[feat] Security Config설정, CustomAuthenticationFilter 설정#1 (#18)

* chore : 코드래빗 한국어 설정

* feat : OAuth&시큐리티 의존성 추가 및 환경변수 등록

* feat : Security Config설정, CustomAuthenticationFilter 설정1

Author: seungwookc97

.gitignore

@@ -38,4 +38,7 @@ out/
 
 ### Custom ###
 db_dev.mv.db
-db_dev.trace.db
+db_dev.trace.db
+
+### Environment Variables ###
+.env

build.gradle.kts

@@ -28,13 +28,24 @@ dependencies {
     implementation("org.springframework.boot:spring-boot-starter-data-jpa")
     implementation("org.springframework.boot:spring-boot-starter-validation")
     implementation("org.springframework.boot:spring-boot-starter-web")
+
+    implementation("org.springframework.boot:spring-boot-starter-security")
+    implementation("org.springframework.boot:spring-boot-starter-oauth2-client")
     implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0")
+    implementation("io.jsonwebtoken:jjwt-api:0.12.3")
+    runtimeOnly("io.jsonwebtoken:jjwt-impl:0.12.3")
+    runtimeOnly("io.jsonwebtoken:jjwt-jackson:0.12.3")
+    implementation("me.paulschwarz:spring-dotenv:4.0.0")
     compileOnly("org.projectlombok:lombok")
     developmentOnly("org.springframework.boot:spring-boot-devtools")
     runtimeOnly("com.h2database:h2")
     annotationProcessor("org.projectlombok:lombok")
+
+
+    //test
     testImplementation("org.springframework.boot:spring-boot-starter-test")
     testRuntimeOnly("org.junit.platform:junit-platform-launcher")
+    testImplementation("org.springframework.security:spring-security-test")
 }
 
 tasks.withType<Test> {

db_dev.mv.db

@@ -28,7 +28,7 @@ public static UserDto from(User user) {
                 .id(user.getId())
                 .email(user.getEmail())
                 .nickname(user.getNickname())
-                .profileImgUrl(user.getProfileImgUrl())
+//                .profileImgUrl(user.getProfileImgUrl())
                 .abvDegree(user.getAbvDegree())
                 .createdAt(user.getCreatedAt())
                 .updatedAt(user.getUpdatedAt())

src/main/java/com/back/domain/user/dto/UserDto.java

@@ -2,8 +2,13 @@
 
 import jakarta.persistence.*;
 import lombok.*;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 import java.time.LocalDateTime;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
 
 @Entity
 @Table(name = "users")  // 예약어 충돌 방지를 위해 "users" 권장
@@ -37,4 +42,26 @@ public class User {
     private String role = "USER";
 
     private String profileImgUrl;
+
+    public boolean isAdmin() {
+        return "ADMIN".equalsIgnoreCase(role);
+    }
+
+    private List<String> getAuthoritiesAsStringList() {
+        List<String> authorities = new ArrayList<>();
+        if (isAdmin()) {
+            authorities.add("ADMIN");
+        } else {
+            authorities.add("USER");
+        }
+        return authorities;
+    }
+
+    // Member의 role을 Security가 사용하는 ROLE_ADMIN, ROLE_USER 형태로 변환
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return getAuthoritiesAsStringList()
+                .stream()
+                .map(auth -> new SimpleGrantedAuthority("ROLE_" + auth))
+                .toList();
+    }
 }

