🔀 Merge pull request #110 from Boggle-Boggle/feature/#100

✨ 회원탈퇴시 인증서버 /revoke 추가

Author: cheshireHYUN

src/main/java/com/boggle_boggle/bbegok/config/properties/AppleProperties.java

@@ -25,16 +25,24 @@
 import java.util.Map;
 
 @Setter
+@Getter
 @Component
 @ConfigurationProperties(prefix = "apple")
 public class AppleProperties {
-
     private String teamId;
     private String keyId;
     private String keyPath;
     private String redirectUri;
     private String iss;
     private String aud; //client-id
+    private Auth auth;
+
+    @Setter
+    public static class Auth {
+        private String tokenUrl; //토큰을 획득하기 위해 앱에 전달된 권한 부여 코드 확인
+        private String publicKeyUrl;
+        private String revokeUrl;
+    }
 
     public String getAppleLoginUrl(String redirectUri) {
         return iss + "/auth/authorize"
@@ -44,6 +52,14 @@ public String getAppleLoginUrl(String redirectUri) {
                 + "&state=" + redirectUri;
     }
 
+
+    public String getAppleRevokeData(String accessToken) throws IOException {
+        return "client_id="  + aud
+                +"&client_secret=" + createClientSecretKey()
+                +"&token=" + accessToken
+                +"&token_type_hint=access_token";
+    }
+
     public String generateAuthToken(String code) throws IOException {
         if (code == null) throw new IllegalArgumentException("Failed get authorization code");
 

src/main/java/com/boggle_boggle/bbegok/controller/RevokeController.java

@@ -0,0 +1,24 @@
+package com.boggle_boggle.bbegok.controller;
+
+import com.boggle_boggle.bbegok.dto.base.DataResponseDto;
+import com.boggle_boggle.bbegok.service.RevokeService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.io.IOException;
+
+@RestController
+@RequiredArgsConstructor
+public class RevokeController {
+    private final RevokeService revokeService;
+
+    @DeleteMapping("/oauth2/revoke")
+    public DataResponseDto<Void> revokeAccount(@AuthenticationPrincipal UserDetails userDetails) throws IOException {
+        revokeService.deleteAccount(userDetails.getUsername());
+        return DataResponseDto.empty();
+    }
+}

src/main/java/com/boggle_boggle/bbegok/controller/UserController.java

@@ -4,6 +4,7 @@
 import com.boggle_boggle.bbegok.dto.base.DataResponseDto;
 import com.boggle_boggle.bbegok.dto.request.NickNameRequest;
 import com.boggle_boggle.bbegok.dto.response.TermsResponse;
+import com.boggle_boggle.bbegok.service.RevokeService;
 import com.boggle_boggle.bbegok.service.UserService;
 import com.boggle_boggle.bbegok.utils.CookieUtil;
 import jakarta.servlet.http.HttpServletRequest;
@@ -17,21 +18,23 @@
 import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.DEVICE_CODE;
 import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.REFRESH_TOKEN;
 
+import java.io.IOException;
 import java.util.List;
 
 @RestController
 @RequiredArgsConstructor
 @RequestMapping("/user")
 public class UserController {
 
+    private final RevokeService revokeService;
     private final UserService userService;
 
     //회원탈퇴
+    // @DeleteMapping("/oauth2/revoke")
     @DeleteMapping
-    public DataResponseDto<Null> deleteUser(HttpServletRequest request, HttpServletResponse response, @AuthenticationPrincipal UserDetails userDetails) {
-        CookieUtil.deleteCookie(request, response, REFRESH_TOKEN);
-        CookieUtil.deleteCookie(request, response, DEVICE_CODE);
-        userService.deleteUser(userDetails.getUsername());
+    public DataResponseDto<Void> deleteUser(HttpServletRequest request, HttpServletResponse response, @AuthenticationPrincipal UserDetails userDetails) throws IOException {
+        revokeService.deleteAccount(userDetails.getUsername());
+        //userService.deleteUser(request, response, userDetails.getUsername());
         return DataResponseDto.empty();
     }
 

src/main/java/com/boggle_boggle/bbegok/entity/Library.java

@@ -19,7 +19,7 @@ public class Library {
     @JoinColumn(name = "user_seq")
     private User user;
 
-    @Column(name = "library_name", nullable = false)
+    @Column(name = "library_name", nullable = false, length = 15)
     private String libraryName;
 
     @OneToMany(mappedBy = "library", cascade = CascadeType.ALL, orphanRemoval = true)

src/main/java/com/boggle_boggle/bbegok/entity/Terms.java

@@ -19,7 +19,7 @@ public class Terms {
     @Column(name = "title", nullable = false)
     private String title;
 
-    @Column(name = "content", nullable = false)
+    @Column(name = "content", nullable = false, length = 1000)
     private String content;
 
     @Column(name = "version", nullable = false)

src/main/java/com/boggle_boggle/bbegok/entity/user/User.java

@@ -29,7 +29,7 @@ public class User {
     @Size(max = 64)
     private String userId;
 
-    @Column(name = "user_name", unique = true, length = 20)
+    @Column(name = "user_name", unique = true, length = 12)
     private String userName = null;
 
     @JsonIgnore
@@ -39,7 +39,7 @@ public class User {
 
     @JsonIgnore
     @Column(name = "access_token", length = 512)
-    private String accessToken;
+    private String oauth2AccessToken;
 
     @Column(name = "email", length = 512, unique = true, nullable = true)
     @Size(max = 512)
@@ -98,6 +98,24 @@ protected User(
     }
 
 
+    protected User(
+            String userId,
+            String emailVerifiedYn,
+            ProviderType providerType,
+            RoleType roleType,
+            LocalDateTime createdAt,
+            LocalDateTime modifiedAt,
+            String accessToken) {
+        this.userId = userId;
+        this.emailVerifiedYn = emailVerifiedYn;
+        this.providerType = providerType;
+        this.roleType = roleType;
+        this.createdAt = createdAt;
+        this.modifiedAt = modifiedAt;
+        this.oauth2AccessToken = accessToken;
+    }
+
+
     public static User createUser(
             @NotNull String userId,
             @NotNull String emailVerifiedYn,
@@ -117,7 +135,7 @@ public static User createUser(
             @NotNull LocalDateTime modifiedAt,
             @NotNull String accessToken
     ){
-        return new User(userId, emailVerifiedYn, providerType, roleType, createdAt, modifiedAt);
+        return new User(userId, emailVerifiedYn, providerType, roleType, createdAt, modifiedAt, accessToken);
     }
 
     public void updateNickName(String nickName){
@@ -134,4 +152,8 @@ public void updateGuestToUser(String latestVersion) {
         this.roleType = RoleType.USER;
         this.agreedVersion = latestVersion;
     }
+
+    public void updateAccessToken(String accessToken) {
+        this.oauth2AccessToken = accessToken;
+    }
 }

src/main/java/com/boggle_boggle/bbegok/service/AppleService.java

@@ -78,6 +78,7 @@ public User process(String code) {
                                     " account. Please use your " + savedUser.getProviderType() + " account to login."
                     );
                 }
+                savedUser.updateAccessToken(accessToken);
             } else {
                 savedUser = createAppleUser(userId,accessToken);
                 userSettingsRepository.saveAndFlush(UserSettings.createUserSettings(savedUser));

