Merge pull request #40 from YAPP-Github/fix/PRODUCT-110

[Fix] Oauth Redirect URL을 여러 개를 사용할 수 있도록 수정

Author: leegwichan

src/main/java/timeeat/client/oauth/OauthClient.java

@@ -9,6 +9,8 @@
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.client.RestClient;
 import org.springframework.web.util.UriComponentsBuilder;
+import timeeat.exception.BusinessErrorCode;
+import timeeat.exception.BusinessException;
 
 @Component
 @EnableConfigurationProperties(OauthProperties.class)
@@ -17,27 +19,32 @@ public class OauthClient {
     private final RestClient restClient;
     private final OauthProperties properties;
 
-    public OauthClient(RestClient.Builder restClientBuilder, OauthProperties oauthProperties) {
+    public OauthClient(RestClient.Builder restClientBuilder,
+                       OauthProperties oauthProperties) {
         this.restClient = restClientBuilder
                 .defaultStatusHandler(HttpStatusCode::is5xxServerError, new OauthServerErrorHandler())
                 .build();
         this.properties = oauthProperties;
     }
 
-    public URI getOauthLoginUrl() {
+    public URI getOauthLoginUrl(String origin) {
+        validateOrigin(origin);
+
         return UriComponentsBuilder.fromUriString("https://kauth.kakao.com/oauth/authorize")
                 .queryParam("client_id", properties.getClientId())
-                .queryParam("redirect_uri", properties.getRedirectUri())
+                .queryParam("redirect_uri", origin + properties.getRedirectPath())
                 .queryParam("response_type", "code")
                 .build()
                 .toUri();
     }
 
-    public OauthToken requestOauthToken(String code) {
+    public OauthToken requestOauthToken(String code, String origin) {
+        validateOrigin(origin);
+
         MultiValueMap<String, String> body = new LinkedMultiValueMap<>();
         body.add("grant_type", "authorization_code");
         body.add("client_id", properties.getClientId());
-        body.add("redirect_uri", properties.getRedirectUri());
+        body.add("redirect_uri", origin + properties.getRedirectPath());
         body.add("code", code);
 
         return restClient.post()
@@ -48,6 +55,12 @@ public OauthToken requestOauthToken(String code) {
                 .body(OauthToken.class);
     }
 
+    private void validateOrigin(String origin) {
+        if (!properties.isAllowedOrigin(origin)) {
+            throw new BusinessException(BusinessErrorCode.UNAUTHORIZED_ORIGIN);
+        }
+    }
+
     public OauthMemberInformation requestMemberInformation(OauthToken token) {
         return restClient.get()
                 .uri("https://kapi.kakao.com/v2/user/me")

src/main/java/timeeat/client/oauth/OauthProperties.java

@@ -1,14 +1,67 @@
 package timeeat.client.oauth;
 
+import java.net.URI;
+import java.util.List;
 import lombok.Getter;
-import lombok.RequiredArgsConstructor;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 
 @Getter
 @ConfigurationProperties(prefix = "oauth")
-@RequiredArgsConstructor
 public class OauthProperties {
 
