feat: JWT refresh API 구현

src/main/java/until/the/eternity/das/auth/dto/response/SignUpResponse.java

@@ -1,10 +1,10 @@
 package until.the.eternity.das.auth.dto.response;
 
-import static io.swagger.v3.oas.annotations.media.Schema.RequiredMode.REQUIRED;
-
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.Builder;
 
+import static io.swagger.v3.oas.annotations.media.Schema.RequiredMode.REQUIRED;
+
 @Builder
 public record SignUpResponse(
 

src/main/java/until/the/eternity/das/auth/presentation/AuthController.java

@@ -11,13 +11,7 @@
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 import until.the.eternity.das.auth.application.AuthService;
 import until.the.eternity.das.auth.dto.request.LoginRequest;
 import until.the.eternity.das.auth.dto.request.SignUpRequest;
@@ -26,9 +20,13 @@
 import until.the.eternity.das.auth.dto.response.LoginResultResponse;
 import until.the.eternity.das.auth.dto.response.SignUpResponse;
 import until.the.eternity.das.common.constant.JwtConstant;
+import until.the.eternity.das.common.exception.CustomException;
+import until.the.eternity.das.common.exception.GlobalExceptionCode;
 import until.the.eternity.das.common.response.CommonResponse;
 import until.the.eternity.das.common.util.CookieUtil;
+import until.the.eternity.das.common.util.JwtUtil;
 import until.the.eternity.das.oauth.service.SocialAuthService;
+import until.the.eternity.das.token.application.TokenService;
 
 import static org.springframework.http.HttpStatus.CREATED;
 
@@ -38,8 +36,10 @@
 public class AuthController {
 
   private final AuthService authService;
+  private final TokenService tokenService;
   private final SocialAuthService socialAuthService;
   private final CookieUtil cookieUtil;
+  private final JwtUtil jwtUtil;
   private final JwtConstant jwtConstant;
 
   /**
@@ -209,4 +209,38 @@ public ResponseEntity<CommonResponse<LoginResponse>> login(
 
     return ResponseEntity.ok(CommonResponse.success(loginResponse));
   }
+
+  /**
+   * 토큰 갱신 API
+   *
+   * @param request 쿠키에서 refresh token을 추출하기 위한 HttpRequest
+   * @param response 새 토큰을 쿠키에 담기 위한 HttpResponse
+   * @return 갱신된 사용자 정보
+   */
+  @PostMapping("/refresh")
+  @Operation(summary = "토큰 갱신 API", description = """
+    - Description : 리프레시 토큰을 사용하여 새로운 액세스 토큰과 리프레시 토큰을 발급합니다.
+    - 기존 리프레시 토큰은 revoke되고 새로운 토큰이 발급됩니다 (토큰 로테이션).
+    """)
+  @ApiResponse(
+    responseCode = "200",
+    content = @Content(schema = @Schema(implementation = LoginResponse.class)))
+  public ResponseEntity<CommonResponse<LoginResponse>> refresh(
+    HttpServletRequest request,
+    HttpServletResponse response
+  ) {
+    String refreshToken = jwtUtil.extractRefreshToken(request);
+    if (refreshToken == null) {
+      throw new CustomException(GlobalExceptionCode.INVALID_REFRESH_TOKEN);
+    }
+
+    LoginResultResponse loginResultResponse = tokenService.refresh(refreshToken);
+
+    cookieUtil.createAccessTokenCookie(response, loginResultResponse.accessToken());
+    cookieUtil.createRefreshTokenCookie(response, loginResultResponse.refreshToken());
+
+    LoginResponse loginResponse = LoginResponse.from(loginResultResponse.user());
+
+    return ResponseEntity.ok(CommonResponse.success(loginResponse));
+  }
 }

src/main/java/until/the/eternity/das/common/exception/GlobalExceptionCode.java

@@ -15,6 +15,7 @@ public enum GlobalExceptionCode implements ExceptionCode {
   // JWT TOKEN
   INVALID_TOKEN(UNAUTHORIZED, "유효하지 않는 토큰입니다."),
   EXPIRED_TOKEN(UNAUTHORIZED, "만료된 토큰입니다."),
+  INVALID_REFRESH_TOKEN(UNAUTHORIZED, "유효하지 않은 리프레시 토큰입니다."),
 
   // AUTH
   EMAIL_ALREADY_EXISTS(HttpStatus.CONFLICT, "이미 가입되어 있는 이메일입니다."),

src/main/java/until/the/eternity/das/common/util/JwtUtil.java

@@ -1,10 +1,6 @@
 package until.the.eternity.das.common.util;
 
