2주차 다운

.gitignore

@@ -1,5 +1,6 @@
 HELP.md
 .gradle
+.yml
 build/
 !gradle/wrapper/gradle-wrapper.jar
 !**/src/main/**/build/

README.md

@@ -0,0 +1,28 @@
+# 0. 기초 세팅
+### 0.1. 폴더 구조 생성
+  - entity 폴더
+  - repository 폴더
+  - service 폴더
+  - controller 폴더
+### 0.2. h2 db 연결
+# 1. 기프티콘 구현
+- [x] 엔티티 구현
+- [x] 레포지토리 구현
+- [x] 서비스 구현
+- [x] 컨트롤러 구현
+- [ ] 테스트 코드 작성
+- [x] API 문서 작성
+- [ ] API 테스트
+- [x] 예외 처리
+- [ ] 예외 처리 테스트
+# 2. 회원가입 및 로그인 구현
+- [x] 클라이언트- 인가코드 받기
+- [x] 클라이언트- 인가 코드를 서버에 넘기기
+- [x] 서버- 카카오 엑세스 토큰 받기
+- [x] 서버- 카카오 리소스 서버에서 유저 정보 받기
+- [x] 서버- 유저 정보를 DB에 저장하기
+- [x] 서버- 로그인 구현
+- [x] 서버- 회원가입 구현
+- [ ] 테스트 코드 작성
+- [ ] API 문서 작성
+- [ ] API 테스트

build.gradle

@@ -46,6 +46,13 @@ dependencies {
     implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
     implementation 'io.jsonwebtoken:jjwt-impl:0.11.5'
     implementation 'io.jsonwebtoken:jjwt-jackson:0.11.5'
+
+    //security
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+
+    //test
+    testImplementation 'org.springframework.security:spring-security-test'
+
 }
 
 tasks.named('test') {

src/main/java/team/haedal/gifticionfunding/auth/api/OAuthController.java

@@ -0,0 +1,46 @@
+package team.haedal.gifticionfunding.auth.api;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+import team.haedal.gifticionfunding.auth.dto.TokenDto;
+import team.haedal.gifticionfunding.auth.service.OAuthService;
+import team.haedal.gifticionfunding.auth.service.SecurityService;
+import team.haedal.gifticionfunding.dto.user.request.UserCreate;
+import team.haedal.gifticionfunding.entity.user.User;
+import team.haedal.gifticionfunding.service.user.UserService;
+
+import java.util.Optional;
+
+@RestController
+@RequiredArgsConstructor
+@Slf4j
+public class OAuthController {
+    private final OAuthService oAuthService;
+    private final SecurityService securityService;
+    private final UserService userService;
+
+    @GetMapping("/oauth2")
+    public ResponseEntity<Void> socialLogin(@RequestParam("code") String code){
+        UserCreate userInfo=oAuthService.getUserInfo(code);
+        log.info("userInfo: {}",userInfo);
+        //null일때 exception 처리
+        Optional<User> user= Optional.ofNullable(userService.SignIn(userInfo).orElseThrow(() ->
+                new IllegalArgumentException("로그인 실패")));
+        log.info("user: {}",user.get().getId());
+        TokenDto tokenDto=securityService.generateTokenDto(user.get().getId());
+        HttpHeaders headers=securityService.setTokenHeaders(tokenDto);
+        log.info("로그인 성공");
+
+        return ResponseEntity
+                .status(HttpStatus.OK)
+                .headers(headers)
+                .build();
+    }
+
+}

src/main/java/team/haedal/gifticionfunding/auth/config/JwtAuthorizationFilter.java

