Skip to content

feat(User,Token): 리프레시 토큰 중복 저장 로직 수정 #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
HyemIin merged 1 commit into from
Jul 8, 2025
Merged

feat(User,Token): 리프레시 토큰 중복 저장 로직 수정 #71

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 1 addition & 4 deletions ...t-app-admin-api/src/main/java/com/nowait/applicationadmin/token/service/TokenService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,9 +58,6 @@ public void updateRefreshToken(Long userId, String oldRefreshToken, String newRe
throw new TokenBadRequestException(); // 400
}

// 기존 토큰 삭제 및 새 토큰 저장
tokenRepository.delete(token);
Token newToken = Token.toEntity(token.getUser(), newRefreshToken, LocalDateTime.now().plusDays(30));
tokenRepository.save(newToken);
token.updateRefreshToken(newRefreshToken, LocalDateTime.now().plusDays(30));
}
}
2 changes: 0 additions & 2 deletions ...p-user-api/src/main/java/com/nowait/applicationuser/token/controller/TokenController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,11 @@
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.CookieValue;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import com.nowait.applicationuser.security.jwt.JwtUtil;
import com.nowait.applicationuser.token.dto.AuthenticationResponse;
import com.nowait.applicationuser.token.dto.RefreshTokenRequest;
import com.nowait.applicationuser.token.service.TokenService;

import io.swagger.v3.oas.annotations.Operation;
Expand Down
4 changes: 1 addition & 3 deletions nowait-app-user-api/src/main/java/com/nowait/applicationuser/token/service/TokenService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,6 @@ public void updateRefreshToken(Long userId, String oldRefreshToken, String newRe
}

// 기존 토큰 삭제 및 새 토큰 저장
tokenRepository.delete(token);
Token newToken = Token.toEntity(token.getUser(), newRefreshToken, LocalDateTime.now().plusDays(30));
tokenRepository.save(newToken);
token.updateRefreshToken(newRefreshToken, LocalDateTime.now().plusDays(30));
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jul 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Token 엔티티의 updateRefreshToken 메서드 존재 여부를 확인하세요.

코드에서 token.updateRefreshToken(newRefreshToken, LocalDateTime.now().plusDays(30))를 호출하고 있는데, Token 엔티티에 해당 메서드가 존재하는지 확인이 필요합니다.

다음 스크립트를 실행하여 Token 엔티티의 updateRefreshToken 메서드를 확인하세요:

🏁 Script executed:

#!/bin/bash
# Token 엔티티에서 updateRefreshToken 메서드를 검색
ast-grep --pattern $'class Token {
  $$$
  updateRefreshToken($$$) {
    $$$
  }
  $$$
}'

Length of output: 90

다른 방식으로 메서드 존재 여부를 확인해보겠습니다. 전체 소스에서 updateRefreshToken 호출/정의 검색:

🏁 Script executed:

#!/bin/bash
# 전체 소스에서 updateRefreshToken 메서드 존재 여부 확인
rg -n "updateRefreshToken" src

Length of output: 74

Token 엔티티 정의 위치에서 메서드를 다시 찾아보겠습니다.

🏁 Script executed:

#!/bin/bash
# 프로젝트 루트에서 updateRefreshToken 정의/호출 위치 검색
rg -n "updateRefreshToken" -g "*.java" .
# Token 엔티티 클래스 파일 위치 확인
rg -n "class Token" -g "*.java" .

Length of output: 2792

updateRefreshToken 메서드 정의 확인 및 개선 제안

  • Token 엔티티(nowait-domain/domain-core-rdb/src/main/java/com/nowait/domaincorerdb/token/entity/Token.java:55)에
    public void updateRefreshToken(String refreshToken, LocalDateTime expiredDate) { … }가 정의되어 있습니다.
  • 남은 개선 사항:
    • 만료 기간(30일)을 하드코딩 대신 application.yml 등의 설정으로 외부화
    LocalDateTime.now() 사용으로 인한 타임존 이슈를 방지하기 위해 Clock 주입 또는 ZonedDateTime/Instant 활용 검토
🤖 Prompt for AI Agents 
In
nowait-app-user-api/src/main/java/com/nowait/applicationuser/token/service/TokenService.java
at line 61, the call to updateRefreshToken uses a hardcoded 30-day expiration
and LocalDateTime.now(), which can cause timezone issues. Refactor to
externalize the expiration period by reading it from application.yml
configuration and inject a Clock instance to obtain the current time, replacing
LocalDateTime.now() with a timezone-aware time source like ZonedDateTime or
Instant derived from the injected Clock.

}
}