Feat/#84 add oauth

build.gradle

@@ -43,6 +43,8 @@ dependencies {
 	implementation group: 'io.jsonwebtoken', name: 'jjwt-impl', version: '0.11.5'
 	implementation group: 'io.jsonwebtoken', name: 'jjwt-jackson', version: '0.11.5'
 
+	//OAuth 2.0
+	implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
 
 	// S3 AWS
 	implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-aws', version: '2.2.6.RELEASE'

src/main/java/org/sophy/sophy/InitDb.java

@@ -39,7 +39,7 @@ public void dbInit() {
                 .password(passwordEncoder.encode("Iammember10!"))
                 .phoneNum("01012345678")
                 .marketingAgree(true)
-                .authority(Authority.ROLE_USER)
+                .authority(Authority.USER)
                 .build();
             em.persist(citizen);
 
@@ -56,7 +56,7 @@ public void dbInit() {
                 .password(passwordEncoder.encode("sophy123"))
                 .phoneNum("01012345678")
                 .marketingAgree(false)
-                .authority(Authority.ROLE_AUTHOR)
+                .authority(Authority.AUTHOR)
                 .build();
             author1.setAuthorProperty(memauthor1);
 
@@ -66,7 +66,7 @@ public void dbInit() {
                 .password(passwordEncoder.encode("sophy234"))
                 .phoneNum("01023456789")
                 .marketingAgree(false)
-                .authority(Authority.ROLE_AUTHOR)
+                .authority(Authority.AUTHOR)
                 .build();
             author2.setAuthorProperty(memauthor2);
 
@@ -76,7 +76,7 @@ public void dbInit() {
                 .password(passwordEncoder.encode("sophy345"))
                 .phoneNum("01098765432")
                 .marketingAgree(false)
-                .authority(Authority.ROLE_AUTHOR)
+                .authority(Authority.AUTHOR)
                 .build();
             author3.setAuthorProperty(memauthor3);
 
@@ -194,7 +194,7 @@ public void dbInit() {
                 .password(passwordEncoder.encode("Iamoperator10!"))
                 .phoneNum("01056784321")
                 .marketingAgree(true)
-                .authority(Authority.ROLE_OPERATOR)
+                .authority(Authority.OPERATOR)
                 .build();
             oper.setOperatorProperty(memOper);
             em.persist(oper);

src/main/java/org/sophy/sophy/config/auth/CustomOAuth2User.java

@@ -0,0 +1,32 @@
+package org.sophy.sophy.config.auth;
+
+import java.util.Collection;
+import java.util.Map;
+import lombok.Getter;
+import org.sophy.sophy.domain.enumerate.Authority;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
+
+@Getter
+public class CustomOAuth2User extends DefaultOAuth2User {
+
+    private final String email;
+    private final Authority authority;
+
+    /**
+     * Constructs a {@code DefaultOAuth2User} using the provided parameters.
+     *
+     * @param authorities      the authorities granted to the user
+     * @param attributes       the attributes about the user
+     * @param nameAttributeKey the key used to access the user's "name" from
+     *                         {@link #getAttributes()}
+     */
+    public CustomOAuth2User(
+        Collection<? extends GrantedAuthority> authorities,
+        Map<String, Object> attributes, String nameAttributeKey,
+        String email, Authority authority) {
+        super(authorities, attributes, nameAttributeKey);
+        this.email = email;
+        this.authority = authority;
+    }
+}

src/main/java/org/sophy/sophy/config/JwtSecurityConfig.java → src/main/java/org/sophy/sophy/config/auth/JwtSecurityConfig.java

@@ -1,4 +1,4 @@
-package org.sophy.sophy.config;
+package org.sophy.sophy.config.auth;
 
 import lombok.RequiredArgsConstructor;
 import org.sophy.sophy.jwt.JwtExceptionFilter;

src/main/java/org/sophy/sophy/config/SecurityConfig.java → src/main/java/org/sophy/sophy/config/auth/SecurityConfig.java

