From 95d377dac2e036e2764abb80c50b65efdfeac11d Mon Sep 17 00:00:00 2001 From: ch8930 Date: Fri, 13 Sep 2024 18:18:58 +0900 Subject: [PATCH 1/3] =?UTF-8?q?fix:=20cd=5Fprod=20=EC=98=A4=ED=83=88?= =?UTF-8?q?=EC=9E=90=20=EC=88=98=EC=A0=95=20=EB=B0=8F=20CORS=20OPTION=20Me?= =?UTF-8?q?thod=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - chmode -> chmod 수정 - USERNAME -> USERNAME_PROD 수정 - OPTIONS 요청 경우가 있다하여 추가 --- .github/workflows/cd_prod.yml | 4 ++-- src/main/java/com/twentythree/peech/config/WebConfig.java | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cd_prod.yml b/.github/workflows/cd_prod.yml index a71df5c..a64a8b5 100644 --- a/.github/workflows/cd_prod.yml +++ b/.github/workflows/cd_prod.yml @@ -104,7 +104,7 @@ jobs: echo "${{ secrets.DOCKERHUB_PASSWORD_PROD }}" | sudo docker login -u ${{ secrets.DOCKERHUB_USERNAME_PROD }} --password-stdin sudo docker pull ${{ secrets.DOCKERHUB_USERNAME_PROD }}/github-actions-demo sudo docker stop $(sudo docker ps -q) 2>/dev/null || true - sudo docker run --name github-actions-demo --rm -v logs:/logs -d -p 8080:8080 ${{ secrets.DOCKERHUB_USERNAME }}/github-actions-demo - sudo chmode logs 777 + sudo docker run --name github-actions-demo --rm -v logs:/logs -d -p 8080:8080 ${{ secrets.DOCKERHUB_USERNAME_PROD }}/github-actions-demo + sudo chmod logs 777 sudo docker system prune -f EOF diff --git a/src/main/java/com/twentythree/peech/config/WebConfig.java b/src/main/java/com/twentythree/peech/config/WebConfig.java index 5934b50..635857e 100644 --- a/src/main/java/com/twentythree/peech/config/WebConfig.java +++ b/src/main/java/com/twentythree/peech/config/WebConfig.java @@ -14,9 +14,8 @@ public class WebConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") - // Todo : main 으로 pr할때 origin 설정하기 .allowedOriginPatterns(allowedOrigins) - .allowedMethods("GET", "POST", "PATCH", "PUT") // 허용할 HTTP method + .allowedMethods("GET", "POST", "PATCH", "PUT", "OPTIONS") // 허용할 HTTP method .allowCredentials(true); // 쿠키 인증 요청 허용 } } From 4ec1f046d53f769a9f789cde049e7b2c11a522c9 Mon Sep 17 00:00:00 2001 From: snacktime Date: Mon, 23 Sep 2024 13:02:19 +0900 Subject: [PATCH 2/3] =?UTF-8?q?fix:=20TT-422=20=EC=95=A0=ED=94=8C=EB=A1=9C?= =?UTF-8?q?=EA=B7=B8=EC=9D=B8=20=EA=B2=80=EC=A6=9D=20=EB=A1=9C=EC=A7=81=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../peech/user/dto/IdentityToken.java | 23 ++++++----- .../peech/user/dto/IdentityTokenPayload.java | 2 + .../response/ApplePublicKeyResponseDTO.java | 39 +++++++++++++++++++ .../peech/user/service/UserServiceImpl.java | 2 +- 4 files changed, 56 insertions(+), 10 deletions(-) diff --git a/src/main/java/com/twentythree/peech/user/dto/IdentityToken.java b/src/main/java/com/twentythree/peech/user/dto/IdentityToken.java index 6333e35..d842cf6 100644 --- a/src/main/java/com/twentythree/peech/user/dto/IdentityToken.java +++ b/src/main/java/com/twentythree/peech/user/dto/IdentityToken.java @@ -1,11 +1,14 @@ package com.twentythree.peech.user.dto; +import io.jsonwebtoken.Claims; +import io.jsonwebtoken.Jws; +import io.jsonwebtoken.Jwts; import lombok.AllArgsConstructor; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.ToString; -import java.util.List; +import