@@ -0,0 +1,60 @@
+package team.haedal.gifticionfunding.auth.config;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.Authentication;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+import team.haedal.gifticionfunding.auth.jwt.JwtProvider;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.List;
+
+@Component
+@RequiredArgsConstructor
+@Slf4j
+public class JwtAuthorizationFilter extends OncePerRequestFilter {
+    private final JwtProvider jwtProvider;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+                                    FilterChain filterChain) throws IOException, ServletException {
+        log.info("dofilterinternal 실행");
+
+        if (request.getRequestURI().startsWith("/oauth2") || request.getRequestURI().startsWith("/refresh") ||request.getRequestURI().startsWith("/swagger-ui")||request.getRequestURI().startsWith("/api-docs")||request.getRequestURI().startsWith("/v3")) {
+            log.info("다음필터 실행");
+
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        //authorization header에서 access token을 추출
+        String authHeader = request.getHeader(HttpHeaders.AUTHORIZATION);
+        String accessToken = jwtProvider.parseAccessToken(authHeader);
+
+        if (StringUtils.hasText(accessToken) && jwtProvider.validateToken(accessToken)) {
+            // 일단 USER 권한만 부여
+            List<GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"));
+            Authentication authentication = new UsernamePasswordAuthenticationToken(jwtProvider.getUserIdFromToken(accessToken), null, authorities);
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+        } else {
+            throw new IllegalArgumentException("예상치 못한 토큰 오류");
+        }
+
+        log.info("다음필터 실행");
+        // 다음 Filter를 실행하기 위한 코드. 마지막 필터라면 필터 실행 후 리소스를 반환한다.
+        filterChain.doFilter(request, response);
+    }
+}

src/main/java/team/haedal/gifticionfunding/auth/config/SecurityConfig.java

@@ -0,0 +1,74 @@
+package team.haedal.gifticionfunding.auth.config;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import team.haedal.gifticionfunding.global.error.auth.CustomAccessDeniedHandler;
+import team.haedal.gifticionfunding.global.error.auth.CustomAuthenticationEntryPoint;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+
+import java.util.Arrays;
+
+@Configuration
+@EnableWebSecurity
+@RequiredArgsConstructor
+@Slf4j
+public class SecurityConfig {
+    private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
+    private final CustomAccessDeniedHandler customAccessDeniedHandler;
+    private final JwtAuthorizationFilter jwtAuthorizationFilter;
+
+    private static final String[] WHITE_LIST = {
+            "/auth2",
+            "/api-docs/**",
+            "/login/**",
+    };
+    private static final String[] AUTHENTICATION_LIST = {
+            "/api/gifticon"
+    };
+
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        log.info("필터체인 실행");
+        http
+                .csrf(AbstractHttpConfigurer::disable)
+                .cors(c -> c.configurationSource(corsConfigSource()))
+                .sessionManagement(session -> session
+                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authorizeHttpRequests(authReq -> authReq
+                        .requestMatchers(HttpMethod.OPTIONS).permitAll()
+                        .requestMatchers("/", "/login", "/oauth2/**", "/refresh","/swagger-ui/**","/api-docs","/v3/api-docs/**").permitAll()
+                        .anyRequest().authenticated())
+                .exceptionHandling(e -> e
+                        .authenticationEntryPoint(customAuthenticationEntryPoint)
+                        .accessDeniedHandler(customAccessDeniedHandler))
+                .addFilterBefore(jwtAuthorizationFilter, UsernamePasswordAuthenticationFilter.class);
+
+        return http.build();
+    }
+    @Bean
+    public CorsConfigurationSource corsConfigSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOriginPatterns(Arrays.asList("*"));    // 모든 요청 허용
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));      // 모든 HTTP 메서드 허용
+        configuration.setAllowedHeaders(Arrays.asList("*"));    // 모든 헤더 허용
+        configuration.setExposedHeaders(Arrays.asList("Authorization", "Set-cookie"));
+        configuration.setAllowCredentials(true);    // 쿠키와 같은 자격 증명을 허용
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+
+        return source;
+    }
+}

src/main/java/team/haedal/gifticionfunding/auth/dto/TokenDto.java

@@ -0,0 +1,15 @@
+package team.haedal.gifticionfunding.auth.dto;
+
+import lombok.Builder;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+
+@Getter
+@Builder
+@RequiredArgsConstructor
+public class TokenDto {
+    private final String grantType;
+    private final String accessToken;
+    private final String refreshToken;
+    private final Long accessTokenExpiresIn;
+}