@@ -1,8 +1,11 @@
-package org.sophy.sophy.config;
+package org.sophy.sophy.config.auth;
 
 import java.util.Arrays;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
+import org.sophy.sophy.config.auth.common.CustomOAuth2UserService;
+import org.sophy.sophy.config.auth.common.OAuth2LoginFailureHandler;
+import org.sophy.sophy.config.auth.common.OAuth2LoginSuccessHandler;
 import org.sophy.sophy.jwt.JwtAccessDeniedHandler;
 import org.sophy.sophy.jwt.JwtAuthenticationEntryPoint;
 import org.sophy.sophy.jwt.JwtExceptionFilter;
@@ -12,6 +15,7 @@
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
@@ -31,6 +35,9 @@ public class SecurityConfig {
 
     private final JwtExceptionFilter jwtExceptionFilter;
     private final RedisTemplate redisTemplate;
+    private final CustomOAuth2UserService customOAuth2UserService;
+    private final OAuth2LoginSuccessHandler oAuth2LoginSuccessHandler;
+    private final OAuth2LoginFailureHandler oAuth2LoginFailureHandler;
 
     @Bean
     public PasswordEncoder passwordEncoder() {
@@ -42,7 +49,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         //CSRF 설정 Disable
         http.csrf().disable()
 
-            .cors(cors -> cors.disable())
+            .cors(AbstractHttpConfigurer::disable)
 
             //exception handling 할 때 우리가 만든 클래스를 추가
             .exceptionHandling()
@@ -64,18 +71,19 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
             .and()
             .authorizeRequests()
             .antMatchers("/author/**").hasRole("AUTHOR")
-            .antMatchers("/auth/**").permitAll()
-            .antMatchers("/profile/**").permitAll()
-            .antMatchers("/actuator/**").permitAll()
-            .antMatchers("/health/**").permitAll()
-            .antMatchers("/home/**").permitAll()
-            .antMatchers("/booktalk/search/**").permitAll()
+            .antMatchers("/auth/**", "/profile/**", "/actuator/**", "/health/**").permitAll()
+            .antMatchers("/home/**", "/booktalk/search/**", "/").permitAll()
             .antMatchers("/swagger-ui/**", "/v3/api-docs/**", "/api-docs/**", "/swagger-ui.html").permitAll()
-            .anyRequest().authenticated() //나머지 API는 전부 인증 필요
+            .anyRequest().authenticated();//나머지 API는 전부 인증 필요
 
-            //JwtFilter 를 addFilterBefore 로 등록했던 JwtSecurityConfig 클래스를 적용
+        http.oauth2Login()
+            .successHandler(oAuth2LoginSuccessHandler) // 동의하고 계속하기를 눌렀을 때 Handler 설정
+            .failureHandler(oAuth2LoginFailureHandler) // 소셜 로그인 실패 시 핸들러 설정
+            .userInfoEndpoint().userService(customOAuth2UserService) // customUserService 설정
             .and()
-            .apply(new JwtSecurityConfig(tokenProvider, redisTemplate, jwtExceptionFilter));
+            .permitAll();
+        //JwtFilter 를 addFilterBefore 로 등록했던 JwtSecurityConfig 클래스를 적용
+        http.apply(new JwtSecurityConfig(tokenProvider, redisTemplate, jwtExceptionFilter));
 
