From 1d76630a3863308a0f9bb1ca4c3f44826df32c98 Mon Sep 17 00:00:00 2001
From: kgy1008 <gayeon1008@g.skku.edu>
Date: Sat, 22 Feb 2025 22:01:32 +0900
Subject: [PATCH] [feat] apply refresh Token rotation

---
 .../hankki/hankkiserver/api/auth/service/AuthFacade.java  | 2 +-
 .../hankki/hankkiserver/api/auth/service/AuthService.java | 8 +++++---
 .../org/hankki/hankkiserver/auth/jwt/JwtProvider.java     | 2 +-
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/hankki/hankkiserver/api/auth/service/AuthFacade.java b/src/main/java/org/hankki/hankkiserver/api/auth/service/AuthFacade.java
index fb9ea381..248380e6 100644
--- a/src/main/java/org/hankki/hankkiserver/api/auth/service/AuthFacade.java
+++ b/src/main/java/org/hankki/hankkiserver/api/auth/service/AuthFacade.java
@@ -44,7 +44,7 @@ public void logout(final long userId) {
 
     @Transactional
     public UserReissueResponse reissue(final String refreshToken) {
-        Token issuedTokens = authService.generateAccessToken(refreshToken);
+        Token issuedTokens = authService.generateNewTokens(refreshToken);
         return UserReissueResponse.of(issuedTokens);
     }
 }
diff --git a/src/main/java/org/hankki/hankkiserver/api/auth/service/AuthService.java b/src/main/java/org/hankki/hankkiserver/api/auth/service/AuthService.java
index f3411ecb..af62f652 100644
--- a/src/main/java/org/hankki/hankkiserver/api/auth/service/AuthService.java
+++ b/src/main/java/org/hankki/hankkiserver/api/auth/service/AuthService.java
@@ -51,12 +51,14 @@ public void deleteUser(final User user) {
         userInfoFinder.getUserInfo(user.getId()).softDelete();
     }
 
-    protected Token generateAccessToken(final String refreshToken) {
+    protected Token generateNewTokens(final String refreshToken) {
         String strippedToken = refreshToken.substring(BEARER.length());
         long userId = jwtProvider.getSubject(strippedToken);
         validateRefreshToken(refreshToken, userId);
-        String accessToken = jwtProvider.generateAccessToken(userId, getUserRole(userId));
-        return Token.of(accessToken, strippedToken);
+        Token issuedTokens = jwtProvider.issueTokens(userId, getUserRole(userId));
+        UserInfo findUserInfo = userInfoFinder.getUserInfo(userId);
+        findUserInfo.updateRefreshToken(issuedTokens.refreshToken());
+        return issuedTokens;
     }
 
     private Token generateTokens(final long userId) {
diff --git a/src/main/java/org/hankki/hankkiserver/auth/jwt/JwtProvider.java b/src/main/java/org/hankki/hankkiserver/auth/jwt/JwtProvider.java
index d5904259..eb286ab6 100644
--- a/src/main/java/org/hankki/hankkiserver/auth/jwt/JwtProvider.java
+++ b/src/main/java/org/hankki/hankkiserver/auth/jwt/JwtProvider.java
@@ -14,7 +14,7 @@ public Token issueTokens(final Long userId, final String role) {
         return Token.of(generateAccessToken(userId, role), generateRefreshToken(userId, role));
     }
 
-    public String generateAccessToken(final Long userId, final String role) {
+    private String generateAccessToken(final Long userId, final String role) {
         return jwtGenerator.generateToken(userId, role, true);
     }