Merge pull request #9 from AI-Tutor-2024/revert-8-auth

Revert "[FIX] google auth 수정 및 헤더에 오던  토큰 응답을 body로 변경 - front가 유연한 리다이렉트 하도록…"

Author: EunbeenDev

src/main/java/com/example/ai_tutor/domain/auth/application/AuthService.java

@@ -7,6 +7,7 @@
 import com.example.ai_tutor.domain.auth.dto.AuthRes;
 import com.example.ai_tutor.domain.auth.dto.RefreshTokenReq;
 import com.example.ai_tutor.domain.auth.dto.TokenMapping;
+import com.example.ai_tutor.domain.professor.domain.Professor;
 import com.example.ai_tutor.domain.professor.domain.repository.ProfessorRepository;
 import com.example.ai_tutor.domain.user.domain.User;
 import com.example.ai_tutor.domain.user.domain.repository.UserRepository;
@@ -22,6 +23,7 @@
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -32,7 +34,7 @@
 @Transactional(readOnly = true)
 public class AuthService {
 
-    private final JwtUtil jwtUtil;
+    private final CustomTokenProviderService customTokenProviderService;
     private final AuthenticationManager authenticationManager;
 
     private final TokenRepository tokenRepository;
@@ -47,17 +49,17 @@ public ResponseEntity<?> refresh(RefreshTokenReq tokenRefreshRequest){
 
         Token token = tokenRepository.findByRefreshToken(tokenRefreshRequest.getRefreshToken())
                 .orElseThrow(InvalidTokenException::new);
-        Authentication authentication = jwtUtil.getAuthenticationByEmail(token.getUserEmail());
+        Authentication authentication = customTokenProviderService.getAuthenticationByEmail(token.getUserEmail());
 
         //refresh token 정보 값을 업데이트 한다.
         //시간 유효성 확인
         TokenMapping tokenMapping;
 
-        Long expirationTime = jwtUtil.getExpiration(tokenRefreshRequest.getRefreshToken());
+        Long expirationTime = customTokenProviderService.getExpiration(tokenRefreshRequest.getRefreshToken());
         if(expirationTime > 0){
-            tokenMapping = jwtUtil.refreshToken(authentication, token.getRefreshToken());
+            tokenMapping = customTokenProviderService.refreshToken(authentication, token.getRefreshToken());
         }else{
-            tokenMapping = jwtUtil.createToken(authentication);
+            tokenMapping = customTokenProviderService.createToken(authentication);
         }
 
         Token updateToken = token.updateRefreshToken(tokenMapping.getRefreshToken());
@@ -93,15 +95,15 @@ public ResponseEntity<?> signOut(UserPrincipal userPrincipal){
     private boolean valid(String refreshToken){
 
         //1. 토큰 형식 물리적 검증
-        boolean validateCheck = jwtUtil.validateToken(refreshToken);
+        boolean validateCheck = customTokenProviderService.validateToken(refreshToken);
         DefaultAssert.isTrue(validateCheck, "Token 검증에 실패하였습니다.");
 
         //2. refresh token 값을 불러온다.
         Optional<Token> token = tokenRepository.findByRefreshToken(refreshToken);
         DefaultAssert.isTrue(token.isPresent(), "탈퇴 처리된 회원입니다.");
 
         //3. email 값을 통해 인증값을 불러온다
-        Authentication authentication = jwtUtil.getAuthenticationByEmail(token.get().getUserEmail());
+        Authentication authentication = customTokenProviderService.getAuthenticationByEmail(token.get().getUserEmail());
         DefaultAssert.isTrue(token.get().getUserEmail().equals(authentication.getName()), "사용자 인증에 실패하였습니다.");
 
         return true;
@@ -120,7 +122,7 @@ public ResponseEntity<?> signIn(SignInReq signInReq) {
         );
         SecurityContextHolder.getContext().setAuthentication(authentication);
 
-        TokenMapping tokenMapping = jwtUtil.createToken(authentication);
+        TokenMapping tokenMapping = customTokenProviderService.createToken(authentication);
         Token token = Token.builder()
                 .refreshToken(tokenMapping.getRefreshToken())
                 .userEmail(tokenMapping.getUserEmail())

src/main/java/com/example/ai_tutor/domain/auth/application/CustomDefaultOAuth2UserService.java

@@ -27,6 +27,7 @@
 public class CustomDefaultOAuth2UserService extends DefaultOAuth2UserService {
 
     private final UserRepository userRepository;
+    private PasswordEncoder passwordEncoder;
 
