Feat: 토큰 인증 방식 수정

Author: dungbik

build.gradle.kts

@@ -32,11 +32,6 @@ dependencies {
     implementation("org.springframework.cloud:spring-cloud-starter-circuitbreaker-reactor-resilience4j")
     implementation("org.springframework.cloud:spring-cloud-starter-gateway")
 
-    // JWT
-    implementation("io.jsonwebtoken:jjwt-api:0.12.6")
-    runtimeOnly("io.jsonwebtoken:jjwt-impl:0.12.6")
-    runtimeOnly("io.jsonwebtoken:jjwt-jackson:0.12.6")
-
     compileOnly("org.projectlombok:lombok")
     annotationProcessor("org.projectlombok:lombok")
     testImplementation("org.springframework.boot:spring-boot-starter-test")

src/main/java/flipnote/apigateway/client/TokenValidationClient.java

@@ -0,0 +1,30 @@
+package flipnote.apigateway.client;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+import org.springframework.web.reactive.function.client.WebClient;
+import reactor.core.publisher.Mono;
+
+@Component
+public class TokenValidationClient {
+
+    private final WebClient webClient;
+
+    public TokenValidationClient(@Value("${app.user-service.url}") String userServiceUrl) {
+        this.webClient = WebClient.builder()
+                .baseUrl(userServiceUrl)
+                .build();
+    }
+
+    public Mono<TokenValidationResponse> validateToken(String token) {
+        return webClient.post()
+                .uri("/v1/auth/token/validate")
+                .bodyValue(new TokenValidationRequest(token))
+                .retrieve()
+                .bodyToMono(TokenValidationResponse.class);
+    }
+
+    public record TokenValidationRequest(String token) {}
+
+    public record TokenValidationResponse(Long userId, String email, String role) {}
+}

src/main/java/flipnote/apigateway/filter/AuthenticationFilter.java

@@ -1,12 +1,10 @@
 package flipnote.apigateway.filter;
 
-import flipnote.apigateway.util.JwtUtil;
-import io.jsonwebtoken.Claims;
-import io.jsonwebtoken.JwtException;
+import flipnote.apigateway.client.TokenValidationClient;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.cloud.gateway.filter.GatewayFilter;
 import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
-import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpCookie;
 import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Component;
 import org.springframework.web.server.ServerWebExchange;
@@ -16,47 +14,45 @@
 @Component
 public class AuthenticationFilter extends AbstractGatewayFilterFactory<AuthenticationFilter.Config> {
 
-    private final JwtUtil jwtUtil;
+    private final TokenValidationClient tokenValidationClient;
 
-    public AuthenticationFilter(JwtUtil jwtUtil) {
+    public AuthenticationFilter(TokenValidationClient tokenValidationClient) {
         super(Config.class);
-        this.jwtUtil = jwtUtil;
+        this.tokenValidationClient = tokenValidationClient;
     }
 
+    private static final String ACCESS_TOKEN_COOKIE = "accessToken";
+
     @Override
     public GatewayFilter apply(Config config) {
         return (exchange, chain) -> {
-            String authHeader = exchange.getRequest().getHeaders().getFirst(HttpHeaders.AUTHORIZATION);
+            HttpCookie cookie = exchange.getRequest().getCookies().getFirst(ACCESS_TOKEN_COOKIE);
 
-            if (authHeader == null || !authHeader.startsWith("Bearer ")) {
-                log.warn("Missing or invalid Authorization header");
+            if (cookie == null) {
+                log.warn("Missing access token cookie");
                 return onError(exchange, HttpStatus.UNAUTHORIZED);
             }
 
-            String token = authHeader.substring(7);
-
-            try {
-                Claims claims = jwtUtil.parseToken(token);
-
-                Long userId = jwtUtil.getUserId(claims);
-                String email = jwtUtil.getEmail(claims);
-                String role = jwtUtil.getRole(claims);
+            String token = cookie.getValue();
 
-                log.debug("Authenticated user: id={}, email={}, role={}", userId, email, role);
+            return tokenValidationClient.validateToken(token)
+                    .flatMap(response -> {
+                        log.debug("Authenticated user: id={}, email={}, role={}",
+                                response.userId(), response.email(), response.role());
 
-                ServerWebExchange modifiedExchange = exchange.mutate()
-                        .request(r -> r
-                                .header("X-User-Id", String.valueOf(userId))
-                                .header("X-User-Email", email)
-                                .header("X-User-Role", role))
-                        .build();
+                        ServerWebExchange modifiedExchange = exchange.mutate()
+                                .request(r -> r
+                                        .header("X-User-Id", String.valueOf(response.userId()))
+                                        .header("X-User-Email", response.email())
+                                        .header("X-User-Role", response.role()))
+                                .build();
 
-                return chain.filter(modifiedExchange);
-
-            } catch (JwtException e) {
-                log.error("JWT validation failed: {}", e.getMessage());
-                return onError(exchange, HttpStatus.UNAUTHORIZED);
-            }
+                        return chain.filter(modifiedExchange);
+                    })
+                    .onErrorResume(e -> {
+                        log.error("Token validation failed: {}", e.getMessage());
+                        return onError(exchange, HttpStatus.UNAUTHORIZED);
+                    });
         };
     }
 

src/main/java/flipnote/apigateway/util/JwtUtil.java

@@ -18,6 +18,7 @@ spring:
                   - /v1/auth/login
                   - /v1/auth/register
                   - /v1/auth/token/refresh
+                  - /v1/auth/token/validate
                   - /v1/auth/email-verification/request
                   - /v1/auth/email-verification
                   - /v1/auth/password-reset/request
@@ -35,8 +36,11 @@ spring:
                   - /v1/auth/social-links
                   - /v1/auth/social-links/*
                   - /v1/oauth2/authorization/*
+                  - /v1/oauth2/links/*
+
           filters:
             - AuthenticationFilter
 
-jwt:
-  secret: "55ca298dcfc216e215622e3f48a251abaa4e8bb973074f065ab170e311acc15811d01a2407290c3ac143648196306d4a6f666a4ed364d3df633e08eb184bb0aea0f2edde4fd2d7fa68ea95ddbc421ff532ce47bde775975911042d665bc22d88a9fa26a03bb4d25530b8cdeb1247d87c9e3efcd721e368b0566b00a43308a729"
+app:
+  user-service:
+    url: http://localhost:8081

src/main/resources/application-local.yml

@@ -28,6 +28,7 @@ spring:
                   - /v1/auth/login
                   - /v1/auth/register
                   - /v1/auth/token/refresh
+                  - /v1/auth/token/validate
                   - /v1/auth/email-verification/request
                   - /v1/auth/email-verification
                   - /v1/auth/password-reset/request
@@ -46,6 +47,7 @@ spring:
                   - /v1/auth/social-links/*
                   - /v1/oauth2/authorization/*
                   - /v1/oauth2/links/*
+
           filters:
             - AuthenticationFilter
 
@@ -61,8 +63,9 @@ spring:
           filters:
             - AuthenticationFilter
 
-jwt:
-  secret: ${JWT_SECRET}
+app:
+  user-service:
+    url: http://user-service:8081
 
 management:
   endpoints: