Feat: 카카오 로그인 구현

Author: joyewon0705

build.gradle.kts

@@ -43,6 +43,7 @@ dependencies {
 
     // Security
     implementation("org.springframework.boot:spring-boot-starter-security")
+    implementation("org.springframework.boot:spring-boot-starter-oauth2-client")
 
     // Development Tools
     compileOnly("org.projectlombok:lombok")

src/main/java/com/back/domain/user/entity/User.java

@@ -21,6 +21,7 @@
 
 @Entity
 @Getter
+@Setter
 @SuperBuilder
 @NoArgsConstructor
 @AllArgsConstructor
@@ -39,8 +40,6 @@ public class User extends BaseEntity {
 
     private String providerId;
 
-    // 사용자 상태 변경
-    @Setter
     @Enumerated(EnumType.STRING)
     private UserStatus userStatus;
 
@@ -115,6 +114,14 @@ public static User createAdmin(String username, String email, String password) {
         return new User(username, email, password, Role.ADMIN, UserStatus.ACTIVE);
     }
 
+    // OAuth2 사용자 생성
+    public static User createOAuth2User(String username, String email, String provider, String providerId) {
+        User user = new User(username, email, "SOCIAL_LOGIN_PASSWORD", Role.USER, UserStatus.ACTIVE);
+        user.setProvider(provider);
+        user.setProviderId(providerId);
+        return user;
+    }
+
     // -------------------- 연관관계 메서드 --------------------
     public void setUserProfile(UserProfile profile) {
         this.userProfile = profile;

src/main/java/com/back/domain/user/repository/UserRepository.java

@@ -11,4 +11,5 @@ public interface UserRepository extends JpaRepository<User, Long> {
     boolean existsByUsername(String username);
     boolean existsByEmail(String email);
     Optional<User> findByUsername(String username);
+    Optional<User> findByProviderAndProviderId(String provider, String providerId);
 }

src/main/java/com/back/global/exception/ErrorCode.java

@@ -65,7 +65,11 @@ public enum ErrorCode {
     EXPIRED_ACCESS_TOKEN(HttpStatus.UNAUTHORIZED, "AUTH_004", "만료된 액세스 토큰입니다."),
     EXPIRED_REFRESH_TOKEN(HttpStatus.UNAUTHORIZED, "AUTH_005", "만료된 리프레시 토큰입니다."),
     REFRESH_TOKEN_REUSE(HttpStatus.FORBIDDEN, "AUTH_006", "재사용된 리프레시 토큰입니다."),
-    ACCESS_DENIED(HttpStatus.FORBIDDEN, "AUTH_007", "권한이 없습니다.");
+    ACCESS_DENIED(HttpStatus.FORBIDDEN, "AUTH_007", "권한이 없습니다."),
+    UNSUPPORTED_OAUTH_PROVIDER(HttpStatus.BAD_REQUEST, "AUTH_008", "지원하지 않는 소셜 로그인 제공자입니다."),
+    OAUTH2_ATTRIBUTE_MISSING(HttpStatus.UNAUTHORIZED, "AUTH_009", "소셜 계정에서 필요한 사용자 정보를 가져올 수 없습니다."),
+    OAUTH2_EMAIL_NOT_FOUND(HttpStatus.UNAUTHORIZED, "AUTH_010", "소셜 계정에서 이메일 정보를 확인할 수 없습니다."),
+    OAUTH2_AUTHENTICATION_FAILED(HttpStatus.UNAUTHORIZED, "AUTH_011", "소셜 로그인 인증에 실패했습니다.");
 
 
     private final HttpStatus status;

src/main/java/com/back/global/security/CurrentUser.java

@@ -1,5 +1,6 @@
 package com.back.global.security;
 