     @Override
     public OAuth2User loadUser(OAuth2UserRequest oAuth2UserRequest) throws OAuth2AuthenticationException {
@@ -58,20 +59,22 @@ private OAuth2User processOAuth2User(OAuth2UserRequest oAuth2UserRequest, OAuth2
             log.info("New user registered: {}", user);
         }
 
-        log.info("OAuth2 user processed: {}", user);
+        log.debug("OAuth2 user processed: {}", user);
         return UserPrincipal.create(user, oAuth2User.getAttributes());
     }
 
     private User registerNewUser(OAuth2UserRequest oAuth2UserRequest, OAuth2UserInfo oAuth2UserInfo) {
         User user = User.builder()
                 .name(oAuth2UserInfo.getName())
                 .email(oAuth2UserInfo.getEmail())
-                .password("oauth-only")
+                .password(passwordEncoder.encode(oAuth2UserInfo.getId()))
                 .provider(Provider.valueOf(oAuth2UserRequest.getClientRegistration().getRegistrationId()))
                 .providerId(oAuth2UserInfo.getId())
                 .build();
 
-        return userRepository.save(user);
+        User savedUser = userRepository.save(user);
+        log.debug("New user registered: {}", savedUser);
+        return savedUser;
     }
 
     private User updateExistingUser(User user, OAuth2UserInfo oAuth2UserInfo) {

…tor/domain/auth/application/JwtUtil.java …lication/CustomTokenProviderService.javasrc/main/java/com/example/ai_tutor/domain/auth/application/JwtUtil.java renamed to src/main/java/com/example/ai_tutor/domain/auth/application/CustomTokenProviderService.java src/main/java/com/example/ai_tutor/domain/auth/application/JwtUtil.java renamed to src/main/java/com/example/ai_tutor/domain/auth/application/CustomTokenProviderService.java

@@ -8,6 +8,7 @@
 import io.jsonwebtoken.security.Keys;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.Authentication;
@@ -18,55 +19,48 @@
 
 @Slf4j
 @Service
-public class JwtUtil {
+public class CustomTokenProviderService {
 
     @Autowired
     private OAuth2Config oAuth2Config;
 
     @Autowired
     private CustomUserDetailsService customUserDetailsService;
 
-
-
-    public TokenMapping createToken(Authentication authentication) {
+    public TokenMapping refreshToken(Authentication authentication, String refreshToken) {
         UserPrincipal userPrincipal = (UserPrincipal) authentication.getPrincipal();
-
         Date now = new Date();
 
         Date accessTokenExpiresIn = new Date(now.getTime() + oAuth2Config.getAuth().getAccessTokenExpirationMsec());
-        Date refreshTokenExpiresIn = new Date(now.getTime() + oAuth2Config.getAuth().getRefreshTokenExpirationMsec());
 
         String secretKey = oAuth2Config.getAuth().getTokenSecret();
-
         byte[] keyBytes = Decoders.BASE64.decode(secretKey);
         Key key = Keys.hmacShaKeyFor(keyBytes);
 
         String accessToken = Jwts.builder()
-                .setSubject(userPrincipal.getEmail())
+                .setSubject(Long.toString(userPrincipal.getId()))
                 .setIssuedAt(new Date())
                 .setExpiration(accessTokenExpiresIn)
                 .signWith(key, SignatureAlgorithm.HS512)
                 .compact();
 
-        String refreshToken = Jwts.builder()
-                .setExpiration(refreshTokenExpiresIn)
-                .signWith(key, SignatureAlgorithm.HS512)
-                .compact();
-
         return TokenMapping.builder()
                 .userEmail(userPrincipal.getEmail())
                 .accessToken(accessToken)
                 .refreshToken(refreshToken)
                 .build();
     }
 
-    public TokenMapping refreshToken(Authentication authentication, String refreshToken) {
+    public TokenMapping createToken(Authentication authentication) {
         UserPrincipal userPrincipal = (UserPrincipal) authentication.getPrincipal();
+
         Date now = new Date();
 
         Date accessTokenExpiresIn = new Date(now.getTime() + oAuth2Config.getAuth().getAccessTokenExpirationMsec());
+        Date refreshTokenExpiresIn = new Date(now.getTime() + oAuth2Config.getAuth().getRefreshTokenExpirationMsec());
 
         String secretKey = oAuth2Config.getAuth().getTokenSecret();
+
         byte[] keyBytes = Decoders.BASE64.decode(secretKey);
         Key key = Keys.hmacShaKeyFor(keyBytes);
 
