Merge pull request #20 from AI-Tutor-2024/auth

[FIX] 소셜 로그인 시, 유저 정보 요청을 직접 하기 위한 변경사항

Author: EunbeenDev

src/main/java/com/example/ai_tutor/domain/auth/application/AuthService.java

@@ -1,30 +1,28 @@
 package com.example.ai_tutor.domain.auth.application;
 
 import com.example.ai_tutor.domain.auth.domain.Token;
-import com.example.ai_tutor.domain.auth.dto.SignInReq;
+import com.example.ai_tutor.domain.auth.dto.*;
 import com.example.ai_tutor.domain.auth.exception.InvalidTokenException;
 import com.example.ai_tutor.domain.auth.domain.repository.TokenRepository;
-import com.example.ai_tutor.domain.auth.dto.AuthRes;
-import com.example.ai_tutor.domain.auth.dto.RefreshTokenReq;
-import com.example.ai_tutor.domain.auth.dto.TokenMapping;
 import com.example.ai_tutor.domain.professor.domain.repository.ProfessorRepository;
 import com.example.ai_tutor.domain.user.domain.Provider;
 import com.example.ai_tutor.domain.user.domain.User;
 import com.example.ai_tutor.domain.user.domain.repository.UserRepository;
 import com.example.ai_tutor.global.DefaultAssert;
 import com.example.ai_tutor.global.config.security.token.UserPrincipal;
-import com.example.ai_tutor.global.error.DefaultException;
 import com.example.ai_tutor.global.payload.ApiResponse;
-import com.example.ai_tutor.global.payload.ErrorCode;
 import com.example.ai_tutor.global.payload.Message;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.annotation.RequestHeader;
 
 import java.util.Optional;
 
@@ -35,6 +33,8 @@ public class AuthService {
 
     private final CustomTokenProviderService customTokenProviderService;
     private final AuthenticationManager authenticationManager;
+    private final IdTokenVerifier idTokenVerifier;
+    private final UserDetailsService userDetailsService;
 
     private final TokenRepository tokenRepository;
     private final UserRepository userRepository;
@@ -108,33 +108,46 @@ private boolean valid(String refreshToken){
         return true;
     }
 
+
     @Transactional
-    public ResponseEntity<?> signIn(SignInReq signInReq) {
-        String email = signInReq.getEmail();
-        // 유저 조회
-        User user = userRepository.findByEmail(email)
-                .orElseThrow(() -> new DefaultException(ErrorCode.INVALID_CHECK, "유저 정보가 유효하지 않습니다."));
+    public ResponseEntity<?> signIn(SignInReq signInReq, @RequestHeader("Authorization") String authorizationHeader) {
+        // 1. 토큰 파싱
+        String googleAccessToken = authorizationHeader.replace("Bearer ", "").trim();
+
+        UserInfo userInfo = idTokenVerifier.verifyIdToken(googleAccessToken, signInReq.getEmail());
 
+        // 2. ID 토큰 검증 및 사용자 정보 추출
+        if (userInfo == null) {
+            throw new RuntimeException("유효하지 않은 ID 토큰");
+        }
+        User user = userRepository.findByEmail(userInfo.getEmail())
+                .orElseGet(() -> {
+                    User newUser = User.builder()
+                            .email(userInfo.getEmail())
+                            .name(userInfo.getName())
+                            .password("oauth-only")
+                            .provider(Provider.google)
+                            .providerId(signInReq.getProviderId())
+                            .build();
+                    return userRepository.save(newUser);
+                });
+
+        // 4. Spring Security 인증 객체 생성
         // 인증 객체 생성 및 SecurityContext 등록
-        Authentication authentication = authenticationManager.authenticate(
-                new UsernamePasswordAuthenticationToken(
-                        signInReq.getEmail(),
-                        signInReq.getProviderId()
-                )
-        );
+        UserDetails userDetails = userDetailsService.loadUserByUsername(user.getEmail());
+        UsernamePasswordAuthenticationToken authentication =
+                new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
         SecurityContextHolder.getContext().setAuthentication(authentication);
-
-        // JWT 토큰 생성
+        // 5. JWT 토큰 생성 및 refresh 저장
         TokenMapping tokenMapping = customTokenProviderService.createToken(authentication);
 
-        // 리프레시 토큰 DB 저장
         Token token = Token.builder()
+                .userEmail(user.getEmail())
                 .refreshToken(tokenMapping.getRefreshToken())
-                .userEmail(tokenMapping.getEmail())
                 .build();
         tokenRepository.save(token);
 
