✨ 애플 콜백 작성

cheshireHYUN · cheshireHYUN · commit e91006579948 · 2025-02-12T17:47:21.000+09:00
diff --git a/src/main/java/com/boggle_boggle/bbegok/config/properties/AppleProperties.java b/src/main/java/com/boggle_boggle/bbegok/config/properties/AppleProperties.java
@@ -1,9 +1,28 @@
 package com.boggle_boggle.bbegok.config.properties;
 
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
 import lombok.Getter;
 import lombok.Setter;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
 import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.http.*;
 import org.springframework.stereotype.Component;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.RestTemplate;
+import java.io.IOException;
+import java.io.Reader;
+import java.io.StringReader;
+import java.security.PrivateKey;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
 
 @Setter
 @Component
@@ -20,15 +39,77 @@ public static class Auth {
     private String teamId;
     private String keyId;
     private String keyPath;
-    private String clientId;
     private String redirectUri;
     private String iss;
-    private String aud;
+    private String aud; //client-id
 
     public String getAppleLoginUrl(String redirectUri) {
         return iss + "/auth/authorize"
                 + "?client_id=" + aud
-                + "&redirect_uri=" + redirectUri
-                + "&response_type=code%20id_token&scope=name%20email&response_mode=form_post";
+                + "&redirect_uri=" + this.redirectUri
+                + "&response_type=code%20id_token&scope=name%20email&response_mode=form_post"
+                + "&state=" + redirectUri;
     }
+
+    public String generateAuthToken(String code) throws IOException {
+        if (code == null) throw new IllegalArgumentException("Failed get authorization code");
+
+        MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
+        params.add("grant_type", "authorization_code");
+        params.add("client_id", aud);
+        params.add("client_secret", createClientSecretKey());
+        params.add("code", code);
+        params.add("redirect_uri", redirectUri);
+
+        RestTemplate restTemplate = new RestTemplate();
+
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+        headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
+        HttpEntity<MultiValueMap<String, String>> httpEntity = new HttpEntity<>(params, headers);
+
+        try {
+            ResponseEntity<String> response = restTemplate.exchange(
+                    iss + "/auth/token",
+                    HttpMethod.POST,
+                    httpEntity,
+                    String.class
+            );
+            return response.getBody();
+        } catch (HttpClientErrorException e) {
+            throw new IllegalArgumentException("Apple Auth Token Error");
+        }
+    }
+
+    public String createClientSecretKey() throws IOException {
+        // headerParams 적재
+        Map<String, Object> headerParamsMap = new HashMap<>();
+        headerParamsMap.put("kid", keyId);
+        headerParamsMap.put("alg", "ES256");
+
+        // clientSecretKey 생성
+        return Jwts
+                .builder()
+                .setHeaderParams(headerParamsMap)
+                .setIssuer(teamId)
+                .setIssuedAt(new Date(System.currentTimeMillis()))
+                .setExpiration(new Date(System.currentTimeMillis() + 1000 * 30)) // 만료 시간 (30초)
+                .setAudience(iss)
+                .setSubject(aud)
+                .signWith(SignatureAlgorithm.ES256, getPrivateKey())
+                .compact();
+    }
+
+    private PrivateKey getPrivateKey() throws IOException {
+        ClassPathResource resource = new ClassPathResource(keyPath);
+        String privateKey = new String(resource.getInputStream().readAllBytes());
+
+        Reader pemReader = new StringReader(privateKey);
+        PEMParser pemParser = new PEMParser(pemReader);
+        JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
+        PrivateKeyInfo object = (PrivateKeyInfo) pemParser.readObject();
+
+        return converter.getPrivateKey(object);
+    }
+
 }
diff --git a/src/main/java/com/boggle_boggle/bbegok/controller/AppleController.java b/src/main/java/com/boggle_boggle/bbegok/controller/AppleController.java
@@ -1,6 +1,8 @@
 package com.boggle_boggle.bbegok.controller;
 
 import com.boggle_boggle.bbegok.dto.base.DataResponseDto;
+import com.boggle_boggle.bbegok.entity.user.User;
+import com.boggle_boggle.bbegok.exception.exception.GeneralException;
 import com.boggle_boggle.bbegok.service.AppleService;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -19,12 +21,22 @@
 public class AppleController {
 
     private final AppleService appleService;
+    private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
 
     @GetMapping("/oauth2/apple")
     public void loginRequest(HttpServletResponse response,
                              @RequestParam(value = "redirect_uri", required = true) String redirectUri) throws IOException {
         response.sendRedirect(appleService.getAppleLoginUrl(redirectUri));
     }
 
