Feature/ 소셜 로그인 구현, Filter 내용 추가

.gitignore

@@ -41,3 +41,7 @@ swagger.json
 generated-api-client/
 node_modules/
 package-lock.json
+
+### api key ###
+src/main/resources/application-google.yml
+src/main/resources/application-dev.yml

build.gradle.kts

@@ -30,9 +30,16 @@ dependencies {
 	implementation(Dependencies.SpringBoot.VALIDATION)
 	implementation(Dependencies.SpringBoot.WEB)
 	implementation(Dependencies.SpringBoot.ACTUATOR)
+	implementation(Dependencies.SpringBoot.OAUTH2_CLIENT)
+
+	// Jwt
+	implementation(Dependencies.Jwt.API)
+	runtimeOnly(Dependencies.Jwt.IMPL)
+	runtimeOnly(Dependencies.Jwt.JACKSON)
 
 	// Database
 	runtimeOnly(Dependencies.Database.H2)
+	implementation(Dependencies.Database.FLYWAY)
 
 	// Swagger / OpenAPI
 	implementation(Dependencies.Swagger.SPRINGDOC)

buildSrc/src/main/kotlin/Dependencies.kt

@@ -7,6 +7,13 @@ object Dependencies {
         const val VALIDATION = "org.springframework.boot:spring-boot-starter-validation"
         const val WEB = "org.springframework.boot:spring-boot-starter-web"
         const val TEST = "org.springframework.boot:spring-boot-starter-test"
+        const val OAUTH2_CLIENT = "org.springframework.boot:spring-boot-starter-oauth2-client"
+    }
+
+    object Jwt {
+        const val API = "io.jsonwebtoken:jjwt-api:0.12.6"
+        const val IMPL = "io.jsonwebtoken:jjwt-impl:0.12.6"
+        const val JACKSON = "io.jsonwebtoken:jjwt-jackson:0.12.6"
     }
 
     object SpringSecurity {
@@ -23,6 +30,7 @@ object Dependencies {
 
     object Database {
         const val H2 = "com.h2database:h2"
+        const val FLYWAY = "org.flywaydb:flyway-core"
     }
 
     object Test {

src/main/java/com/ject/vs/VsServerApplication.java

@@ -2,8 +2,10 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
 
 @SpringBootApplication
+@ConfigurationPropertiesScan
 public class VsServerApplication {
 
 	public static void main(String[] args) {

src/main/java/com/ject/vs/config/JwtAuthFilter.java

@@ -0,0 +1,53 @@
+package com.ject.vs.config;
+
+import com.ject.vs.util.CookieUtil;
+import com.ject.vs.util.JwtProvider;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.NonNull;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@Component
+@RequiredArgsConstructor
+public class JwtAuthFilter extends OncePerRequestFilter {
+    private final JwtProvider jwtProvider;
+    private final CookieUtil cookieUtil;
+
+    @Override
+    protected void doFilterInternal(@NonNull HttpServletRequest request,
+                                    @NonNull HttpServletResponse response,
+                                    @NonNull FilterChain filterChain) throws ServletException, IOException {
+
+        String accessToken = cookieUtil.getCookieValue(request, CookieUtil.CookieType.ACCESS_TOKEN);
+
+        var tokenInfo = jwtProvider.parseToken(accessToken);
+
+        if (accessToken != null
+                && tokenInfo.isAccessToken()
+                && SecurityContextHolder.getContext().getAuthentication() == null) {
+
+
+            UsernamePasswordAuthenticationToken authentication =
+                    new UsernamePasswordAuthenticationToken(
+                            tokenInfo.userId(),
+                            null,
+                            AuthorityUtils.NO_AUTHORITIES
+                    );
+
+            authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+        }
+
+        filterChain.doFilter(request, response);
+    }
+}

src/main/java/com/ject/vs/config/JwtProperties.java

@@ -0,0 +1,11 @@
+package com.ject.vs.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+@ConfigurationProperties(prefix = "app.jwt")
+public record JwtProperties (
+    String secret,
+    long accessTokenExpirationSeconds,
+    long refreshTokenExpirationSeconds) {
+
+}

src/main/java/com/ject/vs/config/OAuth2LoginSuccessHandler.java

@@ -0,0 +1,74 @@
+package com.ject.vs.config;
+
+import com.ject.vs.dto.LoginTokenResponse;
+import com.ject.vs.dto.OAuthAttributes;
+import com.ject.vs.service.AuthService;
+import com.ject.vs.util.CookieUtil;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseCookie;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+@RequiredArgsConstructor
+public class OAuth2LoginSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
+
+    private final AuthService authService;
+
+    @Value("${app.oauth2.redirect-success-url}")
+    private String redirectSuccessUrl;
+
+    @Value("${app.cookie.secure:false}")      // 운영 상황에서는 true로 변경 https 사용할 경우
+    private boolean secureCookie;
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request,
+                                        HttpServletResponse response,
+                                        Authentication authentication) throws IOException, ServletException {
+
+        OAuth2AuthenticationToken oauthToken = (OAuth2AuthenticationToken) authentication;
+        OAuth2User oauth2User = (OAuth2User) authentication.getPrincipal();
+
+        String registrationId = oauthToken.getAuthorizedClientRegistrationId();
+        String userNameAttributeName = "sub";
+
+        OAuthAttributes attributes = OAuthAttributes.of(
+                registrationId,
+                userNameAttributeName,
+                oauth2User.getAttributes()
+        );
+
+        LoginTokenResponse tokenResponse = authService.socialLogin(attributes.getSub());
+
+        ResponseCookie accessTokenCookie = ResponseCookie.from(CookieUtil.CookieType.ACCESS_TOKEN, tokenResponse.getAccessToken())
+                .httpOnly(true)
+                .secure(secureCookie)
+                .path("/")
+                .sameSite("Lax")
+                .maxAge(60 * 30)
+                .build();
+
+        ResponseCookie refreshTokenCookie = ResponseCookie.from(CookieUtil.CookieType.REFRESH_TOKEN, tokenResponse.getRefreshToken())
+                .httpOnly(true)
+                .secure(secureCookie)
+                .path("/")
+                .sameSite("Lax")
+                .maxAge(60 * 60 * 24 * 14)
+                .build();
+
+        response.addHeader(HttpHeaders.SET_COOKIE, accessTokenCookie.toString());
+        response.addHeader(HttpHeaders.SET_COOKIE, refreshTokenCookie.toString());
+
+        getRedirectStrategy().sendRedirect(request, response, redirectSuccessUrl);
+    }
+}

