issue #39

- Access 토큰 만료 시 Refresh 토큰으로 Access 토큰 갱신 로직 구현 중

src/middleware/auth/auth.service.ts

@@ -6,7 +6,7 @@ export class AuthService {
   constructor(private readonly jwtService: JwtService) {}
 
   generateTokens(payload: any) {
-    const accessToken = this.jwtService.sign(payload, { expiresIn: '1h' });
+    const accessToken = this.jwtService.sign(payload, { expiresIn: '5s' });
     const refreshToken = this.jwtService.sign({id: payload.id}, { expiresIn: '7d' });
 
     return { accessToken, refreshToken };

src/middleware/auth/guard/access-token.guard.ts

@@ -1,5 +1,45 @@
-import { Injectable } from "@nestjs/common";
+import { ExecutionContext, Injectable, UnauthorizedException } from "@nestjs/common";
+import { Reflector } from "@nestjs/core";
+import { TokenExpiredError } from "@nestjs/jwt";
 import { AuthGuard } from "@nestjs/passport";
+import { IS_PUBLIC_KEY } from "src/common/decorators/public.decorator";
 
 @Injectable()
-export class JwtAccessAuthGuard extends AuthGuard('access-token') {}
+export class JwtAccessAuthGuard extends AuthGuard('access-token') {
+  constructor(private reflector: Reflector) {
+    super();
+  }
+
+  canActivate(context: ExecutionContext) {
+    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
+      context.getHandler(),
+      context.getClass()
+    ]);
+
+    if (isPublic) {
+      return true;
+    }
+
+    return super.canActivate(context);
+  }
+
+  handleRequest(err: any, user:any, info:any) {
+    if (info instanceof TokenExpiredError) {
+      throw new UnauthorizedException({
+        statusCode: 401,
+        message: 'Access Token Expired',
+        code: 'AccessTokenExpired'
+      });
+    }
+
+    if (err || !user) {
+      throw new UnauthorizedException({
+        statusCode: 401,
+        message: 'Invalid Token',
+        code: 'InvalidToken'
+      });
+    }
+
+    return user;
+  }
+}

src/middleware/auth/guard/refresh-token.guard.ts

@@ -1,5 +1,45 @@
-import { Injectable } from "@nestjs/common";
+import { ExecutionContext, Injectable, UnauthorizedException } from "@nestjs/common";
+import { Reflector } from "@nestjs/core";
+import { TokenExpiredError } from "@nestjs/jwt";
 import { AuthGuard } from "@nestjs/passport";
+import { IS_PUBLIC_KEY } from "src/common/decorators/public.decorator";
 
 @Injectable()
-export class JwtRefreshAuthGuard extends AuthGuard('refresh-token') {}
+export class JwtRefreshAuthGuard extends AuthGuard('refresh-token') {
+  constructor(private reflector: Reflector) {
+    super();
+  }
+
+  canActivate(context: ExecutionContext) {
+    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
+      context.getHandler(),
+      context.getClass()
+    ]);
+
+    if (isPublic) {
+      return true;
+    }
+
+    return super.canActivate(context);
+  }
+
+  handleRequest(err: any, user:any, info:any) {
+    if (info instanceof TokenExpiredError) {
+      throw new UnauthorizedException({
+        statusCode: 401,
+        message: 'Refresh Token Expired',
+        code: 'RefreshTokenExpired'
+      });
+    }
+
+    if (err || !user) {
+      throw new UnauthorizedException({
+        statusCode: 401,
+        message: 'Invalid Token',
+        code: 'InvalidToken'
+      });
+    }
+
+    return user;
+  }
+}

src/middleware/auth/strategy/access-token.strategy.ts

@@ -1,4 +1,4 @@
-import { Injectable } from "@nestjs/common";
+import { Injectable, UnauthorizedException } from "@nestjs/common";
 import { ConfigService } from "@nestjs/config";
 import { PassportStrategy } from "@nestjs/passport";
 import { ExtractJwt, Strategy } from "passport-jwt";
@@ -13,6 +13,10 @@ export class JwtAccessStrategy extends PassportStrategy(Strategy, "access-token"
   }
 
   async validate(payload: any) {
+    const token = ExtractJwt.fromAuthHeaderAsBearerToken();
+    if (!token) {
+      throw new UnauthorizedException();
+    }
     return { id: payload.id };
   }
 }

src/middleware/auth/strategy/refresh-token.strategy.ts

@@ -13,10 +13,10 @@ export class JwtRefreshStrategy extends PassportStrategy(Strategy, 'refresh-toke
     });
   }
 
-  async validate(req: any, payload: any) {
+  async validate(payload: any) {
-    const token = ExtractJwt.fromAuthHeaderAsBearerToken()(req);
+    const token = ExtractJwt.fromAuthHeaderAsBearerToken();
 
-    if (!token) throw new UnauthorizedException();
+    if (!token) throw new UnauthorizedException('Invalid Refresh Token');
 
     return {
       id: payload.id,

src/modules/account/account.controller.ts

@@ -3,13 +3,13 @@ import { AccountService } from "./account.service";
 import * as DTO from "./dto";
 import { JwtAccessAuthGuard } from "src/middleware/auth/guard/access-token.guard";
 import { Public } from "src/common/decorators/public.decorator";
+import { JwtRefreshAuthGuard } from "src/middleware/auth/guard/refresh-token.guard";
 
 @UseGuards(JwtAccessAuthGuard)
 @Controller('account')
 export class AccountController {
   constructor(private readonly accountService: AccountService) {}
 
-  @Public()
   @Get('/')
   async test() {
     return "Test"
@@ -51,7 +51,8 @@ export class AccountController {
   }
 
   @Public()
-  @Post('refresh-access-token')
+  @UseGuards(JwtRefreshAuthGuard)
+  @Get('refresh-access-token')
   async refreshAccessToken(@Req() req): Promise<DTO.RefreshAccessTokenResponse> {
     const id = req.user.id;
     const newAccessToken = this.accountService.refreshAccessToken(id);