     private final String clientId;
-    private final String redirectUri;
+    private final String redirectPath;
+    private final List<String> allowedOrigins;
+
+    public OauthProperties(String clientId, String redirectPath, List<String> allowedOrigins) {
+        validateClientId(clientId);
+        validateRedirectPath(redirectPath);
+        validateOrigins(allowedOrigins);
+
+        this.clientId = clientId;
+        this.redirectPath = redirectPath;
+        this.allowedOrigins = allowedOrigins;
+    }
+
+    private void validateClientId(String clientId) {
+        if (clientId == null || clientId.isBlank()) {
+            // TODO InitializeException 을 이용
+            throw new RuntimeException("Client ID must not be null or empty");
+        }
+    }
+
+    private void validateRedirectPath(String redirectPath) {
+        if (redirectPath == null || !redirectPath.startsWith("/")) {
+            // TODO InitializeException 을 이용
+            throw new RuntimeException("Redirect path must not be null or start with '/'");
+        }
+    }
+
+    private void validateOrigins(List<String> origins) {
+        if (origins == null || origins.isEmpty()) {
+            // TODO InitializeException 을 이용
+            throw new RuntimeException("Allowed origins must not be null or empty");
+        }
+        origins.forEach(this::validateOrigin);
+    }
+
+    private void validateOrigin(String origin) {
+        URI uri;
+        try {
+            uri = new URI(origin);
+        } catch (Exception e) {
+            // TODO InitializeException 을 이용
+            throw new RuntimeException("Allowed origin must be a valid origin form: " + origin, e);
+        }
+
+        if (uri.getScheme() == null || uri.getHost() == null || !uri.getPath().isBlank()) {
+            // TODO InitializeException 을 이용
+            throw new RuntimeException("Allowed origin must be a valid origin form: " + origin);
+        }
+    }
+
+    public boolean isAllowedOrigin(String origin) {
+        return allowedOrigins.stream()
+                .anyMatch(allowedOrigin -> allowedOrigin.equalsIgnoreCase(origin.trim()));
+    }
 }

src/main/java/timeeat/controller/auth/AuthController.java

@@ -2,11 +2,13 @@
 
 import java.net.URI;
 import lombok.RequiredArgsConstructor;
+import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RestController;
 import timeeat.controller.member.MemberResponse;
 import timeeat.controller.web.jwt.JwtManager;
@@ -20,18 +22,20 @@ public class AuthController {
     private final AuthService authService;
 
     @GetMapping("/api/auth/login/oauth")
-    public ResponseEntity<Void> redirectOauthLoginPage() {
-        URI oauthLoginUrl = authService.getOauthLoginUrl();
+    public ResponseEntity<Void> redirectOauthLoginPage(@RequestHeader(HttpHeaders.ORIGIN) String origin) {
+        URI oauthLoginUrl = authService.getOauthLoginUrl(origin);
 
         return ResponseEntity
                 .status(HttpStatus.FOUND)
                 .location(oauthLoginUrl)
                 .build();
     }
 
+    // TODO : login() ControllerTest, DocumentTest 수정
     @PostMapping("/api/auth/login")
-    public ResponseEntity<LoginResponse> login(@RequestBody LoginRequest request) {
-        MemberResponse member = authService.login(request);
+    public ResponseEntity<LoginResponse> login(@RequestBody LoginRequest request,
+                                               @RequestHeader(HttpHeaders.ORIGIN) String origin) {
+        MemberResponse member = authService.login(request, origin);
         TokenResponse token = new TokenResponse(
                 jwtManager.issueAccessToken(member.id()),
                 jwtManager.issueRefreshToken(member.id()));

src/main/java/timeeat/exception/BusinessErrorCode.java

@@ -44,6 +44,7 @@ public enum BusinessErrorCode {
     // Auth
     UNAUTHORIZED_MEMBER("AUTH001", "인증되지 않은 회원입니다.", HttpStatus.UNAUTHORIZED),
     EXPIRED_TOKEN("AUTH002", "이미 만료된 토큰입니다.", HttpStatus.UNAUTHORIZED),
+    UNAUTHORIZED_ORIGIN("AUTH003", "허용되지 않은 오리진입니다."),
     OAUTH_SERVER_ERROR("AUTH003", "OAuth 서버와의 통신 오류입니다.", HttpStatus.INTERNAL_SERVER_ERROR),
     ;
 

src/main/java/timeeat/exception/EtcErrorCode.java

@@ -13,6 +13,7 @@ public enum EtcErrorCode {
     MEDIA_TYPE_NOT_SUPPORTED("CLIENT005", "허용되지 않은 미디어 타입입니다.", HttpStatus.UNSUPPORTED_MEDIA_TYPE),
     NO_RESOURCE_FOUND("CLIENT006", "요청한 리소스를 찾을 수 없습니다.", HttpStatus.NOT_FOUND),
     NO_COOKIE_FOUND("CLIENT007", "필수 쿠키 값이 존재하지 않습니다.", HttpStatus.BAD_REQUEST),
+    NO_HEADER_FOUND("CLIENT007", "필수 헤더 값이 존재하지 않습니다.", HttpStatus.BAD_REQUEST),
 