+import com.back.domain.user.entity.Role;
 import com.back.domain.user.entity.User;
 import com.back.domain.user.repository.UserRepository;
 import com.back.global.exception.CustomException;
@@ -9,8 +10,6 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 
-import java.util.Optional;
-
 /**
  * SecurityContext에 저장된 인증 정보를 바탕으로
  * 현재 로그인한 사용자 정보를 가져오는 유틸 클래스
@@ -34,7 +33,7 @@ public boolean isAuthenticated() {
 
     public String getUsername() { return getDetails().getUsername(); }
 
-    public String getRole() { return getDetails().getRole(); }
+    public Role getRole() { return getDetails().getRole(); }
 
     public String getEmail() { return getUserFromDb().getEmail(); }
 

src/main/java/com/back/global/security/CustomUserDetails.java

@@ -1,13 +1,16 @@
 package com.back.global.security;
 
+import com.back.domain.user.entity.Role;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Getter;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.oauth2.core.user.OAuth2User;
 
 import java.util.Collection;
 import java.util.List;
+import java.util.Map;
 
 /**
  * Spring Security에서 사용하는 사용자 인증 정보 클래스
@@ -16,11 +19,19 @@
 @Getter
 @Builder
 @AllArgsConstructor
-public class CustomUserDetails implements UserDetails {
+public class CustomUserDetails implements UserDetails, OAuth2User{
     private Long userId;
     private String username;
-    private String role;
+    private Role role;
+    private Map<String, Object> attributes;
 
+    public CustomUserDetails(Long userId, String username, Role role) {
+        this.userId = userId;
+        this.username = username;
+        this.role = role;
+    }
+
+    // ========== UserDetails 구현 ==========
     @Override
     public Collection<SimpleGrantedAuthority> getAuthorities() {
         // Spring Security 권한 체크는 "ROLE_" prefix 필요
@@ -57,4 +68,15 @@ public boolean isCredentialsNonExpired() {
     public boolean isEnabled() {
         return true;
     }
+
+    // ========== OAuth2User 구현 ==========
+    @Override
+    public Map<String, Object> getAttributes() {
+        return attributes;
+    }
+
+    @Override
+    public String getName() {
+        return String.valueOf(username);
+    }
 }

src/main/java/com/back/global/security/JwtTokenProvider.java

@@ -1,5 +1,6 @@
 package com.back.global.security;
 
+import com.back.domain.user.entity.Role;
 import com.back.global.exception.CustomException;
 import com.back.global.exception.ErrorCode;
 import io.jsonwebtoken.Claims;
@@ -98,7 +99,7 @@ public Authentication getAuthentication(String token) {
         String role = claims.get("role", String.class);
 
         SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_" + role);
-        CustomUserDetails principal = new CustomUserDetails(userId, username, role);
+        CustomUserDetails principal = new CustomUserDetails(userId, username, Role.valueOf(role));
 
         return new UsernamePasswordAuthenticationToken(principal, token, List.of(authority));
     }

