From 659215a58be514cc24bc0b1ad5dfbdda17733f82 Mon Sep 17 00:00:00 2001
From: mybloom <baejungeun11@gmail.com>
Date: Sat, 11 Jun 2022 16:58:57 +0900
Subject: [PATCH] =?UTF-8?q?refactor:=20Service=EC=97=90=EC=84=9C=20payload?=
 =?UTF-8?q?=20=EC=83=9D=EC=84=B1=ED=95=98=EB=8A=94=20=EB=B6=80=EB=B6=84=20?=
 =?UTF-8?q?=EB=A9=94=EC=84=9C=EB=93=9C=EB=A1=9C=20=EC=B6=94=EC=B6=9C=20=20?=
 =?UTF-8?q?(ios-h/airbnb#35)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- accessToken, freshToken용을 따로 생성
---
 .../org/team4/airbnb/auth/OAuthService.java   | 32 +++++++++++++------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/BE/src/main/java/org/team4/airbnb/auth/OAuthService.java b/BE/src/main/java/org/team4/airbnb/auth/OAuthService.java
index f8e48d77f..af422eec8 100644
--- a/BE/src/main/java/org/team4/airbnb/auth/OAuthService.java
+++ b/BE/src/main/java/org/team4/airbnb/auth/OAuthService.java
@@ -6,6 +6,7 @@
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Random;
 import lombok.RequiredArgsConstructor;
 import org.springframework.core.ParameterizedTypeReference;
 import org.springframework.http.MediaType;
@@ -33,7 +34,10 @@ public class OAuthService {
 	private final JwtTokenProvider jwtTokenProvider;
 
 	private final String TOKEN_TYPE = "Bearer";
-	private final long VALID_TIME = Duration.ofMillis(30).toMillis();
+	private final long VALID_TIME_ACCESS_TOKEN = Duration.ofMillis(30).toMillis();
+	private final long VALID_TIME_REFRESH_TOKEN = Duration.ofMillis(60).toMillis();
+
+	private final Random random = new Random();
 
 	@Transactional
 	public LoginResponse processLogin(String provider, String authCode) {
@@ -53,20 +57,28 @@ public LoginResponse processLogin(String provider, String authCode) {
 	 * @return 로그인 응답 DTO
 	 */
 	private LoginResponse createJwtTokenAndMakeResponse(String userId) {
-		JwtPayload payload = makePayload(userId);
-		String accessToken = jwtTokenProvider.createAccessToken(userId);
-		String refreshToken = jwtTokenProvider.createRefreshToken();
+		Date issuedAt = new Date(System.currentTimeMillis());
+		Map<String, Object> privateClaim = new HashMap<>();
+		privateClaim.put("userid", userId);
+		privateClaim.put("role", "customer");
+
+		String accessToken = jwtTokenProvider.createToken(makePayloadForAccessToken(privateClaim, issuedAt));
+		String refreshToken = jwtTokenProvider.createToken(makePayloadForRefreshToken(privateClaim, issuedAt));
 
 		return LoginResponse.of(accessToken, refreshToken, TOKEN_TYPE);
 	}
 
-	private JwtPayload makePayload(String userId) {
-		Date issuedAt = new Date(System.currentTimeMillis());
-		Date expiration = new Date(System.currentTimeMillis() + VALID_TIME);
-		Map<String, String> privateClaim = new HashMap<>();
+	private JwtPayload makePayloadForAccessToken(Map<String, Object> privateClaim, Date issuedAt) {
+		Date expiration = new Date(System.currentTimeMillis() + VALID_TIME_ACCESS_TOKEN);
+		return JwtPayload.of(issuedAt, expiration, privateClaim);
+	}
 
-		privateClaim.put("userid", userId);
-		privateClaim.put("role","customer");
+	private JwtPayload makePayloadForRefreshToken(Map<String, Object> privateClaim, Date issuedAt) {
+		Date expiration = new Date(System.currentTimeMillis() + VALID_TIME_REFRESH_TOKEN);
+
+		byte[] bytes = new byte[7];
+		random.nextBytes(bytes);
+		privateClaim.put("refresh", new String(bytes, StandardCharsets.UTF_8));
 
 		return JwtPayload.of(issuedAt, expiration, privateClaim);
 	}