Merge pull request #192 from UDR-Sequence/feat/jsb/social-login

Feat/jsb/social login

Author: kim946509

sequence_member/src/main/java/sequence/sequence_member/member/authority/OAuth2FailureHandler.java

@@ -2,27 +2,24 @@
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.stereotype.Component;
 
 import java.io.IOException;
 
+@Slf4j
 @Component
 public class OAuth2FailureHandler implements AuthenticationFailureHandler {
 
-    private static final Logger logger = LoggerFactory.getLogger(OAuth2FailureHandler.class);
-
     @Override
     public void onAuthenticationFailure(HttpServletRequest request,
                                         HttpServletResponse response,
                                         AuthenticationException exception)
             throws IOException {
 
-        logger.error("소셜 로그인 실패: {}", exception.getMessage());
-        exception.printStackTrace(); // 에러 로그 확인
+        log.error("소셜 로그인 실패: {}", exception.getMessage());
         response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
         response.setContentType("application/json;charset=UTF-8");
         response.getWriter().write("{\"error\": \"소셜 로그인에 실패했습니다: " + exception.getMessage() + "\"}");

sequence_member/src/main/java/sequence/sequence_member/member/authority/OAuth2SuccessHandler.java

@@ -5,33 +5,27 @@
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
 import org.springframework.web.util.UriComponentsBuilder;
-import sequence.sequence_member.global.enums.enums.AuthProvider;
+import sequence.sequence_member.member.dto.MemberPrincipal;
 import sequence.sequence_member.member.entity.MemberEntity;
 import sequence.sequence_member.member.jwt.JWTUtil;
-import sequence.sequence_member.member.repository.MemberRepository;
 import sequence.sequence_member.member.service.TokenReissueService;
 
 import java.io.IOException;
-import java.util.Optional;
 
 @Slf4j
 @Component
 public class OAuth2SuccessHandler implements AuthenticationSuccessHandler {
-    private final MemberRepository memberRepository;
     private final TokenReissueService tokenReissueService;
     private final JWTUtil jwtUtil;
-    private final long ACCESS_TOKEN_EXPIRED_TIME = 600000L*60*1; // 1시간
-    private final long REFRESH_TOKEN_EXPIRED_TIME = 600000L*60*24*7; // 7일
+    private final long ACCESS_TOKEN_EXPIRED_TIME = 600000L * 60; // 1시간
+    private final long REFRESH_TOKEN_EXPIRED_TIME = 600000L * 60 * 24 * 7; // 7일
 
     public OAuth2SuccessHandler(
-            MemberRepository memberRepository,
             TokenReissueService tokenReissueService,
             JWTUtil jwtUtil) {
-        this.memberRepository = memberRepository;
         this.tokenReissueService = tokenReissueService;
         this.jwtUtil = jwtUtil;
     }
@@ -41,27 +35,20 @@ public void onAuthenticationSuccess(HttpServletRequest request,
                                         HttpServletResponse response,
                                         Authentication authentication) throws IOException {
 
-        DefaultOidcUser oidcUser = (DefaultOidcUser) authentication.getPrincipal();
+        MemberPrincipal memberPrincipal = (MemberPrincipal) authentication.getPrincipal();
 
-        log.info("OAuth2 oidcUser={}", oidcUser);
+        log.info("OAuth2 인증 성공, Principal: {}", memberPrincipal);
 
-        String email = oidcUser.getEmail();
-        String name = oidcUser.getFullName();
-        String providerId = oidcUser.getName(); // 고유 사용자 ID
+        MemberEntity member = memberPrincipal.getMemberEntity();
 
-        Optional<MemberEntity> optionalUser = memberRepository.findByEmail(email);
+        String email = member.getEmail();
+        if (email == null || email.isEmpty()) {
+            log.error("인증된 Principal에서 이메일(email)이 null 또는 비어있습니다. 로그인 처리 실패.");
+            response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Email not found in OAuth2 principal.");
+            return;
+        }
 
-        MemberEntity member = optionalUser.orElseGet(() -> {
-            MemberEntity newUser = MemberEntity.createSocialMember(
-                    email,
-                    name,
-                    AuthProvider.GOOGLE,
-                    providerId
-            );
-            return memberRepository.save(newUser);
-        });
-
-        log.info("OAuth2 로그인 성공: email={}, provider={}", member.getEmail(), member.getProvider());
+        log.info("OAuth2 로그인 성공: email={}", email);
 
         String username = member.getUsername();
 
