Skip to content

Commit bddb53a

Browse files
jsoonworldjsoonworld
authored
merge : Spring Security 제거 및 커스텀 인증 체계 운영 서버 적용
[🔀 merge] Spring Security 제거 및 커스텀 인증 체계 운영 서버 적용
2 parents dd04994 + 0a22f01 commit bddb53a

File tree

78 files changed

+876
-1412
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

78 files changed

+876
-1412
lines changed

build.gradle

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,6 @@ dependencies {
2727
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
2828
implementation 'org.springframework.boot:spring-boot-starter-web'
2929
implementation 'org.springframework.boot:spring-boot-starter-aop'
30-
implementation 'org.springframework.boot:spring-boot-starter-security'
3130
implementation 'org.springframework.boot:spring-boot-starter-actuator'
3231

3332
// Lombok
@@ -101,4 +100,4 @@ configurations {
101100

102101
tasks.named('test') {
103102
useJUnitPlatform()
104-
}
103+
}

src/main/java/org/terning/terningserver/auth/api/AuthController.java

Lines changed: 20 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,17 @@
11
package org.terning.terningserver.auth.api;
22

33
import lombok.RequiredArgsConstructor;
4-
import lombok.val;
54
import org.springframework.http.ResponseEntity;
6-
import org.springframework.security.core.annotation.AuthenticationPrincipal;
75
import org.springframework.web.bind.annotation.*;
86
import org.terning.terningserver.auth.application.AuthService;
7+
import org.terning.terningserver.auth.config.Login;
98
import org.terning.terningserver.auth.dto.request.FcmTokenSyncRequest;
109
import org.terning.terningserver.auth.dto.request.SignInRequest;
11-
import org.terning.terningserver.auth.dto.request.SignUpFilterRequestDto;
12-
import org.terning.terningserver.auth.dto.request.SignUpRequestDto;
13-
import org.terning.terningserver.auth.dto.response.AccessTokenGetResponseDto;
10+
import org.terning.terningserver.auth.dto.request.SignUpFilterRequest;
11+
import org.terning.terningserver.auth.dto.request.SignUpRequest;
1412
import org.terning.terningserver.auth.dto.response.SignInResponse;
15-
import org.terning.terningserver.auth.dto.response.SignUpResponseDto;
13+
import org.terning.terningserver.auth.dto.response.SignUpResponse;
14+
import org.terning.terningserver.auth.dto.response.TokenReissueResponse;
1615
import org.terning.terningserver.common.exception.dto.SuccessResponse;
1716

1817
import static org.terning.terningserver.auth.common.success.AuthSuccessCode.SUCCESS_SIGN_IN;
@@ -33,48 +32,48 @@ public class AuthController implements AuthSwagger {
3332

3433
@PostMapping("/sign-in")
3534
public ResponseEntity<SuccessResponse<SignInResponse>> signIn(
36-
@RequestHeader("Authorization") String authAccessToken,
35+
@RequestHeader("Authorization") String socialAccessToken,
3736
@RequestBody SignInRequest request
3837
) {
39-
return ResponseEntity.ok(SuccessResponse.of(SUCCESS_SIGN_IN, authService.signIn(authAccessToken, request)));
38+
SignInResponse response = authService.signIn(socialAccessToken, request);
39+
return ResponseEntity.ok(SuccessResponse.of(SUCCESS_SIGN_IN, response));
4040
}
4141

4242
@PostMapping("/token-reissue")
43-
public ResponseEntity<SuccessResponse<AccessTokenGetResponseDto>> reissueToken(
44-
@RequestHeader("Authorization") String refreshToken
43+
public ResponseEntity<SuccessResponse<TokenReissueResponse>> reissueToken(
44+
@RequestHeader("Authorization") String authorizationHeader
4545
) {
46-
val response = authService.reissueToken(refreshToken);
47-
46+
TokenReissueResponse response = authService.reissueAccessToken(authorizationHeader);
4847
return ResponseEntity.ok(SuccessResponse.of(SUCCESS_REISSUE_TOKEN, response));
4948
}
5049