@@ -77,6 +71,11 @@ public TokenMapping refreshToken(Authentication authentication, String refreshTo
                 .signWith(key, SignatureAlgorithm.HS512)
                 .compact();
 
+        String refreshToken = Jwts.builder()
+                .setExpiration(refreshTokenExpiresIn)
+                .signWith(key, SignatureAlgorithm.HS512)
+                .compact();
+
         return TokenMapping.builder()
                 .userEmail(userPrincipal.getEmail())
                 .accessToken(accessToken)

src/main/java/com/example/ai_tutor/global/config/security/SecurityConfig.java

@@ -6,13 +6,14 @@
 import com.example.ai_tutor.global.config.security.handler.CustomSimpleUrlAuthenticationFailureHandler;
 import com.example.ai_tutor.global.config.security.handler.CustomSimpleUrlAuthenticationSuccessHandler;
 import com.example.ai_tutor.global.config.security.token.CustomAuthenticationEntryPoint;
-import com.example.ai_tutor.global.config.security.token.JwtAuthenticationFilter;
+import com.example.ai_tutor.global.config.security.token.CustomOncePerRequestFilter;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -29,6 +30,8 @@
 import java.util.Arrays;
 import java.util.List;
 
+import static org.springframework.security.config.Customizer.withDefaults;
+
 @RequiredArgsConstructor
 @Configuration
 @EnableWebSecurity
@@ -46,8 +49,8 @@ public PasswordEncoder passwordEncoder() {
     }
 
     @Bean
-    public JwtAuthenticationFilter customOncePerRequestFilter() {
-        return new JwtAuthenticationFilter();
+    public CustomOncePerRequestFilter customOncePerRequestFilter() {
+        return new CustomOncePerRequestFilter();
     }
 
     @Bean

src/main/java/com/example/ai_tutor/global/config/security/handler/CustomSimpleUrlAuthenticationFailureHandler.java

@@ -7,39 +7,30 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.stereotype.Component;
 import org.springframework.web.util.UriComponentsBuilder;
 
 import java.io.IOException;
-import java.util.Arrays;
 
 import static com.example.ai_tutor.domain.auth.domain.repository.CustomAuthorizationRequestRepository.REDIRECT_URI_PARAM_COOKIE_NAME;
 
 @RequiredArgsConstructor
 @Component
-@Slf4j
 public class CustomSimpleUrlAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
     private final CustomAuthorizationRequestRepository customAuthorizationRequestRepository;
 
     @Override
     public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
-        log.error("OAuth2 로그인 실패: {}", exception.getMessage());
-
-        log.info("Request URI: {}", request.getRequestURI());
-        log.info("Query String: {}", request.getQueryString());
-        log.info("Cookies: {}", Arrays.toString(request.getCookies()));
-
         String targetUrl = CustomCookie.getCookie(request, REDIRECT_URI_PARAM_COOKIE_NAME)
                 .map(Cookie::getValue)
                 .orElse(("/"));
 
         targetUrl = UriComponentsBuilder.fromUriString(targetUrl)
-                .queryParam("error", "invalid_request")
-                .build()
-                .toUriString();
+                .queryParam("error", exception.getLocalizedMessage())
+                .build().toUriString();
+
         customAuthorizationRequestRepository.removeAuthorizationRequestCookies(request, response);
 
         getRedirectStrategy().sendRedirect(request, response, targetUrl);

src/main/java/com/example/ai_tutor/global/config/security/handler/CustomSimpleUrlAuthenticationSuccessHandler.java

@@ -1,6 +1,6 @@
 package com.example.ai_tutor.global.config.security.handler;
 
-import com.example.ai_tutor.domain.auth.application.JwtUtil;
+import com.example.ai_tutor.domain.auth.application.CustomTokenProviderService;
 import com.example.ai_tutor.domain.auth.domain.Token;
 import com.example.ai_tutor.domain.auth.domain.repository.CustomAuthorizationRequestRepository;
 import com.example.ai_tutor.domain.auth.domain.repository.TokenRepository;
@@ -13,7 +13,6 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
@@ -25,66 +24,65 @@
 
 import static com.example.ai_tutor.domain.auth.domain.repository.CustomAuthorizationRequestRepository.REDIRECT_URI_PARAM_COOKIE_NAME;
 
-@Slf4j
 @RequiredArgsConstructor
 @Component
 public class CustomSimpleUrlAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
 