@@ -76,7 +63,7 @@ public void onAuthenticationSuccess(HttpServletRequest request,
         // 쿠키에 refreshToken 설정
         Cookie refreshTokenCookie = new Cookie("refresh", refresh);
         refreshTokenCookie.setHttpOnly(true);
-        refreshTokenCookie.setSecure(false); // 배포 시 true (https)
+        refreshTokenCookie.setSecure(false); // 로컬 HTTP 환경에서는 false, 배포 HTTPS 시 true로 변경해야 합니다.
         refreshTokenCookie.setPath("/");
         refreshTokenCookie.setMaxAge((int) (REFRESH_TOKEN_EXPIRED_TIME / 1000));
         response.addCookie(refreshTokenCookie);

sequence_member/src/main/java/sequence/sequence_member/member/config/SecurityConfig.java

@@ -11,9 +11,16 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
+import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.logout.LogoutFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import sequence.sequence_member.member.authority.OAuth2FailureHandler;
@@ -22,13 +29,15 @@
 import sequence.sequence_member.member.jwt.JWTFilter;
 import sequence.sequence_member.member.jwt.JWTUtil;
 import sequence.sequence_member.member.jwt.LoginFilter;
+import sequence.sequence_member.member.repository.CustomAuthorizationRequestRepository;
 import sequence.sequence_member.member.repository.MemberRepository;
 import sequence.sequence_member.member.repository.RefreshRepository;
-import sequence.sequence_member.member.service.CustomOAuth2UserService;
+import sequence.sequence_member.member.service.CustomOidcUserService;
 import sequence.sequence_member.member.service.TokenReissueService;
 
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.LinkedHashMap;
 
 @Configuration
 @EnableWebSecurity
@@ -43,7 +52,7 @@ public class SecurityConfig {
     private final MemberRepository memberRepository;
     private final OAuth2FailureHandler oAuth2FailureHandler;
     private final OAuth2SuccessHandler oAuth2SuccessHandler;
-    private final CustomOAuth2UserService customOAuth2UserService;
+    private final CustomOidcUserService customOidcUserService;
 
     @Bean
     public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
@@ -55,6 +64,11 @@ public BCryptPasswordEncoder bCryptPasswordEncoder(){
         return new BCryptPasswordEncoder();
     }
 
+    @Bean
+    public AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository() {
+        return new CustomAuthorizationRequestRepository();
+    }
+
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception{
         // Custom LoginFilter 등록
@@ -100,24 +114,54 @@ public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
         //경로별 인가 작업
         http
                 .authorizeHttpRequests((auth)->auth
-                        .requestMatchers("/api/login", "/api/users/join", "/api/token", "/api/users/check_username", "/api/users/check_email", "/api/users/check_nickname", "/api/skills/**", "/api/users/test", "/api/auth/**").permitAll()
+                        // 인증이 필요 없는 경로들을 먼저 정의합니다.
+                        .requestMatchers(
+                                "/api/login",
+                                "/api/users/join",
+                                "/api/token",
+                                "/api/users/check_username",
+                                "/api/users/check_email",
+                                "/api/users/check_nickname",
+                                "/api/skills/**",
+                                "/api/users/test",
+                                "/api/auth/**",
+                                "/error",
+                                "/actuator/**",
+                                "/oauth2/**",
+                                "/login/oauth2/code/**",
+                                "/favicon.ico",
+                                "/.well-known/**",
+                                "/"
+                        ).permitAll()
                         .requestMatchers(HttpMethod.GET,"/api/projects/**").permitAll()
                         .requestMatchers(HttpMethod.GET, "/api/archive/projects/**").permitAll()
                         .requestMatchers(HttpMethod.GET, "/api/archive/{archiveId}").permitAll()
-                        .requestMatchers("/api/archive/**").authenticated()
-                        .requestMatchers("/error").permitAll()
-                        .requestMatchers("/actuator/**").permitAll()
-                        .requestMatchers("/oauth2/**").permitAll()
-                        .anyRequest().authenticated());
+                        .requestMatchers("/api/archive/**").authenticated() // 인증 필요
+                        .anyRequest().authenticated()); // 나머지 모든 요청은 인증 필요
         http
                 .oauth2Login(oauth2 -> oauth2
+                        .authorizationEndpoint(authEndpoint -> authEndpoint
+                                .authorizationRequestRepository(authorizationRequestRepository())
+                        )
                         .userInfoEndpoint(userInfo -> userInfo
-                                .userService(customOAuth2UserService)
+                                .oidcUserService(customOidcUserService)
                         )
                         .successHandler(oAuth2SuccessHandler)
                         .failureHandler(oAuth2FailureHandler)
                 );
 
