Skip to content

Commit

Permalink
Merge pull request #368 from twenty-three-23/dev
Browse files Browse the repository at this point in the history 
main cicd 수정 코드 반영
  • Loading branch information
@ch8930
ch8930 authored Sep 25, 2024
2 parents 371d221 + 86c85a9 commit 8d51397
Show file tree
Hide file tree
Showing 7 changed files with 61 additions and 15 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/cd_prod.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ jobs:
echo "${{ secrets.DOCKERHUB_PASSWORD_PROD }}" | sudo docker login -u ${{ secrets.DOCKERHUB_USERNAME_PROD }} --password-stdin
sudo docker pull ${{ secrets.DOCKERHUB_USERNAME_PROD }}/github-actions-demo
sudo docker stop $(sudo docker ps -q) 2>/dev/null || true
sudo docker run --name github-actions-demo --rm -v logs:/logs -d -p 8080:8080 ${{ secrets.DOCKERHUB_USERNAME }}/github-actions-demo
sudo chmode logs 777
sudo docker run --name github-actions-demo --rm -v logs:/logs -d -p 8080:8080 ${{ secrets.DOCKERHUB_USERNAME_PROD }}/github-actions-demo
sudo chmod logs 777
sudo docker system prune -f
EOF
3 changes: 2 additions & 1 deletion src/main/java/com/twentythree/peech/common/interceptor/RequestLogInterceptor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,11 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
userId = null;
funnel = "not found funnel";
}
String httpMethod = request.getMethod();
String requestURI = request.getRequestURI();
String uuid = UUID.randomUUID().toString();

logger.info("REQUEST LOG: [ Funnel: {}, User ID: {}, Request URI: {}, UUID: {} ]", funnel, userId, requestURI, uuid);
logger.info("REQUEST LOG: [ Funnel: {}, User ID: {}, Http Method: {}, Request URI: {}, UUID: {} ]", funnel, userId, httpMethod, requestURI, uuid);
return true;
}

Expand Down
3 changes: 1 addition & 2 deletions src/main/java/com/twentythree/peech/config/WebConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,8 @@ public class WebConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
// Todo : main 으로 pr할때 origin 설정하기
.allowedOriginPatterns(allowedOrigins)
.allowedMethods("GET", "POST", "PATCH", "PUT") // 허용할 HTTP method
.allowedMethods("GET", "POST", "PATCH", "PUT", "OPTIONS") // 허용할 HTTP method
.allowCredentials(true); // 쿠키 인증 요청 허용
}
}
23 changes: 14 additions & 9 deletions src/main/java/com/twentythree/peech/user/dto/IdentityToken.java
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,14 @@
package com.twentythree.peech.user.dto;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwts;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.ToString;

import java.util.List;
import java.security.PublicKey;
import java.util.Objects;

@Getter
Expand All @@ -17,16 +20,18 @@ public class IdentityToken {
private IdentityTokenHeader identityTokenHeader;
private IdentityTokenPayload identityTokenPayload;

public boolean isVerify(List<ApplePublicKey> publicKeys) {
String alg = identityTokenHeader.getAlg();
String kid = identityTokenHeader.getKid();
public boolean isVerify(String jwt, PublicKey publicKey) {

for (ApplePublicKey publicKey : publicKeys) {
if (publicKey.getKid().equals(alg) && publicKey.getAlg().equals(kid)) {
return true;
}
try {
Jws<Claims> jwsClaims = Jwts.parser()
.setSigningKey(publicKey) // 공개 키 설정
.build()
.parseClaimsJws(jwt);
} catch (Exception e) {
throw new RuntimeException("토큰이 올바르지 못합니다.");
}
return false;

return true;
}

@Override
Expand Down
2 changes: 2 additions & 0 deletions src/main/java/com/twentythree/peech/user/dto/IdentityTokenPayload.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.twentythree.peech.user.dto;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
Expand All @@ -11,6 +12,7 @@
@AllArgsConstructor
@NoArgsConstructor
@ToString
@JsonIgnoreProperties(ignoreUnknown = true)
public class IdentityTokenPayload {
private String iss;
private Long iat;
Expand Down
39 changes: 39 additions & 0 deletions src/main/java/com/twentythree/peech/user/dto/response/ApplePublicKeyResponseDTO.java
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,52 @@
package com.twentythree.peech.user.dto.response;

import com.fasterxml.jackson.annotation.JsonProperty;
import com.twentythree.peech.user.dto.ApplePublicKey;
import com.twentythree.peech.user.dto.IdentityTokenHeader;
import io.jsonwebtoken.io.Decoders;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.extern.slf4j.Slf4j;

import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.List;

@Slf4j
@Getter
@AllArgsConstructor
@NoArgsConstructor
public class ApplePublicKeyResponseDTO {

@JsonProperty("keys")
private List<ApplePublicKey> applePublicKeys;

public PublicKey getApplePublicKeyKey(IdentityTokenHeader identityTokenHeader) {
String alg = identityTokenHeader.getAlg();
String kid = identityTokenHeader.getKid();

for (ApplePublicKey publicKey : applePublicKeys) {
if (publicKey.getKid().equals(kid) && publicKey.getAlg().equals(alg)) {

byte[] n = Decoders.BASE64URL.decode(publicKey.getN());
byte[] e = Decoders.BASE64URL.decode(publicKey.getE());
RSAPublicKeySpec publicKeySpec =
new RSAPublicKeySpec(new BigInteger(1, n), new BigInteger(1, e));

try {
KeyFactory keyFactory = KeyFactory.getInstance(publicKey.getKty());
return keyFactory.generatePublic(publicKeySpec);
} catch (NoSuchAlgorithmException | InvalidKeySpecException exception) {
throw new RuntimeException("응답 받은 Apple Public Key로 PublicKey를 생성할 수 없습니다.");
}
}
}

throw new RuntimeException("Token을 검증할 수 없습니다.");
}
}
2 changes: 1 addition & 1 deletion src/main/java/com/twentythree/peech/user/service/UserServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ public LoginBySocial loginBySocial(String socialToken, AuthorizationServer autho

ApplePublicKeyResponseDTO publicKeys = appleLoginClient.getPublicKeys();

if (identityToken.isVerify(publicKeys.getApplePublicKeys())) {
if (identityToken.isVerify(socialToken, publicKeys.getApplePublicKeyKey(identityToken.getIdentityTokenHeader()))) {
userEmail = identityToken.getIdentityTokenPayload().getEmail();
} else {
throw new Unauthorized("애플로그인에서 토큰이 유효하지 않습니다.");
Expand Down

0 comments on commit 8d51397

Please sign in to comment.