feat: social-unlink (#103)

* feat: security 권한 제어

* feat: 소셜 로그인 저장 도메인 분리

* feat: 애플 소셜 로그인 방식 변경

* test: 애플 소셜 로그인 방식 변경

* test: 애플 client secret 생성

* feat: 카카오 소셜 로그인 방식 변경

* feat: 카카오 소셜 로그인 방식 변경

* feat: 카카오 소셜 로그인 연결 해제

* ci: 테스트 배포

* feat: 애플 refresh token 발급 API 호출

* test: 애플 refresh token 발급 API 호출

* feat: 소셜 서비스로부터 받은 에러 응답을 클라이언트에 전송

* docs: 에러타입 추가

* feat: 탈퇴 시 각 소셜 로그인 연결 해지 요청 결과를 클라이언트에 응답

* docs: 탈퇴 문서 업데이트

* refactor: 제약 조건 추가

Author: jaelyangChoi

.gitignore

@@ -7,6 +7,10 @@ build/
 
 **/src/main/resources/application-*.yml
 
+*.p8
+apple/
+secrets/
+
 
 ### STS ###
 .apt_generated

capturecat-core/build.gradle

@@ -17,6 +17,7 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-security'
     implementation 'org.springframework.boot:spring-boot-starter-validation'
     implementation 'org.springframework.boot:spring-boot-starter-web'
+    implementation 'org.springframework.boot:spring-boot-starter-webflux'
     implementation 'org.modelmapper:modelmapper:3.2.0'
     implementation 'io.jsonwebtoken:jjwt-api:0.12.5'
     runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.5'

capturecat-core/src/docs/asciidoc/user.adoc

@@ -14,6 +14,9 @@ operation::tutorialComplete[snippets='curl-request,http-request,request-headers,
 
 [[회원-탈퇴]]
 === 회원 탈퇴
+소셜 서비스 연결 해제 후 회원 관련 데이터를 삭제 처리 합니다.
+소셜 서비스 연결 해제가 모종의 이유로 실패하더라도 삭제 처리는 롤백하지 않습니다. (별도 회원 안내 필요)
+
 ==== 성공
 operation::withdraw[snippets='curl-request,http-request,request-headers,http-response,response-fields']
 

capturecat-core/src/main/java/com/capturecat/core/api/auth/Oauth2AuthController.java

@@ -4,6 +4,8 @@
 
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -16,9 +18,9 @@
 import com.capturecat.core.api.auth.dto.SocialLoginResponse;
 import com.capturecat.core.config.jwt.JwtUtil;
 import com.capturecat.core.config.jwt.TokenType;
-import com.capturecat.core.service.auth.IdTokenVerifierService;
-import com.capturecat.core.service.auth.IdTokenVerifierService.OidcUserPayload;
 import com.capturecat.core.service.auth.LoginUser;
+import com.capturecat.core.service.auth.SocialService;
+import com.capturecat.core.service.auth.SocialService.OidcUserPayload;
 import com.capturecat.core.service.auth.TokenService;
 import com.capturecat.core.service.user.UserService;
 import com.capturecat.core.support.response.ApiResponse;
@@ -27,15 +29,15 @@
 @RequestMapping("/v1/auth/{provider}")
 @RequiredArgsConstructor
 public class Oauth2AuthController {
-	private final IdTokenVerifierService idTokenVerifierService;
+	private final SocialService socialService;
 	private final UserService userService;
 	private final TokenService tokenService;
 
 	@PostMapping("/login")
 	public ResponseEntity<?> socialLogin(@PathVariable String provider, @RequestBody SocialLoginRequest requestDto) {
 		// 1. provider별 id_token 검증(JWK, iss, aud 등)
-		OidcUserPayload payload = idTokenVerifierService.verifyAndExtract(provider, requestDto.idToken(),
-			requestDto.nickname());
+		OidcUserPayload payload = socialService.verifyAndExtract(provider,
+			requestDto.idToken(), requestDto.nickname(), requestDto.authToken());
 
 		// 2. 유저 정보 추출/회원 처리
 		LoginUser user = userService.upsertSocialUser(payload);

capturecat-core/src/main/java/com/capturecat/core/api/auth/dto/SocialLoginRequest.java

@@ -1,4 +1,4 @@
 package com.capturecat.core.api.auth.dto;
 
-public record SocialLoginRequest(String idToken, String nickname) {
+public record SocialLoginRequest(String idToken, String nickname, String authToken) {
 }

capturecat-core/src/main/java/com/capturecat/core/api/user/UserController.java

@@ -37,9 +37,14 @@ public ApiResponse<?> tutorialCompleted(@AuthenticationPrincipal LoginUser login
 		return ApiResponse.success();
 	}
 
