Merge pull request #258 from FunD-StockProject/fix/notification-same-device-token

Fix: 동일 디바이스 token으로 인해 푸시 알림 오던 이슈 해결을 위한 로직 개선

Author: MuuiGong

src/main/java/com/fund/stockProject/auth/controller/AuthController.java

@@ -200,9 +200,10 @@ public ResponseEntity<LoginResponse> reissue(
             @ApiResponse(responseCode = "401", description = "인증 필요")
     })
     public ResponseEntity<?> logout(
+            @AuthenticationPrincipal(expression = "id") @Parameter(hidden = true) Integer userId,
             @RequestBody @Parameter(description = "Refresh 토큰 DTO", required = true) RefreshTokenRequest requestDto) {
         try {
-            tokenService.logout(requestDto.getRefreshToken());
+            tokenService.logout(userId, requestDto.getRefreshToken(), requestDto.getDeviceToken());
             return ResponseEntity.ok(Map.of("message", "Logout successful"));
         } catch (Exception e) {
             // 예를 들어 유효하지 않은 토큰 포맷 등의 이유로 실패했을 때

src/main/java/com/fund/stockProject/auth/dto/RefreshTokenRequest.java

@@ -1,6 +1,5 @@
 package com.fund.stockProject.auth.dto;
 
-import com.fasterxml.jackson.annotation.JsonProperty;
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
@@ -11,4 +10,7 @@
 public class RefreshTokenRequest {
     @Schema(description = "Refresh 토큰 문자열", example = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", requiredMode = Schema.RequiredMode.REQUIRED)
     private String refreshToken;
+
+    @Schema(description = "현재 디바이스의 FCM 토큰(로그아웃 시 해당 토큰 비활성화)", example = "fcm_token_abcdef123456", requiredMode = Schema.RequiredMode.NOT_REQUIRED)
+    private String deviceToken;
 }

src/main/java/com/fund/stockProject/auth/service/TokenService.java

@@ -5,6 +5,8 @@
 import com.fund.stockProject.auth.dto.RefreshTokenRequest;
 import com.fund.stockProject.auth.entity.RefreshToken;
 import com.fund.stockProject.auth.repository.RefreshTokenRepository;
+import com.fund.stockProject.notification.service.DeviceTokenService;
+import com.fund.stockProject.user.entity.User;
 import com.fund.stockProject.user.repository.UserRepository;
 import com.fund.stockProject.security.util.JwtUtil;
 import io.jsonwebtoken.ExpiredJwtException;
@@ -25,6 +27,7 @@ public class TokenService {
     private final JwtUtil jwtUtil;
     private final RefreshTokenRepository refreshTokenRepository; // RefreshRepository 주입
     private final UserRepository userRepository;
+    private final DeviceTokenService deviceTokenService;
 
     @Value("${spring.jwt.access-expiration-ms}")
     private Long accessTokenExpirationMs;
@@ -130,7 +133,7 @@ public LoginResponse reissueTokens(RefreshTokenRequest request) { // String 토
     }
 
     @Transactional
-    public void logout(String refreshToken) {
+    public void logout(Integer userId, String refreshToken, String deviceToken) {
         // 1. Refresh Token 유효성 검증 (null 또는 비어 있는지)
         if (refreshToken == null || refreshToken.trim().isEmpty()) {
             throw new IllegalArgumentException("Refresh token is required for logout.");
@@ -154,6 +157,30 @@ public void logout(String refreshToken) {
         // 3. DB에서 Refresh Token 삭제
         // deleteBy... 메소드는 대상이 없어도 오류를 발생시키지 않으므로, find.. 없이 바로 사용 가능
         refreshTokenRepository.deleteByRefreshToken(refreshToken);
+
+        // 4. 디바이스 토큰 비활성화
+        // 멀티 디바이스 환경 보호:
+        // deviceToken이 전달된 경우에만 해당 토큰을 비활성화
+        Integer resolvedUserId = resolveUserId(userId, refreshToken);
+        if (resolvedUserId != null) {
+            deviceTokenService.unregisterOnLogout(resolvedUserId, deviceToken);
+        } else {
+            log.warn("Skip device token cleanup during logout: cannot resolve user. hasAuthPrincipal={}", userId != null);
+        }
+    }
+
+    private Integer resolveUserId(Integer authenticatedUserId, String refreshToken) {
+        if (authenticatedUserId != null) {
+            return authenticatedUserId;
+        }
+
+        try {
+            String email = jwtUtil.getEmail(refreshToken);
+            return userRepository.findByEmail(email).map(User::getId).orElse(null);
+        } catch (Exception e) {
+            log.warn("Failed to resolve userId from refresh token during logout: {}", e.getMessage());
+            return null;
+        }
     }
 