src/main/java/com/ject/vs/config/SecurityConfig.java

@@ -10,7 +10,7 @@
 public class SecurityConfig {
 
     @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+    public SecurityFilterChain securityFilterChain(HttpSecurity http, OAuth2LoginSuccessHandler oAuth2LoginSuccessHandler) throws Exception {
         return http
                 .csrf(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(auth -> auth
@@ -19,10 +19,15 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                                 "/swagger-ui/**",
                                 "/swagger-ui.html",
                                 "/api/**",
-                                "/actuator/health"
+                                "/actuator/health",
+                                "/",
+                                "/error",
+                                "/auth/reissue"
                         ).permitAll()
                         .anyRequest().authenticated()
                 )
+                .oauth2Login(oauth2 -> oauth2
+                        .successHandler(oAuth2LoginSuccessHandler))
                 .build();
     }
 }

src/main/java/com/ject/vs/controller/AuthController.java

@@ -0,0 +1,49 @@
+package com.ject.vs.controller;
+
+import com.ject.vs.dto.TokenInfo;
+import com.ject.vs.service.AuthService;
+import com.ject.vs.util.CookieUtil;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseCookie;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequiredArgsConstructor
+public class AuthController {
+    private final AuthService authService;
+    private final CookieUtil cookieUtil;
+
+    @Value("${app.cookie.secure:true}")
+    private boolean secureCookie;
+
+    @PostMapping("/auth/reissue")
+    public ResponseEntity<Void> reissue(HttpServletRequest request, HttpServletResponse response) {
+        String refreshToken = cookieUtil.getCookieValue(
+                request,
+                CookieUtil.CookieType.REFRESH_TOKEN
+        );
+
+        TokenInfo newAccessTokenInfo = authService.reissueAccessToken(refreshToken);
+
+        ResponseCookie accessTokenCookie = ResponseCookie.from(
+                        CookieUtil.CookieType.ACCESS_TOKEN,
+                        newAccessTokenInfo.tokenValue()
+                )
+                .httpOnly(true)
+                .secure(secureCookie)
+                .path("/")
+                .sameSite("None")
+                .maxAge(60 * 30)
+                .build();
+
+        response.addHeader(HttpHeaders.SET_COOKIE, accessTokenCookie.toString());
+
+        return ResponseEntity.ok().build();
+    }
+}

src/main/java/com/ject/vs/controller/HelloController.java

@@ -1,6 +1,8 @@
 package com.ject.vs.controller;
 
 import com.ject.vs.dto.HelloResponse;
+import org.springframework.boot.autoconfigure.neo4j.Neo4jProperties;
+import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 

src/main/java/com/ject/vs/domain/Token.java

@@ -0,0 +1,43 @@
+package com.ject.vs.domain;
+
+import jakarta.persistence.*;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+import java.time.LocalDateTime;
+
+@Entity
+@Getter
+@NoArgsConstructor
+@Table(name = "Token", indexes = @Index(name = "idx_token_value", columnList = "tokenValue"))
+public class Token {
+    @Id @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    private User user;
+
+    @Column(length = 1024)
+    private String tokenValue;
+
+    @Enumerated(EnumType.STRING)
+    private TokenType tokenType;
+
+    private LocalDateTime expiresAt;
+
+    private boolean revoked;
+
+    @Builder
+    public Token(User user, String tokenValue, TokenType tokenType, LocalDateTime expiresAt, boolean revoked) {
+        this.user = user;
+        this.tokenValue = tokenValue;
+        this.tokenType = tokenType;
+        this.expiresAt = expiresAt;
+        this.revoked = revoked;
+    }
+
+    public void revoke() {
+        this.revoked = true;
+    }
+}

src/main/java/com/ject/vs/domain/TokenType.java

@@ -0,0 +1,6 @@
+package com.ject.vs.domain;
+
+public enum TokenType {
+    ACCESS,
+    REFRESH
+}

src/main/java/com/ject/vs/domain/User.java

@@ -0,0 +1,15 @@
+package com.ject.vs.domain;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.Setter;
+
+@Entity
+@Getter
+@Table(name = "users")
+public class User {
+    @Id @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+    private String sub;
+    // 아직 유저에 대한 정보 확정 아님
+}

src/main/java/com/ject/vs/dto/LoginTokenResponse.java

@@ -0,0 +1,13 @@
+package com.ject.vs.dto;
+
+import lombok.Builder;
+import lombok.Getter;
+
+@Getter
+@Builder
+public class LoginTokenResponse {
+    private Long userId;
+    private String accessToken;
+    private String refreshToken;
+}
+