From 2120626bdeba7fbd2a039456891554096a2cc2c8 Mon Sep 17 00:00:00 2001 From: johnjal Date: Sat, 11 Jan 2025 07:44:15 +0900 Subject: [PATCH 01/14] Authorization feature --- build.gradle | 11 +- .../umc/codeplay/CodeplayApplication.java | 6 +- .../umc/codeplay/apiPayLoad/ApiResponse.java | 45 ++++++ .../codeplay/apiPayLoad/code/BaseCode.java | 8 + .../apiPayLoad/code/BaseErrorCode.java | 8 + .../apiPayLoad/code/ErrorReasonDTO.java | 21 +++ .../codeplay/apiPayLoad/code/ReasonDTO.java | 21 +++ .../apiPayLoad/code/status/ErrorStatus.java | 42 ++++++ .../apiPayLoad/code/status/SuccessStatus.java | 36 +++++ .../apiPayLoad/exception/ExceptionAdvice.java | 138 ++++++++++++++++++ .../exception/GeneralException.java | 22 +++ .../exception/handler/GeneralHandler.java | 11 ++ .../umc/codeplay/config/SecurityConfig.java | 83 +++++++---- .../umc/codeplay/config/SwaggerConfig.java | 59 ++++---- .../security/CustomUserDetailsService.java | 33 +++++ .../codeplay/controller/AuthController.java | 59 ++++++++ .../controller/MemberViewController.java | 40 ++--- .../codeplay/converter/MemberConverter.java | 26 ++-- src/main/java/umc/codeplay/domain/Member.java | 22 +-- .../java/umc/codeplay/domain/enums/Role.java | 6 + .../umc/codeplay/dto/MemberRequestDTO.java | 21 ++- .../umc/codeplay/dto/MemberResponseDTO.java | 23 ++- .../codeplay/jwt/JwtAuthenticationFilter.java | 56 +++++++ src/main/java/umc/codeplay/jwt/JwtUtil.java | 90 ++++++++++++ .../codeplay/repository/MemberRepository.java | 6 +- .../umc/codeplay/service/MemberService.java | 20 ++- .../codeplay/CodeplayApplicationTests.java | 4 +- 27 files changed, 795 insertions(+), 122 deletions(-) create mode 100644 src/main/java/umc/codeplay/apiPayLoad/ApiResponse.java create mode 100644 src/main/java/umc/codeplay/apiPayLoad/code/BaseCode.java create mode 100644 src/main/java/umc/codeplay/apiPayLoad/code/BaseErrorCode.java create mode 100644 src/main/java/umc/codeplay/apiPayLoad/code/ErrorReasonDTO.java create mode 100644 src/main/java/umc/codeplay/apiPayLoad/code/ReasonDTO.java create mode 100644 src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java create mode 100644 src/main/java/umc/codeplay/apiPayLoad/code/status/SuccessStatus.java create mode 100644 src/main/java/umc/codeplay/apiPayLoad/exception/ExceptionAdvice.java create mode 100644 src/main/java/umc/codeplay/apiPayLoad/exception/GeneralException.java create mode 100644 src/main/java/umc/codeplay/apiPayLoad/exception/handler/GeneralHandler.java create mode 100644 src/main/java/umc/codeplay/config/security/CustomUserDetailsService.java create mode 100644 src/main/java/umc/codeplay/controller/AuthController.java create mode 100644 src/main/java/umc/codeplay/domain/enums/Role.java create mode 100644 src/main/java/umc/codeplay/jwt/JwtAuthenticationFilter.java create mode 100644 src/main/java/umc/codeplay/jwt/JwtUtil.java diff --git a/build.gradle b/build.gradle index 9868e13..25f8024 100644 --- a/build.gradle +++ b/build.gradle @@ -52,8 +52,17 @@ dependencies { // 스프링 시큐리티 implementation 'org.springframework.boot:spring-boot-starter-security' testImplementation 'org.springframework.security:spring-security-test' + // thymeleaf 에서 시큐리티 동작 implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.1.RELEASE' + + // jwt + implementation 'io.jsonwebtoken:jjwt-api:0.11.5' + runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5' + runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5' + + // validation + implementation 'org.springframework.boot:spring-boot-starter-validation' } tasks.named('test') { @@ -79,7 +88,7 @@ tasks.register('installLocalGitHook', Copy) { spotless { java { - googleJavaFormat() // Google Java 포맷 적용 + googleJavaFormat().aosp() // Google Java 포맷 적용 importOrder( 'java|javax|jakarta', 'org.springframework', diff --git a/src/main/java/umc/codeplay/CodeplayApplication.java b/src/main/java/umc/codeplay/CodeplayApplication.java index 8193ddd..ebe4f4d 100644 --- a/src/main/java/umc/codeplay/CodeplayApplication.java +++ b/src/main/java/umc/codeplay/CodeplayApplication.java @@ -6,7 +6,7 @@ @SpringBootApplication public class CodeplayApplication { - public static void main(String[] args) { - SpringApplication.run(CodeplayApplication.class, args); - } + public static void main(String[] args) { + SpringApplication.run(CodeplayApplication.class, args); + } } diff --git a/src/main/java/umc/codeplay/apiPayLoad/ApiResponse.java b/src/main/java/umc/codeplay/apiPayLoad/ApiResponse.java new file mode 100644 index 0000000..bd6cea8 --- /dev/null +++ b/src/main/java/umc/codeplay/apiPayLoad/ApiResponse.java @@ -0,0 +1,45 @@ +package umc.codeplay.apiPayLoad; + +import lombok.AllArgsConstructor; +import lombok.Getter; + +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import umc.codeplay.apiPayLoad.code.BaseCode; +import umc.codeplay.apiPayLoad.code.status.SuccessStatus; + +@Getter +@AllArgsConstructor +@JsonPropertyOrder({"isSuccess", "code", "message", "result"}) +public class ApiResponse { + + @JsonProperty("isSuccess") + private final Boolean isSuccess; + + private final String code; + private final String message; + + @JsonInclude(JsonInclude.Include.NON_NULL) + private T result; + + // 성공한 경우 응답 생성 + + public static ApiResponse onSuccess(T result) { + return new ApiResponse<>( + true, SuccessStatus._OK.getCode(), SuccessStatus._OK.getMessage(), result); + } + + public static ApiResponse of(BaseCode code, T result) { + return new ApiResponse<>( + true, + code.getReasonHttpStatus().getCode(), + code.getReasonHttpStatus().getMessage(), + result); + } + + // 실패한 경우 응답 생성 + public static ApiResponse onFailure(String code, String message, T data) { + return new ApiResponse<>(false, code, message, data); + } +} diff --git a/src/main/java/umc/codeplay/apiPayLoad/code/BaseCode.java b/src/main/java/umc/codeplay/apiPayLoad/code/BaseCode.java new file mode 100644 index 0000000..6e96d65 --- /dev/null +++ b/src/main/java/umc/codeplay/apiPayLoad/code/BaseCode.java @@ -0,0 +1,8 @@ +package umc.codeplay.apiPayLoad.code; + +public interface BaseCode { + + ReasonDTO getReason(); + + ReasonDTO getReasonHttpStatus(); +} diff --git a/src/main/java/umc/codeplay/apiPayLoad/code/BaseErrorCode.java b/src/main/java/umc/codeplay/apiPayLoad/code/BaseErrorCode.java new file mode 100644 index 0000000..eaa5fc7 --- /dev/null +++ b/src/main/java/umc/codeplay/apiPayLoad/code/BaseErrorCode.java @@ -0,0 +1,8 @@ +package umc.codeplay.apiPayLoad.code; + +public interface BaseErrorCode { + + ErrorReasonDTO getReason(); + + ErrorReasonDTO getReasonHttpStatus(); +} diff --git a/src/main/java/umc/codeplay/apiPayLoad/code/ErrorReasonDTO.java b/src/main/java/umc/codeplay/apiPayLoad/code/ErrorReasonDTO.java new file mode 100644 index 0000000..7916e0f --- /dev/null +++ b/src/main/java/umc/codeplay/apiPayLoad/code/ErrorReasonDTO.java @@ -0,0 +1,21 @@ +package umc.codeplay.apiPayLoad.code; + +import org.springframework.http.HttpStatus; + +import lombok.Builder; +import lombok.Getter; + +@Getter +@Builder +public class ErrorReasonDTO { // ?? + + private HttpStatus httpStatus; + + private final boolean isSuccess; + private final String code; + private final String message; + + public boolean getIsSuccess() { + return isSuccess; + } +} diff --git a/src/main/java/umc/codeplay/apiPayLoad/code/ReasonDTO.java b/src/main/java/umc/codeplay/apiPayLoad/code/ReasonDTO.java new file mode 100644 index 0000000..d15f42e --- /dev/null +++ b/src/main/java/umc/codeplay/apiPayLoad/code/ReasonDTO.java @@ -0,0 +1,21 @@ +package umc.codeplay.apiPayLoad.code; + +import org.springframework.http.HttpStatus; + +import lombok.Builder; +import lombok.Getter; + +@Getter +@Builder +public class ReasonDTO { // ?? + + private HttpStatus httpStatus; + + private final boolean isSuccess; + private final String code; + private final String message; + + public boolean getIsSuccess() { + return isSuccess; + } +} diff --git a/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java b/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java new file mode 100644 index 0000000..4d3a7fa --- /dev/null +++ b/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java @@ -0,0 +1,42 @@ +package umc.codeplay.apiPayLoad.code.status; + +import org.springframework.http.HttpStatus; + +import lombok.AllArgsConstructor; +import lombok.Getter; + +import umc.codeplay.apiPayLoad.code.BaseErrorCode; +import umc.codeplay.apiPayLoad.code.ErrorReasonDTO; + +@Getter +@AllArgsConstructor +public enum ErrorStatus implements BaseErrorCode { + + // 가장 일반적인 응답 + _INTERNAL_SERVER_ERROR(HttpStatus.INTERNAL_SERVER_ERROR, "COMMON500", "서버 에러, 관리자에게 문의 바랍니다."), + _BAD_REQUEST(HttpStatus.BAD_REQUEST, "COMMON400", "잘못된 요청입니다."), + _UNAUTHORIZED(HttpStatus.UNAUTHORIZED, "COMMON401", "인증이 필요합니다."), + _FORBIDDEN(HttpStatus.FORBIDDEN, "COMMON403", "금지된 요청입니다."), + + MEMBER_NOT_FOUND(HttpStatus.BAD_REQUEST, "MEMBER400", "유저를 찾을 수 없습니다."), + MEMBER_ALREADY_EXISTS(HttpStatus.BAD_REQUEST, "MEMBER401", "유저가 이미 존재합니다."); + + private final HttpStatus httpStatus; + private final String code; + private final String message; + + @Override + public ErrorReasonDTO getReason() { + return ErrorReasonDTO.builder().message(message).code(code).isSuccess(false).build(); + } + + @Override + public ErrorReasonDTO getReasonHttpStatus() { + return ErrorReasonDTO.builder() + .message(message) + .code(code) + .isSuccess(false) + .httpStatus(httpStatus) + .build(); + } +} diff --git a/src/main/java/umc/codeplay/apiPayLoad/code/status/SuccessStatus.java b/src/main/java/umc/codeplay/apiPayLoad/code/status/SuccessStatus.java new file mode 100644 index 0000000..3d98f57 --- /dev/null +++ b/src/main/java/umc/codeplay/apiPayLoad/code/status/SuccessStatus.java @@ -0,0 +1,36 @@ +package umc.codeplay.apiPayLoad.code.status; + +import org.springframework.http.HttpStatus; + +import lombok.AllArgsConstructor; +import lombok.Getter; + +import umc.codeplay.apiPayLoad.code.BaseCode; +import umc.codeplay.apiPayLoad.code.ReasonDTO; + +@Getter +@AllArgsConstructor +public enum SuccessStatus implements BaseCode { + + // 일반적인 응답 + _OK(HttpStatus.OK, "COMMON200", "성공입니다."); + + private final HttpStatus httpStatus; + private final String code; + private final String message; + + @Override + public ReasonDTO getReason() { + return ReasonDTO.builder().message(message).code(code).isSuccess(true).build(); + } + + @Override + public ReasonDTO getReasonHttpStatus() { + return ReasonDTO.builder() + .message(message) + .code(code) + .isSuccess(true) + .httpStatus(httpStatus) + .build(); + } +} diff --git a/src/main/java/umc/codeplay/apiPayLoad/exception/ExceptionAdvice.java b/src/main/java/umc/codeplay/apiPayLoad/exception/ExceptionAdvice.java new file mode 100644 index 0000000..d21a77f --- /dev/null +++ b/src/main/java/umc/codeplay/apiPayLoad/exception/ExceptionAdvice.java @@ -0,0 +1,138 @@ +package umc.codeplay.apiPayLoad.exception; + +import java.util.LinkedHashMap; +import java.util.Map; +import java.util.Optional; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.validation.ConstraintViolationException; + +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; +import org.springframework.http.HttpStatusCode; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.MethodArgumentNotValidException; +import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.RestControllerAdvice; +import org.springframework.web.context.request.ServletWebRequest; +import org.springframework.web.context.request.WebRequest; +import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler; + +import lombok.extern.slf4j.Slf4j; + +import umc.codeplay.apiPayLoad.ApiResponse; +import umc.codeplay.apiPayLoad.code.ErrorReasonDTO; +import umc.codeplay.apiPayLoad.code.status.ErrorStatus; + +@Slf4j +@RestControllerAdvice(annotations = {RestController.class}) +public class ExceptionAdvice extends ResponseEntityExceptionHandler { + + @ExceptionHandler + public ResponseEntity validation(ConstraintViolationException e, WebRequest request) { + String errorMessage = + e.getConstraintViolations().stream() + .map(constraintViolation -> constraintViolation.getMessage()) + .findFirst() + .orElseThrow( + () -> + new RuntimeException( + "ConstraintViolationException 추출 도중 에러 발생")); + + return handleExceptionInternalConstraint( + e, ErrorStatus.valueOf(errorMessage), HttpHeaders.EMPTY, request); + } + + @Override + public ResponseEntity handleMethodArgumentNotValid( + MethodArgumentNotValidException e, + HttpHeaders headers, + HttpStatusCode status, + WebRequest request) { + + Map errors = new LinkedHashMap<>(); + + e.getBindingResult().getFieldErrors().stream() + .forEach( + fieldError -> { + String fieldName = fieldError.getField(); + String errorMessage = + Optional.ofNullable(fieldError.getDefaultMessage()).orElse(""); + errors.merge( + fieldName, + errorMessage, + (existingErrorMessage, newErrorMessage) -> + existingErrorMessage + ", " + newErrorMessage); + }); + + return