     INTERNAL_SERVER_ERROR("SERVER001", "서버 내부 에러가 발생했습니다.", HttpStatus.INTERNAL_SERVER_ERROR),
     ;

src/main/java/timeeat/exception/GlobalExceptionHandler.java

@@ -8,6 +8,7 @@
 import org.springframework.web.HttpMediaTypeNotSupportedException;
 import org.springframework.web.HttpRequestMethodNotSupportedException;
 import org.springframework.web.bind.MissingRequestCookieException;
+import org.springframework.web.bind.MissingRequestHeaderException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.method.annotation.MethodArgumentTypeMismatchException;
@@ -62,6 +63,11 @@ public ResponseEntity<ErrorResponse> handleMissingRequestCookieException(Missing
         return toErrorResponse(EtcErrorCode.NO_COOKIE_FOUND);
     }
 
+    @ExceptionHandler(MissingRequestHeaderException.class)
+    public ResponseEntity<ErrorResponse> handleMissingRequestHeaderException(MissingRequestHeaderException exception) {
+        return toErrorResponse(EtcErrorCode.NO_HEADER_FOUND);
+    }
+
     @ExceptionHandler(BusinessException.class)
     public ResponseEntity<ErrorResponse> handleBusinessException(BusinessException exception) {
         ErrorResponse response = new ErrorResponse(exception.getErrorCode());

src/main/java/timeeat/service/auth/AuthService.java

@@ -22,13 +22,13 @@ public class AuthService {
     private final OauthClient oauthClient;
     private final MemberRepository memberRepository;
 
-    public URI getOauthLoginUrl() {
-        return oauthClient.getOauthLoginUrl();
+    public URI getOauthLoginUrl(String origin) {
+        return oauthClient.getOauthLoginUrl(origin);
     }
 
     @Transactional
-    public MemberResponse login(LoginRequest request) {
-        OauthToken oauthToken = oauthClient.requestOauthToken(request.code());
+    public MemberResponse login(LoginRequest request, String origin) {
+        OauthToken oauthToken = oauthClient.requestOauthToken(request.code(), origin);
         OauthMemberInformation oauthInformation = oauthClient.requestMemberInformation(oauthToken);
 
         Optional<Member> optionalMember = memberRepository.findBySocialId(Long.toString(oauthInformation.socialId()));

src/main/resources/application-dev.yml

@@ -28,9 +28,18 @@ spring:
       - classpath:db/seed/dev
 
 jwt:
+  access-token-expiration: 1h
+  refresh-token-expiration: 14d
   secret-key: ${JWT_SECRET_KEY}
 
 cors:
   origin:
     - "http://localhost:3000"
     - "https://api-dev.eatda.net"
+
+oauth:
+  client-id: ${OAUTH_CLIENT_ID}
+  redirect-path: /login/callback
+  allowed-origins:
+    - "http://localhost:3000"
+    - "https://dev.eatda.net"

src/main/resources/application-local.yml

@@ -21,8 +21,16 @@ spring:
       - classpath:db/seed/local
 
 jwt:
+  access-token-expiration: 1h
+  refresh-token-expiration: 1d
   secret-key: ${LOCAL_JWT_SECRET_KEY}
 
 cors:
   origin:
     - "http://localhost:3000"
+
+oauth:
+  client-id: ${OAUTH_CLIENT_ID}
+  redirect-path: /login/callback
+  allowed-origins:
+    - "http://localhost:3000"

src/main/resources/application-prod.yml

@@ -28,9 +28,18 @@ spring:
       - classpath:db/seed/prod
 
 jwt:
+  access-token-expiration: 1h
+  refresh-token-expiration: 14d
   secret-key: ${JWT_SECRET_KEY}
 
 cors:
   origin:
     - "https://www.eatda.net"
     - "https://eatda.net"
+
+oauth:
+  client-id: ${OAUTH_CLIENT_ID}
+  redirect-path: /login/callback
+  allowed-origins:
+    - "https://www.eatda.net"
+    - "https://eatda.net"