♻️ [refactor] 커스텀 예외처리 적용 (#62)

* 🐛 fix: OAuth 인증 후 리다이렉트 경로 수정

* ♻️ refactor: 로그인 성공 응답을 인증 정보 조회 응답으로 통일

* ♻️ refactor: 커스텀 예외처리 적용

* chore: Java 스타일 수정

* ♻️ refactor: 리다이렉트 문자열 변수로 분리

* 🔧 chore: http-only 속성 추가

* 🔧 chore: session timeout 속성 추가

* ♻️ refactor: SecurityUtils 커스텀 예외처리 적용

* chore: Java 스타일 수정

---------

Co-authored-by: github-actions <>

Author: jiwon1217

backend/src/main/java/io/f1/backend/domain/admin/app/AdminDetailService.java

@@ -3,6 +3,7 @@
 import io.f1.backend.domain.admin.dao.AdminRepository;
 import io.f1.backend.domain.admin.dto.AdminPrincipal;
 import io.f1.backend.domain.admin.entity.Admin;
+import io.f1.backend.global.exception.errorcode.AdminErrorCode;
 
 import lombok.RequiredArgsConstructor;
 
@@ -23,7 +24,9 @@ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundEx
                 adminRepository
                         .findByUsername(username)
                         .orElseThrow(
-                                () -> new UsernameNotFoundException("E404007: 존재하지 않는 관리자입니다."));
+                                () ->
+                                        new UsernameNotFoundException(
+                                                AdminErrorCode.ADMIN_NOT_FOUND.getMessage()));
         // 프론트엔드로 내려가지 않는 예외
         return new AdminPrincipal(admin);
     }

backend/src/main/java/io/f1/backend/domain/admin/app/handler/AdminLoginFailureHandler.java

@@ -3,6 +3,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 import io.f1.backend.domain.admin.dto.AdminLoginFailResponse;
+import io.f1.backend.global.exception.errorcode.AuthErrorCode;
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -31,7 +32,9 @@ public void onAuthenticationFailure(
         response.setContentType("application/json;charset=UTF-8");
 
         AdminLoginFailResponse errorResponse =
-                new AdminLoginFailResponse("E401005", "아이디 또는 비밀번호가 일치하지 않습니다.");
+                new AdminLoginFailResponse(
+                        AuthErrorCode.LOGIN_FAILED.getCode(),
+                        AuthErrorCode.LOGIN_FAILED.getMessage());
 
         response.getWriter().write(objectMapper.writeValueAsString(errorResponse));
     }

backend/src/main/java/io/f1/backend/domain/admin/app/handler/AdminLoginSuccessHandler.java

@@ -6,6 +6,8 @@
 import io.f1.backend.domain.admin.dao.AdminRepository;
 import io.f1.backend.domain.admin.dto.AdminPrincipal;
 import io.f1.backend.domain.admin.entity.Admin;
+import io.f1.backend.global.exception.CustomException;
+import io.f1.backend.global.exception.errorcode.AdminErrorCode;
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -36,7 +38,7 @@ public void onAuthenticationSuccess(
         Admin admin =
                 adminRepository
                         .findByUsername(principal.getUsername())
-                        .orElseThrow(() -> new RuntimeException("E404007: 존재하지 않는 관리자입니다."));
+                        .orElseThrow(() -> new CustomException(AdminErrorCode.ADMIN_NOT_FOUND));
 
         admin.updateLastLogin(LocalDateTime.now());
         adminRepository.save(admin);

backend/src/main/java/io/f1/backend/domain/user/api/SignupController.java

@@ -1,8 +1,8 @@
 package io.f1.backend.domain.user.api;
 
+import io.f1.backend.domain.auth.dto.CurrentUserAndAdminResponse;
 import io.f1.backend.domain.user.app.UserService;
 import io.f1.backend.domain.user.dto.SignupRequest;
-import io.f1.backend.domain.user.dto.SignupResponse;
 
 import jakarta.servlet.http.HttpSession;
 