5150
@PostMapping("/sign-up")
52-
public ResponseEntity<SuccessResponse<SignUpResponseDto>> signUp(
51+
public ResponseEntity<SuccessResponse<SignUpResponse>> signUp(
5352
@RequestHeader("Authorization") String authId,
54-
@RequestBody SignUpRequestDto request
53+
@RequestBody SignUpRequest request
5554
) {
56-
SignUpResponseDto signUpResponseDto = authService.signUp(authId, request);
57-
return ResponseEntity.ok(SuccessResponse.of(SUCCESS_SIGN_UP, signUpResponseDto));
55+
SignUpResponse signUpResponse = authService.signUp(authId, request);
56+
return ResponseEntity.ok(SuccessResponse.of(SUCCESS_SIGN_UP, signUpResponse));
5857
}
5958

6059
@PostMapping("/sign-up/filter")
6160
public ResponseEntity<SuccessResponse> registerUserFilter(
6261
@RequestHeader("User-Id") Long userId,
63-
@RequestBody SignUpFilterRequestDto request
62+
@RequestBody SignUpFilterRequest request
6463
) {
65-
authService.registerFilterWithUser(userId, request);
64+
authService.registerUserFilter(userId, request);
6665
return ResponseEntity.ok(SuccessResponse.of(SUCCESS_SIGN_UP_FILTER));
6766
}
6867

6968
@PostMapping("/logout")
70-
public ResponseEntity<SuccessResponse> signOut(@AuthenticationPrincipal Long userId) {
69+
public ResponseEntity<SuccessResponse> signOut(@Login Long userId) {
7170

7271
authService.signOut(userId);
7372

7473
return ResponseEntity.ok(SuccessResponse.of(SUCCESS_SIGN_OUT));
7574
}
7675
@DeleteMapping("/withdraw")
77-
public ResponseEntity<SuccessResponse> withdraw(@AuthenticationPrincipal Long userId) {
76+
public ResponseEntity<SuccessResponse> withdraw(@Login Long userId) {
7877

7978
authService.withdraw(userId);
8079

@@ -83,7 +82,7 @@ public ResponseEntity<SuccessResponse> withdraw(@AuthenticationPrincipal Long us
8382

8483
@PostMapping("/sync-user")
8584
public ResponseEntity<SuccessResponse> syncUser(
86-
@AuthenticationPrincipal Long userId,
85+
@Login Long userId,
8786
@RequestBody FcmTokenSyncRequest request
8887
) {
8988
authService.syncUser(userId, request);

src/main/java/org/terning/terningserver/auth/api/AuthSwagger.java

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -4,16 +4,16 @@
44
import io.swagger.v3.oas.annotations.Parameter;
55
import io.swagger.v3.oas.annotations.tags.Tag;
66
import org.springframework.http.ResponseEntity;
7-
import org.springframework.security.core.annotation.AuthenticationPrincipal;
87
import org.springframework.web.bind.annotation.RequestBody;
98
import org.springframework.web.bind.annotation.RequestHeader;
9+
import org.terning.terningserver.auth.config.Login;
1010
import org.terning.terningserver.auth.dto.request.FcmTokenSyncRequest;
1111
import org.terning.terningserver.auth.dto.request.SignInRequest;
12-
import org.terning.terningserver.auth.dto.request.SignUpFilterRequestDto;
13-
import org.terning.terningserver.auth.dto.request.SignUpRequestDto;
14-
import org.terning.terningserver.auth.dto.response.AccessTokenGetResponseDto;
12+
import org.terning.terningserver.auth.dto.request.SignUpFilterRequest;
13+
import org.terning.terningserver.auth.dto.request.SignUpRequest;
1514
import org.terning.terningserver.auth.dto.response.SignInResponse;
16-
import org.terning.terningserver.auth.dto.response.SignUpResponseDto;
15+
import org.terning.terningserver.auth.dto.response.SignUpResponse;
16+
import org.terning.terningserver.auth.dto.response.TokenReissueResponse;
1717
import org.terning.terningserver.common.exception.dto.SuccessResponse;
1818

