security 수정 (#134)

Author: jungdongha

src/main/kotlin/com/back/koreaTravelGuide/common/security/AuthenticationExtensions.kt

@@ -3,8 +3,13 @@ package com.back.koreaTravelGuide.common.security
 import org.springframework.security.core.Authentication
 
 fun Authentication.getUserId(): Long {
-    if (principal is Long) {
-        return principal as Long
+    return when (val principal = this.principal) {
+        // jwtAuthenticFilter
+        is Long -> principal
+        is CustomOAuth2User -> principal.id
+        else -> {
+            this.name.toLongOrNull()
+                ?: throw IllegalStateException("인증 정보에서 사용자 ID를 찾을 수 없습니다. Principal: $principal")
+        }
     }
-    throw IllegalStateException("인증된 사용자 ID를 찾을 수 없거나 타입이 올바르지 않습니다.")
 }

src/main/kotlin/com/back/koreaTravelGuide/common/security/CustomOAuth2LoginSuccessHandler.kt

@@ -1,5 +1,6 @@
 package com.back.koreaTravelGuide.common.security
 
+import com.back.koreaTravelGuide.common.config.AppConfig
 import com.back.koreaTravelGuide.domain.user.enums.UserRole
 import com.back.koreaTravelGuide.domain.user.repository.UserRepository
 import jakarta.servlet.http.Cookie
@@ -19,6 +20,7 @@ class CustomOAuth2LoginSuccessHandler(
     private val userRepository: UserRepository,
     private val redisTemplate: RedisTemplate<String, String>,
     @Value("\${jwt.refresh-token-expiration-days}") private val refreshTokenExpirationDays: Long,
+    private val appConfig: AppConfig,
 ) : SimpleUrlAuthenticationSuccessHandler() {
     @Transactional
     override fun onAuthenticationSuccess(
@@ -35,7 +37,7 @@ class CustomOAuth2LoginSuccessHandler(
         if (user.role == UserRole.PENDING) {
             val registerToken = jwtTokenProvider.createRegisterToken(user.id!!)
 
-            val targetUrl = "http://localhost:3000/signup/role?token=$registerToken"
+            val targetUrl = "${AppConfig.siteFrontUrl}/signup/role?token=$registerToken"
 
             redirectStrategy.sendRedirect(request, response, targetUrl)
         } else {
@@ -58,7 +60,7 @@ class CustomOAuth2LoginSuccessHandler(
 
             response.addCookie(cookie)
 
-            val targetUrl = "http://localhost:3000/oauth/callback"
+            val targetUrl = "${AppConfig.siteFrontUrl}/oauth/callback"
 
             redirectStrategy.sendRedirect(request, response, targetUrl)
         }

src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt

@@ -53,13 +53,11 @@ class SecurityConfig(
                     }
             }
 
-            if (!isDev) {
-                oauth2Login {
-                    userInfoEndpoint {
-                        userService = customOAuth2UserService
-                    }
-                    authenticationSuccessHandler = customOAuth2LoginSuccessHandler
+            oauth2Login {
+                userInfoEndpoint {
+                    userService = customOAuth2UserService
                 }
+                authenticationSuccessHandler = customOAuth2LoginSuccessHandler
             }
 
             authorizeHttpRequests {
@@ -77,9 +75,7 @@ class SecurityConfig(
                     authorize(anyRequest, authenticated)
                 }
             }
-            if (!isDev) {
-                addFilterBefore<UsernamePasswordAuthenticationFilter>(jwtAuthenticationFilter)
-            }
+            addFilterBefore<UsernamePasswordAuthenticationFilter>(jwtAuthenticationFilter)
         }
 
         return http.build()