✨ feat(auth): OAuth2Client를 사용한 로그인 구현

Author: 5hseok

server/src/main/kotlin/com/app/server/auth/application/service/AuthService.kt

@@ -0,0 +1,48 @@
+package com.app.server.auth.application.service
+
+import com.app.server.auth.exception.AuthException
+import com.app.server.common.constant.Constants
+import com.app.server.common.exception.BadRequestException
+import com.app.server.core.security.dto.UserInfoResponseDto
+import com.app.server.core.security.util.JwtUtil
+import com.app.server.user.application.service.UserService
+import jakarta.transaction.Transactional
+import org.springframework.stereotype.Service
+
+@Service
+@Transactional
+class AuthService(
+    private val jwtUtil: JwtUtil,
+    private val userService: UserService
+) {
+    fun refreshToken(token: String): UserInfoResponseDto {
+
+        val refreshToken = refineToken(token)
+        if (jwtUtil.validateToken(refreshToken)) {
+            throw BadRequestException(AuthException.INVALID_REFRESH_TOKEN)
+        }
+        val userId = jwtUtil.getUserIdFromToken(refreshToken)
+
+        val user = userService.findById(userId)
+
+        if (!user.refreshToken.equals(refreshToken)) {
+            throw BadRequestException(AuthException.INVALID_REFRESH_TOKEN)
+        }
+
+        val jwtTokenDto = jwtUtil.generateToken(user.id!!, user.email, "ROLE_USER")
+        userService.updateRefreshToken(userId, jwtTokenDto.refreshToken)
+
+        return UserInfoResponseDto.fromUserEntity(
+            user = user,
+            jwtTokenDto = jwtTokenDto
+        )
+    }
+
+    private fun refineToken(accessToken: String): String {
+        return if (accessToken.startsWith(Constants.BEARER_PREFIX)) {
+            accessToken.substring(Constants.BEARER_PREFIX.length)
+        } else {
+            accessToken
+        }
+    }
+}

server/src/main/kotlin/com/app/server/auth/exception/AuthException.kt

@@ -0,0 +1,11 @@
+package com.app.server.auth.exception
+
+import com.app.server.common.enums.ResultCode
+
+enum class AuthException(
+    override val code: String,
+    override val message: String
+) : ResultCode{
+
+    INVALID_REFRESH_TOKEN("AUT000", "유효하지 않은 리프레시 토큰입니다."),
+}

server/src/main/kotlin/com/app/server/auth/ui/controller/AuthController.kt

@@ -0,0 +1,25 @@
+package com.app.server.auth.ui.controller
+
+import com.app.server.auth.application.service.AuthService
+import com.app.server.common.constant.Constants
+import com.app.server.common.response.ApiResponse
+import com.app.server.core.security.dto.UserInfoResponseDto
+import jakarta.validation.Valid
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.RequestHeader
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+
+@RestController
+@RequestMapping("/api/v1/auth")
+class AuthController (
+    private val authService: AuthService
+){
+
+    @GetMapping("/refresh")
+    fun refreshToken(
+        @Valid @RequestHeader(Constants.AUTHORIZATION_HEADER) refreshToken: String
+    ) : ApiResponse<UserInfoResponseDto>{
+        return ApiResponse.success(authService.refreshToken(refreshToken))
+    }
+}

server/src/main/kotlin/com/app/server/common/constant/Constants.kt

@@ -10,12 +10,6 @@ object Constants {
     const val USER_ID_CLAIM_NAME: String = "uid"
     const val USER_EMAIL_CLAIM_NAME: String = "email"
 
-    // 소셜 로그인 관련 상수
-    const val APPLE_PUBLIC_KEYS_URL: String = "https://appleid.apple.com/auth/keys"
-    const val KAKAO_RESOURCE_SERVER_URL: String = "https://kapi.kakao.com/v2/user/me"
-    const val APPLE_TOKEN_URL: String = "https://appleid.apple.com/auth/token"
-    const val APPLE_REVOKE_URL: String = "https://appleid.apple.com/auth/revoke"
-
     /**
      * Urls which don't need authentication
      * but need to be filtered
@@ -30,7 +24,10 @@ object Constants {
         "/api/auth/login/kakao",
         "/api/auth/login/naver",
         "/api/auth/login/google",
-        "/api/auth/login/apple"
+        "/api/auth/login/apple",
+        "/oauth2/authorization/google",
+        "/login/oauth2/code/google",
+        "/favicon.ico",
     )
 