src/main/java/com/back/global/security/OAuth2LoginSuccessHandler.java

@@ -0,0 +1,101 @@
+package com.back.global.security;
+
+import com.back.domain.user.dto.LoginResponse;
+import com.back.domain.user.dto.UserResponse;
+import com.back.domain.user.entity.User;
+import com.back.domain.user.entity.UserToken;
+import com.back.domain.user.repository.UserRepository;
+import com.back.domain.user.repository.UserTokenRepository;
+import com.back.global.common.dto.RsData;
+import com.back.global.exception.CustomException;
+import com.back.global.exception.ErrorCode;
+import com.back.global.util.CookieUtil;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+import java.time.LocalDateTime;
+
+/**
+ * OAuth2 로그인 성공 시 처리 핸들러
+ *
+ * 주요 기능:
+ * 1. 인증된 사용자 정보로 DB 조회
+ * 2. JWT Access Token 및 Refresh Token 생성
+ * 3. Refresh Token을 HttpOnly 쿠키에 저장
+ * 4. Access Token 및 사용자 정보를 JSON 형태로 응답
+ */
+@Component
+@RequiredArgsConstructor
+public class OAuth2LoginSuccessHandler implements AuthenticationSuccessHandler {
+    private final JwtTokenProvider jwtTokenProvider;
+    private final UserRepository userRepository;
+    private final UserTokenRepository userTokenRepository;
+    private final ObjectMapper objectMapper;
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request,
+                                        HttpServletResponse response,
+                                        Authentication authentication) throws IOException {
+        try {
+            // 인증 정보에서 사용자 정보 추출 및 DB 조회
+            String username = authentication.getName();
+            User user = userRepository.findByUsername(username)
+                    .orElseThrow(() -> new CustomException(ErrorCode.USER_NOT_FOUND));
+
+            // 토큰 생성
+            String accessToken = jwtTokenProvider.createAccessToken(user.getId(), user.getUsername(), user.getRole().name());
+            String refreshToken = jwtTokenProvider.createRefreshToken(user.getId());
+
+            // DB에 Refresh Token 저장
+            UserToken userToken = new UserToken(
+                    user,
+                    refreshToken,
+                    LocalDateTime.now().plusSeconds(jwtTokenProvider.getRefreshTokenExpirationInSeconds())
+            );
+            userTokenRepository.save(userToken);
+
+            // Refresh Token을 HttpOnly 쿠키에 저장
+            CookieUtil.addCookie(
+                    response,
+                    "refreshToken",
+                    refreshToken,
+                    (int) jwtTokenProvider.getRefreshTokenExpirationInSeconds(),
+                    "/",
+                    true
+            );
+
+            // 응답 데이터 구성
+            LoginResponse loginResponse = new LoginResponse(
+                    accessToken,
+                    UserResponse.from(user)
+            );
+
+            RsData<LoginResponse> rsData = RsData.success(
+                    "소셜 로그인에 성공했습니다.",
+                    loginResponse
+            );
+
+            // JSON 직렬화 후 응답
+            response.setStatus(HttpServletResponse.SC_OK);
+            response.setContentType("application/json;charset=UTF-8");
+            objectMapper.writeValue(response.getWriter(), rsData);
+        } catch (CustomException e) {
+            handleException(response, e);
+        } catch (Exception e) {
+            handleException(response, new CustomException(ErrorCode.OAUTH2_AUTHENTICATION_FAILED));
+        }
+    }
+
+    private void handleException(HttpServletResponse response, CustomException e) throws IOException {
+        RsData<Object> rsData = RsData.fail(e.getErrorCode());
+        response.setStatus(e.getErrorCode().getStatus().value());
+        response.setContentType("application/json;charset=UTF-8");
+        objectMapper.writeValue(response.getWriter(), rsData);
+    }
+}

src/main/java/com/back/global/security/SecurityConfig.java

@@ -1,5 +1,6 @@
 package com.back.global.security;
 
+import com.back.global.security.oauth.CustomOAuth2UserService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -21,14 +22,16 @@ public class SecurityConfig {
     private final JwtAuthenticationFilter jwtAuthenticationFilter;
     private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
     private final JwtAccessDeniedHandler jwtAccessDeniedHandler;
+    private final CustomOAuth2UserService customOAuth2UserService;
+    private final OAuth2LoginSuccessHandler oAuth2LoginSuccessHandler;
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
                 // 인가 규칙 설정
                 .authorizeHttpRequests(
                         auth -> auth
-                                .requestMatchers("/api/auth/**").permitAll()
+                                .requestMatchers("/api/auth/**", "/oauth2/**", "/login/oauth2/**").permitAll()
                                 .requestMatchers("/api/ws/**").permitAll()
                                 .requestMatchers("/api/rooms/*/messages/**").permitAll()  //스터디 룸 내에 잡혀있어 있는 채팅 관련 전체 허용
                                 //.requestMatchers("/api/rooms/RoomChatApiControllerTest").permitAll() // 테스트용 임시 허용
@@ -37,6 +40,12 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                                 .anyRequest().authenticated()
                 )
 
