[회원 정보 개선] Member 엔티티 및 DTO에 login_ip 필드 추가, JWT 관련 필터에서 클라이언트 IP 처리 로직 개선. Refresh Token 생성 및 검증 시 IP 정보 포함하여 보안 강화.
This commit is contained in:
@@ -8,6 +8,7 @@
|
||||
updated_at timestamp(6) not null,
|
||||
updated_oid bigint,
|
||||
role varchar(40) not null check (role in ('MEMBER','ADMIN','SYSTEM_ADMIN')),
|
||||
login_ip varchar(45),
|
||||
name varchar(100) not null,
|
||||
password varchar(100) not null,
|
||||
user_id varchar(100) not null,
|
||||
|
||||
@@ -27,6 +27,7 @@ public class MemberDto implements UserDetails {
|
||||
private MemberRole role;
|
||||
private Boolean useFlag;
|
||||
private String refreshToken;
|
||||
private String loginIp;
|
||||
private LocalDateTime lastLoginAt;
|
||||
private LocalDateTime createdAt;
|
||||
private LocalDateTime updatedAt;
|
||||
|
||||
@@ -48,6 +48,9 @@ public class Member extends BaseEntity {
|
||||
@Column(name = "refresh_token", length = 1024)
|
||||
private String refreshToken;
|
||||
|
||||
@Column(name = "login_ip", length = 45) // IPv6 지원을 위해 45자
|
||||
private String loginIp;
|
||||
|
||||
@Column(name = "last_login_at")
|
||||
private LocalDateTime lastLoginAt;
|
||||
|
||||
|
||||
@@ -22,6 +22,7 @@ public interface MemberMapper {
|
||||
@Mapping(target = "role", expression = "java(com.bio.bio_backend.domain.base.member.enums.MemberRole.getDefault())")
|
||||
@Mapping(target = "useFlag", constant = "true")
|
||||
@Mapping(target = "refreshToken", ignore = true)
|
||||
@Mapping(target = "loginIp", ignore = true)
|
||||
@Mapping(target = "lastLoginAt", ignore = true)
|
||||
@Mapping(target = "createdAt", ignore = true)
|
||||
@Mapping(target = "updatedAt", ignore = true)
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
package com.bio.bio_backend.domain.base.member.service;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
|
||||
@@ -12,6 +12,7 @@ import com.bio.bio_backend.domain.base.member.dto.MemberDto;
|
||||
import com.bio.bio_backend.domain.base.member.service.MemberService;
|
||||
import com.bio.bio_backend.global.constants.ApiResponseCode;
|
||||
import com.bio.bio_backend.global.utils.JwtUtils;
|
||||
import com.bio.bio_backend.global.utils.HttpUtils;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.http.HttpStatus;
|
||||
@@ -38,6 +39,7 @@ public class JwtTokenIssuanceFilter extends UsernamePasswordAuthenticationFilter
|
||||
private final JwtUtils jwtUtils;
|
||||
private final ObjectMapper objectMapper;
|
||||
private final MemberService memberService;
|
||||
private final HttpUtils httpUtils;
|
||||
|
||||
// 사용자 login 인증 처리
|
||||
@Override
|
||||
@@ -66,6 +68,7 @@ public class JwtTokenIssuanceFilter extends UsernamePasswordAuthenticationFilter
|
||||
String refreshToken = jwtUtils.createRefreshToken(member.getUserId(), member.getRole().getValue());
|
||||
|
||||
member.setRefreshToken(refreshToken);
|
||||
member.setLoginIp(httpUtils.getClientIp());
|
||||
member.setLastLoginAt(LocalDateTime.now());
|
||||
memberService.updateMember(member);
|
||||
|
||||
|
||||
@@ -69,7 +69,7 @@ public class JwtTokenValidationFilter extends OncePerRequestFilter {
|
||||
}
|
||||
|
||||
// Access Token이 없거나 만료된 경우, Refresh Token으로 갱신 시도
|
||||
if (refreshToken != null && jwtUtils.validateRefreshToken(refreshToken)) {
|
||||
if (refreshToken != null && jwtUtils.validateRefreshToken(refreshToken, request.getRemoteAddr())) {
|
||||
String username = jwtUtils.extractUsername(refreshToken);
|
||||
String role = (String) jwtUtils.extractAllClaims(refreshToken).get("role");
|
||||
|
||||
|
||||
@@ -21,6 +21,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.bio.bio_backend.domain.base.member.service.MemberService;
|
||||