-import io.jsonwebtoken.Claims;
-import io.jsonwebtoken.ExpiredJwtException;
-import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.MalformedJwtException;
-import io.jsonwebtoken.UnsupportedJwtException;
+import io.jsonwebtoken.*;
 import io.jsonwebtoken.io.Decoders;
 import io.jsonwebtoken.security.Keys;
 import jakarta.servlet.http.Cookie;

src/main/java/until/the/eternity/das/login/entity/AccountLock.java

@@ -1,19 +1,8 @@
 package until.the.eternity.das.login.entity;
 
 
-import jakarta.persistence.Column;
-import jakarta.persistence.Entity;
-import jakarta.persistence.FetchType;
-import jakarta.persistence.Id;
-import jakarta.persistence.JoinColumn;
-import jakarta.persistence.MapsId;
-import jakarta.persistence.OneToOne;
-import jakarta.persistence.Table;
-import lombok.AccessLevel;
-import lombok.AllArgsConstructor;
-import lombok.Builder;
-import lombok.Getter;
-import lombok.NoArgsConstructor;
+import jakarta.persistence.*;
+import lombok.*;
 import org.hibernate.annotations.Comment;
 import until.the.eternity.das.user.entity.User;
 

src/main/java/until/the/eternity/das/role/entity/Role.java

@@ -1,19 +1,8 @@
 package until.the.eternity.das.role.entity;
 
 
-import jakarta.persistence.Column;
-import jakarta.persistence.Entity;
-import jakarta.persistence.EnumType;
-import jakarta.persistence.Enumerated;
-import jakarta.persistence.GeneratedValue;
-import jakarta.persistence.GenerationType;
-import jakarta.persistence.Id;
-import jakarta.persistence.Table;
-import lombok.AccessLevel;
-import lombok.AllArgsConstructor;
-import lombok.Builder;
-import lombok.Getter;
-import lombok.NoArgsConstructor;
+import jakarta.persistence.*;
+import lombok.*;
 import until.the.eternity.das.role.entity.enums.Name;
 
 @Entity

src/main/java/until/the/eternity/das/role/entity/RoleRepository.java

@@ -1,8 +1,9 @@
 package until.the.eternity.das.role.entity;
 
-import java.util.Optional;
 import until.the.eternity.das.role.entity.enums.Name;
 
+import java.util.Optional;
+
 public interface RoleRepository {
 
   Optional<Role> findByName(Name name);

src/main/java/until/the/eternity/das/role/infrastructure/JpaRoleRepository.java

@@ -1,10 +1,11 @@
 package until.the.eternity.das.role.infrastructure;
 
-import java.util.Optional;
 import org.springframework.data.jpa.repository.JpaRepository;
 import until.the.eternity.das.role.entity.Role;
 import until.the.eternity.das.role.entity.enums.Name;
 
+import java.util.Optional;
+
 public interface JpaRoleRepository extends JpaRepository<Role, Long> {
 
   Optional<Role> findByName(Name name);

src/main/java/until/the/eternity/das/role/infrastructure/RoleRepositoryImpl.java

@@ -1,12 +1,13 @@
 package until.the.eternity.das.role.infrastructure;
 
-import java.util.Optional;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Repository;
 import until.the.eternity.das.role.entity.Role;
 import until.the.eternity.das.role.entity.RoleRepository;
 import until.the.eternity.das.role.entity.enums.Name;
 
+import java.util.Optional;
+
 @Repository
 @RequiredArgsConstructor
 public class RoleRepositoryImpl implements RoleRepository {

src/main/java/until/the/eternity/das/token/application/TokenService.java

@@ -4,13 +4,15 @@
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
+import until.the.eternity.das.auth.dto.response.LoginResultResponse;
 import until.the.eternity.das.common.exception.CustomException;
 import until.the.eternity.das.common.exception.GlobalExceptionCode;
 import until.the.eternity.das.common.util.JwtUtil;
 import until.the.eternity.das.token.entity.RefreshToken;
 import until.the.eternity.das.token.entity.RefreshTokenRepository;
 import until.the.eternity.das.user.entity.User;
 import until.the.eternity.das.user.entity.UserRepository;
+import until.the.eternity.das.user.entity.enums.Status;
 
 import java.time.LocalDateTime;
 import java.util.List;
@@ -46,6 +48,48 @@ public void saveNewRefreshToken(Long userId, String token) {
     refreshTokenRepository.save(newRefreshToken);
   }
 