1919
@Tag(name = "Auth", description = "소셜 로그인 및 회원가입 API")
@@ -27,7 +27,7 @@ ResponseEntity<SuccessResponse<SignInResponse>> signIn(
2727
);
2828

2929
@Operation(summary = "토큰 재발급", description = "토큰 재발급 API")
30-
ResponseEntity<SuccessResponse<AccessTokenGetResponseDto>> reissueToken(
30+
ResponseEntity<SuccessResponse<TokenReissueResponse>> reissueToken(
3131
@Parameter(name = "Authorization", description = "", example = "refreshToken")
3232
@RequestHeader("Authorization") String refreshToken
3333
);
@@ -36,27 +36,27 @@ ResponseEntity<SuccessResponse<AccessTokenGetResponseDto>> reissueToken(
3636
ResponseEntity<SuccessResponse> registerUserFilter(
3737
@Parameter(name = "User-Id", description = "", example = "userId")
3838
@RequestHeader("User-Id") Long userId,
39-
@RequestBody SignUpFilterRequestDto request
39+
@RequestBody SignUpFilterRequest request
4040
);
4141

4242
@Operation(summary = "회원가입", description = "회원가입 API")
43-
ResponseEntity<SuccessResponse<SignUpResponseDto>> signUp(
43+
ResponseEntity<SuccessResponse<SignUpResponse>> signUp(
4444
@Parameter(name = "Authorization", description = "", example = "authId")
4545
@RequestHeader("authId") String authId,
46-
@RequestBody SignUpRequestDto request
46+
@RequestBody SignUpRequest request
4747
);
4848

4949
@Operation(summary = "로그아웃", description = "로그아웃 API")
5050
ResponseEntity<SuccessResponse> signOut(
51-
@AuthenticationPrincipal Long userId);
51+
@Parameter(hidden = true) @Login Long userId);
5252

5353
@Operation(summary = "계정탈퇴", description = "계정탈퇴 API")
5454
ResponseEntity<SuccessResponse> withdraw(
55-
@AuthenticationPrincipal Long userId);
55+
@Parameter(hidden = true) @Login Long userId);
5656

5757
@Operation(summary = "유저동기화", description = "유저동기화 API")
5858
ResponseEntity<SuccessResponse> syncUser(
59-
@AuthenticationPrincipal Long userId,
59+
@Parameter(hidden = true) @Login Long userId,
6060
@RequestBody FcmTokenSyncRequest request
6161
);
6262
}

src/main/java/org/terning/terningserver/auth/application/AuthService.java

Lines changed: 93 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -1,69 +1,132 @@
11
package org.terning.terningserver.auth.application;
22

