToken(String email) {
+		String key = AuthRedisKey.PASSWORD_RESET_EMAIL.key(email);
+
+		return stringRedisTemplate.hasKey(key);
+	}
+}

src/main/java/project/flipnote/auth/service/AuthService.java

@@ -1,6 +1,5 @@
 package project.flipnote.auth.service;
 
-import java.security.SecureRandom;
 import java.util.Objects;
 
 import org.springframework.context.ApplicationEventPublisher;
@@ -11,13 +10,19 @@
 import lombok.extern.slf4j.Slf4j;
 import project.flipnote.auth.constants.VerificationConstants;
 import project.flipnote.auth.event.EmailVerificationSendEvent;
+import project.flipnote.auth.event.PasswordResetCreateEvent;
 import project.flipnote.auth.exception.AuthErrorCode;
 import project.flipnote.auth.model.EmailVerificationConfirmRequest;
 import project.flipnote.auth.model.EmailVerificationRequest;
+import project.flipnote.auth.model.PasswordResetCreateRequest;
 import project.flipnote.auth.model.TokenPair;
 import project.flipnote.auth.model.UserLoginRequest;
 import project.flipnote.auth.repository.EmailVerificationRedisRepository;
+import project.flipnote.auth.repository.PasswordResetRedisRepository;
 import project.flipnote.auth.repository.TokenBlacklistRedisRepository;
+import project.flipnote.auth.util.PasswordResetTokenGenerator;
+import project.flipnote.auth.util.VerificationCodeGenerator;
+import project.flipnote.common.config.ClientProperties;
 import project.flipnote.common.exception.BizException;
 import project.flipnote.common.security.dto.UserAuth;
 import project.flipnote.common.security.jwt.JwtComponent;
@@ -34,11 +39,12 @@ public class AuthService {
 	private final JwtComponent jwtComponent;
 	private final EmailVerificationRedisRepository emailVerificationRedisRepository;
 	private final TokenBlacklistRedisRepository tokenBlacklistRedisRepository;
-
 	private final PasswordEncoder passwordEncoder;
 	private final ApplicationEventPublisher eventPublisher;
-
-	private static final SecureRandom random = new SecureRandom();
+	private final VerificationCodeGenerator verificationCodeGenerator;
+	private final PasswordResetTokenGenerator passwordResetTokenGenerator;
+	private final PasswordResetRedisRepository passwordResetRedisRepository;
+	private final ClientProperties clientProperties;
 
 	public TokenPair login(UserLoginRequest req) {
 		User user = findActiveUserByEmail(req.email());
@@ -49,12 +55,12 @@ public TokenPair login(UserLoginRequest req) {
 	}
 
 	public void sendEmailVerificationCode(EmailVerificationRequest req) {
-		final String email = req.email();
+		String email = req.email();
 
 		validateEmailIsAvailable(email);
 		validateVerificationCodeNotExists(email);
 
-		final String code = generateVerificationCode(VerificationConstants.CODE_LENGTH);
+		String code = verificationCodeGenerator.generateVerificationCode(VerificationConstants.CODE_LENGTH);
 
 		emailVerificationRedisRepository.saveCode(email, code);
 
@@ -85,18 +91,28 @@ public TokenPair refreshToken(String refreshToken) {
 		return jwtComponent.generateTokenPair(userAuth);
 	}
 
+	public void requestPasswordReset(PasswordResetCreateRequest req) {
+		String email = req.email();
+		if (passwordResetRedisRepository.hasActiveToken(email)) {
+			throw new BizException(AuthErrorCode.ALREADY_SENT_PASSWORD_RESET_LINK);
+		}
+
+		boolean existUser = userRepository.existsByEmailAndStatus(email, UserStatus.ACTIVE);
+		if (existUser) {
+			String token = passwordResetTokenGenerator.generateToken();
+			passwordResetRedisRepository.saveToken(email, token);
+
+			String link = clientProperties.buildPasswordResetUrl(token);
+			eventPublisher.publishEvent(new PasswordResetCreateEvent(email, link));
+		}
+	}
+
 	public void validatePasswordMatch(String rawPassword, String encodedPassword) {
 		if (!passwordEncoder.matches(rawPassword, encodedPassword)) {
 			throw new BizException(AuthErrorCode.INVALID_CREDENTIALS);
 		}
 	}
 
-	private String generateVerificationCode(int length) {
-		int origin = (int)Math.pow(10, length - 1);
-		int bound = (int)Math.pow(10, length);
-		return String.valueOf(random.nextInt(origin, bound));
-	}
-
 	private User findActiveUserByEmail(String email) {
 		return userRepository.findByEmailAndStatus(email, UserStatus.ACTIVE)
 			.orElseThrow(() -> new BizException(AuthErrorCode.INVALID_CREDENTIALS));