+  @Transactional
+  public LoginResultResponse refresh(String refreshTokenStr) {
+    // 1. JWT 서명/만료 검증
+    jwtUtil.validateToken(refreshTokenStr);
+
+    // 2. Claims에서 type == "REFRESH" 확인
+    var claims = jwtUtil.extractAllClaims(refreshTokenStr);
+    if (!"REFRESH".equals(claims.get("type", String.class))) {
+      throw new CustomException(GlobalExceptionCode.INVALID_REFRESH_TOKEN);
+    }
+
+    // 3. DB에서 유효한(revoked=false) 토큰 조회
+    RefreshToken storedToken = refreshTokenRepository.findByTokenAndRevokedFalse(refreshTokenStr)
+      .orElseThrow(() -> new CustomException(GlobalExceptionCode.INVALID_REFRESH_TOKEN));
+
+    // 4. 사용자 존재 + ACTIVE 상태 확인
+    Long userId = claims.get("userId", Long.class);
+    User user = userRepository.findById(userId)
+      .orElseThrow(() -> new CustomException(GlobalExceptionCode.USER_NOT_EXISTS));
+
+    if (user.getStatus() != Status.ACTIVE) {
+      throw new CustomException(GlobalExceptionCode.USER_DISABLED);
+    }
+
+    // 5. 기존 refresh token revoke
+    storedToken.revoke();
+
+    // 6. 새 access token + 새 refresh token 발급 (토큰 로테이션)
+    String newAccessToken = jwtUtil.generateAccessToken(user);
+    String newRefreshToken = jwtUtil.generateRefreshToken(user);
+
+    // 7. 새 refresh token DB 저장
+    saveNewRefreshToken(userId, newRefreshToken);
+
+    // 8. LoginResultResponse 반환
+    return LoginResultResponse.builder()
+      .user(user)
+      .accessToken(newAccessToken)
+      .refreshToken(newRefreshToken)
+      .build();
+  }
+
   @Transactional
   public void revokeAllUserTokens(Long userId) {
     User user = userRepository.findById(userId)

src/main/java/until/the/eternity/das/token/entity/RefreshToken.java

@@ -1,20 +1,8 @@
 package until.the.eternity.das.token.entity;
 
 
-import jakarta.persistence.Column;
-import jakarta.persistence.Entity;
-import jakarta.persistence.FetchType;
-import jakarta.persistence.GeneratedValue;
-import jakarta.persistence.GenerationType;
-import jakarta.persistence.Id;
-import jakarta.persistence.JoinColumn;
-import jakarta.persistence.ManyToOne;
-import jakarta.persistence.Table;
-import lombok.AccessLevel;
-import lombok.AllArgsConstructor;
-import lombok.Builder;
-import lombok.Getter;
-import lombok.NoArgsConstructor;
+import jakarta.persistence.*;
+import lombok.*;
 import org.hibernate.annotations.Comment;
 import until.the.eternity.das.user.entity.User;
 

src/main/java/until/the/eternity/das/token/entity/RefreshTokenRepository.java

@@ -17,4 +17,6 @@ public interface RefreshTokenRepository extends JpaRepository<RefreshToken, Long
    * @return List<RefreshToken>
    */
   List<RefreshToken> findAllByUserAndRevokedFalse(User user);
+
+  Optional<RefreshToken> findByTokenAndRevokedFalse(String token);
 }

src/main/java/until/the/eternity/das/user/entity/User.java

@@ -1,21 +1,7 @@
 package until.the.eternity.das.user.entity;
 
-import jakarta.persistence.Column;
-import jakarta.persistence.Entity;
-import jakarta.persistence.EnumType;
-import jakarta.persistence.Enumerated;
-import jakarta.persistence.FetchType;
-import jakarta.persistence.GeneratedValue;
-import jakarta.persistence.GenerationType;
-import jakarta.persistence.Id;
-import jakarta.persistence.JoinColumn;
-import jakarta.persistence.ManyToOne;
-import jakarta.persistence.Table;
-import lombok.AccessLevel;
-import lombok.AllArgsConstructor;
-import lombok.Builder;
-import lombok.Getter;
-import lombok.NoArgsConstructor;
+import jakarta.persistence.*;
+import lombok.*;
 import org.hibernate.annotations.Comment;
 import org.hibernate.annotations.CreationTimestamp;
 import org.hibernate.annotations.UpdateTimestamp;

src/main/java/until/the/eternity/das/user/entity/enums/Status.java

@@ -1,6 +1,7 @@
 package until.the.eternity.das.user.entity.enums;
 
-import lombok.*;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
 
 @Getter
 @RequiredArgsConstructor

src/main/java/until/the/eternity/das/user/presentation/UserController.java

@@ -7,12 +7,7 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.PatchMapping;
-import org.springframework.web.bind.annotation.PutMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 import until.the.eternity.das.common.response.CommonResponse;
 import until.the.eternity.das.user.application.UserService;
 import until.the.eternity.das.user.dto.request.UserInfoUpdateRequest;