+    @PostMapping("/login/oauth2/code/apple")
+    public void callback(HttpServletRequest request, HttpServletResponse response) throws IOException {
+        User user = appleService.process(request.getParameter("code"));
 
+        if(user != null) {
+            String accessToken = appleService.loginSuccess(request, response, user);
+            redirectStrategy.sendRedirect(request, response, appleService.determineSuccessRedirectUrl(accessToken, request.getParameter("state")));
+        }
+        else throw new GeneralException();
+    }
 }
diff --git a/src/main/java/com/boggle_boggle/bbegok/entity/user/User.java b/src/main/java/com/boggle_boggle/bbegok/entity/user/User.java
@@ -37,6 +37,10 @@ public class User {
     @Size(max = 128)
     private String password;
 
+    @JsonIgnore
+    @Column(name = "access_token", length = 512)
+    private String accessToken;
+
     @Column(name = "email", length = 512, unique = true, nullable = true)
     @Size(max = 512)
     private String email;
@@ -104,6 +108,18 @@ public static User createUser(
         return new User(userId, emailVerifiedYn, providerType, roleType, createdAt, modifiedAt);
     }
 
+    public static User createUser(
+            @NotNull String userId,
+            @NotNull String emailVerifiedYn,
+            @NotNull ProviderType providerType,
+            @NotNull RoleType roleType,
+            @NotNull LocalDateTime createdAt,
+            @NotNull LocalDateTime modifiedAt,
+            @NotNull String accessToken
+    ){
+        return new User(userId, emailVerifiedYn, providerType, roleType, createdAt, modifiedAt);
+    }
+
     public void updateNickName(String nickName){
         this.userName = nickName;
     }
diff --git a/src/main/java/com/boggle_boggle/bbegok/oauth/info/impl/AppleOAuth2UserInfo.java b/src/main/java/com/boggle_boggle/bbegok/oauth/info/impl/AppleOAuth2UserInfo.java
diff --git a/src/main/java/com/boggle_boggle/bbegok/service/AppleService.java b/src/main/java/com/boggle_boggle/bbegok/service/AppleService.java
@@ -1,25 +1,156 @@
 package com.boggle_boggle.bbegok.service;
 
+import com.boggle_boggle.bbegok.config.properties.AppProperties;
 import com.boggle_boggle.bbegok.config.properties.AppleProperties;
+import com.boggle_boggle.bbegok.entity.user.User;
+import com.boggle_boggle.bbegok.entity.user.UserRefreshToken;
+import com.boggle_boggle.bbegok.entity.user.UserSettings;
+import com.boggle_boggle.bbegok.oauth.entity.ProviderType;
+import com.boggle_boggle.bbegok.oauth.entity.RoleType;
+import com.boggle_boggle.bbegok.oauth.exception.OAuthProviderMissMatchException;
+import com.boggle_boggle.bbegok.oauth.handler.OAuth2AuthenticationSuccessHandler;
+import com.boggle_boggle.bbegok.oauth.repository.OAuth2AuthorizationRequestBasedOnCookieRepository;
+import com.boggle_boggle.bbegok.oauth.token.AuthToken;
+import com.boggle_boggle.bbegok.oauth.token.AuthTokenProvider;
+import com.boggle_boggle.bbegok.repository.user.UserRefreshTokenRepository;
+import com.boggle_boggle.bbegok.repository.user.UserRepository;
+import com.boggle_boggle.bbegok.repository.user.UserSettingsRepository;
+import com.boggle_boggle.bbegok.utils.CookieUtil;
+import com.boggle_boggle.bbegok.utils.UuidUtil;
+import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
 import com.nimbusds.jwt.ReadOnlyJWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import net.minidev.json.JSONObject;
 import net.minidev.json.parser.JSONParser;
+import net.minidev.json.parser.ParseException;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Service;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import java.io.IOException;
+import java.net.http.HttpHeaders;
+import java.time.LocalDateTime;
+import java.util.Collections;
+import java.util.Date;
+
+import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.DEVICE_CODE;
+import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.REFRESH_TOKEN;
 
 @Slf4j
 @Service
 @RequiredArgsConstructor
 @EnableConfigurationProperties({ AppleProperties.class })
 public class AppleService {
     private final AppleProperties appleProperties;
+    private final UserRepository userRepository;
+    private final UserSettingsRepository userSettingsRepository;
+    private final AccessTokenService accessTokenService;
+    private final AuthTokenProvider tokenProvider;
+    private final AppProperties appProperties;
+    private final UserRefreshTokenRepository userRefreshTokenRepository;
 
     public String getAppleLoginUrl(String redirectUri) {
         return appleProperties.getAppleLoginUrl(redirectUri);
     }
 