src/main/java/team/haedal/gifticionfunding/auth/jwt/JwtProvider.java

@@ -0,0 +1,111 @@
+package team.haedal.gifticionfunding.auth.jwt;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.MalformedJwtException;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.UnsupportedJwtException;
+import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.security.Keys;
+import java.security.Key;
+import java.util.Date;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+import team.haedal.gifticionfunding.auth.dto.TokenDto;
+import team.haedal.gifticionfunding.global.error.auth.InvalidTokenException;
+
+@Component
+public class JwtProvider {
+
+    private final Key key;
+    private static final String GRANT_TYPE = "Bearer";
+    private static final long ACCESS_TOKEN_EXPIRES_IN = 1000L * 60 * 30; //access 30분
+    private static final long REFRESH_TOKEN_EXPIRES_IN = 1000L * 60 * 60 * 24 * 14; //refresh 14일
+
+    public JwtProvider(@Value("${jwt.secret}") String secretKey) {
+        byte[] keyBytes = Decoders.BASE64.decode(secretKey);
+        this.key = Keys.hmacShaKeyFor(keyBytes);
+    }
+
+    public TokenDto generateTokenDto(Long userId) {
+
+        long now = (new Date()).getTime();
+
+        String accessToken = generateAccessToken(now, userId);
+        String refreshToken = generateRefreshToken(now);
+
+        return TokenDto.builder()
+            .grantType(GRANT_TYPE)
+            .accessToken(accessToken)
+            .accessTokenExpiresIn(new Date(now + ACCESS_TOKEN_EXPIRES_IN).getTime())
+            .refreshToken(refreshToken)
+            .build();
+    }
+
+    public String generateAccessToken(long now, Long userId) {
+        String accessToken = Jwts.builder()
+            .setSubject(String.valueOf(userId))
+            .setExpiration(new Date(now + ACCESS_TOKEN_EXPIRES_IN))
+            .signWith(key, SignatureAlgorithm.HS512)
+            .compact();
+
+        return accessToken;
+    }
+
+    public String generateRefreshToken(long now) {
+        String refreshToken = Jwts.builder()
+            .setExpiration(new Date(now + REFRESH_TOKEN_EXPIRES_IN))
+            .signWith(key, SignatureAlgorithm.HS512)
+            .compact();
+
+        return refreshToken;
+    }
+
+    public boolean validateToken(String token) {
+        try {
+            Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token);
+            return true;
+        } catch (SecurityException | MalformedJwtException | ExpiredJwtException |
+                 UnsupportedJwtException |
+                 IllegalArgumentException e) {
+            throw e;
+        }
+    }
+
+    public String parseAccessToken(String authHeader) {
+        if (authHeader != null && authHeader.startsWith("Bearer ")) {
+            String token = authHeader.substring("Bearer ".length());
+            return token;
+        } else {
+            throw new InvalidTokenException("AccessToken이 없거나 Bearer type이 아닙니다.");
+        }
+    }
+
+    public long getUserIdFromToken(String accessToken) {
+        String userId = parseClaims(accessToken).getSubject();
+
+        return Long.parseLong(userId);
+    }
+
+    protected Claims parseClaims(String accessToken) {
+        try {
+            return Jwts.parserBuilder()
+                .setSigningKey(key)
+                .build()
+                .parseClaimsJws(accessToken)
+                .getBody();
+        } catch (ExpiredJwtException e) {
+            throw e;
+        }
+    }
+
+
+    public String generateAccessTokenForTest() {
+        return Jwts.builder()
+            .setSubject("1")
+            .setExpiration(new Date(System.currentTimeMillis() + ACCESS_TOKEN_EXPIRES_IN))
+            .signWith(key, SignatureAlgorithm.HS512)
+            .compact();
+    }
+}