     /**
@@ -44,7 +41,6 @@ object Constants {
     val BYPASS_URLS: List<String> = listOf( //
         "/hello",  // 모니터링
         "/actuator/**",  // 피드백 데이터 조회
-        "/api/v1/**", //TODO: Auth 구현 후 제거
     )
 
     const val CONTENT_TYPE: String = "Content-Type"

server/src/main/kotlin/com/app/server/common/enums/CommonResultCode.kt

@@ -19,6 +19,7 @@ enum class CommonResultCode(
 
     // domain
     AUTH_EXCEPTION("AUT000", "Auth Exception"),
+    OAUTH2_EXCEPTION("OAU000", "OAuth2 Exception"),
     USER_EXCEPTION("USR000", "User Exception"),
     NOTIFICATION_EXCEPTION("NOT000", "Notification Exception"),
     ;

server/src/main/kotlin/com/app/server/core/security/config/SecurityConfig.kt

@@ -5,14 +5,19 @@ import com.app.server.core.security.JwtAuthEntryPoint
 import com.app.server.core.security.filter.CustomLogoutFilter
 import com.app.server.core.security.filter.JwtAuthenticationFilter
 import com.app.server.core.security.filter.JwtExceptionFilter
+import com.app.server.core.security.handler.CustomOAuth2FailureHandler
+import com.app.server.core.security.handler.CustomOAuth2SuccessHandler
+import com.app.server.core.security.service.CustomOAuth2UserService
 import com.app.server.core.security.handler.CustomSignOutProcessHandler
 import com.app.server.core.security.handler.CustomSignOutResultHandler
 import com.app.server.core.security.handler.JwtAccessDeniedHandler
 import com.app.server.core.security.provider.JwtAuthenticationProvider
 import com.app.server.core.security.service.CustomUserDetailsService
 import com.app.server.core.security.util.JwtUtil
+import org.springframework.aot.generate.ValueCodeGenerator.withDefaults
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.Customizer
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
@@ -30,7 +35,10 @@ class SecurityConfig(
     private val customSignOutProcessHandler: CustomSignOutProcessHandler,
     private val customSignOutResultHandler: CustomSignOutResultHandler,
     private val jwtAuthEntryPoint: JwtAuthEntryPoint,
-    private val jwtAccessDeniedHandler: JwtAccessDeniedHandler
+    private val jwtAccessDeniedHandler: JwtAccessDeniedHandler,
+    private val customOAuth2UserService: CustomOAuth2UserService,
+    private val customOAuth2SuccessHandler: CustomOAuth2SuccessHandler,
+    private val customOAuth2failureHandler: CustomOAuth2FailureHandler,
 ) {
 
     @Bean
@@ -47,6 +55,18 @@ class SecurityConfig(
                     .anyRequest().authenticated()
             }
             .formLogin { it.disable() }
+            .oauth2Client { Customizer.withDefaults<Any>() }
+            .oauth2Login { oauth ->
+                oauth.userInfoEndpoint { userInfo ->
+                        userInfo.userService(customOAuth2UserService)
+                    }
+                    .successHandler{ request, response, authentication ->
+                        customOAuth2SuccessHandler.onAuthenticationSuccess(request, response, authentication)
+                    }
+                    .failureHandler { request, response, exception ->
+                        customOAuth2failureHandler.onAuthenticationFailure(request, response, exception)
+                    }
+            }
             .exceptionHandling { exceptions ->
                 exceptions.authenticationEntryPoint(jwtAuthEntryPoint)
                     .accessDeniedHandler(jwtAccessDeniedHandler)
@@ -57,12 +77,12 @@ class SecurityConfig(
                     .logoutSuccessHandler(customSignOutResultHandler)
                     .deleteCookies(Constants.AUTHORIZATION_HEADER, Constants.REAUTHORIZATION)
             }
-            .addFilterBefore(CustomLogoutFilter(), LogoutFilter::class.java)
             .addFilterBefore(
                 JwtAuthenticationFilter(jwtUtil, JwtAuthenticationProvider(customUserDetailsService)),
-                CustomLogoutFilter::class.java
+                LogoutFilter::class.java
             )
-            .addFilterBefore(JwtExceptionFilter(), JwtAuthenticationFilter::class.java)
+            .addFilterBefore(CustomLogoutFilter(), JwtAuthenticationFilter::class.java)
+            .addFilterBefore(JwtExceptionFilter(), CustomLogoutFilter::class.java)
 