handleExceptionInternalArgs( + e, HttpHeaders.EMPTY, ErrorStatus.valueOf("_BAD_REQUEST"), request, errors); + } + + @ExceptionHandler + public ResponseEntity exception(Exception e, WebRequest request) { + e.printStackTrace(); + + return handleExceptionInternalFalse( + e, + ErrorStatus._INTERNAL_SERVER_ERROR, + HttpHeaders.EMPTY, + ErrorStatus._INTERNAL_SERVER_ERROR.getHttpStatus(), + request, + e.getMessage()); + } + + @ExceptionHandler(value = umc.codeplay.apiPayLoad.exception.GeneralException.class) + public ResponseEntity onThrowException( + umc.codeplay.apiPayLoad.exception.GeneralException generalException, + HttpServletRequest request) { + ErrorReasonDTO errorReasonHttpStatus = generalException.getErrorReasonHttpStatus(); + return handleExceptionInternal(generalException, errorReasonHttpStatus, null, request); + } + + private ResponseEntity handleExceptionInternal( + Exception e, ErrorReasonDTO reason, HttpHeaders headers, HttpServletRequest request) { + + ApiResponse body = + ApiResponse.onFailure(reason.getCode(), reason.getMessage(), null); + e.printStackTrace(); + + WebRequest webRequest = new ServletWebRequest(request); + return super.handleExceptionInternal(e, body, headers, reason.getHttpStatus(), webRequest); + } + + private ResponseEntity handleExceptionInternalFalse( + Exception e, + ErrorStatus errorCommonStatus, + HttpHeaders headers, + HttpStatus status, + WebRequest request, + String errorPoint) { + ApiResponse body = + ApiResponse.onFailure( + errorCommonStatus.getCode(), errorCommonStatus.getMessage(), errorPoint); + return super.handleExceptionInternal(e, body, headers, status, request); + } + + private ResponseEntity handleExceptionInternalArgs( + Exception e, + HttpHeaders headers, + ErrorStatus errorCommonStatus, + WebRequest request, + Map errorArgs) { + ApiResponse body = + ApiResponse.onFailure( + errorCommonStatus.getCode(), errorCommonStatus.getMessage(), errorArgs); + return super.handleExceptionInternal( + e, body, headers, errorCommonStatus.getHttpStatus(), request); + } + + private ResponseEntity handleExceptionInternalConstraint( + Exception e, ErrorStatus errorCommonStatus, HttpHeaders headers, WebRequest request) { + ApiResponse body = + ApiResponse.onFailure( + errorCommonStatus.getCode(), errorCommonStatus.getMessage(), null); + return super.handleExceptionInternal( + e, body, headers, errorCommonStatus.getHttpStatus(), request); + } +} diff --git a/src/main/java/umc/codeplay/apiPayLoad/exception/GeneralException.java b/src/main/java/umc/codeplay/apiPayLoad/exception/GeneralException.java new file mode 100644 index 0000000..d87f144 --- /dev/null +++ b/src/main/java/umc/codeplay/apiPayLoad/exception/GeneralException.java @@ -0,0 +1,22 @@ +package umc.codeplay.apiPayLoad.exception; + +import lombok.AllArgsConstructor; +import lombok.Getter; + +import umc.codeplay.apiPayLoad.code.BaseErrorCode; +import umc.codeplay.apiPayLoad.code.ErrorReasonDTO; + +@Getter +@AllArgsConstructor +public class GeneralException extends RuntimeException { + + private BaseErrorCode code; + + public ErrorReasonDTO getErrorReason() { + return this.code.getReason(); + } + + public ErrorReasonDTO getErrorReasonHttpStatus() { + return this.code.getReasonHttpStatus(); + } +} diff --git a/src/main/java/umc/codeplay/apiPayLoad/exception/handler/GeneralHandler.java b/src/main/java/umc/codeplay/apiPayLoad/exception/handler/GeneralHandler.java new file mode 100644 index 0000000..fa7e9c9 --- /dev/null +++ b/src/main/java/umc/codeplay/apiPayLoad/exception/handler/GeneralHandler.java @@ -0,0 +1,11 @@ +package umc.codeplay.apiPayLoad.exception.handler; + +import umc.codeplay.apiPayLoad.code.BaseErrorCode; +import umc.codeplay.apiPayLoad.exception.GeneralException; + +public class GeneralHandler extends GeneralException { + + public GeneralHandler(BaseErrorCode errorCode) { + super(errorCode); + } +} diff --git a/src/main/java/umc/codeplay/config/SecurityConfig.java b/src/main/java/umc/codeplay/config/SecurityConfig.java index 541df25..b1a517d 100644 --- a/src/main/java/umc/codeplay/config/SecurityConfig.java +++ b/src/main/java/umc/codeplay/config/SecurityConfig.java @@ -2,41 +2,70 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.Customizer; +import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; +import umc.codeplay.jwt.JwtAuthenticationFilter; +import umc.codeplay.jwt.JwtUtil; + @EnableWebSecurity @Configuration public class SecurityConfig { - @Bean - public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests( - (requests) -> - requests - // 인증 없이 접근 가능 - .requestMatchers("/", "/home", "/signup", "/css/**") - .permitAll() - - // 나머지는 인증 있어야 접근 가능 - .anyRequest() - .authenticated()) - .formLogin( - (form) -> - form.loginPage("/login") - .defaultSuccessUrl("/home", true) // 로그인 성공 시 홈으로 - .permitAll() // 로그인 페이지 인증없이 접근 허용 - ) - .logout( - (logout) -> logout.logoutUrl("/logout").logoutSuccessUrl("/login?logout").permitAll()); - return http.build(); - } - - @Bean - public PasswordEncoder passwordEncoder() { - return new BCryptPasswordEncoder(); - } + private final JwtUtil jwtUtil; + + public SecurityConfig(JwtUtil jwtUtil) { + this.jwtUtil = jwtUtil; + } + + // AuthenticationManager 를 빈으로 등록 (스프링 시큐리티 6.x 이상) + @Bean + public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) + throws Exception { + return configuration.getAuthenticationManager(); + } + + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + http + // 세션을 사용하지 않도록 설정 + .sessionManagement( + session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .csrf(AbstractHttpConfigurer::disable) // JWT 사용 시 일반적으로 CSRF 는 disable + .authorizeHttpRequests( + auth -> + auth + // 로그인, 회원가입 등 토큰 없이 접근해야 하는 API 허용 + .requestMatchers("/auth/login") + .permitAll() + // 그 외 나머지는 인증 필요 + .anyRequest() + .authenticated()) + // 폼 로그인 등 기본 기능 비활성화 (JWT 만 쓰려면) + .formLogin(Customizer.withDefaults()) + // .formLogin(form -> form.disable()) // 더 엄격하게 폼 로그인 완전히 비활성화할 수도 있음 + .logout(AbstractHttpConfigurer::disable); + + // 커스텀 JWT 필터 추가 + // UsernamePasswordAuthenticationFilter 이전에 동작하도록 설정 + http.addFilterBefore( + new JwtAuthenticationFilter(jwtUtil), + org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter + .class); + + return http.build(); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } } diff --git a/src/main/java/umc/codeplay/config/SwaggerConfig.java b/src/main/java/umc/codeplay/config/SwaggerConfig.java index a693c56..2c856de 100644 --- a/src/main/java/umc/codeplay/config/SwaggerConfig.java +++ b/src/main/java/umc/codeplay/config/SwaggerConfig.java @@ -13,33 +13,34 @@ @Configuration public class SwaggerConfig { - @Bean - public OpenAPI CodePlayAPI() { - - Info info = - new Info() - .title("CodePlay Server API") - .description("UMC 7th Code Play Server API 문서") - .version("1.0"); - - String securitySchemeName = "JWT TOKEN"; - - SecurityRequirement securityRequirement = new SecurityRequirement().addList(securitySchemeName); - - Components components = - new Components() - .addSecuritySchemes( - securitySchemeName, - new SecurityScheme() - .name(securitySchemeName) - .type(SecurityScheme.Type.HTTP) - .scheme("bearer") - .bearerFormat("JWT")); - - return new OpenAPI() - .addServersItem(new Server().url("/")) - .info(info) - .addSecurityItem(securityRequirement) - .components(components); - } + @Bean + public OpenAPI CodePlayAPI() { + + Info info = + new Info() + .title("CodePlay Server API") + .description("UMC 7th Code Play Server API 문서") + .version("1.0"); + + String securitySchemeName = "JWT TOKEN"; + + SecurityRequirement securityRequirement = + new SecurityRequirement().addList(securitySchemeName); + + Components components = + new Components() + .addSecuritySchemes( + securitySchemeName, + new SecurityScheme() + .name(securitySchemeName) + .type(SecurityScheme.Type.HTTP) + .scheme("bearer") + .bearerFormat("JWT")); + + return new OpenAPI() + .addServersItem(new Server().url("/")) + .info(info) + .addSecurityItem(securityRequirement) + .components(components); + } } diff --git a/src/main/java/umc/codeplay/config/security/CustomUserDetailsService.java b/src/main/java/umc/codeplay/config/security/CustomUserDetailsService.java new file mode 100644 index 0000000..f429cd1 --- /dev/null +++ b/src/main/java/umc/codeplay/config/security/CustomUserDetailsService.java @@ -0,0 +1,33 @@ +package umc.codeplay.config.security; + +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.stereotype.Service; + +import lombok.RequiredArgsConstructor; + +import umc.codeplay.apiPayLoad.code.status.ErrorStatus; +import umc.codeplay.apiPayLoad.exception.GeneralException; +import umc.codeplay.domain.Member; +import umc.codeplay.repository.MemberRepository; + +@Service +@RequiredArgsConstructor +public class CustomUserDetailsService implements UserDetailsService { + + private final MemberRepository memberRepository; + + @Override + public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + Member member = + memberRepository + .findByEmail(username) + .orElseThrow(() -> new GeneralException(ErrorStatus.MEMBER_NOT_FOUND)); + + return org.springframework.security.core.userdetails.User.withUsername(member.getEmail()) + .password(member.getPassword()) + .roles(member.getRole().name()) + .build(); + } +} diff --git a/src/main/java/umc/codeplay/controller/AuthController.java b/src/main/java/umc/codeplay/controller/AuthController.java new file mode 100644 index 0000000..b36e826 --- /dev/null +++ b/src/main/java/umc/codeplay/controller/AuthController.java @@ -0,0 +1,59 @@ +package umc.codeplay.controller; + +import java.util.Collection; + +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import lombok.RequiredArgsConstructor; + +import umc.codeplay.apiPayLoad.ApiResponse; +import umc.codeplay.converter.MemberConverter; +import umc.codeplay.domain.Member; +import umc.codeplay.dto.MemberRequestDTO; +import umc.codeplay.dto.MemberResponseDTO; +import umc.codeplay.jwt.JwtUtil; +import umc.codeplay.service.MemberService; + +@RestController +@RequestMapping("/auth") +@RequiredArgsConstructor +@Validated +public class AuthController { + + private final AuthenticationManager authenticationManager; + private final JwtUtil jwtUtil; + private final MemberService memberService; + + @PostMapping("/login") + public ApiResponse login( + @RequestBody MemberRequestDTO.LoginDto request) { + // 아이디/비밀번호를 사용해 AuthenticationToken 생성 + UsernamePasswordAuthenticationToken authToken = + new UsernamePasswordAuthenticationToken(request.getEmail(), request.getPassword()); + + // 실제 인증 수행 + Authentication authentication = authenticationManager.authenticate(authToken); + + // Role 정보 가져오기 + Collection authorities = authentication.getAuthorities(); + + // 인증에 성공했다면, JWT 토큰 생성 후 반환 + String token = jwtUtil.generateToken(authentication.getName(), authorities); + return ApiResponse.onSuccess( + MemberConverter.toLoginResultDTO(request.getEmail(), token)); // 예시로 토큰만 문자열로 반환 + } + + @PostMapping("/signup") + public ApiResponse join( + @RequestBody MemberRequestDTO.JoinDto request) { + Member member = memberService.joinMember(request); + MemberResponseDTO.JoinResultDTO newJoinResult = MemberConverter.toJoinResultDTO(member); + + return ApiResponse.onSuccess(newJoinResult); + } +} diff --git a/src/main/java/umc/codeplay/controller/MemberViewController.java b/src/main/java/umc/codeplay/controller/MemberViewController.java index 638635b..9c2be5a 100644 --- a/src/main/java/umc/codeplay/controller/MemberViewController.java +++ b/src/main/java/umc/codeplay/controller/MemberViewController.java @@ -17,24 +17,24 @@ @RequiredArgsConstructor public class MemberViewController { - private final MemberService memberService; - - @GetMapping("/login") - public String login() { - return "login"; - } - - @GetMapping("/signup") - public String signup() { - return "signup"; - } - - @PostMapping("/signup") - public String join(@RequestBody MemberRequestDTO.JoinDto request) { - Member member = memberService.joinMember(request); - MemberResponseDTO.JoinResultDTO newJoinResultDTO = MemberConverter.toJoinResultDTO(member); - // ApiResponse 세팅 필요. - // return ApiResponse.onSuccess(newJoinResultDTO); - return null; - } + private final MemberService memberService; + + @GetMapping("/login") + public String login() { + return "login"; + } + + @GetMapping("/signup") + public String signup() { + return "signup"; + } + + @PostMapping("/signup") + public String join(@RequestBody MemberRequestDTO.JoinDto request) { + Member member = memberService.joinMember(request); + MemberResponseDTO.JoinResultDTO newJoinResultDTO = MemberConverter.toJoinResultDTO(member); + // ApiResponse 세팅 필요. + // return ApiResponse.onSuccess(newJoinResultDTO); + return null; + } } diff --git a/src/main/java/umc/codeplay/converter/MemberConverter.java b/src/main/java/umc/codeplay/converter/MemberConverter.java index 4fdb174..3c750d5 100644 --- a/src/main/java/umc/codeplay/converter/MemberConverter.java +++ b/src/main/java/umc/codeplay/converter/MemberConverter.java @@ -6,16 +6,22 @@ public class MemberConverter { - public static Member toMember(MemberRequestDTO.JoinDto request) { + public static Member toMember(MemberRequestDTO.JoinDto request) { - return Member.builder() - .name(request.getName()) - .email(request.getEmail()) - .password(request.getPassword()) - .build(); - } + return Member.builder() + .name(request.getName()) + .email(request.getEmail()) + .password(request.getPassword()) + .role(request.getRole()) + .build(); + } - public static MemberResponseDTO.JoinResultDTO toJoinResultDTO(Member member) { - return MemberResponseDTO.JoinResultDTO.builder().id(member.getId()).build(); - } + public static MemberResponseDTO.JoinResultDTO toJoinResultDTO(Member member) { + return MemberResponseDTO.JoinResultDTO.builder().id(member.getId()).build(); + } + + public static MemberResponseDTO.LoginResultDTO toLoginResultDTO(String email, String token) { + + return MemberResponseDTO.LoginResultDTO.builder().email(email).token(token).build(); + } } diff --git a/src/main/java/umc/codeplay/domain/Member.java b/src/main/java/umc/codeplay/domain/Member.java index f81a4ef..8d7d6ed 100644 --- a/src/main/java/umc/codeplay/domain/Member.java +++ b/src/main/java/umc/codeplay/domain/Member.java @@ -11,6 +11,8 @@ import lombok.Getter; import lombok.NoArgsConstructor; +import umc.codeplay.domain.enums.Role; + @Entity @Getter @Builder @@ -18,17 +20,19 @@ @AllArgsConstructor public class Member { - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - private Long id; + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + private Long id; + + private String name; - private String name; + private String password; - private String password; + private String email; - private String email; + private Role role; - public void encodePassword(String password) { - this.password = password; - } + public void encodePassword(String password) { + this.password = password; + } } diff --git a/src/main/java/umc/codeplay/domain/enums/Role.java b/src/main/java/umc/codeplay/domain/enums/Role.java new file mode 100644 index 0000000..8645757 --- /dev/null +++ b/src/main/java/umc/codeplay/domain/enums/Role.java @@ -0,0 +1,6 @@ +package umc.codeplay.domain.enums; + +public enum Role { + ADMIN, + USER +} diff --git a/src/main/java/umc/codeplay/dto/MemberRequestDTO.java b/src/main/java/umc/codeplay/dto/MemberRequestDTO.java index 023ff48..b2b28eb 100644 --- a/src/main/java/umc/codeplay/dto/MemberRequestDTO.java +++ b/src/main/java/umc/codeplay/dto/MemberRequestDTO.java @@ -2,12 +2,21 @@ import lombok.Getter; +import umc.codeplay.domain.enums.Role; + public class MemberRequestDTO { - @Getter - public static class JoinDto { - String name; - String email; - String password; - } + @Getter + public static class JoinDto { + String name; + String email; + String password; + Role role; + } + + @Getter + public static class LoginDto { + String email; + String password; + } } diff --git a/src/main/java/umc/codeplay/dto/MemberResponseDTO.java b/src/main/java/umc/codeplay/dto/MemberResponseDTO.java index 22d613f..4b2f811 100644 --- a/src/main/java/umc/codeplay/dto/MemberResponseDTO.java +++ b/src/main/java/umc/codeplay/dto/MemberResponseDTO.java @@ -7,11 +7,20 @@ public class MemberResponseDTO { - @Builder - @Getter - @NoArgsConstructor - @AllArgsConstructor - public static class JoinResultDTO { - Long id; - } + @Builder + @Getter + @NoArgsConstructor + @AllArgsConstructor + public static class JoinResultDTO { + Long id; + } + + @Builder + @Getter + @NoArgsConstructor + @AllArgsConstructor + public static class LoginResultDTO { + String email; + String token; + } } diff --git a/src/main/java/umc/codeplay/jwt/JwtAuthenticationFilter.java b/src/main/java/umc/codeplay/jwt/JwtAuthenticationFilter.java new file mode 100644 index 0000000..22a567f --- /dev/null +++ b/src/main/java/umc/codeplay/jwt/JwtAuthenticationFilter.java @@ -0,0 +1,56 @@ +package umc.codeplay.jwt; + +import java.io.IOException; +import java.util.List; +import java.util.stream.Collectors; +import jakarta.servlet.FilterChain; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; + +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.web.filter.OncePerRequestFilter; + +public class JwtAuthenticationFilter extends OncePerRequestFilter { + + private final JwtUtil jwtUtil; + + public JwtAuthenticationFilter(JwtUtil jwtUtil) { + this.jwtUtil = jwtUtil; + } + + @Override + protected void doFilterInternal( + HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) + throws IOException, jakarta.servlet.ServletException { + + // 1. Authorization 헤더 파싱 + String authHeader = request.getHeader("Authorization"); + if (authHeader != null && authHeader.startsWith("Bearer ")) { + String token = authHeader.substring(7); + + // 2. 토큰 유효성 검사 + if (jwtUtil.validateToken(token)) { + // 3. 토큰에서 사용자명 추출 + String username = jwtUtil.getUsernameFromToken(token); + + List roles = jwtUtil.getRolesFromToken(token); + + List authorities = + roles.stream() + .map(SimpleGrantedAuthority::new) + .collect(Collectors.toList()); + + UsernamePasswordAuthenticationToken authentication = + new UsernamePasswordAuthenticationToken(username, null, authorities); + + SecurityContextHolder.getContext().setAuthentication(authentication); + } + } + + // 필터 체인 계속 진행 + filterChain.doFilter(request, response); + } +} diff --git a/src/main/java/umc/codeplay/jwt/JwtUtil.java b/src/main/java/umc/codeplay/jwt/JwtUtil.java new file mode 100644 index 0000000..1df8ca6 --- /dev/null +++ b/src/main/java/umc/codeplay/jwt/JwtUtil.java @@ -0,0 +1,90 @@ +package umc.codeplay.jwt; + +import java.security.Key; +import java.util.Collection; +import java.util.Date; +import java.util.List; + +import org.springframework.security.core.GrantedAuthority; +import org.springframework.stereotype.Component; + +import io.jsonwebtoken.*; +import io.jsonwebtoken.security.Keys; + +@Component +public class JwtUtil { + + // 숨겨야합니다 + private final String SECRET_KEY = "thisisthesecretkeyverylongsecretkey"; + + // 30분 만료 + private final long EXPIRATION_TIME = 1000 * 60 * 30; + + private Key getSigningKey() { + return Keys.hmacShaKeyFor(SECRET_KEY.getBytes()); + } + + // JWT 토큰 생성 + public String generateToken( + String username, Collection authorities) { + Date now = new Date(); + + List roleNames = + authorities.stream() + .map(GrantedAuthority::getAuthority) // "ROLE_ADMIN" 등 + .toList(); + + return Jwts.builder() + .setSubject(username) // 사용자 식별 정보 + .setIssuedAt(now) + .claim("roles", roleNames) // 발급 시간 + .setExpiration(new Date(now.getTime() + EXPIRATION_TIME)) // 만료 시간 + .signWith(getSigningKey(), SignatureAlgorithm.HS256) // 서명 (HS256 알고리즘) + .compact(); + } + + // JWT 토큰에서 username 추출 + public String getUsernameFromToken(String token) { + return Jwts.parserBuilder() + .setSigningKey(getSigningKey()) + .build() + .parseClaimsJws(token) + .getBody() + .getSubject(); + } + + // 토큰 유효성 검사 + public boolean validateToken(String token) { + try { + Jwts.parserBuilder().setSigningKey(getSigningKey()).build().parseClaimsJws(token); + return true; + } catch (JwtException | IllegalArgumentException e) { + // 만료되었거나 서명 검증 실패 등 + return false; + } + } + + // 토큰 클레임 요청 + private Claims getAllClaimsFromToken(String token) { + return Jwts.parserBuilder() + .setSigningKey(SECRET_KEY) // 서명 검증을 위한 키 설정 + .build() + .parseClaimsJws(token) + .getBody(); + } + + // 토큰에서 + public List getRolesFromToken(String token) { + Claims claims = getAllClaimsFromToken(token); + + // "roles"라는 이름의 클레임에서 리스트를 꺼냄 + // 저장할 때 List으로 넣었다면, get("roles", List.class) 로 받는 것이 간단함 + List roles = claims.get("roles", List.class); + + // roles 가 null 일 수도 있으므로 안전 처리 + if (roles == null) { + return List.of(); // 빈 리스트 반환 + } + return roles; + } +} diff --git a/src/main/java/umc/codeplay/repository/MemberRepository.java b/src/main/java/umc/codeplay/repository/MemberRepository.java index d6edfa3..611ff78 100644 --- a/src/main/java/umc/codeplay/repository/MemberRepository.java +++ b/src/main/java/umc/codeplay/repository/MemberRepository.java @@ -1,7 +1,11 @@ package umc.codeplay.repository; +import java.util.Optional; + import org.springframework.data.jpa.repository.JpaRepository; import umc.codeplay.domain.Member; -public interface MemberRepository extends JpaRepository {} +public interface MemberRepository extends JpaRepository { + Optional findByEmail(String email); +} diff --git a/src/main/java/umc/codeplay/service/MemberService.java b/src/main/java/umc/codeplay/service/MemberService.java index 6495bf0..48d1bc4 100644 --- a/src/main/java/umc/codeplay/service/MemberService.java +++ b/src/main/java/umc/codeplay/service/MemberService.java @@ -5,6 +5,8 @@ import lombok.RequiredArgsConstructor; +import umc.codeplay.apiPayLoad.code.status.ErrorStatus; +import umc.codeplay.apiPayLoad.exception.handler.GeneralHandler; import umc.codeplay.converter.MemberConverter; import umc.codeplay.domain.Member; import umc.codeplay.dto.MemberRequestDTO; @@ -14,13 +16,17 @@ @RequiredArgsConstructor public class MemberService { - private final MemberRepository memberRepository; - private final PasswordEncoder passwordEncoder; + private final MemberRepository memberRepository; + private final PasswordEncoder passwordEncoder; - public Member joinMember(MemberRequestDTO.JoinDto request) { + public Member joinMember(MemberRequestDTO.JoinDto request) { - Member newMember = MemberConverter.toMember(request); - newMember.encodePassword(passwordEncoder.encode(request.getPassword())); - return memberRepository.save(newMember); - } + if (memberRepository.findByEmail(request.getEmail()).isPresent()) { + throw new GeneralHandler(ErrorStatus.MEMBER_ALREADY_EXISTS); + } + + Member newMember = MemberConverter.toMember(request); + newMember.encodePassword(passwordEncoder.encode(request.getPassword())); + return memberRepository.save(newMember); + } } diff --git a/src/test/java/umc/codeplay/CodeplayApplicationTests.java b/src/test/java/umc/codeplay/CodeplayApplicationTests.java index a14fe25..63f4f28 100644 --- a/src/test/java/umc/codeplay/CodeplayApplicationTests.java +++ b/src/test/java/umc/codeplay/CodeplayApplicationTests.java @@ -11,6 +11,6 @@ @ComponentScan(basePackages = "umc.codeplay") class CodeplayApplicationTests { - @Test - void contextLoads() {} + @Test + void contextLoads() {} } From 4c2a6f734ee6e3d3cd3ca41ea29bf97a19732a8f Mon Sep 17 00:00:00 2001 From: johnjal Date: Sat, 11 Jan 2025 11:00:35 +0900 Subject: [PATCH 02/14] Authentication feature implemented --- build.gradle | 15 ++--- .../apiPayLoad/code/status/ErrorStatus.java | 5 +- .../umc/codeplay/config/SecurityConfig.java | 60 ++++++++++++++++++- .../security/CustomUserDetailsService.java | 4 +- .../codeplay/controller/AuthController.java | 20 ++++--- .../controller/MemberViewController.java | 40 ------------- src/main/resources/application.yml | 21 +++++++ 7 files changed, 104 insertions(+), 61 deletions(-) delete mode 100644 src/main/java/umc/codeplay/controller/MemberViewController.java diff --git a/build.gradle b/build.gradle index 25f8024..ace43d1 100644 --- a/build.gradle +++ b/build.gradle @@ -31,11 +31,11 @@ dependencies { annotationProcessor 'org.projectlombok:lombok' // mysql 사용시 주석 해제 - // implementation 'org.springframework.boot:spring-boot-starter-data-jpa' - // runtimeOnly 'com.mysql:mysql-connector-j' + implementation 'org.springframework.boot:spring-boot-starter-data-jpa' + runtimeOnly 'com.mysql:mysql-connector-j' - implementation 'io.github.cdimascio:java-dotenv:5.2.2' // .env 사용 - implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.2.0' // 스웨거 설정 + // .env 사용 + implementation 'io.github.cdimascio:java-dotenv:5.2.2' // 테스트 testImplementation 'org.springframework.boot:spring-boot-starter-test' @@ -43,9 +43,6 @@ dependencies { testImplementation 'io.rest-assured:rest-assured:5.3.1' testRuntimeOnly 'com.h2database:h2' - // jpa - implementation 'org.springframework.boot:spring-boot-starter-data-jpa' - // 스웨거 implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.3.0' @@ -53,8 +50,8 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-security' testImplementation 'org.springframework.security:spring-security-test' - // thymeleaf 에서 시큐리티 동작 - implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.1.RELEASE' + // thymeleaf 에서 시큐리티 동작 (필요 없음) +// implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.1.RELEASE' // jwt implementation 'io.jsonwebtoken:jjwt-api:0.11.5' diff --git a/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java b/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java index 4d3a7fa..d60254d 100644 --- a/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java +++ b/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java @@ -19,7 +19,10 @@ public enum ErrorStatus implements BaseErrorCode { _FORBIDDEN(HttpStatus.FORBIDDEN, "COMMON403", "금지된 요청입니다."), MEMBER_NOT_FOUND(HttpStatus.BAD_REQUEST, "MEMBER400", "유저를 찾을 수 없습니다."), - MEMBER_ALREADY_EXISTS(HttpStatus.BAD_REQUEST, "MEMBER401", "유저가 이미 