+        LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>();
+        entryPoints.put(new AntPathRequestMatcher("/oauth2/authorization/**"), new Http403ForbiddenEntryPoint());
+        entryPoints.put(new AntPathRequestMatcher("/favicon.ico"), new Http403ForbiddenEntryPoint());
+        entryPoints.put(new AntPathRequestMatcher("/.well-known/**"), new Http403ForbiddenEntryPoint());
+
+        http
+                .exceptionHandling(exceptionHandling -> {
+                    DelegatingAuthenticationEntryPoint delegatingEntryPoint = new DelegatingAuthenticationEntryPoint(entryPoints);
+                    delegatingEntryPoint.setDefaultEntryPoint(new Http403ForbiddenEntryPoint()); // 기본 엔트리포인트 명시적으로 설정
+                    exceptionHandling.authenticationEntryPoint(delegatingEntryPoint);
+                });
+
         http
                 .addFilterBefore(new JWTFilter(jwtUtil), LoginFilter.class);
 

sequence_member/src/main/java/sequence/sequence_member/member/controller/AuthenticationController.java

@@ -0,0 +1,39 @@
+package sequence.sequence_member.member.controller;
+
+import jakarta.servlet.http.HttpSession;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.util.UriComponentsBuilder;
+import sequence.sequence_member.global.response.ApiResponseData;
+
+import java.util.UUID;
+
+@Slf4j
+@RestController
+@RequestMapping("/api/social")
+public class AuthenticationController {
+    @GetMapping("/bind/google")
+    public ResponseEntity<ApiResponseData<String>> bindGoogle(
+            HttpSession session
+    ) {
+        String username = SecurityContextHolder.getContext().getAuthentication().getName();
+        log.info("계정 연동 요청: username = {}, provider = google", username);
+
+        String bindingDataSessionKey = "oauth2_binding_username";
+        session.setAttribute(bindingDataSessionKey, username);
+        log.info("세션에 바인딩할 사용자 이름 저장 완료: {}", username);
+
+        String bindingStateToken = "bind:" + UUID.randomUUID();
+        String redirectUri = UriComponentsBuilder
+                .fromUriString("http://localhost:8080" + "/oauth2/authorization/google")
+                .queryParam("binding_state_token", bindingStateToken)
+                .build()
+                .toUriString();
+
+        return ResponseEntity.ok().body(ApiResponseData.success(redirectUri));
+    }
+}

sequence_member/src/main/java/sequence/sequence_member/member/dto/MemberPrincipal.java

@@ -3,21 +3,27 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.security.oauth2.core.oidc.OidcIdToken;
+import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import sequence.sequence_member.member.entity.MemberEntity;
 
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Map;
 
-public class MemberPrincipal implements OAuth2User, UserDetails {
+public class MemberPrincipal implements OidcUser, UserDetails {
 
     private final MemberEntity member;
     private final Map<String, Object> attributes;
+    private final OidcIdToken idToken;
+    private final OidcUserInfo userInfo;
 
-    public MemberPrincipal(MemberEntity member, Map<String, Object> attributes) {
+    public MemberPrincipal(MemberEntity member, Map<String, Object> attributes, OidcIdToken idToken, OidcUserInfo userInfo) {
         this.member = member;
         this.attributes = attributes;
+        this.idToken = idToken;
+        this.userInfo = userInfo;
     }
 
     public MemberEntity getMember() {
@@ -69,7 +75,26 @@ public String getName() {
         return member.getName();
     }
 
-    public static MemberPrincipal create(MemberEntity member, Map<String, Object> attributes) {
-        return new MemberPrincipal(member, attributes);
+    public static MemberPrincipal create(MemberEntity member, Map<String, Object> attributes, OidcIdToken idToken, OidcUserInfo userInfo) {
+        return new MemberPrincipal(member, attributes, idToken, userInfo);
+    }
+
+    @Override
+    public Map<String, Object> getClaims() {
+        return Map.of();
+    }
+
+    @Override
+    public OidcUserInfo getUserInfo() {
+        return null;
+    }
+
+    @Override
+    public OidcIdToken getIdToken() {
+        return null;
+    }
+
+    public MemberEntity getMemberEntity() {
+        return this.member;
     }
 }

sequence_member/src/main/java/sequence/sequence_member/member/entity/MemberAuthProvider.java

@@ -0,0 +1,39 @@
+package sequence.sequence_member.member.entity;
+
+import jakarta.persistence.*;
+import lombok.AccessLevel;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import sequence.sequence_member.global.enums.enums.AuthProvider;
+
+@Entity
+@Getter
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+@Table(name = "member_auth_provider")
+public class MemberAuthProvider {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "member_id", nullable = false)
+    private MemberEntity member;
+
+    @Enumerated(EnumType.STRING)
+    @Column(name = "provider", nullable = false, length = 50)
+    private AuthProvider provider;
+
+    @Column(name = "provider_id", nullable = true, unique = true, length = 255)
+    private String providerId;
+
+    public MemberAuthProvider(MemberEntity member, AuthProvider provider, String providerId) {
+        this.member = member;
+        this.provider = provider;
+        this.providerId = providerId;
+    }
+
+    protected void setMember(MemberEntity member) {
+        this.member = member;
+    }
+}