fix: token parsing issue by removing Bearer prefix and trimming spaces

mash-up-kr · Aug 17, 2024 · f0e7989 · f0e7989
1 parent ad52aba
commit f0e7989
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 3 deletions.
diff --git a/api/src/main/kotlin/com/mashup/dojo/config/security/JwtTokenService.kt b/api/src/main/kotlin/com/mashup/dojo/config/security/JwtTokenService.kt
@@ -3,6 +3,7 @@ package com.mashup.dojo.config.security
 import com.mashup.dojo.DojoException
 import com.mashup.dojo.DojoExceptionType
 import com.mashup.dojo.domain.MemberId
+import io.github.oshai.kotlinlogging.KotlinLogging
 import io.jsonwebtoken.Claims
 import io.jsonwebtoken.Jwts
 import io.jsonwebtoken.Jwts.SIG
@@ -18,6 +19,8 @@ class MemberAuthToken(
     }
 }
 
+private val logger = KotlinLogging.logger { }
+
 class JwtTokenService(
     private val secretKey: String,
 ) {
@@ -65,6 +68,10 @@ class JwtTokenService(
                 .build()
                 .parseSignedClaims(token.credentials)
                 .payload
-        }.getOrElse { throw DojoException.of(DojoExceptionType.INVALID_TOKEN) }
+        }.onFailure { error ->
+            logger.info { "Error parsing token: ${error.message}" }
+        }.getOrElse {
+            throw DojoException.of(DojoExceptionType.INVALID_TOKEN)
+        }
     }
 }
diff --git a/api/src/main/kotlin/com/mashup/dojo/config/security/MemberAuthTokenAuthenticationFilter.kt b/api/src/main/kotlin/com/mashup/dojo/config/security/MemberAuthTokenAuthenticationFilter.kt
@@ -42,8 +42,16 @@ class MemberAuthTokenAuthenticationFilter(
 
     private fun resolveMemberAuthToken(request: HttpServletRequest): MemberAuthToken? {
         return kotlin.runCatching {
-            val token = request.getHeader(AUTHORIZATION_HEADER_NAME)
-            MemberAuthToken(token)
+            // 헤더 자체를 trim
+            val header = request.getHeader(AUTHORIZATION_HEADER_NAME)?.trim()
+            logger.info("Authorization header = $header")
+
+            // "Bearer " 접두사 제거
+            val token = header?.takeIf { it.startsWith(BEARER_PREFIX) }?.substring(BEARER_START_INDEX)?.trim()
+            logger.info("Token after removing Bearer and trimming = $token")
+
+            // token이 null이 아닌 경우에만 MemberAuthToken 생성
+            token?.let { MemberAuthToken(it) }
         }.getOrNull()
     }
 
@@ -69,5 +77,7 @@ class MemberAuthTokenAuthenticationFilter(
 
     companion object {
         private const val AUTHORIZATION_HEADER_NAME = "Authorization"
+        private const val BEARER_PREFIX = "Bearer "
+        private const val BEARER_START_INDEX = 7
     }
 }