33
import lombok.RequiredArgsConstructor;
4+
import org.springframework.context.ApplicationEventPublisher;
45
import org.springframework.stereotype.Service;
56
import org.springframework.transaction.annotation.Transactional;
6-
import org.terning.terningserver.auth.application.reissue.AuthReissueService;
7-
import org.terning.terningserver.auth.application.signin.AuthSignInService;
8-
import org.terning.terningserver.auth.application.signout.AuthSignOutService;
9-
import org.terning.terningserver.auth.application.signup.AuthSignUpService;
10-
import org.terning.terningserver.auth.application.syncUser.AuthSyncUserService;
11-
import org.terning.terningserver.auth.application.withdraw.AuthWithdrawService;
7+
import org.terning.terningserver.auth.application.social.SocialAuthProvider;
8+
import org.terning.terningserver.auth.application.social.SocialAuthServiceManager;
9+
import org.terning.terningserver.auth.common.exception.AuthErrorCode;
10+
import org.terning.terningserver.auth.common.exception.AuthException;
11+
import org.terning.terningserver.auth.dto.Token;
1212
import org.terning.terningserver.auth.dto.request.FcmTokenSyncRequest;
1313
import org.terning.terningserver.auth.dto.request.SignInRequest;
14-
import org.terning.terningserver.auth.dto.request.SignUpFilterRequestDto;
15-
import org.terning.terningserver.auth.dto.request.SignUpRequestDto;
16-
import org.terning.terningserver.auth.dto.response.AccessTokenGetResponseDto;
14+
import org.terning.terningserver.auth.dto.request.SignUpFilterRequest;
15+
import org.terning.terningserver.auth.dto.request.SignUpRequest;
1716
import org.terning.terningserver.auth.dto.response.SignInResponse;
18-
import org.terning.terningserver.auth.dto.response.SignUpResponseDto;
17+
import org.terning.terningserver.auth.dto.response.SignUpResponse;
18+
import org.terning.terningserver.auth.dto.response.TokenReissueResponse;
19+
import org.terning.terningserver.auth.jwt.JwtProvider;
20+
import org.terning.terningserver.auth.jwt.exception.JwtErrorCode;
21+
import org.terning.terningserver.auth.jwt.exception.JwtException;
22+
import org.terning.terningserver.external.pushNotification.notification.NotificationUserClient;
23+
import org.terning.terningserver.filter.domain.Filter;
24+
import org.terning.terningserver.filter.repository.FilterRepository;
25+
import org.terning.terningserver.user.application.UserService;
26+
import org.terning.terningserver.user.domain.User;
27+
import org.terning.terningserver.user.event.UserSignedUpEvent;
28+
import org.terning.terningserver.user.repository.UserRepository;
1929

2030
@Service
2131
@RequiredArgsConstructor
2232
@Transactional(readOnly = true)
2333
public class AuthService {
2434

25-
private final AuthSignInService authSignInService;
26-
private final AuthSignUpService authSignUpService;
27-
private final AuthSignOutService authSignOutService;
28-
private final AuthWithdrawService authWithdrawService;
29-
private final AuthReissueService authReissueService;
30-
private final AuthSyncUserService authSyncUserService;
35+
private final UserService userService;
36+
private final UserRepository userRepository;
37+
private final JwtProvider jwtProvider;
38+
private final SocialAuthServiceManager socialAuthServiceManager;
39+
private final ApplicationEventPublisher eventPublisher;
40+
private final NotificationUserClient notificationUserClient;
41+
private final FilterRepository filterRepository;
3142

3243
@Transactional
33-
public SignInResponse signIn(String authAccessToken, SignInRequest request) {
34-
SignInResponse signInResponse = authSignInService.signIn(authAccessToken, request);
35-
return signInResponse;
44+
public SignInResponse signIn(String socialAccessToken, SignInRequest request) {
45+
SocialAuthProvider provider = socialAuthServiceManager.getAuthService(request.authType());
46+
String authId = provider.getAuthId(socialAccessToken);
47+
48+
User user = userRepository.findByAuthIdAndAuthType(authId, request.authType())
49+
.orElse(null);
50+
51+
if (user == null) {
52+
return SignInResponse.ofNewUser(authId, request.authType());
53+
}
54+
55+
Token token = jwtProvider.generateTokens(user.getId());
56+
user.updateRefreshToken(token.refreshToken());
57+
userRepository.save(user);
58+
59+
return SignInResponse.ofExistingUser(token, authId, request.authType(), user.getId());
3660
}
3761