import com.bio.bio_backend.global.exception.CustomAuthenticationFailureHandler;
|
||||
import com.bio.bio_backend.global.utils.JwtUtils;
|
||||
import com.bio.bio_backend.global.utils.HttpUtils;
|
||||
import com.bio.bio_backend.global.config.SecurityPathConfig;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
|
||||
@@ -35,9 +36,10 @@ public class WebSecurity {
|
||||
private final ObjectMapper objectMapper;
|
||||
private final Environment env;
|
||||
private final SecurityPathConfig securityPathConfig;
|
||||
private final HttpUtils httpUtils;
|
||||
|
||||
private JwtTokenIssuanceFilter getJwtTokenIssuanceFilter(AuthenticationManager authenticationManager) throws Exception {
|
||||
JwtTokenIssuanceFilter filter = new JwtTokenIssuanceFilter(authenticationManager, jwtUtils, objectMapper, memberService);
|
||||
JwtTokenIssuanceFilter filter = new JwtTokenIssuanceFilter(authenticationManager, jwtUtils, objectMapper, memberService, httpUtils);
|
||||
filter.setFilterProcessesUrl("/login");
|
||||
filter.setAuthenticationFailureHandler(new CustomAuthenticationFailureHandler(objectMapper));
|
||||
return filter;
|
||||
|
||||
@@ -8,7 +8,6 @@ import jakarta.servlet.http.Cookie;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import com.bio.bio_backend.domain.base.member.service.MemberService;
|
||||
import com.bio.bio_backend.domain.base.member.dto.MemberDto;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
@@ -53,9 +52,39 @@ public class JwtUtils {
|
||||
return isTokenExpired(token);
|
||||
}
|
||||
|
||||
public Boolean validateRefreshToken(String token) {
|
||||
String saveToken = memberService.getRefreshToken(extractUsername(token));
|
||||
return (saveToken.equals(token) && isTokenExpired(token));
|
||||
// Refresh Token 생성 시 IP 정보 포함
|
||||
public String createRefreshToken(String username, String role, String clientIp) {
|
||||
return generateToken(username, role, clientIp,
|
||||
Long.parseLong(Objects.requireNonNull(env.getProperty("token.expiration_time_refresh"))));
|
||||
}
|
||||
|
||||
// IP 정보를 포함한 토큰 생성
|
||||
public String generateToken(String username, String role, String clientIp, long expirationTime) {
|
||||
return Jwts.builder()
|
||||
.subject(username)
|
||||
.claim("role", role)
|
||||
.claim("ip", clientIp) // IP 정보 추가
|
||||
.issuedAt(new Date(System.currentTimeMillis()))
|
||||
.expiration(new Date(System.currentTimeMillis() + expirationTime))
|
||||
.signWith(getSigningKey())
|
||||
.compact();
|
||||
}
|
||||
|
||||
// IP 정보 추출
|
||||
public String extractClientIp(String token) {
|
||||
Claims claims = extractAllClaims(token);
|
||||
return claims.get("ip", String.class);
|
||||
}
|
||||
|
||||
// Refresh Token 검증 시 IP도 함께 검증
|
||||
public Boolean validateRefreshToken(String token, String clientIp) {
|
||||
String savedToken = memberService.getRefreshToken(extractUsername(token));
|
||||
String tokenIp = extractClientIp(token);
|
||||
|
||||
// 토큰 일치, 만료되지 않음, IP 일치 확인
|
||||
return (savedToken.equals(token) &&
|
||||
isTokenExpired(token) &&
|
||||
Objects.equals(tokenIp, clientIp));
|
||||
}
|
||||
|
||||
private boolean isTokenExpired(String token) {
|
||||
|
||||
@@ -92,7 +92,7 @@ decorator.datasource.p6spy.log-format=%(sqlSingleLine)
|
||||
# JWT 설정
|
||||
# ========================================
|
||||
token.expiration_time_access=900000
|
||||
token.expiration_time_refresh=604800000
|
||||
token.expiration_time_refresh=86400000
|
||||
token.secret_key=c3RhbV9qd3Rfc2VjcmV0X3Rva2Vuc3RhbV9qd3Rfc2VjcmV0X3RhbV9qd3Rfc2VjcmV0X3RhbV9qd3Rfc2VjcmV0X3Rva2Vu
|
||||
# 운영 환경 변수 설정 필요
|
||||
# token.secret_key=${JWT_SECRET_KEY:}
|
||||
|
||||
Reference in New Issue
Block a user