존재합니다."); + MEMBER_ALREADY_EXISTS(HttpStatus.BAD_REQUEST, "MEMBER401", "유저가 이미 존재합니다."), + + NOT_AUTHORIZED(HttpStatus.BAD_REQUEST, "AUTH400", "인증되지 않은 요청입니다."), + ID_OR_PASSWORD_WRONG(HttpStatus.BAD_REQUEST, "AUTH401", "아이디 혹은 비밀번호가 잘못되었습니다."); private final HttpStatus httpStatus; private final String code; diff --git a/src/main/java/umc/codeplay/config/SecurityConfig.java b/src/main/java/umc/codeplay/config/SecurityConfig.java index b1a517d..84a25b0 100644 --- a/src/main/java/umc/codeplay/config/SecurityConfig.java +++ b/src/main/java/umc/codeplay/config/SecurityConfig.java @@ -1,7 +1,13 @@ package umc.codeplay.config; +import java.io.IOException; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; + import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.http.MediaType; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; @@ -11,8 +17,12 @@ import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.SecurityFilterChain; +import com.fasterxml.jackson.databind.ObjectMapper; +import umc.codeplay.apiPayLoad.ApiResponse; +import umc.codeplay.apiPayLoad.code.status.ErrorStatus; import umc.codeplay.jwt.JwtAuthenticationFilter; import umc.codeplay.jwt.JwtUtil; @@ -22,8 +32,11 @@ public class SecurityConfig { private final JwtUtil jwtUtil; - public SecurityConfig(JwtUtil jwtUtil) { + private final ObjectMapper objectMapper; + + public SecurityConfig(JwtUtil jwtUtil, ObjectMapper objectMapper) { this.jwtUtil = jwtUtil; + this.objectMapper = objectMapper; } // AuthenticationManager 를 빈으로 등록 (스프링 시큐리티 6.x 이상) @@ -35,16 +48,30 @@ public AuthenticationManager authenticationManager(AuthenticationConfiguration c @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + AuthenticationEntryPoint entryPoint = new CustomAuthenticationEntryPoint(objectMapper); http // 세션을 사용하지 않도록 설정 .sessionManagement( session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .csrf(AbstractHttpConfigurer::disable) // JWT 사용 시 일반적으로 CSRF 는 disable + .exceptionHandling(exception -> exception.authenticationEntryPoint(entryPoint)) .authorizeHttpRequests( auth -> auth // 로그인, 회원가입 등 토큰 없이 접근해야 하는 API 허용 - .requestMatchers("/auth/login") + .requestMatchers( + "/auth/signup", + "/auth/login", + "/v2/api-docs", + "/v3/api-docs", + "/v3/api-docs/**", + "/swagger-resources", + "/swagger-resources/**", + "/configuration/ui", + "/configuration/security", + "/swagger-ui/**", + "/webjars/**", + "/swagger-ui.html") .permitAll() // 그 외 나머지는 인증 필요 .anyRequest() @@ -68,4 +95,33 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } + + public static class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint { + + private final ObjectMapper objectMapper; + + public CustomAuthenticationEntryPoint(ObjectMapper objectMapper) { + this.objectMapper = objectMapper; + } + + @Override + public void commence( + HttpServletRequest request, + HttpServletResponse response, + org.springframework.security.core.AuthenticationException authException) + throws IOException, ServletException { + + ApiResponse apiResponse = + ApiResponse.onFailure( + ErrorStatus.NOT_AUTHORIZED.getCode(), + ErrorStatus.NOT_AUTHORIZED.getMessage(), + null); + + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + response.setContentType(MediaType.APPLICATION_JSON_VALUE); + + String jsonResponse = objectMapper.writeValueAsString(apiResponse); + response.getWriter().write(jsonResponse); + } + } } diff --git a/src/main/java/umc/codeplay/config/security/CustomUserDetailsService.java b/src/main/java/umc/codeplay/config/security/CustomUserDetailsService.java index f429cd1..5cc649c 100644 --- a/src/main/java/umc/codeplay/config/security/CustomUserDetailsService.java +++ b/src/main/java/umc/codeplay/config/security/CustomUserDetailsService.java @@ -8,7 +8,7 @@ import lombok.RequiredArgsConstructor; import umc.codeplay.apiPayLoad.code.status.ErrorStatus; -import umc.codeplay.apiPayLoad.exception.GeneralException; +import umc.codeplay.apiPayLoad.exception.handler.GeneralHandler; import umc.codeplay.domain.Member; import umc.codeplay.repository.MemberRepository; @@ -23,7 +23,7 @@ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundEx Member member = memberRepository .findByEmail(username) - .orElseThrow(() -> new GeneralException(ErrorStatus.MEMBER_NOT_FOUND)); + .orElseThrow(() -> new GeneralHandler(ErrorStatus.MEMBER_NOT_FOUND)); return org.springframework.security.core.userdetails.User.withUsername(member.getEmail()) .password(member.getPassword()) diff --git a/src/main/java/umc/codeplay/controller/AuthController.java b/src/main/java/umc/codeplay/controller/AuthController.java index b36e826..8b16498 100644 --- a/src/main/java/umc/codeplay/controller/AuthController.java +++ b/src/main/java/umc/codeplay/controller/AuthController.java @@ -12,6 +12,8 @@ import lombok.RequiredArgsConstructor; import umc.codeplay.apiPayLoad.ApiResponse; +import umc.codeplay.apiPayLoad.code.status.ErrorStatus; +import umc.codeplay.apiPayLoad.exception.handler.GeneralHandler; import umc.codeplay.converter.MemberConverter; import umc.codeplay.domain.Member; import umc.codeplay.dto.MemberRequestDTO; @@ -37,15 +39,19 @@ public ApiResponse login( new UsernamePasswordAuthenticationToken(request.getEmail(), request.getPassword()); // 실제 인증 수행 - Authentication authentication = authenticationManager.authenticate(authToken); + try { + Authentication authentication = authenticationManager.authenticate(authToken); - // Role 정보 가져오기 - Collection authorities = authentication.getAuthorities(); + // Role 정보 가져오기 + Collection authorities = authentication.getAuthorities(); - // 인증에 성공했다면, JWT 토큰 생성 후 반환 - String token = jwtUtil.generateToken(authentication.getName(), authorities); - return ApiResponse.onSuccess( - MemberConverter.toLoginResultDTO(request.getEmail(), token)); // 예시로 토큰만 문자열로 반환 + // 인증에 성공했다면, JWT 토큰 생성 후 반환 + String token = jwtUtil.generateToken(authentication.getName(), authorities); + return ApiResponse.onSuccess( + MemberConverter.toLoginResultDTO(request.getEmail(), token)); // 예시로 토큰만 문자열로 반환 + } catch (Exception e) { + throw new GeneralHandler(ErrorStatus.ID_OR_PASSWORD_WRONG); + } } @PostMapping("/signup") diff --git a/src/main/java/umc/codeplay/controller/MemberViewController.java b/src/main/java/umc/codeplay/controller/MemberViewController.java deleted file mode 100644 index 9c2be5a..0000000 --- a/src/main/java/umc/codeplay/controller/MemberViewController.java +++ /dev/null @@ -1,40 +0,0 @@ -package umc.codeplay.controller; - -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RestController; - -import lombok.RequiredArgsConstructor; - -import umc.codeplay.converter.MemberConverter; -import umc.codeplay.domain.Member; -import umc.codeplay.dto.MemberRequestDTO; -import umc.codeplay.dto.MemberResponseDTO; -import umc.codeplay.service.MemberService; - -@RestController -@RequiredArgsConstructor -public class MemberViewController { - - private final MemberService memberService; - - @GetMapping("/login") - public String login() { - return "login"; - } - - @GetMapping("/signup") - public String signup() { - return "signup"; - } - - @PostMapping("/signup") - public String join(@RequestBody MemberRequestDTO.JoinDto request) { - Member member = memberService.joinMember(request); - MemberResponseDTO.JoinResultDTO newJoinResultDTO = MemberConverter.toJoinResultDTO(member); - // ApiResponse 세팅 필요. - // return ApiResponse.onSuccess(newJoinResultDTO); - return null; - } -} diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index f5b3116..136705f 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -1,7 +1,28 @@ spring: application: name: codeplay + datasource: + driver-class-name: com.mysql.cj.jdbc.Driver + url: jdbc:mysql://localhost:3306/codeplay_test + username: spring + password: minmin8809! + sql: + init: + mode: never # 데이터베이스 초기화 비활성화 config: import: - optional:file:env/local-db.env[.properties] # .env.properties ? ???? ????? + + jpa: + hibernate: + ddl-auto: create # Hibernate 엔티티 스키마 자동 업데이트 + properties: + jakarta.persistence.sharedCache.mode: ALL + hibernate: + dialect: org.hibernate.dialect.MySQLDialect + show_sql: true + format_sql: true + use_sql_comments: true + default_batch_fetch_size: 1000 # 배치 크기 설정 (성능 최적화) + # hbm2ddl.auto는 spring.jpa.hibernate.ddl-auto로 이동 \ No newline at end of file From 2ce5b38ea3f1e5896bbfcfc967b4be2623f2abe1 Mon Sep 17 00:00:00 2001 From: johnjal Date: Sat, 11 Jan 2025 11:46:47 +0900 Subject: [PATCH 03/14] bug fix --- src/main/java/umc/codeplay/config/SecurityConfig.java | 3 ++- src/main/java/umc/codeplay/controller/AuthController.java | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/java/umc/codeplay/config/SecurityConfig.java b/src/main/java/umc/codeplay/config/SecurityConfig.java index 84a25b0..1006984 100644 --- a/src/main/java/umc/codeplay/config/SecurityConfig.java +++ b/src/main/java/umc/codeplay/config/SecurityConfig.java @@ -118,7 +118,8 @@ public void commence( null); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); - response.setContentType(MediaType.APPLICATION_JSON_VALUE); + response.setContentType(MediaType.APPLICATION_JSON_VALUE + ";charset=UTF-8"); + response.setCharacterEncoding("UTF-8"); String jsonResponse = objectMapper.writeValueAsString(apiResponse); response.getWriter().write(jsonResponse); diff --git a/src/main/java/umc/codeplay/controller/AuthController.java b/src/main/java/umc/codeplay/controller/AuthController.java index 8b16498..544cb60 100644 --- a/src/main/java/umc/codeplay/controller/AuthController.java +++ b/src/main/java/umc/codeplay/controller/AuthController.java @@ -62,4 +62,9 @@ public ApiResponse join( return ApiResponse.onSuccess(newJoinResult); } + + // @GetMapping("/test") + // public ApiResponse test() { + // return ApiResponse.onSuccess(null); + // } } From 585ba053e82c2602c415d4c10b27c99ebaf7a6de Mon Sep 17 00:00:00 2001 From: johnjal Date: Sat, 18 Jan 2025 01:12:50 +0900 Subject: [PATCH 04/14] refresh token --- env/local.env | 1 + .../apiPayLoad/code/status/ErrorStatus.java | 3 +- .../umc/codeplay/config/SecurityConfig.java | 4 +- .../codeplay/controller/AuthController.java | 47 +++++++++++++++++-- .../codeplay/converter/MemberConverter.java | 9 +++- .../umc/codeplay/dto/MemberResponseDTO.java | 1 + .../codeplay/jwt/JwtAuthenticationFilter.java | 3 +- src/main/java/umc/codeplay/jwt/JwtUtil.java | 31 +++++++++++- src/main/resources/application.yml | 8 ++-- 9 files changed, 92 insertions(+), 15 deletions(-) diff --git a/env/local.env b/env/local.env index d071728..5f62105 100644 --- a/env/local.env +++ b/env/local.env @@ -5,6 +5,7 @@ MYSQL_PASSWORD=QWER1234QWER1234XCVBNMASDFGH # Spring Boot 설정 JWT_SECRET=qwertyuiopokjhSDFGHJKIUYTREDCVBNMKIJKJHGFHYTRFCVBGFDSXCVBHH +JWT_REFRESH_SECRET=poiuytrewqasdfghjklmnbvcxzxcvbnmnbvcxzlkjhgfdsapoiuyt # AWS S3 settings diff --git a/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java b/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java index d60254d..df8f9a0 100644 --- a/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java +++ b/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java @@ -22,7 +22,8 @@ public enum ErrorStatus implements BaseErrorCode { MEMBER_ALREADY_EXISTS(HttpStatus.BAD_REQUEST, "MEMBER401", "유저가 이미 존재합니다."), NOT_AUTHORIZED(HttpStatus.BAD_REQUEST, "AUTH400", "인증되지 않은 요청입니다."), - ID_OR_PASSWORD_WRONG(HttpStatus.BAD_REQUEST, "AUTH401", "아이디 혹은 비밀번호가 잘못되었습니다."); + ID_OR_PASSWORD_WRONG(HttpStatus.BAD_REQUEST, "AUTH401", "아이디 혹은 비밀번호가 잘못되었습니다."), + INVALID_REFRESH_TOKEN(HttpStatus.BAD_REQUEST, "AUTH402", "유효하지 않은 리프레시 토큰입니다."); private final HttpStatus httpStatus; private final String code; diff --git a/src/main/java/umc/codeplay/config/SecurityConfig.java b/src/main/java/umc/codeplay/config/SecurityConfig.java index 1006984..44b51f2 100644 --- a/src/main/java/umc/codeplay/config/SecurityConfig.java +++ b/src/main/java/umc/codeplay/config/SecurityConfig.java @@ -60,6 +60,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti auth // 로그인, 회원가입 등 토큰 없이 접근해야 하는 API 허용 .requestMatchers( + "/auth/refresh", "/auth/signup", "/auth/login", "/v2/api-docs", @@ -78,7 +79,8 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .authenticated()) // 폼 로그인 등 기본 기능 비활성화 (JWT 만 쓰려면) .formLogin(Customizer.withDefaults()) - // .formLogin(form -> form.disable()) // 더 엄격하게 폼 로그인 완전히 비활성화할 수도 있음 + // .formLogin(form -> form.disable()) // 더 엄격하게 + // 폼 로그인 완전히 비활성화할 수도 있음 .logout(AbstractHttpConfigurer::disable); // 커스텀 JWT 필터 추가 diff --git a/src/main/java/umc/codeplay/controller/AuthController.java b/src/main/java/umc/codeplay/controller/AuthController.java index 544cb60..a082dae 100644 --- a/src/main/java/umc/codeplay/controller/AuthController.java +++ b/src/main/java/umc/codeplay/controller/AuthController.java @@ -1,16 +1,19 @@ package umc.codeplay.controller; import java.util.Collection; +import java.util.stream.Collectors; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; import lombok.RequiredArgsConstructor; +import io.swagger.v3.oas.annotations.security.SecurityRequirement; import