     private UserProfile getUserProfile(String email) {
@@ -164,4 +191,4 @@ private UserProfile getUserProfile(String email) {
 
     private record UserProfile(String nickname, String profileImageUrl) {}
 
-}
+}

src/main/java/com/fund/stockProject/notification/repository/NotificationRepository.java

@@ -23,7 +23,11 @@ public interface NotificationRepository extends JpaRepository<Notification, Inte
         WHERE n.user.id = :userId
         AND (
             n.notificationType <> :scoreSpike
-            OR (n.changeAbs IS NOT NULL AND n.changeAbs <> 0 AND n.oldScore IS NOT NULL AND n.newScore IS NOT NULL)
+            OR (
+                COALESCE(n.changeAbs, 1) <> 0
+                AND n.title IS NOT NULL
+                AND n.body IS NOT NULL
+            )
         )
         ORDER BY n.createdAt DESC
     """)
@@ -43,7 +47,11 @@ Page<Notification> findByUserIdAndNotificationTypeOrderByCreatedAtDesc(
         AND n.notificationType = :notificationType
         AND (
             :notificationType <> :scoreSpike
-            OR (n.changeAbs IS NOT NULL AND n.changeAbs <> 0 AND n.oldScore IS NOT NULL AND n.newScore IS NOT NULL)
+            OR (
+                COALESCE(n.changeAbs, 1) <> 0
+                AND n.title IS NOT NULL
+                AND n.body IS NOT NULL
+            )
         )
         ORDER BY n.createdAt DESC
     """)
@@ -63,7 +71,11 @@ SELECT COUNT(n) FROM Notification n
         AND n.isRead = false
         AND (
             n.notificationType <> :scoreSpike
-            OR (n.changeAbs IS NOT NULL AND n.changeAbs <> 0 AND n.oldScore IS NOT NULL AND n.newScore IS NOT NULL)
+            OR (
+                COALESCE(n.changeAbs, 1) <> 0
+                AND n.title IS NOT NULL
+                AND n.body IS NOT NULL
+            )
         )
     """)
     long countValidByUserIdAndIsReadFalse(

src/main/java/com/fund/stockProject/notification/repository/UserDeviceTokenRepository.java

@@ -1,5 +1,6 @@
 package com.fund.stockProject.notification.repository;
 
+import com.fund.stockProject.notification.domain.DevicePlatform;
 import com.fund.stockProject.notification.entity.UserDeviceToken;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.Modifying;
@@ -17,11 +18,46 @@ public interface UserDeviceTokenRepository extends JpaRepository<UserDeviceToken
     List<String> findActiveTokens(@Param("userId") Integer userId);
 
     Optional<UserDeviceToken> findByToken(String token);
+    List<UserDeviceToken> findAllByToken(String token);
 
     // Explicit query for ownership check
     @Query("select t from UserDeviceToken t where t.token = :token and t.user.id = :userId")
     Optional<UserDeviceToken> findByTokenAndUserId(@Param("token") String token, @Param("userId") Integer userId);
 
