refactor: 리프레시 토큰 만료시 쿠키 삭제 (#628)

* refactor: 리프레시 토큰 만료시 쿠키 삭제

* refactor: 인증 전용 예외 생성

Author: Gyuhyeok99

src/main/java/com/example/solidconnection/auth/controller/AuthController.java

@@ -117,9 +117,7 @@ public ResponseEntity<Void> quit(
     }
 
     @PostMapping("/reissue")
-    public ResponseEntity<ReissueResponse> reissueToken(
-            HttpServletRequest request
-    ) {
+    public ResponseEntity<ReissueResponse> reissueToken(HttpServletRequest request) {
         String refreshToken = refreshTokenCookieManager.getRefreshToken(request);
         ReissueResponse reissueResponse = authService.reissue(refreshToken);
         return ResponseEntity.ok(reissueResponse);

src/main/java/com/example/solidconnection/auth/exception/AuthException.java

@@ -0,0 +1,15 @@
+package com.example.solidconnection.auth.exception;
+
+import com.example.solidconnection.common.exception.CustomException;
+import com.example.solidconnection.common.exception.ErrorCode;
+
+public class AuthException extends CustomException {
+
+    public AuthException(ErrorCode errorCode) {
+        super(errorCode);
+    }
+
+    public AuthException(ErrorCode errorCode, String detail) {
+        super(errorCode, detail);
+    }
+}

src/main/java/com/example/solidconnection/auth/service/AuthService.java

@@ -5,6 +5,7 @@
 
 import com.example.solidconnection.auth.domain.AccessToken;
 import com.example.solidconnection.auth.dto.ReissueResponse;
+import com.example.solidconnection.auth.exception.AuthException;
 import com.example.solidconnection.auth.token.TokenBlackListService;
 import com.example.solidconnection.common.exception.CustomException;
 import com.example.solidconnection.siteuser.domain.SiteUser;
@@ -55,7 +56,7 @@ public void quit(long siteUserId, String token) {
     public ReissueResponse reissue(String requestedRefreshToken) {
         // 리프레시 토큰 확인
         if (!authTokenProvider.isValidRefreshToken(requestedRefreshToken)) {
-            throw new CustomException(REFRESH_TOKEN_EXPIRED);
+            throw new AuthException(REFRESH_TOKEN_EXPIRED);
         }
         // 액세스 토큰 재발급
         SiteUser siteUser = authTokenProvider.parseSiteUser(requestedRefreshToken);

src/main/java/com/example/solidconnection/common/exception/CustomException.java

@@ -5,16 +5,19 @@
 @Getter
 public class CustomException extends RuntimeException {
 
+    private final ErrorCode errorCode;
     private final int code;
     private final String message;
 
     public CustomException(ErrorCode errorCode) {
-        code = errorCode.getCode();
-        message = errorCode.getMessage();
+        this.errorCode = errorCode;
+        this.code = errorCode.getCode();
+        this.message = errorCode.getMessage();
     }
 
     public CustomException(ErrorCode errorCode, String detail) {
-        code = errorCode.getCode();
-        message = errorCode.getMessage() + " : " + detail;
+        this.errorCode = errorCode;
+        this.code = errorCode.getCode();
+        this.message = errorCode.getMessage() + " : " + detail;
     }
 }

src/main/java/com/example/solidconnection/common/exception/CustomExceptionHandler.java

@@ -5,12 +5,17 @@
 import static com.example.solidconnection.common.exception.ErrorCode.JSON_PARSING_FAILED;
 import static com.example.solidconnection.common.exception.ErrorCode.JWT_EXCEPTION;
 import static com.example.solidconnection.common.exception.ErrorCode.NOT_DEFINED_ERROR;
+import static com.example.solidconnection.common.exception.ErrorCode.REFRESH_TOKEN_EXPIRED;
 
+import com.example.solidconnection.auth.controller.RefreshTokenCookieManager;
+import com.example.solidconnection.auth.exception.AuthException;
 import com.example.solidconnection.common.response.ErrorResponse;
 import com.fasterxml.jackson.databind.exc.InvalidFormatException;
 import io.jsonwebtoken.JwtException;
+import jakarta.servlet.http.HttpServletResponse;
 import java.util.ArrayList;
 import java.util.List;
+import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.dao.DataIntegrityViolationException;
 import org.springframework.http.HttpStatus;
@@ -21,8 +26,26 @@
 
 @Slf4j
 @ControllerAdvice
+@RequiredArgsConstructor
 public class CustomExceptionHandler {
 
+    private final RefreshTokenCookieManager refreshTokenCookieManager;
+
+    @ExceptionHandler(AuthException.class)
+    protected ResponseEntity<ErrorResponse> handleAuthException(
+            AuthException ex,
+            HttpServletResponse response
+    ) {
+        log.error("인증 예외 발생 : {}", ex.getMessage());
+        if (ex.getErrorCode().equals(REFRESH_TOKEN_EXPIRED)) {
+            refreshTokenCookieManager.deleteCookie(response);
+        }
+        ErrorResponse errorResponse = new ErrorResponse(ex);
+        return ResponseEntity
+                .status(ex.getCode())
+                .body(errorResponse);
+    }
+
     @ExceptionHandler(CustomException.class)
     protected ResponseEntity<ErrorResponse> handleCustomException(CustomException ex) {
         log.error("커스텀 예외 발생 : {}", ex.getMessage());

src/test/java/com/example/solidconnection/auth/service/AuthServiceTest.java

@@ -9,8 +9,8 @@
 import com.example.solidconnection.auth.domain.RefreshToken;
 import com.example.solidconnection.auth.domain.Subject;
 import com.example.solidconnection.auth.dto.ReissueResponse;
+import com.example.solidconnection.auth.exception.AuthException;
 import com.example.solidconnection.auth.token.TokenBlackListService;
-import com.example.solidconnection.common.exception.CustomException;
 import com.example.solidconnection.siteuser.domain.SiteUser;
 import com.example.solidconnection.siteuser.fixture.SiteUserFixture;
 import com.example.solidconnection.siteuser.repository.SiteUserRepository;
@@ -109,7 +109,7 @@ class 토큰을_재발급한다 {
 
             // when, then
             assertThatCode(() -> authService.reissue(invalidRefreshToken))
-                    .isInstanceOf(CustomException.class)
+                    .isInstanceOf(AuthException.class)
                     .hasMessage(REFRESH_TOKEN_EXPIRED.getMessage());
         }
     }