umc.codeplay.apiPayLoad.ApiResponse; import umc.codeplay.apiPayLoad.code.status.ErrorStatus; import umc.codeplay.apiPayLoad.exception.handler.GeneralHandler; @@ -47,8 +50,11 @@ public ApiResponse login( // 인증에 성공했다면, JWT 토큰 생성 후 반환 String token = jwtUtil.generateToken(authentication.getName(), authorities); + String refreshToken = + jwtUtil.generateRefreshToken(authentication.getName(), authorities); return ApiResponse.onSuccess( - MemberConverter.toLoginResultDTO(request.getEmail(), token)); // 예시로 토큰만 문자열로 반환 + MemberConverter.toLoginResultDTO( + request.getEmail(), token, refreshToken)); // 예시로 토큰만 문자열로 반환 } catch (Exception e) { throw new GeneralHandler(ErrorStatus.ID_OR_PASSWORD_WRONG); } @@ -63,8 +69,39 @@ public ApiResponse join( return ApiResponse.onSuccess(newJoinResult); } - // @GetMapping("/test") - // public ApiResponse test() { - // return ApiResponse.onSuccess(null); - // } + @PostMapping("/refresh") + public ApiResponse refresh( + @RequestHeader("Refresh-Token") String refreshToken, + @RequestParam("email") String email) { + // 리프레시 토큰 유효성 검사 + if (jwtUtil.validateToken(refreshToken) + && (jwtUtil.getTypeFromToken(refreshToken).equals("refresh"))) { + // 리프레시 토큰에서 사용자명 추출 + String usernameFromToken = jwtUtil.getUsernameFromToken(refreshToken); + + if (!email.equals(usernameFromToken)) { + throw new GeneralHandler(ErrorStatus.INVALID_REFRESH_TOKEN); + } + + // 사용자 권한 정보 가져오기 + Collection authorities = + jwtUtil.getRolesFromToken(refreshToken).stream() + .map(SimpleGrantedAuthority::new) + .collect(Collectors.toList()); + + // 새로운 액세스 토큰 생성 + String newAccessToken = jwtUtil.generateToken(usernameFromToken, authorities); + + return ApiResponse.onSuccess( + MemberConverter.toLoginResultDTO(usernameFromToken, newAccessToken, null)); + } else { + throw new GeneralHandler(ErrorStatus.INVALID_REFRESH_TOKEN); + } + } + + @SecurityRequirement(name = "JWT TOKEN") + @GetMapping("/test") + public ApiResponse test() { + return ApiResponse.onSuccess("test"); + } } diff --git a/src/main/java/umc/codeplay/converter/MemberConverter.java b/src/main/java/umc/codeplay/converter/MemberConverter.java index 3c750d5..7c5c0b8 100644 --- a/src/main/java/umc/codeplay/converter/MemberConverter.java +++ b/src/main/java/umc/codeplay/converter/MemberConverter.java @@ -20,8 +20,13 @@ public static MemberResponseDTO.JoinResultDTO toJoinResultDTO(Member member) { return MemberResponseDTO.JoinResultDTO.builder().id(member.getId()).build(); } - public static MemberResponseDTO.LoginResultDTO toLoginResultDTO(String email, String token) { + public static MemberResponseDTO.LoginResultDTO toLoginResultDTO( + String email, String token, String refreshToken) { - return MemberResponseDTO.LoginResultDTO.builder().email(email).token(token).build(); + return MemberResponseDTO.LoginResultDTO.builder() + .email(email) + .token(token) + .refreshToken(refreshToken) + .build(); } } diff --git a/src/main/java/umc/codeplay/dto/MemberResponseDTO.java b/src/main/java/umc/codeplay/dto/MemberResponseDTO.java index 4b2f811..dd2a4b2 100644 --- a/src/main/java/umc/codeplay/dto/MemberResponseDTO.java +++ b/src/main/java/umc/codeplay/dto/MemberResponseDTO.java @@ -22,5 +22,6 @@ public static class JoinResultDTO { public static class LoginResultDTO { String email; String token; + String refreshToken; } } diff --git a/src/main/java/umc/codeplay/jwt/JwtAuthenticationFilter.java b/src/main/java/umc/codeplay/jwt/JwtAuthenticationFilter.java index 22a567f..9251fb2 100644 --- a/src/main/java/umc/codeplay/jwt/JwtAuthenticationFilter.java +++ b/src/main/java/umc/codeplay/jwt/JwtAuthenticationFilter.java @@ -32,7 +32,8 @@ protected void doFilterInternal( String token = authHeader.substring(7); // 2. 토큰 유효성 검사 - if (jwtUtil.validateToken(token)) { + if (jwtUtil.validateToken(token) + && (jwtUtil.getTypeFromToken(token).equals("access"))) { // 3. 토큰에서 사용자명 추출 String username = jwtUtil.getUsernameFromToken(token); diff --git a/src/main/java/umc/codeplay/jwt/JwtUtil.java b/src/main/java/umc/codeplay/jwt/JwtUtil.java index a44d03a..466e4fb 100644 --- a/src/main/java/umc/codeplay/jwt/JwtUtil.java +++ b/src/main/java/umc/codeplay/jwt/JwtUtil.java @@ -43,6 +43,7 @@ public String generateToken( return Jwts.builder() .setSubject(username) // 사용자 식별 정보 .setIssuedAt(now) + .claim("type", "access") .claim("roles", roleNames) // 발급 시간 .setExpiration(new Date(now.getTime() + EXPIRATION_TIME)) // 만료 시간 .signWith(getSigningKey(), SignatureAlgorithm.HS256) // 서명 (HS256 알고리즘) @@ -73,7 +74,7 @@ public boolean validateToken(String token) { // 토큰 클레임 요청 private Claims getAllClaimsFromToken(String token) { return Jwts.parserBuilder() - .setSigningKey(SECRET_KEY) // 서명 검증을 위한 키 설정 + .setSigningKey(getSigningKey()) // 서명 검증을 위한 키 설정 .build() .parseClaimsJws(token) .getBody(); @@ -93,4 +94,32 @@ public List getRolesFromToken(String token) { } return roles; } + + // JWT 리프레시 토큰 생성 + public String generateRefreshToken( + String username, Collection authorities) { + Date now = new Date(); + + List roleNames = + authorities.stream() + .map(GrantedAuthority::getAuthority) // "ROLE_ADMIN" 등 + .toList(); + + // 1일 만료 + long EXPIRATION_TIME = 1000 * 60 * 60 * 24L; + return Jwts.builder() + .setSubject(username) // 사용자 식별 정보 + .setIssuedAt(now) + .claim("type", "refresh") + .claim("roles", roleNames) // 역할 정보 추가 + .setExpiration(new Date(now.getTime() + EXPIRATION_TIME)) // 만료 시간 + .signWith(getSigningKey(), SignatureAlgorithm.HS256) // 서명 (HS256 알고리즘) + .compact(); + } + + // 토큰에서 type 추출 + public String getTypeFromToken(String token) { + Claims claims = getAllClaimsFromToken(token); + return claims.get("type", String.class); + } } diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 4b22d6e..df5a644 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -12,13 +12,13 @@ spring: username: ${MYSQL_USERNAME} password: ${MYSQL_PASSWORD} - sql: - init: - mode: never # 데이터베이스 초기화 비활성화 + sql: + init: + mode: never # 데이터베이스 초기화 비활성화 jpa: hibernate: - ddl-auto: create # Hibernate 엔티티 스키마 자동 업데이트 + ddl-auto: update # Hibernate 엔티티 스키마 자동 업데이트 properties: jakarta.persistence.sharedCache.mode: ALL hibernate: From 0c03859866b34c30fa1520cf13f87a01706c54c9 Mon Sep 17 00:00:00 2001 From: johnjal Date: Sat, 18 Jan 2025 01:13:59 +0900 Subject: [PATCH 05/14] minor issues fixed --- env/local.env | 1 - 1 file changed, 1 deletion(-) diff --git a/env/local.env b/env/local.env index 5f62105..d071728 100644 --- a/env/local.env +++ b/env/local.env @@ -5,7 +5,6 @@ MYSQL_PASSWORD=QWER1234QWER1234XCVBNMASDFGH # Spring Boot 설정 JWT_SECRET=qwertyuiopokjhSDFGHJKIUYTREDCVBNMKIJKJHGFHYTRFCVBGFDSXCVBHH -JWT_REFRESH_SECRET=poiuytrewqasdfghjklmnbvcxzxcvbnmnbvcxzlkjhgfdsapoiuyt # AWS S3 settings From 629e6add08942cfb86dcba439deeda0c0cf3e227 Mon Sep 17 00:00:00 2001 From: johnjal Date: Fri, 24 Jan 2025 14:10:33 +0900 Subject: [PATCH 06/14] google login --- build.gradle | 3 + .../apiPayLoad/code/status/ErrorStatus.java | 2 + .../config/GoogleOAuthProperties.java | 20 +++ .../umc/codeplay/config/SecurityConfig.java | 1 + .../codeplay/controller/OAuthController.java | 131 ++++++++++++++++++ .../codeplay/converter/MemberConverter.java | 3 +- src/main/java/umc/codeplay/domain/Member.java | 5 + .../codeplay/domain/enums/SocialStatus.java | 7 + .../umc/codeplay/dto/MemberRequestDTO.java | 3 - .../umc/codeplay/service/MemberService.java | 16 +++ src/main/resources/application.yml | 12 +- 11 files changed, 198 insertions(+), 5 deletions(-) create mode 100644 src/main/java/umc/codeplay/config/GoogleOAuthProperties.java create mode 100644 src/main/java/umc/codeplay/controller/OAuthController.java create mode 100644 src/main/java/umc/codeplay/domain/enums/SocialStatus.java diff --git a/build.gradle b/build.gradle index 0341b86..dc91a43 100644 --- a/build.gradle +++ b/build.gradle @@ -61,6 +61,9 @@ dependencies { // s3 implementation 'org.springframework.cloud:spring-cloud-starter-aws:2.2.6.RELEASE' + + // oauth2 + implementation 'org.springframework.boot:spring-boot-starter-oauth2-client' } tasks.named('test') { diff --git a/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java b/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java index c215100..1f7f945 100644 --- a/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java +++ b/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java @@ -24,6 +24,8 @@ public enum ErrorStatus implements BaseErrorCode { NOT_AUTHORIZED(HttpStatus.BAD_REQUEST, "AUTH400", "인증되지 않은 요청입니다."), ID_OR_PASSWORD_WRONG(HttpStatus.BAD_REQUEST, "AUTH401", "아이디 혹은 비밀번호가 잘못되었습니다."), INVALID_REFRESH_TOKEN(HttpStatus.BAD_REQUEST, "AUTH402", "유효하지 않은 리프레시 토큰입니다."), + GOOGLE_TOKEN_REQUEST_FAILED(HttpStatus.BAD_REQUEST, "AUTH403", "구글 토큰 요청에 실패했습니다."), + GOOGLE_USERINFO_REQUEST_FAILED(HttpStatus.BAD_REQUEST, "AUTH404", "구글 유저 정보 요청에 실패했습니다."), AWS_SERVICE_UNAVAILABLE(HttpStatus.BAD_REQUEST, "AWS400", "AWS S3에 파일을 업로드할 수 없습니다."); diff --git a/src/main/java/umc/codeplay/config/GoogleOAuthProperties.java b/src/main/java/umc/codeplay/config/GoogleOAuthProperties.java new file mode 100644 index 0000000..6ae1ea7 --- /dev/null +++ b/src/main/java/umc/codeplay/config/GoogleOAuthProperties.java @@ -0,0 +1,20 @@ +package umc.codeplay.config; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; + +import lombok.Data; + +@Data +@Component +@ConfigurationProperties(prefix = "google.oauth2") +public class GoogleOAuthProperties { + + private String clientId; + private String clientSecret; + private String redirectUri; + private String scope; + private String authorizationUri; + private String tokenUri; + private String userInfoUri; +} diff --git a/src/main/java/umc/codeplay/config/SecurityConfig.java b/src/main/java/umc/codeplay/config/SecurityConfig.java index 412c049..a8d2654 100644 --- a/src/main/java/umc/codeplay/config/SecurityConfig.java +++ b/src/main/java/umc/codeplay/config/SecurityConfig.java @@ -60,6 +60,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti auth // 로그인, 회원가입 등 토큰 없이 접근해야 하는 API 허용 .requestMatchers( + "/oauth/**", "/health", "/health/s3", "/auth/refresh", diff --git a/src/main/java/umc/codeplay/controller/OAuthController.java b/src/main/java/umc/codeplay/controller/OAuthController.java new file mode 100644 index 0000000..2c6ecad --- /dev/null +++ b/src/main/java/umc/codeplay/controller/OAuthController.java @@ -0,0 +1,131 @@ +package umc.codeplay.controller; + +import java.util.List; +import java.util.Map; + +import org.springframework.http.*; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.util.LinkedMultiValueMap; +import org.springframework.util.MultiValueMap; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.client.RestTemplate; +import org.springframework.web.servlet.view.RedirectView; + +import lombok.RequiredArgsConstructor; + +import umc.codeplay.apiPayLoad.ApiResponse; +import umc.codeplay.apiPayLoad.code.status.ErrorStatus; +import umc.codeplay.apiPayLoad.exception.handler.GeneralHandler; +import umc.codeplay.config.GoogleOAuthProperties; +import umc.codeplay.domain.Member; +import umc.codeplay.domain.enums.SocialStatus; +import umc.codeplay.dto.MemberResponseDTO; +import umc.codeplay.jwt.JwtUtil; +import umc.codeplay.service.MemberService; + +@RestController +@RequestMapping("/oauth") +@RequiredArgsConstructor +public class OAuthController { + + private final JwtUtil jwtUtil; + private final RestTemplate restTemplate = new RestTemplate(); + private final GoogleOAuthProperties googleOAuthProperties; + private final MemberService memberService; + + @GetMapping("/authorize/google") + public RedirectView redirectToGoogleAuth() { + // CSRF 방어용 state, PKCE(code_challenge)..