src/main/java/com/back/domain/user/entity/User.java

@@ -0,0 +1,112 @@
+package com.back.global.jwt;
+
+import io.jsonwebtoken.*;
+import io.jsonwebtoken.security.Keys;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import javax.crypto.SecretKey;
+import java.nio.charset.StandardCharsets;
+import java.util.Date;
+
+@Slf4j
+@Component
+public class JwtUtil {
+
+    private final SecretKey secretKey;
+    private final long accessTokenExpiration;
+    private static final String ACCESS_TOKEN_COOKIE_NAME = "accessToken";
+
+    public JwtUtil(@Value("${custom.jwt.secretKey}") String secretKey,
+                   @Value("${custom.accessToken.expirationSeconds}") long accessTokenExpiration) {
+        this.secretKey = Keys.hmacShaKeyFor(secretKey.getBytes(StandardCharsets.UTF_8));
+        this.accessTokenExpiration = accessTokenExpiration * 1000;
+    }
+
+    public String generateAccessToken(Long userId, String email) {
+        Date now = new Date();
+        Date expiration = new Date(now.getTime() + accessTokenExpiration);
+
+        return Jwts.builder()
+                .subject(String.valueOf(userId))
+                .claim("email", email)
+                .issuedAt(now)
+                .expiration(expiration)
+                .signWith(secretKey)
+                .compact();
+    }
+
+    public void addAccessTokenToCookie(HttpServletResponse response, String accessToken) {
+        Cookie cookie = new Cookie(ACCESS_TOKEN_COOKIE_NAME, accessToken);
+        cookie.setHttpOnly(true);
+        cookie.setSecure(false); // 개발환경에서는 false, 프로덕션에서는 true
+        cookie.setPath("/");
+        cookie.setMaxAge((int) (accessTokenExpiration / 1000));
+        response.addCookie(cookie);
+    }
+
+    public String getAccessTokenFromCookie(HttpServletRequest request) {
+        Cookie[] cookies = request.getCookies();
+        if (cookies != null) {
+            for (Cookie cookie : cookies) {
+                if (ACCESS_TOKEN_COOKIE_NAME.equals(cookie.getName())) {
+                    return cookie.getValue();
+                }
+            }
+        }
+        return null;
+    }
+
+    public void removeAccessTokenCookie(HttpServletResponse response) {
+        Cookie cookie = new Cookie(ACCESS_TOKEN_COOKIE_NAME, null);
+        cookie.setHttpOnly(true);
+        cookie.setSecure(false);
+        cookie.setPath("/");
+        cookie.setMaxAge(0);
+        response.addCookie(cookie);
+    }
+
+    public boolean validateToken(String token) {
+        try {
+            Jwts.parser()
+                    .verifyWith(secretKey)
+                    .build()
+                    .parseSignedClaims(token);
+            return true;
+        } catch (SecurityException | MalformedJwtException e) {
+            log.error("Invalid JWT signature: {}", e.getMessage());
+        } catch (ExpiredJwtException e) {
+            log.error("Expired JWT token: {}", e.getMessage());
+        } catch (UnsupportedJwtException e) {
+            log.error("Unsupported JWT token: {}", e.getMessage());
+        } catch (IllegalArgumentException e) {
+            log.error("JWT claims string is empty: {}", e.getMessage());
+        }
+        return false;
+    }
+
+    public Long getUserIdFromToken(String token) {
+        return Long.valueOf(parseToken(token).getSubject());
+    }
+
+    public String getEmailFromToken(String token) {
+        return parseToken(token).get("email").toString();
+    }
+
+    public String getNicknameFromToken(String token) {
+        return parseToken(token).get("nickname", String.class);
+    }
+
+    private Claims parseToken(String token) {
+        return Jwts.parser()
+                .verifyWith(secretKey)
+                .build()
+                .parseSignedClaims(token)
+                .getPayload();
+    }
+
+}

src/main/java/com/back/global/jwt/JwtUtil.java

@@ -0,0 +1,109 @@
+package com.back.global.rq;
+
+import com.back.domain.user.entity.User;
+import com.back.domain.user.service.UserService;
+import com.back.global.security.SecurityUser;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
+import org.springframework.http.ResponseCookie;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+
+import java.util.Arrays;
+import java.util.Optional;
+
+@Component
+@RequiredArgsConstructor
+public class Rq {
+    private final HttpServletRequest req;
+    private final HttpServletResponse resp;
+    private final UserService userService;
+
+    public User getActor() {
+        return Optional.ofNullable(
+                        SecurityContextHolder
+                                .getContext()
+                                .getAuthentication()
+                )
+                .map(Authentication::getPrincipal)
+                .filter(principal -> principal instanceof SecurityUser)
+                .map(principal -> {
+                    SecurityUser securityUser = (SecurityUser) principal;
+                    // 권한에서 ROLE_ 접두사를 제거하여 ADMIN/USER로 변환
+                    String role = securityUser.getAuthorities().stream()
+                            .map(GrantedAuthority::getAuthority)
+                            .filter(auth -> auth.startsWith("ROLE_"))
+                            .map(auth -> auth.substring(5)) // "ROLE_" 제거
+                            .findFirst()
+                            .orElse("USER");
+                    return User.builder()
+                            .id(securityUser.getId())
+                            .email(securityUser.getEmail())
+                            .nickname(securityUser.getName())
+                            .role(role)
+                            .build();
+                })
+                .orElse(null);
+    }
+
+    public String getHeader(String name, String defaultValue) {
+        return Optional
+                .ofNullable(req.getHeader(name))
+                .filter(headerValue -> !headerValue.isBlank())
+                .orElse(defaultValue);
+    }
+
+    public void setHeader(String name, String value) {
+
+        if (value.isBlank()) {
+            req.removeAttribute(name);
+        } else {
+            resp.setHeader(name, value);
+        }
+    }
+
+    public String getCookieValue(String name, String defaultValue) {
+        return Optional
+                .ofNullable(req.getCookies())
+                .flatMap(
+                        cookies ->
+                                Arrays.stream(cookies)
+                                        .filter(cookie -> cookie.getName().equals(name))
+                                        .map(Cookie::getValue)
+                                        .filter(value -> !value.isBlank())
+                                        .findFirst()
+                )
+                .orElse(defaultValue);
+    }
+
+    public void setCrossDomainCookie(String name, String value, int maxAge) {
+        ResponseCookie cookie = ResponseCookie.from(name, value)
+                .path("/")
+                .maxAge(maxAge)
+                .secure(true)
+                .sameSite("None")
+                .httpOnly(true)
+                .build();
+        resp.addHeader("Set-Cookie", cookie.toString());
+    }
+
+    public void deleteCrossDomainCookie(String name) {
+        setCrossDomainCookie(name, "", 0);
+    }
+
+    @SneakyThrows
+    public void sendRedirect(String url) {
+        resp.sendRedirect(url);
+    }
+
+    public User getActorFromDb() {
+        User actor = getActor();
+        if(actor == null) return null;
+        return userService.findById(actor.getId());
+    }
+}