@@ -21,9 +21,9 @@ public class SignupController {
     private final UserService userService;
 
     @PostMapping("/signup")
-    public ResponseEntity<SignupResponse> completeSignup(
+    public ResponseEntity<CurrentUserAndAdminResponse> completeSignup(
             @RequestBody SignupRequest signupRequest, HttpSession httpSession) {
-        SignupResponse response = userService.signup(httpSession, signupRequest);
+        CurrentUserAndAdminResponse response = userService.signup(httpSession, signupRequest);
         return ResponseEntity.status(HttpStatus.CREATED).body(response);
     }
 }

backend/src/main/java/io/f1/backend/domain/user/app/UserService.java

@@ -2,13 +2,16 @@
 
 import static io.f1.backend.domain.user.constants.SessionKeys.OAUTH_USER;
 import static io.f1.backend.domain.user.constants.SessionKeys.USER;
-import static io.f1.backend.domain.user.mapper.UserMapper.toSignupResponse;
 
+import io.f1.backend.domain.auth.dto.CurrentUserAndAdminResponse;
 import io.f1.backend.domain.user.dao.UserRepository;
 import io.f1.backend.domain.user.dto.AuthenticationUser;
 import io.f1.backend.domain.user.dto.SignupRequest;
-import io.f1.backend.domain.user.dto.SignupResponse;
+import io.f1.backend.domain.user.dto.UserPrincipal;
 import io.f1.backend.domain.user.entity.User;
+import io.f1.backend.global.exception.CustomException;
+import io.f1.backend.global.exception.errorcode.AuthErrorCode;
+import io.f1.backend.global.exception.errorcode.UserErrorCode;
 import io.f1.backend.global.util.SecurityUtils;
 
 import jakarta.servlet.http.HttpSession;
@@ -25,7 +28,7 @@ public class UserService {
     private final UserRepository userRepository;
 
     @Transactional
-    public SignupResponse signup(HttpSession session, SignupRequest signupRequest) {
+    public CurrentUserAndAdminResponse signup(HttpSession session, SignupRequest signupRequest) {
         AuthenticationUser authenticationUser = extractSessionUser(session);
 
         String nickname = signupRequest.nickname();
@@ -34,36 +37,38 @@ public SignupResponse signup(HttpSession session, SignupRequest signupRequest) {
 
         User user = initNickname(authenticationUser.userId(), nickname);
         updateSessionAfterSignup(session, user);
+
         SecurityUtils.setAuthentication(user);
+        UserPrincipal userPrincipal = SecurityUtils.getCurrentUserPrincipal();
 
-        return toSignupResponse(user);
+        return CurrentUserAndAdminResponse.from(userPrincipal);
     }
 
     private AuthenticationUser extractSessionUser(HttpSession session) {
         AuthenticationUser authenticationUser =
                 (AuthenticationUser) session.getAttribute(OAUTH_USER);
         if (authenticationUser == null) {
-            throw new RuntimeException("E401001: 로그인이 필요합니다.");
+            throw new CustomException(AuthErrorCode.UNAUTHORIZED);
         }
         return authenticationUser;
     }
 
     private void validateNicknameFormat(String nickname) {
         if (nickname == null || nickname.trim().isEmpty()) {
-            throw new RuntimeException("E400002: 닉네임은 필수 입력입니다.");
+            throw new CustomException(UserErrorCode.NICKNAME_EMPTY);
         }
         if (nickname.length() > 6) {
-            throw new RuntimeException("E400003: 닉네임은 6글자 이하로 입력해야 합니다.");
+            throw new CustomException(UserErrorCode.NICKNAME_TOO_LONG);
         }
         if (!nickname.matches("^[가-힣a-zA-Z0-9]+$")) {
-            throw new RuntimeException("E400004: 한글, 영문, 숫자만 입력해주세요.");
+            throw new CustomException(UserErrorCode.NICKNAME_NOT_ALLOWED);
         }
     }
 