는 굳이 + + String url = + googleOAuthProperties.getAuthorizationUri() + + "?client_id=" + + googleOAuthProperties.getClientId() + + "&redirect_uri=" + + googleOAuthProperties.getRedirectUri() // 설정된 리다이렉트로 변경 + + "&response_type=code" + + "&scope=" + + googleOAuthProperties.getScope() + + "&access_type=offline" // refresh_token 받고 싶다면 + + "&prompt=consent"; // 매번 동의화면을 띄우려면 + + RedirectView redirectView = new RedirectView(); + redirectView.setUrl(url); + return redirectView; + } + + @GetMapping("/callback/google") + public ApiResponse googleCallback( + @RequestParam("code") String code) { + + // (1) 받은 code로 구글 토큰 엔드포인트에 Access/ID Token 교환 + Map tokenResponse = requestGoogleToken(code); + + // (2) 받아온 Access Token(or ID Token)을 통해 사용자 정보 가져오기 + String idToken = (String) tokenResponse.get("id_token"); // OIDC + String accessToken = (String) tokenResponse.get("access_token"); + + // (3) 구글 UserInfo Endpoint (또는 idToken 파싱)으로 이메일, 프로필 등 조회 + Map userInfo = requestGoogleUserInfo(accessToken); + String email = (String) userInfo.get("email"); + String name = (String) userInfo.get("name"); + + // (4) 우리 DB에서 회원 조회 or 생성 + Member member = memberService.findOrCreateOAuthMember(email, name, SocialStatus.GOOGLE); + + // (5) JWTUtil 이용해서 Access/Refresh 토큰 발급 + var authorities = List.of(new SimpleGrantedAuthority("ROLE_" + member.getRole().name())); + + String serviceAccessToken = jwtUtil.generateToken(email, authorities); + String serviceRefreshToken = jwtUtil.generateRefreshToken(email, authorities); + + // (6) 최종적으로 JWT(액세스/리프레시)를 프론트에 응답 + return ApiResponse.onSuccess( + MemberResponseDTO.LoginResultDTO.builder() + .email(email) + .token(serviceAccessToken) + .refreshToken(serviceRefreshToken) + .build()); + } + + private Map requestGoogleToken(String code) { + HttpHeaders headers = new HttpHeaders(); + headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED); + + MultiValueMap params = new LinkedMultiValueMap<>(); + params.add("grant_type", "authorization_code"); + params.add("client_id", googleOAuthProperties.getClientId()); + params.add("client_secret", googleOAuthProperties.getClientSecret()); + params.add("redirect_uri", googleOAuthProperties.getRedirectUri()); // ? + params.add("code", code); + + HttpEntity> request = new HttpEntity<>(params, headers); + + ResponseEntity response = + restTemplate.postForEntity(googleOAuthProperties.getTokenUri(), request, Map.class); + + if (response.getStatusCode() == HttpStatus.OK) { + return response.getBody(); + } + throw new GeneralHandler(ErrorStatus.GOOGLE_TOKEN_REQUEST_FAILED); + } + + private Map requestGoogleUserInfo(String accessToken) { + HttpHeaders headers = new HttpHeaders(); + headers.set("Authorization", "Bearer " + accessToken); + + HttpEntity request = new HttpEntity<>(headers); + + ResponseEntity response = + restTemplate.exchange( + googleOAuthProperties.getUserInfoUri(), HttpMethod.GET, request, Map.class); + + if (response.getStatusCode() == HttpStatus.OK) { + return response.getBody(); + } + throw new GeneralHandler(ErrorStatus.GOOGLE_USERINFO_REQUEST_FAILED); + } +} diff --git a/src/main/java/umc/codeplay/converter/MemberConverter.java b/src/main/java/umc/codeplay/converter/MemberConverter.java index 7c5c0b8..46cc5b0 100644 --- a/src/main/java/umc/codeplay/converter/MemberConverter.java +++ b/src/main/java/umc/codeplay/converter/MemberConverter.java @@ -1,6 +1,7 @@ package umc.codeplay.converter; import umc.codeplay.domain.Member; +import umc.codeplay.domain.enums.Role; import umc.codeplay.dto.MemberRequestDTO; import umc.codeplay.dto.MemberResponseDTO; @@ -12,7 +13,7 @@ public static Member toMember(MemberRequestDTO.JoinDto request) { .name(request.getName()) .email(request.getEmail()) .password(request.getPassword()) - .role(request.getRole()) + .role(Role.USER) .build(); } diff --git a/src/main/java/umc/codeplay/domain/Member.java b/src/main/java/umc/codeplay/domain/Member.java index e99c00f..f4b7dd4 100644 --- a/src/main/java/umc/codeplay/domain/Member.java +++ b/src/main/java/umc/codeplay/domain/Member.java @@ -9,6 +9,7 @@ import lombok.NoArgsConstructor; import umc.codeplay.domain.enums.Role; +import umc.codeplay.domain.enums.SocialStatus; @Entity @Getter @@ -27,8 +28,12 @@ public class Member { private String email; + @Enumerated(EnumType.STRING) private Role role; + @Enumerated(EnumType.STRING) + private SocialStatus socialStatus; + public void encodePassword(String password) { this.password = password; } diff --git a/src/main/java/umc/codeplay/domain/enums/SocialStatus.java b/src/main/java/umc/codeplay/domain/enums/SocialStatus.java new file mode 100644 index 0000000..9a4015d --- /dev/null +++ b/src/main/java/umc/codeplay/domain/enums/SocialStatus.java @@ -0,0 +1,7 @@ +package umc.codeplay.domain.enums; + +public enum SocialStatus { + GOOGLE, + KAKAO, + NONE +} diff --git a/src/main/java/umc/codeplay/dto/MemberRequestDTO.java b/src/main/java/umc/codeplay/dto/MemberRequestDTO.java index b2b28eb..4d5a3e1 100644 --- a/src/main/java/umc/codeplay/dto/MemberRequestDTO.java +++ b/src/main/java/umc/codeplay/dto/MemberRequestDTO.java @@ -2,8 +2,6 @@ import lombok.Getter; -import umc.codeplay.domain.enums.Role; - public class MemberRequestDTO { @Getter @@ -11,7 +9,6 @@ public static class JoinDto { String name; String email; String password; - Role role; } @Getter diff --git a/src/main/java/umc/codeplay/service/MemberService.java b/src/main/java/umc/codeplay/service/MemberService.java index 48d1bc4..1f147c1 100644 --- a/src/main/java/umc/codeplay/service/MemberService.java +++ b/src/main/java/umc/codeplay/service/MemberService.java @@ -9,6 +9,8 @@ import umc.codeplay.apiPayLoad.exception.handler.GeneralHandler; import umc.codeplay.converter.MemberConverter; import umc.codeplay.domain.Member; +import umc.codeplay.domain.enums.Role; +import umc.codeplay.domain.enums.SocialStatus; import umc.codeplay.dto.MemberRequestDTO; import umc.codeplay.repository.MemberRepository; @@ -29,4 +31,18 @@ public Member joinMember(MemberRequestDTO.JoinDto request) { newMember.encodePassword(passwordEncoder.encode(request.getPassword())); return memberRepository.save(newMember); } + + public Member findOrCreateOAuthMember(String email, String name, SocialStatus socialStatus) { + return memberRepository + .findByEmail(email) + .orElseGet( + () -> + memberRepository.save( + Member.builder() + .email(email) + .name(name) + .role(Role.USER) + .socialStatus(socialStatus) + .build())); + } } diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 2baf714..24abaa5 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -39,4 +39,14 @@ cloud: secretKey: ${AWS_SECRET_ACCESS_KEY} jwt: - secret: ${JWT_SECRET} \ No newline at end of file + secret: ${JWT_SECRET} + +google: + oauth2: + client-id: ${GOOGLE_CLIENT_ID} + client-secret: ${GOOGLE_CLIENT_SECRET} + redirect-uri: "http://localhost:8080/oauth/callback/google" + scope: "openid email profile" + authorization-uri: "https://accounts.google.com/o/oauth2/v2/auth" + token-uri: "https://oauth2.googleapis.com/token" + user-info-uri: "https://openidconnect.googleapis.com/v1/userinfo" \ No newline at end of file From 333d75e3259785277d2412e10a505e174c763900 Mon Sep 17 00:00:00 2001 From: johnjal Date: Sat, 25 Jan 2025 18:21:54 +0900 Subject: [PATCH 07/14] kakao added --- .../apiPayLoad/code/status/ErrorStatus.java | 6 +- .../config/GoogleOAuthProperties.java | 20 ---- .../umc/codeplay/config/SecurityConfig.java | 4 +- .../properties/BaseOAuthProperties.java | 28 ++++++ .../properties/GoogleOAuthProperties.java | 10 ++ .../properties/KakaoOAuthProperties.java | 10 ++ .../codeplay/controller/AuthController.java | 12 +-- .../codeplay/controller/OAuthController.java | 98 +++++++++++-------- .../codeplay/converter/MemberConverter.java | 2 + src/main/java/umc/codeplay/domain/Member.java | 7 +- .../umc/codeplay/service/MemberService.java | 37 ++++--- src/main/resources/application.yml | 16 ++- 12 files changed, 160 insertions(+), 90 deletions(-) delete mode 100644 src/main/java/umc/codeplay/config/GoogleOAuthProperties.java create mode 100644 src/main/java/umc/codeplay/config/properties/BaseOAuthProperties.java create mode 100644 src/main/java/umc/codeplay/config/properties/GoogleOAuthProperties.java create mode 100644 src/main/java/umc/codeplay/config/properties/KakaoOAuthProperties.java diff --git a/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java b/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java index 1f7f945..73aac45 100644 --- a/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java +++ b/src/main/java/umc/codeplay/apiPayLoad/code/status/ErrorStatus.java @@ -24,8 +24,10 @@ public enum ErrorStatus implements BaseErrorCode { NOT_AUTHORIZED(HttpStatus.BAD_REQUEST, "AUTH400", "인증되지 않은 요청입니다."), ID_OR_PASSWORD_WRONG(HttpStatus.BAD_REQUEST, "AUTH401", "아이디 혹은 비밀번호가 잘못되었습니다."), INVALID_REFRESH_TOKEN(HttpStatus.BAD_REQUEST, "AUTH402", "유효하지 않은 리프레시 토큰입니다."), - GOOGLE_TOKEN_REQUEST_FAILED(HttpStatus.BAD_REQUEST, "AUTH403", "구글 토큰 요청에 실패했습니다."), - GOOGLE_USERINFO_REQUEST_FAILED(HttpStatus.BAD_REQUEST, "AUTH404", "구글 유저 정보 요청에 실패했습니다."), + OAUTH_TOKEN_REQUEST_FAILED(HttpStatus.BAD_REQUEST, "AUTH403", "외부인증 토큰 요청에 실패했습니다."), + OAUTH_USERINFO_REQUEST_FAILED(HttpStatus.BAD_REQUEST, "AUTH404", "외부인증 유저 정보 요청에 실패했습니다."), + AUTHORIZATION_METHOD_ERROR(HttpStatus.BAD_REQUEST, "AUTH405", "인증 방식이 잘못되었습니다."), + INVALID_OAUTH_PROVIDER(HttpStatus.BAD_REQUEST, "AUTH406", "유효하지 않은 OAuth 제공자입니다."), AWS_SERVICE_UNAVAILABLE(HttpStatus.BAD_REQUEST, "AWS400", "AWS S3에 파일을 업로드할 수 없습니다."); diff --git a/src/main/java/umc/codeplay/config/GoogleOAuthProperties.java b/src/main/java/umc/codeplay/config/GoogleOAuthProperties.java deleted file mode 100644 index 6ae1ea7..0000000 --- a/src/main/java/umc/codeplay/config/GoogleOAuthProperties.java +++ /dev/null @@ -1,20 +0,0 @@ -package umc.codeplay.config; - -import org.springframework.boot.context.properties.ConfigurationProperties; -import org.springframework.stereotype.Component; - -import lombok.Data; - -@Data -@Component -@ConfigurationProperties(prefix = "google.oauth2") -public class GoogleOAuthProperties { - - private String clientId; - private String clientSecret; - private String redirectUri; - private String scope; - private String authorizationUri; - private String tokenUri; - private String userInfoUri; -} diff --git a/src/main/java/umc/codeplay/config/SecurityConfig.java b/src/main/java/umc/codeplay/config/SecurityConfig.java index a8d2654..7e54f03 100644 --- a/src/main/java/umc/codeplay/config/SecurityConfig.java +++ b/src/main/java/umc/codeplay/config/SecurityConfig.java @@ -63,9 +63,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti "/oauth/**", "/health", "/health/s3", - "/auth/refresh", - "/auth/signup", - "/auth/login", + "/auth/**", "/v2/api-docs", "/v3/api-docs", "/v3/api-docs/**", diff --git a/src/main/java/umc/codeplay/config/properties/BaseOAuthProperties.java b/src/main/java/umc/codeplay/config/properties/BaseOAuthProperties.java new file mode 100644 index 0000000..369bf57 --- /dev/null +++ b/src/main/java/umc/codeplay/config/properties/BaseOAuthProperties.java @@ -0,0 +1,28 @@ +package umc.codeplay.config.properties; + +import lombok.Data; + +@Data +public class BaseOAuthProperties { + + private String clientId; + private String clientSecret; + private String redirectUri; + private String scope; + private String authorizationUri; + private String tokenUri; + private String userInfoUri; + private String additionalParameters; + + public String getUrl() { + return authorizationUri + + "?client_id=" + + clientId + + "&redirect_uri=" + + redirectUri + + "&response_type=code" + + "&scope=" + + scope + + additionalParameters; + } +} diff --git a/src/main/java/umc/codeplay/config/properties/GoogleOAuthProperties.java b/src/main/java/umc/codeplay/config/properties/GoogleOAuthProperties.java new file mode 100644 index 0000000..88ea754 --- /dev/null +++ b/src/main/java/umc/codeplay/config/properties/GoogleOAuthProperties.java @@ -0,0 +1,10 @@ +package umc.codeplay.config.properties; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; + +@Component +@ConfigurationProperties(prefix = "google.oauth2") +public class GoogleOAuthProperties extends BaseOAuthProperties { + // BaseOAuthProperties 의 필드를 그대로 상속받아 사용. +} diff --git a/src/main/java/umc/codeplay/config/properties/KakaoOAuthProperties.java b/src/main/java/umc/codeplay/config/properties/KakaoOAuthProperties.java new file mode 100644 index 0000000..544213b --- /dev/null +++ b/src/main/java/umc/codeplay/config/properties/KakaoOAuthProperties.java @@ -0,0 +1,10 @@ +package umc.codeplay.config.properties; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; + +@Component +@ConfigurationProperties(prefix = "kakao.oauth2") +public class KakaoOAuthProperties extends BaseOAuthProperties { + // BaseOAuthProperties 의 필드를 그대로 상속받아 사용. +} diff --git a/src/main/java/umc/codeplay/controller/AuthController.java b/src/main/java/umc/codeplay/controller/AuthController.java index a082dae..7458a3e 100644 --- a/src/main/java/umc/codeplay/controller/AuthController.java +++ b/src/main/java/umc/codeplay/controller/AuthController.java @@ -13,12 +13,12 @@ import lombok.RequiredArgsConstructor; -import io.swagger.v3.oas.annotations.security.SecurityRequirement; import umc.codeplay.apiPayLoad.ApiResponse; import umc.codeplay.apiPayLoad.code.status.ErrorStatus; import umc.codeplay.apiPayLoad.exception.handler.GeneralHandler; import umc.codeplay.converter.MemberConverter; import umc.codeplay.domain.Member; +import umc.codeplay.domain.enums.SocialStatus; import umc.codeplay.dto.MemberRequestDTO; import umc.codeplay.dto.MemberResponseDTO; import umc.codeplay.jwt.JwtUtil; @@ -37,6 +37,10 @@ public class AuthController { @PostMapping("/login") public ApiResponse login( @RequestBody MemberRequestDTO.LoginDto request) { + if (memberService.getSocialStatus(request.getEmail()) != SocialStatus.NONE) { + throw new GeneralHandler(ErrorStatus.AUTHORIZATION_METHOD_ERROR); + } + // 아이디/비밀번호를 사용해 AuthenticationToken 생성 UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(request.getEmail(), request.getPassword()); @@ -98,10 +102,4 @@ public ApiResponse refresh( throw new GeneralHandler(ErrorStatus.INVALID_REFRESH_TOKEN); } } - - @SecurityRequirement(name = "JWT TOKEN") - @GetMapping("/test") - public ApiResponse test() { - return ApiResponse.onSuccess("test"); - } } diff --git a/src/main/java/umc/codeplay/controller/OAuthController.java b/src/main/java/umc/codeplay/controller/OAuthController.java index 2c6ecad..e2758b2 100644 --- a/src/main/java/umc/codeplay/controller/OAuthController.java +++ b/src/main/java/umc/codeplay/controller/OAuthController.java @@ -7,10 +7,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; import org.springframework.web.client.RestTemplate; import org.springframework.web.servlet.view.RedirectView; @@ -19,7 +16,9 @@ import umc.codeplay.apiPayLoad.ApiResponse; import umc.codeplay.apiPayLoad.code.status.ErrorStatus; import umc.codeplay.apiPayLoad.exception.handler.GeneralHandler; -import umc.codeplay.config.GoogleOAuthProperties; +import umc.codeplay.config.properties.BaseOAuthProperties; +import umc.codeplay.config.properties.GoogleOAuthProperties; +import umc.codeplay.config.properties.KakaoOAuthProperties; import umc.codeplay.domain.Member; import umc.codeplay.domain.enums.SocialStatus; import umc.codeplay.dto.MemberResponseDTO; @@ -34,47 +33,65 @@ public class OAuthController { private final JwtUtil jwtUtil; private final RestTemplate restTemplate = new RestTemplate(); private final GoogleOAuthProperties googleOAuthProperties; + private final KakaoOAuthProperties kakaoOAuthProperties; private final MemberService memberService; - @GetMapping("/authorize/google") - public RedirectView redirectToGoogleAuth() { + @GetMapping("/authorize/{provider}") + public RedirectView redirectToOAuth(@PathVariable("provider") String provider) { // CSRF 방어용 state, PKCE(code_challenge)..