refresh 토큰 만료기간 추가

src/main/java/com/gapple/weeingback/domain/auth/dto/AuthLoginResponse.java

@@ -2,12 +2,13 @@
 
 import lombok.AllArgsConstructor;
 import lombok.Getter;
-import lombok.NoArgsConstructor;
 
 @Getter
 @AllArgsConstructor
 public class AuthLoginResponse {
-    private String token;
+    private String access;
+
+    private String refresh;
 
     private String success;
 }

src/main/java/com/gapple/weeingback/domain/auth/service/impl/AuthServiceImpl.java

@@ -12,13 +12,11 @@
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
 import java.util.ArrayList;
-import java.util.Collection;
 import java.util.List;
 
 @Service
@@ -59,8 +57,9 @@ public ResponseEntity<AuthLoginResponse> login(AuthLoginRequest request){
 
             Authentication authentication =
                     new UsernamePasswordAuthenticationToken(id, password, roles);
-            String token = jwtProvider.generateToken(authentication);
-            return ResponseEntity.ok(new AuthLoginResponse(token, "ok"));
+            String access = jwtProvider.generateAccessToken(authentication);
+            String refresh = jwtProvider.generateRefreshToken(authentication);
+            return ResponseEntity.ok(new AuthLoginResponse(access, refresh, "ok"));
         } else throw new IllegalArgumentException();
     }
 

src/main/java/com/gapple/weeingback/global/jwt/JwtProvider.java

@@ -1,46 +1,63 @@
  package com.gapple.weeingback.global.jwt;
 
- import com.gapple.weeingback.domain.member.entity.AccessRole;
  import io.jsonwebtoken.Jwts;
  import io.jsonwebtoken.SignatureAlgorithm;
- import jakarta.servlet.http.HttpServletRequest;
  import org.springframework.beans.factory.annotation.Value;
  import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  import org.springframework.security.core.Authentication;
- import org.springframework.security.core.GrantedAuthority;
  import org.springframework.stereotype.Component;
- import java.util.Collection;
+
  import java.util.Date;
 
  import static org.springframework.security.core.authority.AuthorityUtils.createAuthorityList;
 
  @Component
  public class JwtProvider {
      private String secretKey;
-     private Long expired;
+     private Long access;
+     private Long refresh;
 
      public JwtProvider(@Value("${jwt.secret}") String secretKey,
-                        @Value("${jwt.expired}") Long expired){
+                        @Value("${jwt.access}") Long access,
+                        @Value("${jwt.refresh}") Long refresh){
         this.secretKey = secretKey;
-        this.expired = expired;
+        this.access = access;
+        this.refresh = refresh;
+     }
+
+     public String generateAccessToken(Authentication authentication) {
+         return generateToken(
+                 authentication.getPrincipal().toString(),
+                 authentication.getCredentials().toString(),
+                 getAccessExpireDate()
+         );
      }
 
-     public String generateToken(Authentication authentication) {
-         return generateToken(authentication.getPrincipal().toString(), authentication.getCredentials().toString());
+     public String generateRefreshToken(Authentication authentication) {
+         return generateToken(
+                 authentication.getPrincipal().toString(),
+                 authentication.getCredentials().toString(),
+                 getRefreshExpireDate()
+         );
      }
 
-     public String generateToken(String username, String role) {
+     public String generateToken(String username, String role, Date expired) {
          return Jwts.builder()
                  .setSubject(username)
                  .claim("role", role)
-                 .setExpiration(getExpireDate())
+                 .setExpiration(expired)
                  .signWith(SignatureAlgorithm.HS256, secretKey)
                  .compact();
      }
 
-     private Date getExpireDate() {
+     private Date getAccessExpireDate() {
+         Date now = new Date();
+         return new Date(now.getTime() + access);
+     }
+
+     private Date getRefreshExpireDate() {
          Date now = new Date();
-         return new Date(now.getTime() + expired);
+         return new Date(now.getTime() + refresh);
      }
 
      public String resolveToken(String token) {

src/main/resources/application.yml

@@ -32,4 +32,5 @@ spring:
 
 jwt:
   secret: ${JWT_SECRET}
-  expired: 86400
+  access: 3600000
+  refresh: 259200000