+	/**
+	 * 탈퇴 API
+	 * 1) 소셜 로그인 연결 해제
+	 * 2) 회원 정보 삭제
+	 */
 	@DeleteMapping("/withdraw")
 	public ApiResponse<?> withdraw(@AuthenticationPrincipal LoginUser loginUser) {
-		userService.withdraw(loginUser);
-		return ApiResponse.success();
+		String resultMessage = userService.withdraw(loginUser);
+		return ApiResponse.success(resultMessage);
 	}
 }

capturecat-core/src/main/java/com/capturecat/core/config/AppConfig.java

@@ -9,6 +9,7 @@
 import org.modelmapper.convention.MatchingStrategies;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.web.reactive.function.client.WebClient;
 
 @Configuration
 public class AppConfig {
@@ -24,12 +25,16 @@ public ModelMapper modelMapper() {
 
 		// 전역 Converter: LocalDateTime -> String
 		Converter<LocalDateTime, String> dateTimeToString = ctx -> ctx.getSource() == null ? null
-				: ctx.getSource().format(DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss"));
+			: ctx.getSource().format(DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss"));
 
 		// 모든 LocalDateTime → String 매핑에 TypeMap 강제 등록
 		modelMapper.createTypeMap(LocalDateTime.class, String.class).setConverter(dateTimeToString);
 
 		return modelMapper;
 	}
 
+	@Bean
+	public WebClient webClient() {
+		return WebClient.builder().build();
+	}
 }

capturecat-core/src/main/java/com/capturecat/core/config/SecurityConfig.java

@@ -54,9 +54,10 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 			.addFilterAt(new JwtLogoutFilter(tokenService), LogoutFilter.class)
 			.authorizeHttpRequests(
 				authorizeRequests -> authorizeRequests
-					.requestMatchers("/health", "/docs/**", "/token/reissue", "/v1/auth/**", "/v1/user/join",
-						"/v1/**").permitAll()
-					.anyRequest().hasRole("USER"));
+					.requestMatchers("/health", "/docs/**", "/token/reissue", "/v1/auth/**", "/v1/user/join")
+					.permitAll()
+					.anyRequest()
+					.hasRole("USER"));
 
 		return http.build();
 	}

capturecat-core/src/main/java/com/capturecat/core/config/auth/SocialApiProperties.java

@@ -0,0 +1,48 @@
+package com.capturecat.core.config.auth;
+
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.NotBlank;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+@Valid
+@Component
+@ConfigurationProperties(prefix = "social.api")
+public class SocialApiProperties {
+	@Valid
+	private Apple apple;
+	@Valid
+	private Kakao kakao;
+
+	@Getter
+	@Setter
+	public static class Apple {
+		@NotBlank
+		private String tokenUrl;
+		@NotBlank
+		private String revokeUrl;
+		@NotBlank
+		private String teamId; //Apple 개발자 계정의 팀 ID
+		@NotBlank
+		private String keyId;  //Apple 에서 발급한 키의 ID
+		@NotBlank
+		private String privateKeyPath; //Apple 에서 다운로드한 AuthKey_XXX.p8 파일 경로
+	}
+
+	@Getter
+	@Setter
+	public static class Kakao {
+		@NotBlank
+		private String userinfoUrl;
+		@NotBlank
+		private String unlinkUrl;
+		@NotBlank
+		private String serviceAppAdminKey;
+	}
+}

capturecat-core/src/main/java/com/capturecat/core/domain/user/User.java

@@ -1,11 +1,16 @@
 package com.capturecat.core.domain.user;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import jakarta.persistence.CascadeType;
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
 import jakarta.persistence.EnumType;
 import jakarta.persistence.Enumerated;
 import jakarta.persistence.GeneratedValue;
 import jakarta.persistence.Id;
+import jakarta.persistence.OneToMany;
 import jakarta.persistence.Table;
 
 import lombok.AccessLevel;
@@ -43,22 +48,19 @@ public class User extends BaseTimeEntity {
 	@Enumerated(EnumType.STRING)
 	private UserRole role;
 
-	private String provider;   // "google", "apple", "kakao" 등
-	private String socialId;   // 소셜 서비스의 "sub" (고유 OIDC ID)
-
 	private boolean tutorialCompleted = false;
 
+	@OneToMany(mappedBy = "user", cascade = CascadeType.ALL, orphanRemoval = true)
+	private List<UserSocialAccount> socialAccounts = new ArrayList<>();
+
 	@Builder
-	public User(Long id, String username, String password, String email, String nickname,
-		UserRole role, String provider, String socialId) {
+	public User(Long id, String username, String password, String email, String nickname, UserRole role) {
 		this.id = id;
 		this.username = username;
 		this.password = password;
 		this.email = email;
 		this.nickname = nickname;
 		this.role = role;
-		this.provider = provider;
-		this.socialId = socialId;
 	}
 
 	public void tutorialComplete() {