From 6c35d78b3ace2b6b3935f9b3ecdf06de2a610027 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EB=82=98=EA=B2=BD=ED=98=B8?= Date: Fri, 29 Nov 2024 14:53:39 +0900 Subject: [PATCH] =?UTF-8?q?refactor:=20orgin=20cookie=20=ED=94=84=EB=A1=A0?= =?UTF-8?q?=ED=8A=B8=EC=97=90=20=EB=8B=B4=EA=B8=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/org/findy/findy_be/auth/api/AuthController.java | 4 +++- .../oauth/handler/OAuth2AuthenticationSuccessHandler.java | 7 +++++-- .../OAuth2AuthorizationRequestBasedOnCookieRepository.java | 7 +++++-- .../java/org/findy/findy_be/common/utils/CookieUtil.java | 3 ++- 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/findy/findy_be/auth/api/AuthController.java b/src/main/java/org/findy/findy_be/auth/api/AuthController.java index 23df18e..cca56fc 100644 --- a/src/main/java/org/findy/findy_be/auth/api/AuthController.java +++ b/src/main/java/org/findy/findy_be/auth/api/AuthController.java @@ -1,5 +1,7 @@ package org.findy.findy_be.auth.api; +import static org.findy.findy_be.auth.oauth.handler.OAuth2AuthenticationSuccessHandler.*; + import java.util.Date; import org.findy.findy_be.auth.api.swagger.AuthAPIPresentation; @@ -89,7 +91,7 @@ public void refreshToken(HttpServletRequest request, HttpServletResponse respons int cookieMaxAge = (int)refreshTokenExpiry / 60; CookieUtil.deleteCookie(request, response, REFRESH_TOKEN); - CookieUtil.addCookie(response, REFRESH_TOKEN, authRefreshToken.getToken(), cookieMaxAge); + CookieUtil.addCookie(response, REFRESH_TOKEN, authRefreshToken.getToken(), cookieMaxAge, FRONT_DOMAIN); } } } diff --git a/src/main/java/org/findy/findy_be/auth/oauth/handler/OAuth2AuthenticationSuccessHandler.java b/src/main/java/org/findy/findy_be/auth/oauth/handler/OAuth2AuthenticationSuccessHandler.java index fe049b6..2ad0ab2 100644 --- a/src/main/java/org/findy/findy_be/auth/oauth/handler/OAuth2AuthenticationSuccessHandler.java +++ b/src/main/java/org/findy/findy_be/auth/oauth/handler/OAuth2AuthenticationSuccessHandler.java @@ -42,6 +42,8 @@ public class OAuth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationS private static final String BEARER = "Bearer "; private static final String LOCAL_URL = "http://localhost:5173"; + public static final String FRONT_DOMAIN = "findynow.com"; + public static final String FRONT_LOCAL_DOMAIN = "localhost"; private final AuthTokenProvider tokenProvider; private final AppProperties appProperties; @@ -68,12 +70,13 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo int cookieMaxAge = (int)new Date(System.currentTimeMillis() + appProperties.getAuth().getTokenExpiry()).getTime() / 60; - CookieUtil.addCookie(response, ACCESS_TOKEN, accessToken.getToken(), cookieMaxAge); response.setHeader(accessHeader, BEARER + accessToken.getToken()); if (request.getRequestURI().contains("http://localhost:5173")) { + CookieUtil.addCookie(response, ACCESS_TOKEN, accessToken.getToken(), cookieMaxAge, FRONT_LOCAL_DOMAIN); getRedirectStrategy().sendRedirect(request, response, "http://localhost:5173/map"); } else { + CookieUtil.addCookie(response, ACCESS_TOKEN, accessToken.getToken(), cookieMaxAge, FRONT_DOMAIN); getRedirectStrategy().sendRedirect(request, response, "https://findynow.com/map"); } clearAuthenticationAttributes(request, response); @@ -128,7 +131,7 @@ protected String determineTargetUrl(HttpServletRequest request, HttpServletRespo int cookieMaxAge = (int)refreshTokenExpiry / 60; CookieUtil.deleteCookie(request, response, REFRESH_TOKEN); - CookieUtil.addCookie(response, REFRESH_TOKEN, refreshToken.getToken(), cookieMaxAge); + CookieUtil.addCookie(response, REFRESH_TOKEN, refreshToken.getToken(), cookieMaxAge, FRONT_DOMAIN); return UriComponentsBuilder.fromUriString(LOCAL_URL) .queryParam("token", accessToken.getToken()) diff --git a/src/main/java/org/findy/findy_be/auth/oauth/repository/OAuth2AuthorizationRequestBasedOnCookieRepository.java b/src/main/java/org/findy/findy_be/auth/oauth/repository/OAuth2AuthorizationRequestBasedOnCookieRepository.java index c90ed7f..2018ec1 100644 --- a/src/main/java/org/findy/findy_be/auth/oauth/repository/OAuth2AuthorizationRequestBasedOnCookieRepository.java +++ b/src/main/java/org/findy/findy_be/auth/oauth/repository/OAuth2AuthorizationRequestBasedOnCookieRepository.java @@ -1,5 +1,7 @@ package org.findy.findy_be.auth.oauth.repository; +import static org.findy.findy_be.auth.oauth.handler.OAuth2AuthenticationSuccessHandler.*; + import org.findy.findy_be.common.utils.CookieUtil; import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; @@ -36,10 +38,11 @@ public void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationReq } CookieUtil.addCookie(response, OAUTH2_AUTHORIZATION_REQUEST_COOKIE_NAME, - CookieUtil.serialize(authorizationRequest), cookieExpireSeconds); + CookieUtil.serialize(authorizationRequest), cookieExpireSeconds, FRONT_DOMAIN); String redirectUriAfterLogin = request.getParameter(REDIRECT_URI_PARAM_COOKIE_NAME); if (StringUtils.isNotBlank(redirectUriAfterLogin)) { - CookieUtil.addCookie(response, REDIRECT_URI_PARAM_COOKIE_NAME, redirectUriAfterLogin, cookieExpireSeconds); + CookieUtil.addCookie(response, REDIRECT_URI_PARAM_COOKIE_NAME, redirectUriAfterLogin, cookieExpireSeconds, + FRONT_DOMAIN); } } diff --git a/src/main/java/org/findy/findy_be/common/utils/CookieUtil.java b/src/main/java/org/findy/findy_be/common/utils/CookieUtil.java index e8fa245..485b2b2 100644 --- a/src/main/java/org/findy/findy_be/common/utils/CookieUtil.java +++ b/src/main/java/org/findy/findy_be/common/utils/CookieUtil.java @@ -24,9 +24,10 @@ public static Optional getCookie(HttpServletRequest request, String name return Optional.empty(); } - public static void addCookie(HttpServletResponse response, String name, String value, int maxAge) { + public static void addCookie(HttpServletResponse response, String name, String value, int maxAge, String domain) { Cookie cookie = new Cookie(name, value); cookie.setPath("/"); + cookie.setDomain(domain); cookie.setHttpOnly(true); cookie.setMaxAge(maxAge);