는 굳이 + BaseOAuthProperties properties = + switch (provider) { + case "google" -> googleOAuthProperties; + case "kakao" -> kakaoOAuthProperties; + default -> throw new GeneralHandler(ErrorStatus.INVALID_OAUTH_PROVIDER); + }; - String url = - googleOAuthProperties.getAuthorizationUri() - + "?client_id=" - + googleOAuthProperties.getClientId() - + "&redirect_uri=" - + googleOAuthProperties.getRedirectUri() // 설정된 리다이렉트로 변경 - + "&response_type=code" - + "&scope=" - + googleOAuthProperties.getScope() - + "&access_type=offline" // refresh_token 받고 싶다면 - + "&prompt=consent"; // 매번 동의화면을 띄우려면 + String url = properties.getUrl(); RedirectView redirectView = new RedirectView(); redirectView.setUrl(url); return redirectView; } - @GetMapping("/callback/google") - public ApiResponse googleCallback( - @RequestParam("code") String code) { - - // (1) 받은 code로 구글 토큰 엔드포인트에 Access/ID Token 교환 - Map tokenResponse = requestGoogleToken(code); + @GetMapping("/callback/{provider}") + public ApiResponse OAuthCallback( + @RequestParam("code") String code, @PathVariable("provider") String provider) { + BaseOAuthProperties properties = + switch (provider) { + case "google" -> googleOAuthProperties; + case "kakao" -> kakaoOAuthProperties; + default -> throw new GeneralHandler(ErrorStatus.INVALID_OAUTH_PROVIDER); + }; + // (1) 받은 code 로 구글 토큰 엔드포인트에 Access/ID Token 교환 + Map tokenResponse = requestOAuthToken(code, properties); // (2) 받아온 Access Token(or ID Token)을 통해 사용자 정보 가져오기 - String idToken = (String) tokenResponse.get("id_token"); // OIDC + // String idToken = (String) tokenResponse.get("id_token"); // OIDC String accessToken = (String) tokenResponse.get("access_token"); - - // (3) 구글 UserInfo Endpoint (또는 idToken 파싱)으로 이메일, 프로필 등 조회 - Map userInfo = requestGoogleUserInfo(accessToken); - String email = (String) userInfo.get("email"); - String name = (String) userInfo.get("name"); + Map userInfo = requestOAuthUserInfo(accessToken, properties); + String email = null; + String name = null; + switch (provider) { + case "google" -> { + // (3-a) 구글 UserInfo Endpoint 로 이메일, 프로필 등 조회 + email = (String) userInfo.get("email"); + name = (String) userInfo.get("name"); + } + case "kakao" -> { + // (3-b) 카카오 UserInfo Endpoint 로 이메일, 프로필 등 조회 + Map kakaoAccount = + (Map) userInfo.get("kakao_account"); + Map kakaoProperties = + (Map) userInfo.get("properties"); + email = (String) kakaoAccount.get("email"); + name = (String) kakaoProperties.get("nickname"); + } + } // (4) 우리 DB에서 회원 조회 or 생성 - Member member = memberService.findOrCreateOAuthMember(email, name, SocialStatus.GOOGLE); + Member member = + memberService.findOrCreateOAuthMember( + email, name, SocialStatus.valueOf(provider.toUpperCase())); // (5) JWTUtil 이용해서 Access/Refresh 토큰 발급 var authorities = List.of(new SimpleGrantedAuthority("ROLE_" + member.getRole().name())); @@ -91,29 +108,30 @@ public ApiResponse googleCallback( .build()); } - private Map requestGoogleToken(String code) { + private Map requestOAuthToken(String code, BaseOAuthProperties properties) { HttpHeaders headers = new HttpHeaders(); headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED); MultiValueMap params = new LinkedMultiValueMap<>(); params.add("grant_type", "authorization_code"); - params.add("client_id", googleOAuthProperties.getClientId()); - params.add("client_secret", googleOAuthProperties.getClientSecret()); - params.add("redirect_uri", googleOAuthProperties.getRedirectUri()); // ? + params.add("client_id", properties.getClientId()); + params.add("client_secret", properties.getClientSecret()); + params.add("redirect_uri", properties.getRedirectUri()); params.add("code", code); HttpEntity> request = new HttpEntity<>(params, headers); ResponseEntity response = - restTemplate.postForEntity(googleOAuthProperties.getTokenUri(), request, Map.class); + restTemplate.postForEntity(properties.getTokenUri(), request, Map.class); if (response.getStatusCode() == HttpStatus.OK) { return response.getBody(); } - throw new GeneralHandler(ErrorStatus.GOOGLE_TOKEN_REQUEST_FAILED); + throw new GeneralHandler(ErrorStatus.OAUTH_TOKEN_REQUEST_FAILED); } - private Map requestGoogleUserInfo(String accessToken) { + private Map requestOAuthUserInfo( + String accessToken, BaseOAuthProperties properties) { HttpHeaders headers = new HttpHeaders(); headers.set("Authorization", "Bearer " + accessToken); @@ -121,11 +139,11 @@ private Map requestGoogleUserInfo(String accessToken) { ResponseEntity response = restTemplate.exchange( - googleOAuthProperties.getUserInfoUri(), HttpMethod.GET, request, Map.class); + properties.getUserInfoUri(), HttpMethod.GET, request, Map.class); if (response.getStatusCode() == HttpStatus.OK) { return response.getBody(); } - throw new GeneralHandler(ErrorStatus.GOOGLE_USERINFO_REQUEST_FAILED); + throw new GeneralHandler(ErrorStatus.OAUTH_USERINFO_REQUEST_FAILED); } } diff --git a/src/main/java/umc/codeplay/converter/MemberConverter.java b/src/main/java/umc/codeplay/converter/MemberConverter.java index 46cc5b0..70f43d3 100644 --- a/src/main/java/umc/codeplay/converter/MemberConverter.java +++ b/src/main/java/umc/codeplay/converter/MemberConverter.java @@ -2,6 +2,7 @@ import umc.codeplay.domain.Member; import umc.codeplay.domain.enums.Role; +import umc.codeplay.domain.enums.SocialStatus; import umc.codeplay.dto.MemberRequestDTO; import umc.codeplay.dto.MemberResponseDTO; @@ -14,6 +15,7 @@ public static Member toMember(MemberRequestDTO.JoinDto request) { .email(request.getEmail()) .password(request.getPassword()) .role(Role.USER) + .socialStatus(SocialStatus.NONE) .build(); } diff --git a/src/main/java/umc/codeplay/domain/Member.java b/src/main/java/umc/codeplay/domain/Member.java index f4b7dd4..c27a3ce 100644 --- a/src/main/java/umc/codeplay/domain/Member.java +++ b/src/main/java/umc/codeplay/domain/Member.java @@ -2,17 +2,14 @@ import jakarta.persistence.*; -import lombok.AccessLevel; -import lombok.AllArgsConstructor; -import lombok.Builder; -import lombok.Getter; -import lombok.NoArgsConstructor; +import lombok.*; import umc.codeplay.domain.enums.Role; import umc.codeplay.domain.enums.SocialStatus; @Entity @Getter +@Setter @Builder @NoArgsConstructor(access = AccessLevel.PROTECTED) @AllArgsConstructor diff --git a/src/main/java/umc/codeplay/service/MemberService.java b/src/main/java/umc/codeplay/service/MemberService.java index 1f147c1..dda2090 100644 --- a/src/main/java/umc/codeplay/service/MemberService.java +++ b/src/main/java/umc/codeplay/service/MemberService.java @@ -33,16 +33,31 @@ public Member joinMember(MemberRequestDTO.JoinDto request) { } public Member findOrCreateOAuthMember(String email, String name, SocialStatus socialStatus) { - return memberRepository - .findByEmail(email) - .orElseGet( - () -> - memberRepository.save( - Member.builder() - .email(email) - .name(name) - .role(Role.USER) - .socialStatus(socialStatus) - .build())); + + Member member = memberRepository.findByEmail(email).orElse(null); + + if (member == null) { + member = + Member.builder() + .email(email) + .name(name) + .role(Role.USER) + .socialStatus(socialStatus) + .build(); + return memberRepository.save(member); + } else if (member.getSocialStatus() != socialStatus) { + throw new GeneralHandler(ErrorStatus.AUTHORIZATION_METHOD_ERROR); + } else { + return member; + } + } + + public SocialStatus getSocialStatus(String email) { + Member member = memberRepository.findByEmail(email).orElse(null); + if (member == null) { + return SocialStatus.NONE; + } else { + return member.getSocialStatus(); + } } } diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 24abaa5..10fe9b2 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -45,8 +45,20 @@ google: oauth2: client-id: ${GOOGLE_CLIENT_ID} client-secret: ${GOOGLE_CLIENT_SECRET} - redirect-uri: "http://localhost:8080/oauth/callback/google" + redirect-uri: ${GOOGLE_REDIRECT_URI} scope: "openid email profile" authorization-uri: "https://accounts.google.com/o/oauth2/v2/auth" token-uri: "https://oauth2.googleapis.com/token" - user-info-uri: "https://openidconnect.googleapis.com/v1/userinfo" \ No newline at end of file + user-info-uri: "https://openidconnect.googleapis.com/v1/userinfo" + additional-parameters: "&access_type=offline&prompt=consent" # refresh token / 동의화면 매번 요청 + +kakao: + oauth2: + client-id: ${KAKAO_CLIENT_ID} + client-secret: ${KAKAO_CLIENT_SECRET} + redirect-uri: ${KAKAO_REDIRECT_URI} + scope: "profile_nickname,account_email" + authorization-uri: "https://kauth.kakao.com/oauth/authorize" + token-uri: "https://kauth.kakao.com/oauth/token" + user-info-uri: "https://kapi.kakao.com/v2/user/me" + additional-parameters: "" \ No newline at end of file From 7e96d91f88981e574837a4e8cf0ab747b713d419 Mon Sep 17 00:00:00 2001 From: johnjal Date: Mon, 3 Feb 2025 18:35:19 +0900 Subject: [PATCH 08/14] pre merge --- .../codeplay/config/security/CustomUserDetailsService.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/umc/codeplay/config/security/CustomUserDetailsService.java b/src/main/java/umc/codeplay/config/security/CustomUserDetailsService.java index 5cc649c..ae531f9 100644 --- a/src/main/java/umc/codeplay/config/security/CustomUserDetailsService.java +++ b/src/main/java/umc/codeplay/config/security/CustomUserDetailsService.java @@ -19,10 +19,10 @@ public class CustomUserDetailsService implements UserDetailsService { private final MemberRepository memberRepository; @Override - public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException { Member member = memberRepository - .findByEmail(username) + .findByEmail(email) .orElseThrow(() -> new GeneralHandler(ErrorStatus.MEMBER_NOT_FOUND)); return org.springframework.security.core.userdetails.User.withUsername(member.getEmail()) From d1009e712f85a29451f5625f6629e72fcd00f9fc Mon Sep 17 00:00:00 2001 From: johnjal Date: Thu, 6 Feb 2025 16:43:45 +0900 Subject: [PATCH 09/14] name attribute deleted --- .../java/umc/codeplay/controller/OAuthController.java | 8 ++++---- src/main/java/umc/codeplay/converter/MemberConverter.java | 1 - src/main/java/umc/codeplay/domain/Member.java | 2 -- src/main/java/umc/codeplay/dto/MemberRequestDTO.java | 3 --- src/main/java/umc/codeplay/service/MemberService.java | 3 +-- 5 files changed, 5 insertions(+), 12 deletions(-) diff --git a/src/main/java/umc/codeplay/controller/OAuthController.java b/src/main/java/umc/codeplay/controller/OAuthController.java index 6952339..0924963 100644 --- a/src/main/java/umc/codeplay/controller/OAuthController.java +++ b/src/main/java/umc/codeplay/controller/OAuthController.java @@ -74,12 +74,12 @@ public ApiResponse OAuthCallback( String accessToken = (String) tokenResponse.get("access_token"); Map userInfo = requestOAuthUserInfo(accessToken, properties); String email = null; - String name = null; + // String name = null; switch (provider) { case "google" -> { // (3-a) 구글 UserInfo Endpoint 로 이메일, 프로필 등 조회 email = (String) userInfo.get("email"); - name = (String) userInfo.get("name"); + // name = (String) userInfo.get("name"); } case "kakao" -> { // (3-b) 카카오 UserInfo Endpoint 로 이메일, 프로필 등 조회 @@ -88,14 +88,14 @@ public ApiResponse OAuthCallback( Map kakaoProperties = (Map) userInfo.get("properties"); email = (String) kakaoAccount.get("email"); - name = (String) kakaoProperties.get("nickname"); + // name = (String) kakaoProperties.get("nickname"); } } // (4) 우리 DB에서 회원 조회 or 생성 Member member = memberService.findOrCreateOAuthMember( - email, name, SocialStatus.valueOf(provider.toUpperCase())); + email, SocialStatus.valueOf(provider.toUpperCase())); // (5) JWTUtil 이용해서 Access/Refresh 토큰 발급 var authorities = List.of(new SimpleGrantedAuthority("ROLE_" + member.getRole().name())); diff --git a/src/main/java/umc/codeplay/converter/MemberConverter.java b/src/main/java/umc/codeplay/converter/MemberConverter.java index b2659dc..0911987 100644 --- a/src/main/java/umc/codeplay/converter/MemberConverter.java +++ b/src/main/java/umc/codeplay/converter/MemberConverter.java @@ -19,7 +19,6 @@ public class MemberConverter { public static Member toMember(MemberRequestDTO.JoinDto request) { return Member.builder() - .name(request.getName()) .email(request.getEmail()) .password(request.getPassword()) .role(Role.USER) diff --git a/src/main/java/umc/codeplay/domain/Member.java b/src/main/java/umc/codeplay/domain/Member.java index c67fbab..48349b2 100644 --- a/src/main/java/umc/codeplay/domain/Member.java +++ b/src/main/java/umc/codeplay/domain/Member.java @@ -25,8 +25,6 @@ public class Member extends BaseEntity { // ToDo추후 BigInteger로 변환 private Long id; - private String name; - private String password; private String email; diff --git a/src/main/java/umc/codeplay/dto/MemberRequestDTO.java b/src/main/java/umc/codeplay/dto/MemberRequestDTO.java index 6d27171..0266aac 100644 --- a/src/main/java/umc/codeplay/dto/MemberRequestDTO.java +++ b/src/main/java/umc/codeplay/dto/MemberRequestDTO.java @@ -11,9 +11,6 @@ public class MemberRequestDTO { @Getter public static class JoinDto { - @NotBlank(message = "이름은 필수 입력값입니다.") - String name; - @NotBlank(message = "이메일은 필수 입력값입니다.") @Email(message = "이메일 형식이 아닙니다.") String email; diff --git a/src/main/java/umc/codeplay/service/MemberService.java b/src/main/java/umc/codeplay/service/MemberService.java index e27508f..a588370 100644 --- a/src/main/java/umc/codeplay/service/MemberService.java +++ b/src/main/java/umc/codeplay/service/MemberService.java @@ -42,7 +42,7 @@ public Member joinMember(MemberRequestDTO.JoinDto request) { return memberRepository.save(newMember); } - public Member findOrCreateOAuthMember(String email, String name, SocialStatus socialStatus) { + public Member findOrCreateOAuthMember(String email, SocialStatus socialStatus) { Member member = memberRepository.findByEmail(email).orElse(null); @@ -50,7 +50,6 @@ public Member findOrCreateOAuthMember(String email, String name, SocialStatus so member = Member.builder() .email(email) - .name(name) .role(Role.USER) .socialStatus(socialStatus) .build(); From 76372e60f563c5f745d10f0cde130efa168b4c65 Mon Sep 17 00:00:00 2001 From: johnjal Date: Thu, 6 Feb 2025 17:04:57 +0900 Subject: [PATCH 10/14] minor fix --- src/main/java/umc/codeplay/controller/AuthController.java | 2 +- .../java/umc/codeplay/jwt/JwtAuthenticationFilter.java | 7 +++---- src/main/java/umc/codeplay/jwt/JwtUtil.java | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/main/java/umc/codeplay/controller/AuthController.java b/src/main/java/umc/codeplay/controller/AuthController.java index a12c387..b334bbc 100644 --- a/src/main/java/umc/codeplay/controller/AuthController.java +++ b/src/main/java/umc/codeplay/controller/AuthController.java @@ -86,7 +86,7 @@ public ApiResponse refresh( if (jwtUtil.validateToken(refreshToken) && (jwtUtil.getTypeFromToken(refreshToken).equals("refresh"))) { // 리프레시 토큰에서 사용자명 추출 - String usernameFromToken = jwtUtil.getUsernameFromToken(refreshToken); + String usernameFromToken = jwtUtil.getEmailFromToken(refreshToken); if (!email.equals(usernameFromToken)) { throw new GeneralHandler(ErrorStatus.INVALID_REFRESH_TOKEN); diff --git a/src/main/java/umc/codeplay/jwt/JwtAuthenticationFilter.java b/src/main/java/umc/codeplay/jwt/JwtAuthenticationFilter.java index fe2e1b7..08bd439 100644 --- a/src/main/java/umc/codeplay/jwt/JwtAuthenticationFilter.java +++ b/src/main/java/umc/codeplay/jwt/JwtAuthenticationFilter.java @@ -37,9 +37,8 @@ protected void doFilterInternal( if (jwtUtil.validateToken(token) && (jwtUtil.getTypeFromToken(token).equals("access"))) { // 3. 토큰에서 사용자 정보 추출 - String username = jwtUtil.getUsernameFromToken(token); - System.out.println(username); - // String email = jwtUtil.getUsernameFromToken(token); + String email = jwtUtil.getEmailFromToken(token); + System.out.println(email); List roles = jwtUtil.getRolesFromToken(token); List authorities = @@ -48,7 +47,7 @@ protected void doFilterInternal( .collect(Collectors.toList()); // CustomUserDetails 객체 생성 후 저장 - CustomUserDetails userDetails = new CustomUserDetails(username, "", authorities); + CustomUserDetails userDetails = new CustomUserDetails(email, "", authorities); UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, authorities); diff --git a/src/main/java/umc/codeplay/jwt/JwtUtil.java b/src/main/java/umc/codeplay/jwt/JwtUtil.java index abd5290..09974b3 100644 --- a/src/main/java/umc/codeplay/jwt/JwtUtil.java +++ b/src/main/java/umc/codeplay/jwt/JwtUtil.java @@ -48,7 +48,7 @@ public String generateToken( } // JWT 토큰에서 username 추출 - public String getUsernameFromToken(String token) { + public String getEmailFromToken(String token) { return Jwts.parserBuilder() .setSigningKey(getSigningKey()) .build() From 9ae497f7bbe83469cc4006b1d4b8d334ed95b14f Mon Sep 17 00:00:00 2001 From: johnjal Date: Wed, 19 Feb 2025 02:55:04 +0900 Subject: [PATCH 11/14] sqsfix --- src/main/java/umc/codeplay/dto/SQSMessageDTO.java | 3 +++ src/main/java/umc/codeplay/service/ModelService.java | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/java/umc/codeplay/dto/SQSMessageDTO.java b/src/main/java/umc/codeplay/dto/SQSMessageDTO.java index 6fc358d..7581629 100644 --- a/src/main/java/umc/codeplay/dto/SQSMessageDTO.java +++ b/src/main/java/umc/codeplay/dto/SQSMessageDTO.java @@ -14,6 +14,7 @@ public class SQSMessageDTO { @AllArgsConstructor public static class HarmonyMessageDTO { String key; + Long musicId; Long taskId; String jobType; } @@ -24,6 +25,7 @@ public static class HarmonyMessageDTO { @AllArgsConstructor public static class TrackMessageDTO { String key; + Long musicId; Long taskId; String jobType; @@ -34,6 +36,7 @@ public static class TrackMessageDTO { @Setter public static class RemixMessageDTO { String key; + Long musicId; Long taskId; String jobType; diff --git a/src/main/java/umc/codeplay/service/ModelService.java b/src/main/java/umc/codeplay/service/ModelService.java index 751fabc..a422f3b 100644 --- a/src/main/java/umc/codeplay/service/ModelService.java +++ b/src/main/java/umc/codeplay/service/ModelService.java @@ -75,7 +75,7 @@ public Task sendTrackMessage(Music music, String config) { } switch (config) { - case "vocals", "bass", "drums", "none": // TODO: 6-stems guitar, piano 테스트 후 추가 + case "vocals", "bass", "drums", "none", "guitar", "piano": break; default: throw new GeneralException(ErrorStatus.INVALID_CONFIG); @@ -86,6 +86,7 @@ public Task sendTrackMessage(Music music, String config) { queueName, SQSMessageDTO.TrackMessageDTO.builder() .key(music.getTitle()) + .musicId(music.getId()) .taskId(task.getId()) .jobType(JobType.TRACK.toString()) .twoStemConfig(config) @@ -106,6 +107,7 @@ public Task sendHarmonyMessage(Music music) { queueName, SQSMessageDTO.HarmonyMessageDTO.builder() .key(music.getTitle()) + .musicId(music.getId()) .taskId(task.getId()) .jobType(JobType.HARMONY.toString()) .build()); @@ -151,6 +153,7 @@ public Task sendRemixMessage(Music music, MemberRequestDTO.RemixTaskDTO request) Task task = taskService.addTask(newRemix); remixPayLoad.setKey(music.getTitle()); + remixPayLoad.setMusicId(music.getId()); remixPayLoad.setTaskId(task.getId()); remixPayLoad.setJobType(JobType.REMIX.toString()); From defdff9a89e5769bdba14404fbb5cff082cda358 Mon Sep 17 00:00:00 2001 From: johnjal Date: Thu, 20 Feb 2025 13:03:46 +0900 Subject: [PATCH 12/14] oauthpop --- .../codeplay/controller/OAuthController.java | 46 +++++++++++++++---- 1 file changed, 37 insertions(+), 9 deletions(-) diff --git a/src/main/java/umc/codeplay/controller/OAuthController.java b/src/main/java/umc/codeplay/controller/OAuthController.java index 2d3acbb..dd7802a 100644 --- a/src/main/java/umc/codeplay/controller/OAuthController.java +++ b/src/main/java/umc/codeplay/controller/OAuthController.java @@ -17,7 +17,7 @@ import io.swagger.v3.oas.annotations.Hidden; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; -import umc.codeplay.apiPayLoad.ApiResponse; +import org.jetbrains.annotations.NotNull; import umc.codeplay.apiPayLoad.code.status.ErrorStatus; import umc.codeplay.apiPayLoad.exception.handler.GeneralHandler; import umc.codeplay.config.properties.BaseOAuthProperties; @@ -25,7 +25,6 @@ import umc.codeplay.config.properties.KakaoOAuthProperties; import umc.codeplay.domain.Member; import umc.codeplay.domain.enums.SocialStatus; -import umc.codeplay.dto.MemberResponseDTO; import umc.codeplay.jwt.JwtUtil; import umc.codeplay.service.MemberService; @@ -65,7 +64,7 @@ public RedirectView redirectToOAuth(@PathVariable("provider") String provider) { @Hidden @GetMapping("/callback/{provider}") - public ApiResponse OAuthCallback( + public ResponseEntity OAuthCallback( @RequestParam("code") String code, @PathVariable("provider") String provider) { BaseOAuthProperties properties = switch (provider) { @@ -110,13 +109,42 @@ public ApiResponse OAuthCallback( String serviceAccessToken = jwtUtil.generateToken(email, authorities); String serviceRefreshToken = jwtUtil.generateRefreshToken(email, authorities); + String html = getString(serviceAccessToken, serviceRefreshToken, email); + + return ResponseEntity.ok().contentType(MediaType.TEXT_HTML).body(html); + // (6) 최종적으로 JWT(액세스/리프레시)를 프론트에 응답 - return ApiResponse.onSuccess( - MemberResponseDTO.LoginResultDTO.builder() - .email(email) - .token(serviceAccessToken) - .refreshToken(serviceRefreshToken) - .build()); + // return ApiResponse.onSuccess( + // MemberResponseDTO.LoginResultDTO.builder() + // .email(email) + // .token(serviceAccessToken) + // .refreshToken(serviceRefreshToken) + // .build()); + } + + private static @NotNull String getString( + String serviceAccessToken, String serviceRefreshToken, String email) { + String jsonData = + String.format( + "{ \"accessToken\": \"%s\", \"refreshToken\": \"%s\", \"email\": \"%s\" }", + serviceAccessToken, serviceRefreshToken, email); + + String targetOrigin = "https://my-frontend.com"; // 실제 프론트엔드 도메인 + return """ + + + + + + + """ + .formatted(jsonData, targetOrigin); } private Map requestOAuthToken(String code, BaseOAuthProperties properties) { From 3505ad8195df974ee3c0f62681a425b3151c11f6 Mon Sep 17 00:00:00 2001 From: johnjal Date: Thu, 20 Feb 2025 13:43:59 +0900 Subject: [PATCH 13/14] frontendurl --- src/main/java/umc/codeplay/controller/OAuthController.java | 5 ++++- src/main/resources/application.yml | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/java/umc/codeplay/controller/OAuthController.java b/src/main/java/umc/codeplay/controller/OAuthController.java index dd7802a..6f048eb 100644 --- a/src/main/java/umc/codeplay/controller/OAuthController.java +++ b/src/main/java/umc/codeplay/controller/OAuthController.java @@ -3,6 +3,7 @@ import java.util.List; import java.util.Map; +import org.springframework.beans.factory.annotation.Value; import org.springframework.http.*; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.util.LinkedMultiValueMap; @@ -35,6 +36,9 @@ @Tag(name = "oauth-controller", description = "외부 소셜 로그인 서비스 연동 API, JWT 토큰 헤더 포함을 필요로 하지 않습니다.") public class OAuthController { + @Value("${frontend.url}") + private static String targetOrigin; + private final JwtUtil jwtUtil; private final RestTemplate restTemplate = new RestTemplate(); private final GoogleOAuthProperties googleOAuthProperties; @@ -129,7 +133,6 @@ public ResponseEntity OAuthCallback( "{ \"accessToken\": \"%s\", \"refreshToken\": \"%s\", \"email\": \"%s\" }", serviceAccessToken, serviceRefreshToken, email); - String targetOrigin = "https://my-frontend.com"; // 실제 프론트엔드 도메인 return """ diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 238a65f..244380e 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -49,6 +49,9 @@ spring: access-key: ${AWS_ACCESS_KEY_ID} secret-key: ${AWS_SECRET_ACCESS_KEY} +frontend: + url: ${FRONTEND_URL} + s3: bucket: ${S3_BUCKET} From 198eb63f52b2cb4d4c981422ce6d1c6305c69262 Mon Sep 17 00:00:00 2001 From: johnjal Date: Thu, 20 Feb 2025 13:52:14 +0900 Subject: [PATCH 14/14] frontendurl --- src/main/resources/application-prod.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main/resources/application-prod.yml b/src/main/resources/application-prod.yml index 05b96bd..9633edf 100644 --- a/src/main/resources/application-prod.yml +++ b/src/main/resources/application-prod.yml @@ -48,6 +48,9 @@ spring: access-key: ${AWS_ACCESS_KEY_ID} secret-key: ${AWS_SECRET_ACCESS_KEY} +frontend: + url: ${FRONTEND_URL} + s3: bucket: ${S3_BUCKET}