         return http.build();
     }

src/main/java/org/sophy/sophy/config/auth/common/CustomOAuth2UserService.java

@@ -0,0 +1,77 @@
+package org.sophy.sophy.config.auth.common;
+
+import java.util.Collections;
+import lombok.RequiredArgsConstructor;
+import org.sophy.sophy.config.auth.CustomOAuth2User;
+import org.sophy.sophy.config.auth.dto.OAuthAttributes;
+import org.sophy.sophy.domain.Member;
+import org.sophy.sophy.infrastructure.MemberRepository;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
+import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
+import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.stereotype.Service;
+
+@Service
+@RequiredArgsConstructor
+public class CustomOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> {
+
+    private final MemberRepository memberRepository;
+
+    @Override
+    public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
+        /**
+         * DefaultOAuth2UserService 객체를 생성하여, loadUser(userRequest)를 통해 DefaultOAuth2User 객체를 생성 후 반환
+         * DefaultOAuth2UserService의 loadUser()는 소셜 로그인 API의 사용자 정보 제공 URI로 요청을 보내서
+         * 사용자 정보를 얻은 후, 이를 통해 DefaultOAuth2User 객체를 생성 후 반환한다.
+         * 결과적으로, OAuth2User는 OAuth 서비스에서 가져온 유저 정보를 담고 있는 유저
+         */
+        OAuth2UserService<OAuth2UserRequest, OAuth2User> delegate = new DefaultOAuth2UserService();
+        OAuth2User oAuth2User = delegate.loadUser(userRequest); // OAuth2 정보를 가져옵니다.
+
+        //현재 로그인 진행 중인 서비스를 구분하는 코드 (구글 or 네이버 or 카카오 ...)
+        String registrationId = userRequest.getClientRegistration().getRegistrationId();
+        //OAuth2 로그인 진행 시 키가되는 필드 값, Primary Key와 같은 의미
+        String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails()
+            .getUserInfoEndpoint().getUserNameAttributeName();
+
+        //OAuth2UserService를 통해 가져온 OAuth2User의 attribute를 담을 클래스
+        // 소셜 로그인에서 API가 제공하는 userInfo의 Json 값(유저 정보들)
+        OAuthAttributes attributes = OAuthAttributes.of(registrationId, userNameAttributeName,
+            oAuth2User.getAttributes());
+
+        Member member = getMember(attributes);
+
+        return new CustomOAuth2User(
+            Collections.singleton(new SimpleGrantedAuthority(member.getAuthority().getKey())),
+            oAuth2User.getAttributes(),
+            attributes.getNameAttributeKey(),
+            member.getEmail(),
+            member.getAuthority()
+        );
+    }
+
+    private Member getMember(OAuthAttributes attributes) {
+        Member findMember = memberRepository.findBySocialId(
+            attributes.getOAuth2UserInfo().getId()).orElse(null);
+
+        if (findMember == null) {
+            return saveMember(attributes);
+        }
+        return findMember;
+    }
+
+    /**
+     * 이미 존재하는 회원이라면 이름과 프로필이미지를 업데이트해줍니다.
+     * 처음 가입하는 회원이라면 Member 테이블을 생성합니다. (소셜 회원가입)
+     **/
+    private Member saveMember(OAuthAttributes attributes) {
+        //기존 유저도 이메일 인증을 했기에, 둘이 이메일이 같으면 같은 유저임
+        // update는 기존 유저의 소셜 ID 컬럼에 값을 추가하는 것 정도만 있으면 될듯
+        Member member = attributes.toEntity(attributes.getOAuth2UserInfo());
+        return memberRepository.save(member);
+    }
+
+}

src/main/java/org/sophy/sophy/config/auth/common/OAuth2LoginFailureHandler.java

@@ -0,0 +1,23 @@
+package org.sophy.sophy.config.auth.common;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.stereotype.Component;
+
+@Slf4j
+@Component
+public class OAuth2LoginFailureHandler implements AuthenticationFailureHandler {
+
+    @Override
+    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+        AuthenticationException exception) throws IOException, ServletException {
+        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+        response.getWriter().write("소셜 로그인이 실패하였습니다.");
+        log.error("소셜 로그인에 실패했습니다. 에러메세지 : {}", exception.getMessage());
+    }
+}

