package com.takensoft.common.util; import com.fasterxml.jackson.databind.ObjectMapper; import com.takensoft.cms.loginPolicy.service.LoginModeService; import com.takensoft.cms.loginPolicy.service.LoginPolicyService; import com.takensoft.cms.mber.service.LgnHstryService; import com.takensoft.cms.mber.vo.LgnHstryVO; import com.takensoft.cms.mber.vo.MberVO; import com.takensoft.cms.token.service.RefreshTokenService; import com.takensoft.cms.token.vo.RefreshTknVO; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpSession; import lombok.RequiredArgsConstructor; import org.springframework.beans.factory.annotation.Value; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.http.HttpStatus; import org.springframework.stereotype.Component; import java.io.IOException; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.concurrent.TimeUnit; @Component @RequiredArgsConstructor public class LoginUtil { private final LgnHstryService lgnHstryService; private final HttpRequestUtil httpRequestUtil; private final LoginModeService loginModeService; private final RefreshTokenService refreshTokenService; private final LoginPolicyService loginPolicyService; private final JWTUtil jwtUtil; private final SessionUtil sessionUtil; private final RedisTemplate<String, String> redisTemplate; @Value("${jwt.accessTime}") private long JWT_ACCESSTIME; // access 토큰 유지 시간 @Value("${jwt.refreshTime}") private long JWT_REFRESHTIME; // refresh 토큰 유지 시간 @Value("${cookie.time}") private int COOKIE_TIME; // 쿠키 유지 시간 public void successLogin(MberVO mber, HttpServletRequest req, HttpServletResponse res) { try { // 로그인 이력 등록 LgnHstryVO lgnHstryVO = new LgnHstryVO(); lgnHstryVO.setLgnId(mber.getLgnId()); lgnHstryVO.setLgnType(mber.getAuthorities().stream().anyMatch(role -> role.getAuthority().equals("ROLE_ADMIN")) ? "0" : "1"); lgnHstryVO.setCntnIp(httpRequestUtil.getIp(req)); lgnHstryVO.setCntnOperSys(httpRequestUtil.getOS(httpRequestUtil.getUserAgent(req))); lgnHstryVO.setDeviceNm(httpRequestUtil.getDevice(httpRequestUtil.getUserAgent(req))); lgnHstryVO.setBrwsrNm(httpRequestUtil.getBrowser(httpRequestUtil.getUserAgent(req))); lgnHstryService.LgnHstrySave(lgnHstryVO); // 로그인 방식 확인 JWT or SESSION String loginType = loginModeService.getLoginMode(); // 토큰 생성(access, refresh) String accessToken = jwtUtil.createJwt("Authorization", mber.getMbrId(), mber.getLgnId(), mber.getMbrNm(), (List) mber.getAuthorities(), JWT_ACCESSTIME); String refreshToken = jwtUtil.createJwt("refresh", mber.getMbrId(), mber.getLgnId(), mber.getMbrNm(), (List) mber.getAuthorities(), JWT_REFRESHTIME); // refreshToken이 현재 IP와 계정으로 등록되어 있는지 확인 RefreshTknVO refresh = new RefreshTknVO(); refresh.setMbrId(mber.getMbrId()); // refresh 토큰이 현재 아이피와 아이디로 DB에 등록 되어 있다면 if (refreshTokenService.findByCheckRefresh(req, refresh)) { refreshTokenService.delete(req, refresh); } // refreshToken DB 저장 refresh.setToken(refreshToken); if ("S".equals(loginType)) { HttpSession session = req.getSession(true); session.setAttribute("JWT_TOKEN", accessToken); // 중복 로그인 비허용일 때 기존 세션 만료 if (!loginPolicyService.getPolicy()) { sessionUtil.registerSession(mber.getMbrId(), session); } Map<String, Object> result = new HashMap<>(); result.put("mbrId", mber.getMbrId()); result.put("mbrNm", mber.getMbrNm()); result.put("roles", mber.getAuthorList()); res.setContentType("application/json;charset=UTF-8"); res.setStatus(HttpStatus.OK.value()); new ObjectMapper().writeValue(res.getOutputStream(), result); } else { res.setHeader("Authorization", accessToken); res.addCookie(jwtUtil.createCookie("refresh", refreshToken, COOKIE_TIME)); // 중복 로그인 비허용일 때 Redis 저장 if (!loginPolicyService.getPolicy()) { redisTemplate.delete("jwt:" + mber.getMbrId()); redisTemplate.opsForValue().set("jwt:" + mber.getMbrId(), accessToken, JWT_ACCESSTIME, TimeUnit.MILLISECONDS); } } refreshTokenService.saveRefreshToken(req, res, refresh, JWT_REFRESHTIME); res.setHeader("login-type", loginType); } catch (IOException ioe) { throw new RuntimeException(ioe); } catch (Exception e) { throw e; } } }