     @Transactional(readOnly = true)
     public void validateNicknameDuplicate(String nickname) {
         if (userRepository.existsUserByNickname(nickname)) {
-            throw new RuntimeException("E409001: 중복된 닉네임입니다.");
+            throw new CustomException(UserErrorCode.NICKNAME_CONFLICT);
         }
     }
 
@@ -72,7 +77,7 @@ public User initNickname(Long userId, String nickname) {
         User user =
                 userRepository
                         .findById(userId)
-                        .orElseThrow(() -> new RuntimeException("E404001: 존재하지 않는 회원입니다."));
+                        .orElseThrow(() -> new CustomException(UserErrorCode.USER_NOT_FOUND));
         user.updateNickname(nickname);
 
         return userRepository.save(user);
@@ -88,7 +93,7 @@ public void deleteUser(Long userId) {
         User user =
                 userRepository
                         .findById(userId)
-                        .orElseThrow(() -> new RuntimeException("E404001: 존재하지 않는 회원입니다."));
+                        .orElseThrow(() -> new CustomException(UserErrorCode.USER_NOT_FOUND));
         userRepository.delete(user);
     }
 

backend/src/main/java/io/f1/backend/domain/user/app/handler/CustomAuthenticationEntryPoint.java

@@ -1,17 +1,28 @@
 package io.f1.backend.domain.user.app.handler;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import io.f1.backend.global.exception.errorcode.AuthErrorCode;
+
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 
+import lombok.RequiredArgsConstructor;
+
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.stereotype.Component;
 
 import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
 
 @Component
+@RequiredArgsConstructor
 public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
 
+    private final ObjectMapper objectMapper;
+
     @Override
     public void commence(
             HttpServletRequest request,
@@ -20,6 +31,11 @@ public void commence(
             throws IOException {
         response.setContentType("application/json;charset=UTF-8");
         response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); // 401
-        response.getWriter().write("{\"error\": \"Unauthorized\"}");
+
+        Map<String, String> errorResponse = new HashMap<>();
+        errorResponse.put("code", AuthErrorCode.UNAUTHORIZED.getCode());
+        errorResponse.put("message", AuthErrorCode.UNAUTHORIZED.getMessage());
+
+        objectMapper.writeValue(response.getWriter(), errorResponse);
     }
 }

backend/src/main/java/io/f1/backend/domain/user/app/handler/OAuthSuccessHandler.java

@@ -25,9 +25,11 @@ public void onAuthenticationSuccess(
         response.setContentType("application/json;charset=UTF-8");
 
         if (principal.getUserNickname() == null) {
-            getRedirectStrategy().sendRedirect(request, response, "/signup");
+            String SIGNUP_REDIRECT_URL = "http://localhost:3000/signup";
+            getRedirectStrategy().sendRedirect(request, response, SIGNUP_REDIRECT_URL);
         } else {
-            getRedirectStrategy().sendRedirect(request, response, "/room");
+            String MAIN_REDIRECT_URL = "http://localhost:3000/room";
+            getRedirectStrategy().sendRedirect(request, response, MAIN_REDIRECT_URL);
         }
     }
 }

backend/src/main/java/io/f1/backend/domain/user/dto/SignupResponse.java

@@ -0,0 +1,18 @@
+package io.f1.backend.global.exception.errorcode;
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+
+import org.springframework.http.HttpStatus;
+
+@Getter
+@RequiredArgsConstructor
+public enum AdminErrorCode implements ErrorCode {
+    ADMIN_NOT_FOUND("E404007", HttpStatus.NOT_FOUND, "존재하지 않는 관리자 입니다");
+
+    private final String code;
+
+    private final HttpStatus httpStatus;
+
+    private final String message;
+}