3862
@Transactional
39-
public SignUpResponseDto signUp(String authId, SignUpRequestDto request) {
40-
SignUpResponseDto signUpResponseDto = authSignUpService.signUp(authId, request);
41-
return signUpResponseDto;
63+
public SignUpResponse signUp(String authId, SignUpRequest request) {
64+
if (userRepository.existsByAuthIdAndAuthType(authId, request.authType())) {
65+
throw new AuthException(AuthErrorCode.USER_ALREADY_EXIST);
66+
}
67+
68+
User userToSave = User.from(authId, request);
69+
userRepository.save(userToSave);
70+
71+
Token token = jwtProvider.generateTokens(userToSave.getId());
72+
userToSave.updateRefreshToken(token.refreshToken());
73+
74+
eventPublisher.publishEvent(UserSignedUpEvent.of(userToSave, request.fcmToken()));
75+
76+
notificationUserClient.createUserOnNotificationServer(
77+
userToSave.getId(),
78+
userToSave.getName(),
79+
userToSave.getAuthType(),
80+
request.fcmToken()
81+
);
82+
83+
return SignUpResponse.of(token, userToSave);
4284
}
4385

4486
@Transactional
45-
public void registerFilterWithUser(Long userId, SignUpFilterRequestDto request) {
46-
authSignUpService.registerFilterWithUser(userId, request);
87+
public void registerUserFilter(Long userId, SignUpFilterRequest request) {
88+
User user = userRepository.findById(userId)
89+
.orElseThrow(() -> new AuthException(AuthErrorCode.USER_NOT_FOUND));
90+
91+
Filter newFilter = Filter.from(request);
92+
filterRepository.save(newFilter);
93+
94+
user.assignFilter(newFilter);
4795
}
4896

4997
@Transactional
5098
public void signOut(long userId) {
51-
authSignOutService.signOut(userId);
99+
User user = userRepository.findById(userId).orElseThrow(() -> new AuthException(AuthErrorCode.USER_NOT_FOUND));
100+
user.resetRefreshToken();
52101
}
53102

54103
@Transactional
55104
public void withdraw(long userId) {
56-
authWithdrawService.withdraw(userId);
105+
User user = userRepository.findById(userId).orElseThrow(() -> new AuthException(AuthErrorCode.USER_NOT_FOUND));
106+
userService.deleteUser(user);
57107
}
58108

59109
@Transactional
60-
public AccessTokenGetResponseDto reissueToken(String refreshToken) {
61-
AccessTokenGetResponseDto accessTokenGetResponseDto = authReissueService.reissueToken(refreshToken);
62-
return accessTokenGetResponseDto;
110+
public TokenReissueResponse reissueAccessToken(String authorizationHeader) {
111+
Long userId = jwtProvider.getUserIdFrom(authorizationHeader);
112+
113+
User user = userRepository.findById(userId)
114+
.orElseThrow(() -> new JwtException(JwtErrorCode.INVALID_TOKEN));
115+
116+
String providedToken = jwtProvider.resolveToken(authorizationHeader);
117+
user.validateRefreshToken(providedToken);
118+
119+
Token accessToken = jwtProvider.generateAccessToken(userId);
120+
121+
122+
return new TokenReissueResponse(accessToken.accessToken());
63123
}
64124

65125
@Transactional
66126
public void syncUser(long userId, FcmTokenSyncRequest request) {
67-
authSyncUserService.syncUser(userId, request);
127+
User user = userRepository.findById(userId)
128+
.orElseThrow(() -> new AuthException(AuthErrorCode.USER_NOT_FOUND));
129+
130+
notificationUserClient.createOrUpdateUser(user, request.fcmToken());
68131
}
69132
}

src/main/java/org/terning/terningserver/auth/application/reissue/AuthReissueService.java

Lines changed: 0 additions & 7 deletions
This file was deleted.

src/main/java/org/terning/terningserver/auth/application/reissue/AuthReissueServiceImpl.java

Lines changed: 0 additions & 35 deletions
This file was deleted.

src/main/java/org/terning/terningserver/auth/application/signin/AuthSignInService.java

Lines changed: 0 additions & 8 deletions
This file was deleted.

0 commit comments

Comments
 (0)