src/main/java/org/sophy/sophy/config/auth/common/OAuth2LoginSuccessHandler.java

@@ -0,0 +1,64 @@
+package org.sophy.sophy.config.auth.common;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.sophy.sophy.common.dto.ApiResponseDto;
+import org.sophy.sophy.config.auth.CustomOAuth2User;
+import org.sophy.sophy.controller.dto.response.TokenDto;
+import org.sophy.sophy.domain.Member;
+import org.sophy.sophy.domain.enumerate.Authority;
+import org.sophy.sophy.exception.SuccessStatus;
+import org.sophy.sophy.infrastructure.MemberRepository;
+import org.sophy.sophy.jwt.TokenProvider;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Transactional;
+
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class OAuth2LoginSuccessHandler implements AuthenticationSuccessHandler {
+
+    private final TokenProvider tokenProvider;
+    private final MemberRepository memberRepository;
+    private final RedisTemplate redisTemplate;
+    private final ObjectMapper mapper = new ObjectMapper();
+
+    @Override
+    @Transactional
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+        Authentication authentication) throws IOException, ServletException {
+        CustomOAuth2User customOAuth2User = (CustomOAuth2User) authentication.getPrincipal();
+
+        // User의 Role이 GUEST일 경우 처음 요청한 회원이므로 회원가입 페이지로 리다이렉트
+        if(customOAuth2User.getAuthority() == Authority.GUEST) {
+            response.sendRedirect("/auth/signup"); // 프론트의 회원가입 추가 정보 입력 폼으로 리다이렉트 (추가 컨트롤러를 만들고 거기서 post 해야지 User로 바뀌게 해야겠다)
+
+            //아래의 GUEST를 USER로 바꿔주는 로직은 회원가입 승인되면서 처리되게 변경
+            Member findUser = memberRepository.getMemberByEmail(customOAuth2User.getEmail());
+            findUser.authorizeUser();
+        } else {
+            TokenDto tokenDto = tokenProvider.generateTokenDto(authentication);
+            redisTemplate.opsForValue().set("RT:" + authentication.getName(),
+                tokenDto.getRefreshToken(),
+                tokenProvider.getRefreshTokenExpireTime(),
+                TimeUnit.MILLISECONDS);
+            response.setStatus(HttpServletResponse.SC_OK);
+            response.setContentType("application/json");
+            response.setCharacterEncoding("utf-8");
+            response.getWriter().write(mapper.writeValueAsString(
+                ApiResponseDto.success(SuccessStatus.LOGIN_SUCCESS,
+                    tokenDto)
+            ));
+            // 로그인에 성공한 경우 access, refresh 토큰 생성
+        }
+    }
+}

src/main/java/org/sophy/sophy/config/auth/dto/GoogleOAuth2UserInfo.java

@@ -0,0 +1,21 @@
+package org.sophy.sophy.config.auth.dto;
+
+import java.util.Map;
+
+public class GoogleOAuth2UserInfo extends OAuth2UserInfo{
+
+    public GoogleOAuth2UserInfo(Map<String, Object> attributes) {
+        super(attributes);
+    }
+
+    @Override
+    public String getId() {
+        return (String) attributes.get("sub");
+    }
+
+    @Override
+    public String getNickname() {
+        return (String) attributes.get("name");
+
+    }
+}

src/main/java/org/sophy/sophy/config/auth/dto/KakaoOAuth2UserInfo.java

@@ -0,0 +1,27 @@
+package org.sophy.sophy.config.auth.dto;
+
+import java.util.Map;
+
+public class KakaoOAuth2UserInfo extends OAuth2UserInfo{
+
+    public KakaoOAuth2UserInfo(Map<String, Object> attributes) {
+        super(attributes);
+    }
+
+    @Override
+    public String getId() {
+        return String.valueOf(attributes.get("id"));
+    }
+
+    @Override
+    public String getNickname() {
+        Map<String, Object> account = (Map<String, Object>) attributes.get("kakao_account");
+        Map<String, Object> profile = (Map<String, Object>) account.get("profile");
+
+        if (profile == null) {
+            return null;
+        }
+
+        return (String) profile.get("nickname");
+    }
+}