-    private final JwtUtil jwtUtil;             // JWT 생성 유틸
+    private final CustomTokenProviderService customTokenProviderService;
+    private final OAuth2Config oAuth2Config;
     private final TokenRepository tokenRepository;
     private final CustomAuthorizationRequestRepository customAuthorizationRequestRepository;
 
     @Override
-    public void onAuthenticationSuccess(HttpServletRequest request,
-                                        HttpServletResponse response,
-                                        Authentication authentication) throws IOException, ServletException {
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
+        DefaultAssert.isAuthentication(!response.isCommitted());
 
-        // 이미 응답이 전송된 상태인지 확인
-        if (response.isCommitted()) {
-            log.warn("Response already committed.");
-            return;
-        }
+        String targetUrl = determineTargetUrl(request, response, authentication);
 
-        // 1) JWT 토큰 생성
-        TokenMapping tokenMapping = jwtUtil.createToken(authentication);
+        TokenMapping token = customTokenProviderService.createToken(authentication);
+        CustomCookie.addCookie(response, "Authorization", "Bearer_" + token.getAccessToken(), (int) oAuth2Config.getAuth().getAccessTokenExpirationMsec());
+        CustomCookie.addCookie(response, "Refresh_Token", "Bearer_" + token.getRefreshToken(), (int) oAuth2Config.getAuth().getRefreshTokenExpirationMsec());
 
-        // 2) RefreshToken 저장 (DB or Redis etc.)
+        clearAuthenticationAttributes(request, response);
+        getRedirectStrategy().sendRedirect(request, response, targetUrl);
+    }
+
+    protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
+        Optional<String> redirectUri = CustomCookie.getCookie(request, REDIRECT_URI_PARAM_COOKIE_NAME).map(Cookie::getValue);
+
+        DefaultAssert.isAuthentication( !(redirectUri.isPresent() && !isAuthorizedRedirectUri(redirectUri.get())) );
+
+        String targetUrl = redirectUri.orElse(getDefaultTargetUrl());
+
+        TokenMapping tokenMapping = customTokenProviderService.createToken(authentication);
         Token token = Token.builder()
                 .userEmail(tokenMapping.getUserEmail())
                 .refreshToken(tokenMapping.getRefreshToken())
                 .build();
         tokenRepository.save(token);
 
-        // 3) JSON으로 응답
-        response.setContentType("application/json;charset=UTF-8");
-        response.setCharacterEncoding("UTF-8");
-
-        String jsonResponse = String.format(
-                "{\"accessToken\":\"%s\",\"refreshToken\":\"%s\"}",
-                tokenMapping.getAccessToken(),
-                tokenMapping.getRefreshToken()
-        );
-
-        // 4) OAuth2 인증 과정에서 사용된 쿠키/세션 정리
-        clearAuthenticationAttributes(request, response);
-        customAuthorizationRequestRepository.removeAuthorizationRequestCookies(request, response);
-
-        // 5) 최종 응답
-        response.getWriter().write(jsonResponse);
-        response.getWriter().flush();
-
-        log.info("OAuth2 로그인 성공. JWT 토큰 발급 후 JSON으로 응답 완료.");
+        return UriComponentsBuilder.fromUriString(targetUrl)
+                .queryParam("token", tokenMapping.getAccessToken())
+                .build().toUriString();
     }
 
-    /**
-     * 원래 SimpleUrlAuthenticationSuccessHandler에는
-     * clearAuthenticationAttributes(HttpServletRequest request) 만 있으므로,
-     * 필요시 우리가 (request, response) 시그니처의 메서드로 확장.
-     * 내부에서는 부모 메서드(super) 호출해서 세션 정리만 수행.
-     */
     protected void clearAuthenticationAttributes(HttpServletRequest request, HttpServletResponse response) {
-        // 부모 클래스가 세션의 "SPRING_SECURITY_LAST_EXCEPTION" 제거해줌
         super.clearAuthenticationAttributes(request);
+        customAuthorizationRequestRepository.removeAuthorizationRequestCookies(request, response);
     }
-}
 
+    private boolean isAuthorizedRedirectUri(String uri) {
+        URI clientRedirectUri = URI.create(uri);
+
+        return oAuth2Config.getOauth2().getAuthorizedRedirectUris()
+                .stream()
+                .anyMatch(authorizedRedirectUri -> {
+                    URI authorizedURI = URI.create(authorizedRedirectUri);
+                    if(authorizedURI.getHost().equalsIgnoreCase(clientRedirectUri.getHost())
+                            && authorizedURI.getPort() == clientRedirectUri.getPort()) {
+                        return true;
+                    }
+                    return false;
+                });
+    }
+}