         return http.build()
     }

server/src/main/kotlin/com/app/server/core/security/config/test.http

@@ -0,0 +1,2 @@
+GET http://localhost:8080/api/v1/challenges
+Authorization : Bearer eyJhbGciOiJIUzUxMiJ9.eyJ1aWQiOjMsImVtYWlsIjoib2hoczEwMTBAZ21haWwuY29tIiwicm9sZSI6IlVTRVIiLCJpYXQiOjE3NDY2MTMyMDYsImV4cCI6MTc0NjYxNjgwNn0.-wPd6ZdXDhRTNGx9UMu2SDyZfp6OTh759fdVK2x2vChn3NF7l1rWCmL9tVHGoQYP0cRCMeN2OvzCKSlnz-ZqEw

server/src/main/kotlin/com/app/server/core/security/dto/UserInfoResponseDto.kt

@@ -0,0 +1,24 @@
+package com.app.server.core.security.dto
+
+import com.app.server.user.domain.model.User
+import com.app.server.user.ui.dto.response.JwtTokenDto
+
+
+data class UserInfoResponseDto(
+    val nickname: String,
+    val email: String,
+    val profileImageUrl: String?,
+    val jwtTokenDto: JwtTokenDto?
+) {
+
+    companion object {
+        fun fromUserEntity(user: User, jwtTokenDto: JwtTokenDto?): UserInfoResponseDto {
+            return UserInfoResponseDto(
+                nickname = user.nickname,
+                email = user.email,
+                profileImageUrl = user.profileImageUrl,
+                jwtTokenDto = jwtTokenDto
+            )
+        }
+    }
+}

server/src/main/kotlin/com/app/server/core/security/filter/JwtAuthenticationFilter.kt

@@ -7,18 +7,14 @@ import com.app.server.core.security.provider.JwtAuthenticationProvider
 import com.app.server.core.security.util.JwtUtil
 import io.jsonwebtoken.JwtException
 import jakarta.servlet.FilterChain
-import jakarta.servlet.ServletException
 import jakarta.servlet.http.HttpServletRequest
 import jakarta.servlet.http.HttpServletResponse
-import lombok.RequiredArgsConstructor
-import lombok.extern.slf4j.Slf4j
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.context.SecurityContextHolder
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource
 import org.springframework.util.AntPathMatcher
 import org.springframework.util.StringUtils
 import org.springframework.web.filter.OncePerRequestFilter
-import java.io.IOException
 
 class JwtAuthenticationFilter(
     private val jwtUtil: JwtUtil,
@@ -45,7 +41,7 @@ class JwtAuthenticationFilter(
 
             if (StringUtils.hasText(token)) {
                 val claims = jwtUtil.validateAndGetClaimsFromToken(token)
-                val jwtUserInfo = JwtUserInfo(id = claims.get(Constants.USER_ID_CLAIM_NAME, Long::class.java))
+                val jwtUserInfo = JwtUserInfo(id = claims["uid"].toString().toLong())
 
                 val beforeAuthentication =
                     JwtAuthenticationToken(null, jwtUserInfo.id)

server/src/main/kotlin/com/app/server/core/security/handler/CustomOAuth2FailureHandler.kt

@@ -0,0 +1,30 @@
+package com.app.server.core.security.handler
+
+import com.app.server.common.enums.CommonResultCode
+import com.app.server.common.exception.UnauthorizedException
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
+import org.springframework.security.core.AuthenticationException
+import org.springframework.security.web.authentication.AuthenticationFailureHandler
+import org.springframework.stereotype.Component
+import com.fasterxml.jackson.databind.ObjectMapper
+import com.app.server.common.response.ApiResponse
+
+@Component
+class CustomOAuth2FailureHandler : AuthenticationFailureHandler {
+
+    override fun onAuthenticationFailure(
+        request: HttpServletRequest?,
+        response: HttpServletResponse?,
+        exception: AuthenticationException?
+    ) {
+        response?.contentType = "application/json"
+        response?.status = HttpServletResponse.SC_UNAUTHORIZED
+
+        val errorMessage = exception?.message ?: CommonResultCode.OAUTH2_EXCEPTION.message
+
+        val responseBody = ApiResponse.failure<UnauthorizedException>(CommonResultCode.OAUTH2_EXCEPTION, errorMessage)
+
+        response?.writer?.write(ObjectMapper().writeValueAsString(responseBody))
+    }
+}