+    @Modifying
+    @Transactional
+    @Query("""
+        UPDATE UserDeviceToken t
+        SET t.isActive = false
+        WHERE t.user.id = :userId
+    """)
+    int deactivateAllByUserId(@Param("userId") Integer userId);
+
+    @Modifying
+    @Transactional
+    @Query("""
+        UPDATE UserDeviceToken t
+        SET t.isActive = false
+        WHERE t.user.id = :userId
+          AND t.token = :token
+    """)
+    int deactivateByTokenAndUserId(@Param("token") String token, @Param("userId") Integer userId);
+
+    @Modifying
+    @Transactional
+    @Query("""
+        UPDATE UserDeviceToken t
+        SET t.isActive = false
+        WHERE t.user.id = :userId
+          AND t.platform = :platform
+          AND t.token <> :currentToken
+    """)
+    int deactivateByUserIdAndPlatformExceptToken(
+        @Param("userId") Integer userId,
+        @Param("platform") DevicePlatform platform,
+        @Param("currentToken") String currentToken
+    );
+
     // 사용자의 모든 디바이스 토큰 삭제
     @Modifying
     @Transactional

src/main/java/com/fund/stockProject/notification/service/DeviceTokenService.java

@@ -11,6 +11,8 @@
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.util.List;
+
 @Service
 @RequiredArgsConstructor
 public class DeviceTokenService {
@@ -20,32 +22,61 @@ public class DeviceTokenService {
 
     @Transactional
     public void registerToken(Integer userId, RegisterDeviceTokenRequest request) {
-        String token = request.getToken();
+        String token = request.getToken() != null ? request.getToken().trim() : null;
+        if (token == null || token.isBlank()) {
+            throw new IllegalArgumentException("Token is required");
+        }
+
         DevicePlatform platform = request.getPlatform();
+        if (platform == null) {
+            throw new IllegalArgumentException("Platform is required");
+        }
 
         User user = userRepository.findById(userId)
                 .orElseThrow(() -> new IllegalArgumentException("User not found"));
 
-        // Upsert by unique token
-        UserDeviceToken entity = tokenRepository.findByToken(token)
-                .orElseGet(() -> UserDeviceToken.builder().token(token).build());
+        // Defensive dedup: DB unique 제약이 누락/깨진 환경에서도 한 토큰은 한 사용자만 소유하도록 보정
+        List<UserDeviceToken> duplicates = tokenRepository.findAllByToken(token);
+        UserDeviceToken entity = duplicates.isEmpty()
+                ? UserDeviceToken.builder().token(token).build()
+                : duplicates.get(0);
+
+        // 동일 사용자/플랫폼에서 기존 토큰은 비활성화하고 최신 토큰 1개만 유지
+        tokenRepository.deactivateByUserIdAndPlatformExceptToken(userId, platform, token);
 
         entity.setUser(user);
         entity.setPlatform(platform);
         entity.setIsActive(true);
-
         tokenRepository.save(entity);
+
+        if (duplicates.size() > 1) {
+            for (int i = 1; i < duplicates.size(); i++) {
+                UserDeviceToken duplicate = duplicates.get(i);
+                duplicate.setIsActive(false);
+                tokenRepository.save(duplicate);
+            }
+        }
     }
 
     @Transactional
     public void unregisterToken(Integer userId, UnregisterDeviceTokenRequest request) {
-        String token = request.getToken();
+        String token = request.getToken() != null ? request.getToken().trim() : null;
+        if (token == null || token.isBlank()) {
+            throw new IllegalArgumentException("Token is required");
+        }
 
-        tokenRepository.findByTokenAndUserId(token, userId)
-                .ifPresent(entity -> {
-                    entity.setIsActive(false);
-                    tokenRepository.save(entity);
-                });
+        tokenRepository.deactivateByTokenAndUserId(token, userId);
         // idempotent: no error if not found or already inactive
     }
+
+    @Transactional
+    public void unregisterOnLogout(Integer userId, String token) {
+        String normalized = token != null ? token.trim() : null;
+        if (normalized == null || normalized.isBlank()) {
+            // 멀티 디바이스 로그인 환경에서는 deviceToken 미전달 로그아웃 시
+            // 다른 기기의 푸시 토큰까지 비활성화하면 안 되므로 no-op 처리
+            return;
+        }
+        tokenRepository.deactivateByTokenAndUserId(normalized, userId);
+    }
 }