+                // OAuth2 로그인 설정
+                .oauth2Login(oauth -> oauth
+                        .userInfoEndpoint(userInfo -> userInfo.userService(customOAuth2UserService))
+                        .successHandler(oAuth2LoginSuccessHandler)
+                )
+
                 // 인증/인가 실패 핸들러
                 .exceptionHandling(exception -> exception
                         .authenticationEntryPoint(jwtAuthenticationEntryPoint)  // 401

src/main/java/com/back/global/security/oauth/CustomOAuth2UserService.java

@@ -0,0 +1,95 @@
+package com.back.global.security.oauth;
+
+import com.back.domain.user.entity.User;
+import com.back.domain.user.entity.UserProfile;
+import com.back.domain.user.repository.UserProfileRepository;
+import com.back.domain.user.repository.UserRepository;
+import com.back.global.exception.CustomException;
+import com.back.global.exception.ErrorCode;
+import com.back.global.security.CustomUserDetails;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
+import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.stereotype.Service;
+
+import java.util.Map;
+
+/**
+ * 소셜 로그인(OAuth2) 사용자의 정보를 받아 DB에 매핑하는 서비스 클래스
+ *
+ * 주요 기능:
+ * 1. 소셜 로그인 제공자(카카오 등)에서 사용자 정보를 받아옴
+ * 2. provider + providerId로 사용자 DB 조회
+ * 3. 기존 사용자가 없으면 신규 가입 처리
+ * 4. 최종적으로 SecurityContext에 저장될 CustomUserDetails를 반환
+ */
+@Service
+@RequiredArgsConstructor
+public class CustomOAuth2UserService extends DefaultOAuth2UserService {
+
+    private final UserRepository userRepository;
+    private final UserProfileRepository userProfileRepository;
+
+    @Override
+    public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
+        try {
+            System.out.println("OAuth2 login: provider = " + userRequest.getClientRegistration().getRegistrationId());
+
+            // 소셜 제공자에서 사용자 정보 로드
+            OAuth2User oAuth2User = super.loadUser(userRequest);
+            String registrationId = userRequest.getClientRegistration().getRegistrationId();
+            Map<String, Object> attributes = oAuth2User.getAttributes();
+
+            // 소셜 제공자별로 사용자 정보 매핑
+            OAuth2UserInfo userInfo = switch (registrationId) {
+                case "kakao" -> new KakaoOAuth2UserInfo(attributes);
+                default -> throw new CustomException(ErrorCode.UNSUPPORTED_OAUTH_PROVIDER);
+            };
+
+            // 필수 정보 검증
+            if (userInfo.getEmail() == null || userInfo.getEmail().isBlank()) {
+                throw new CustomException(ErrorCode.OAUTH2_EMAIL_NOT_FOUND);
+            }
+            if (userInfo.getProviderId() == null) {
+                throw new CustomException(ErrorCode.OAUTH2_ATTRIBUTE_MISSING);
+            }
+
+            // DB에서 사용자 조회 또는 신규 가입 처리
+            User user = userRepository.findByProviderAndProviderId(userInfo.getProvider(), userInfo.getProviderId())
+                    .orElseGet(() -> {
+                        User newUser = User.createOAuth2User(
+                                userInfo.getProvider() + "_" + userInfo.getProviderId(),
+                                userInfo.getEmail(),
+                                userInfo.getProvider(),
+                                userInfo.getProviderId()
+                        );
+
+                        UserProfile userProfile = new UserProfile(
+                                newUser,
+                                userInfo.getNickname(),
+                                userInfo.getProfileImageUrl(),
+                                null,
+                                null,
+                                0
+                        );
+                        newUser.setUserProfile(userProfile);
+
+                        return userRepository.save(newUser);
+                    });
+
+            // SecurityContext에 저장될 사용자 객체 반환
+            return new CustomUserDetails(
+                    user.getId(),
+                    user.getUsername(),
+                    user.getRole(),
+                    attributes
+            );
+        } catch (CustomException e) {
+            throw e;
+        } catch (Exception e) {
+            throw new CustomException(ErrorCode.OAUTH2_AUTHENTICATION_FAILED);
+        }
+    }
+}