-        // 응답 DTO 생성
+        // 6. 응답 구성
         AuthRes authResponse = AuthRes.builder()
                 .accessToken(tokenMapping.getAccessToken())
                 .refreshToken(token.getRefreshToken())
@@ -148,4 +161,7 @@ public ResponseEntity<?> signIn(SignInReq signInReq) {
         return ResponseEntity.ok(apiResponse);
     }
 
+
+
+
 }

src/main/java/com/example/ai_tutor/domain/auth/application/IdTokenVerifier.java

@@ -0,0 +1,55 @@
+package com.example.ai_tutor.domain.auth.application;
+
+import com.example.ai_tutor.domain.auth.dto.UserInfo;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.*;
+import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestTemplate;
+
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class IdTokenVerifier {
+
+    @Value("${spring.security.oauth2.client.provider.google.user-info-uri}")
+    private String googleUserInfoUri;
+
+    @Value("${app.auth.token-secret}")
+    private String jwtSecret;
+
+    private final ObjectMapper objectMapper;
+    private final RestTemplate restTemplate;
+
+    public UserInfo verifyIdToken(String idToken, String email) {
+        try {
+            HttpHeaders headers = new HttpHeaders();
+            headers.set("Authorization", "Bearer " + idToken);
+            HttpEntity<String> entity = new HttpEntity<>(headers);
+
+            ResponseEntity<String> response = restTemplate.postForEntity(googleUserInfoUri, entity, String.class);
+
+            if (response.getStatusCode().is2xxSuccessful()) {
+                JsonNode userInfo = objectMapper.readTree(response.getBody());
+
+                String tokenEmail = userInfo.path("email").asText();
+                String name = userInfo.path("name").asText(); // 여기!
+
+                if (!email.equals(tokenEmail)) {
+                    throw new IllegalArgumentException("ID 토큰의 이메일과 요청된 이메일이 일치하지 않습니다.");
+                }
+
+                return new UserInfo(tokenEmail, name); // DTO에 담아 반환
+            } else {
+                throw new RuntimeException("ID 토큰 검증 실패: " + response.getStatusCode());
+            }
+        } catch (Exception e) {
+            throw new RuntimeException("ID 토큰 검증 중 오류 발생", e);
+        }
+    }
+
+
+}

src/main/java/com/example/ai_tutor/domain/auth/dto/UserInfo.java

@@ -0,0 +1,11 @@
+package com.example.ai_tutor.domain.auth.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@Getter
+@AllArgsConstructor
+public class UserInfo {
+    private String email;
+    private String name;
+}

src/main/java/com/example/ai_tutor/domain/auth/presentation/AuthController.java

@@ -31,16 +31,25 @@ public class AuthController {
 
     @Operation(summary = "로그인", description = "사용자가 로그인을 수행합니다.")
     @ApiResponses(value = {
-            @ApiResponse(responseCode = "200", description = "로그인 성공", content = { @Content(mediaType = "application/json", schema = @Schema(implementation = AuthRes.class) ) } ),
-            @ApiResponse(responseCode = "400", description = "로그인 실패", content = { @Content(mediaType = "application/json", schema = @Schema(implementation = ErrorResponse.class) ) } ),
+            @ApiResponse(responseCode = "200", description = "로그인 성공", content = {
+                    @Content(mediaType = "application/json", schema = @Schema(implementation = AuthRes.class))
+            }),
+            @ApiResponse(responseCode = "400", description = "로그인 실패", content = {
+                    @Content(mediaType = "application/json", schema = @Schema(implementation = ErrorResponse.class))
+            }),
     })
-    @PostMapping(value="/sign-in")
+    @PostMapping(value = "/sign-in")
     public ResponseEntity<?> signIn(
-            @Parameter(description = "SignInReq Schema를 확인해주세요.", required = true) @RequestBody SignInReq signInReq
+            @Parameter(description = "SignInReq Schema를 확인해주세요.", required = true)
+            @RequestBody SignInReq signInReq,
+
+            @Parameter(hidden = true) // Swagger 문서에 안 보이게
+            @RequestHeader("Authorization") String authorizationHeader
     ) {
-        return authService.signIn(signInReq);
+        return authService.signIn(signInReq, authorizationHeader);
     }
 
+
     @Operation(summary = "토큰 갱신", description = "신규 토큰 갱신을 수행합니다.")
     @ApiResponses(value = {
             @ApiResponse(responseCode = "200", description = "토큰 갱신 성공", content = { @Content(mediaType = "application/json", schema = @Schema(implementation = AuthRes.class) ) } ),

src/main/java/com/example/ai_tutor/global/config/AppConfig.java

@@ -0,0 +1,14 @@
+package com.example.ai_tutor.global.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.client.RestTemplate;
+
+@Configuration
+public class AppConfig {
+
+    @Bean
+    public RestTemplate restTemplate() {
+        return new RestTemplate();
+    }
+}