src/main/java/com/fund/stockProject/notification/service/OutboxDispatcher.java

@@ -2,10 +2,13 @@
 
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fund.stockProject.notification.domain.NotificationType;
 import com.fund.stockProject.notification.entity.Notification;
 import com.fund.stockProject.notification.entity.OutboxEvent;
 import com.fund.stockProject.notification.repository.NotificationRepository;
 import com.fund.stockProject.notification.repository.OutboxRepository;
+import com.fund.stockProject.preference.domain.PreferenceType;
+import com.fund.stockProject.preference.repository.PreferenceRepository;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.PageRequest;
@@ -23,6 +26,7 @@
 public class OutboxDispatcher {
     private final OutboxRepository outboxRepo;
     private final NotificationRepository notificationRepo;
+    private final PreferenceRepository preferenceRepo;
     private final SsePushService ssePushService;  // 웹/웹뷰 실시간
     private final ObjectMapper om;
 
@@ -32,11 +36,13 @@ public class OutboxDispatcher {
     public OutboxDispatcher(
             OutboxRepository outboxRepo,
             NotificationRepository notificationRepo,
+            PreferenceRepository preferenceRepo,
             SsePushService ssePushService,
             ObjectMapper om,
             @Autowired(required = false) FcmPushService fcmPushService) {
         this.outboxRepo = outboxRepo;
         this.notificationRepo = notificationRepo;
+        this.preferenceRepo = preferenceRepo;
         this.ssePushService = ssePushService;
         this.om = om;
         this.fcmPushService = fcmPushService;
@@ -108,9 +114,31 @@ public void dispatchRetry() {
     private void processEvent(OutboxEvent e) {
         try {
             Map<String, Object> payload = om.readValue(e.getPayload(), new TypeReference<>(){});
-            Integer nId = Integer.valueOf(payload.get("notificationId").toString());
-            Integer userId = Integer.valueOf(payload.get("userId").toString());
-            Notification n = notificationRepo.findById(nId).orElseThrow();
+            Integer nId = toInteger(payload.get("notificationId"));
+            Integer userId = toInteger(payload.get("userId"));
+            if (nId == null || userId == null) {
+                markProcessedWithoutSend(e, "invalid_payload");
+                return;
+            }
+
+            Notification n = notificationRepo.findById(nId).orElse(null);
+            if (n == null) {
+                markProcessedWithoutSend(e, "notification_not_found");
+                return;
+            }
+
+            if (n.getNotificationType() == NotificationType.SCORE_SPIKE) {
+                Integer stockId = n.getStock() != null ? n.getStock().getId() : toInteger(payload.get("stockId"));
+                boolean enabled = stockId != null && preferenceRepo
+                        .existsByUserIdAndStockIdAndPreferenceTypeAndNotificationEnabled(
+                                userId, stockId, PreferenceType.BOOKMARK, true);
+
+                if (!enabled) {
+                    notificationRepo.delete(n);
+                    markProcessedWithoutSend(e, "notification_disabled_or_unbookmarked");
+                    return;
+                }
+            }
 
             // SSE 푸시 (웹/웹뷰)
             ssePushService.pushToUser(userId, n);
@@ -140,6 +168,26 @@ private void processEvent(OutboxEvent e) {
         }
     }
 
+    private Integer toInteger(Object value) {
+        if (value == null) {
+            return null;
+        }
+        if (value instanceof Number number) {
+            return number.intValue();
+        }
+        try {
+            return Integer.valueOf(value.toString());
+        } catch (NumberFormatException e) {
+            return null;
+        }
+    }
+
+    private void markProcessedWithoutSend(OutboxEvent event, String reason) {
+        event.setStatus("PROCESSED");
+        outboxRepo.save(event);
+        log.info("Skipped notification dispatch: eventId={}, reason={}", event.getId(), reason);
+    }
+
     /**
      * 에러 처리 및 재시도 로직
      */