+    public User process(String code) {
+        User savedUser = null;
+        try {
+            JsonObject jsonObj = (JsonObject) JsonParser.parseString(appleProperties.generateAuthToken(code));
+            String accessToken = String.valueOf(jsonObj.get("access_token"));
+
+            // ID TOKEN을 통해 회원 고유 식별자 받기
+            SignedJWT signedJWT = SignedJWT.parse(String.valueOf(jsonObj.get("id_token")));
+            ReadOnlyJWTClaimsSet getPayload = signedJWT.getJWTClaimsSet();
+
+            ObjectMapper objectMapper = new ObjectMapper();
+            JsonObject payload = objectMapper.readValue(getPayload.toJSONObject().toJSONString(), JsonObject.class);
+
+            String userId = String.valueOf(payload.get("sub"));
+            savedUser = userRepository.findByUserIdAndIsDeleted(userId, false);
+
+            if (savedUser != null) { //서로 다른 인증제공자간 충돌을 방지
+                if (ProviderType.APPLE != savedUser.getProviderType()) {
+                    throw new OAuthProviderMissMatchException(
+                            "Looks like you're signed up with " + ProviderType.APPLE +
+                                    " account. Please use your " + savedUser.getProviderType() + " account to login."
+                    );
+                }
+            } else {
+                savedUser = createAppleUser(userId,accessToken);
+                userSettingsRepository.saveAndFlush(UserSettings.createUserSettings(savedUser));
+            }
+
+            return savedUser;
+
+        } catch (JsonProcessingException e) {
+            throw new RuntimeException("Failed to parse json data");
+        } catch (IOException | java.text.ParseException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    public String loginSuccess(HttpServletRequest request, HttpServletResponse response, User user) {
+        // access 토큰 설정 : GUEST는 그냥 저장, User의 경우 약관정보 확인 후 LIMITED_USER 또는 USER를 저장
+        Date now = new Date();
+        AuthToken accessToken = accessTokenService.createAccessToken(user, user.getRoleType(), now);
+
+        // refresh 토큰 설정
+        long refreshTokenExpiry = appProperties.getAuth().getRefreshTokenExpiry();
+        AuthToken refreshToken = tokenProvider.createAuthToken(
+                appProperties.getAuth().getTokenSecret(),
+                new Date(now.getTime() + refreshTokenExpiry)
+        );
+
+        // 디바이스코드 생성 및 리프레쉬토큰 DB에 저장
+        String deviceId = UuidUtil.createUUID().toString();
+        userRefreshTokenRepository.saveAndFlush(UserRefreshToken.createUserRefreshToken(user, refreshToken.getToken(), deviceId));
+
+        //디바이스코드, 토큰을 쿠키에 저장
+        saveCookie(response, request, DEVICE_CODE, refreshTokenExpiry, deviceId);
+        saveCookie(response, request, REFRESH_TOKEN, refreshTokenExpiry, refreshToken.getToken());
+
+        return accessToken.getToken();
+    }
+
+    public String determineSuccessRedirectUrl(String accessToken, String baseUrl) {
+        return UriComponentsBuilder.fromUriString(baseUrl)
+                .queryParam("token", accessToken)
+                .build().toUriString();
+    }
+
+    private User createAppleUser(String userId, String accessToken) {
+        LocalDateTime now = LocalDateTime.now();
+        User user = User.createUser(
+                userId,
+                "Y",
+                ProviderType.APPLE,
+                RoleType.GUEST,
+                now,
+                now,
+                accessToken
+        );
+
+        return userRepository.saveAndFlush(user);
+    }
+
+    protected void saveCookie(HttpServletResponse response, HttpServletRequest request, String cookieName, long tokenExpiry, String tokenValue) {
+        int cookieMaxAge = (int) tokenExpiry / 60;
+        CookieUtil.deleteCookie(request, response, cookieName);
+        CookieUtil.addCookie(response, cookieName, tokenValue, cookieMaxAge);
+    }
 }
diff --git a/src/main/java/com/boggle_boggle/bbegok/service/UserService.java b/src/main/java/com/boggle_boggle/bbegok/service/UserService.java
@@ -60,9 +60,8 @@ public boolean isNicknameAvailable(String userSeq, String nickname) {
     public String getAuthorization(String userSeq) {
         User user = getUser(userSeq);
         RoleType role = user.getRoleType();
-        String recentUpdatedVersion = termsRepository.getLatestTermsVersion();
-
         if(role.equals(RoleType.USER)) {
+            String recentUpdatedVersion = termsRepository.getLatestTermsVersion();
             if(user.getAgreedVersion()==null || !user.getAgreedVersion().equals(recentUpdatedVersion)) role = RoleType.LIMITED_USER;
         }
 