src/main/java/com/boggle_boggle/bbegok/service/RevokeService.java

@@ -0,0 +1,119 @@
+package com.boggle_boggle.bbegok.service;
+
+import com.boggle_boggle.bbegok.config.properties.AppleProperties;
+import com.boggle_boggle.bbegok.entity.user.User;
+import com.boggle_boggle.bbegok.exception.Code;
+import com.boggle_boggle.bbegok.exception.exception.GeneralException;
+import com.boggle_boggle.bbegok.oauth.entity.ProviderType;
+import com.boggle_boggle.bbegok.repository.user.UserRefreshTokenRepository;
+import com.boggle_boggle.bbegok.repository.user.UserRepository;
+import com.boggle_boggle.bbegok.utils.CookieUtil;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.*;
+import org.springframework.stereotype.Service;
+import org.springframework.web.client.RestTemplate;
+
+import java.io.IOException;
+import java.security.AuthProvider;
+import java.util.Optional;
+
+import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.DEVICE_CODE;
+import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.REFRESH_TOKEN;
+
+@Slf4j
+@RequiredArgsConstructor
+@Service
+public class RevokeService {
+    private final UserRepository userRepository;
+    private final AppleProperties appleProperties;
+    private final UserRefreshTokenRepository userRefreshTokenRepository;
+    private final AppleService appleService;
+
+    @Value("${apple.revoke-url}")
+    String appleRevokeUrl;
+    @Value("${google.revoke-url}")
+    String googleRevokeUrl;
+    @Value("${kakao.revoke-url}")
+    String kakaoRevokeUrl;
+
+    //(1) User 삭제
+    //(2) 인증서버의 액세스토큰 무효화
+    //(3) 쿠키제거
+
+    public void deleteAccount(String userId) throws IOException {
+        User user = getUser(userId);
+        deleteUser(user);
+
+        switch (user.getProviderType()) {
+            case APPLE -> deleteAppleAccount(user);
+            case GOOGLE -> deleteGoogleAccount(user);
+            case KAKAO -> deleteKakaoAccount(user);
+        }
+    }
+
+    public void deleteAppleAccount(User user) throws IOException {
+        String data = appleProperties.getAppleRevokeData(user.getOauth2AccessToken());
+        sendRevokeRequest(data, ProviderType.APPLE, null);
+    }
+
+    public void deleteGoogleAccount(User user) {
+        String data = "token=" + user.getOauth2AccessToken();
+        sendRevokeRequest(data, ProviderType.GOOGLE, null);
+    }
+
+    public void deleteKakaoAccount(User user) {
+        sendRevokeRequest(null, ProviderType.KAKAO, user.getOauth2AccessToken());
+    }
+
+
+    private void deleteUser(User user) {
+        user.softDelete();
+        userRefreshTokenRepository.deleteByUser(user);
+    }
+
+    /**
+     * @param data : revoke request의 body에 들어갈 데이터
+     * @param provider : oauth2 업체
+     * @param accessToken : 카카오의 경우 url이 아니라 헤더에 access token을 첨부해서 보내줘야 함
+     */
+    private void sendRevokeRequest(String data, ProviderType provider, String accessToken) {
+        RestTemplate restTemplate = new RestTemplate();
+        String revokeUrl = "";
+
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+
+        HttpEntity<String> entity = new HttpEntity<>(data, headers);
+
+        switch (provider) {
+            case APPLE -> revokeUrl = appleRevokeUrl;
+            case GOOGLE -> revokeUrl = googleRevokeUrl;
+            case KAKAO -> {
+                revokeUrl = kakaoRevokeUrl;
+                headers.setBearerAuth(accessToken);
+            }
+        }
+
+        ResponseEntity<String> responseEntity = restTemplate.exchange(revokeUrl, HttpMethod.POST, entity, String.class);
+
+        HttpStatus statusCode = (HttpStatus) responseEntity.getStatusCode();
+        String responseBody = responseEntity.getBody();
+
+        // 제공업체 정보를 포함한 간단한 로그 기록
+        log.debug("[{}] 소셜 회원 연결해제 요청 결과", provider.name());
+        log.debug("[{}] Status Code: {}", provider.name(), statusCode);
+        log.debug("[{}] Response: {}", provider.name(), responseBody);
+    }
+
+    public User getUser(String userSeq) {
+        User user = userRepository.findByUserSeqAndIsDeleted(Long.valueOf(userSeq), false);
+        if(user == null) {
+            //탈퇴한 적 있는 회원
+            if(userRepository.countByUserSeqAndIsDeleted(Long.valueOf(userSeq), true) > 0) throw new GeneralException(Code.USER_ALREADY_WITHDRAWN);
+            else throw new GeneralException(Code.USER_NOT_FOUND);
+        }
+        return user;
+    }
+}

src/main/java/com/boggle_boggle/bbegok/service/UserService.java

@@ -14,12 +14,18 @@
 import com.boggle_boggle.bbegok.repository.redis.TermsRepository;
 import com.boggle_boggle.bbegok.repository.user.UserRefreshTokenRepository;
 import com.boggle_boggle.bbegok.repository.user.UserRepository;
+import com.boggle_boggle.bbegok.utils.CookieUtil;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
 import java.util.*;
 
+import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.DEVICE_CODE;
+import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.REFRESH_TOKEN;
+
 @Service
 @RequiredArgsConstructor
 @Transactional
@@ -41,7 +47,10 @@ public User getUser(String userSeq) {
     }
 
     //Soft Delete를 위해 User컬럼 업데이트 및 토큰DB 삭제처리
-    public void deleteUser(String userSeq) {
+    public void deleteUser(HttpServletRequest request, HttpServletResponse response, String userSeq) {
+        CookieUtil.deleteCookie(request, response, REFRESH_TOKEN);
+        CookieUtil.deleteCookie(request, response, DEVICE_CODE);
+
         User user = getUser(userSeq);
         user.softDelete();
         userRefreshTokenRepository.deleteByUser(user);