java.security.PublicKey; import java.util.Objects; @Getter @@ -17,16 +20,18 @@ public class IdentityToken { private IdentityTokenHeader identityTokenHeader; private IdentityTokenPayload identityTokenPayload; - public boolean isVerify(List publicKeys) { - String alg = identityTokenHeader.getAlg(); - String kid = identityTokenHeader.getKid(); + public boolean isVerify(String jwt, PublicKey publicKey) { - for (ApplePublicKey publicKey : publicKeys) { - if (publicKey.getKid().equals(alg) && publicKey.getAlg().equals(kid)) { - return true; - } + try { + Jws jwsClaims = Jwts.parser() + .setSigningKey(publicKey) // 공개 키 설정 + .build() + .parseClaimsJws(jwt); + } catch (Exception e) { + throw new RuntimeException("토큰이 올바르지 못합니다."); } - return false; + + return true; } @Override diff --git a/src/main/java/com/twentythree/peech/user/dto/IdentityTokenPayload.java b/src/main/java/com/twentythree/peech/user/dto/IdentityTokenPayload.java index 42bfdaf..795815a 100644 --- a/src/main/java/com/twentythree/peech/user/dto/IdentityTokenPayload.java +++ b/src/main/java/com/twentythree/peech/user/dto/IdentityTokenPayload.java @@ -1,5 +1,6 @@ package com.twentythree.peech.user.dto; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import lombok.AllArgsConstructor; import lombok.Getter; import lombok.NoArgsConstructor; @@ -11,6 +12,7 @@ @AllArgsConstructor @NoArgsConstructor @ToString +@JsonIgnoreProperties(ignoreUnknown = true) public class IdentityTokenPayload { private String iss; private Long iat; diff --git a/src/main/java/com/twentythree/peech/user/dto/response/ApplePublicKeyResponseDTO.java b/src/main/java/com/twentythree/peech/user/dto/response/ApplePublicKeyResponseDTO.java index d275d4e..3f2c3c5 100644 --- a/src/main/java/com/twentythree/peech/user/dto/response/ApplePublicKeyResponseDTO.java +++ b/src/main/java/com/twentythree/peech/user/dto/response/ApplePublicKeyResponseDTO.java @@ -1,13 +1,52 @@ package com.twentythree.peech.user.dto.response; +import com.fasterxml.jackson.annotation.JsonProperty; import com.twentythree.peech.user.dto.ApplePublicKey; +import com.twentythree.peech.user.dto.IdentityTokenHeader; +import io.jsonwebtoken.io.Decoders; import lombok.AllArgsConstructor; import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import java.math.BigInteger; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.RSAPublicKeySpec; import java.util.List; +@Slf4j @Getter @AllArgsConstructor +@NoArgsConstructor public class ApplePublicKeyResponseDTO { + + @JsonProperty("keys") private List applePublicKeys; + + public PublicKey getApplePublicKeyKey(IdentityTokenHeader identityTokenHeader) { + String alg = identityTokenHeader.getAlg(); + String kid = identityTokenHeader.getKid(); + + for (ApplePublicKey publicKey : applePublicKeys) { + if (publicKey.getKid().equals(kid) && publicKey.getAlg().equals(alg)) { + + byte[] n = Decoders.BASE64URL.decode(publicKey.getN()); + byte[] e = Decoders.BASE64URL.decode(publicKey.getE()); + RSAPublicKeySpec publicKeySpec = + new RSAPublicKeySpec(new BigInteger(1, n), new BigInteger(1, e)); + + try { + KeyFactory keyFactory = KeyFactory.getInstance(publicKey.getKty()); + return keyFactory.generatePublic(publicKeySpec); + } catch (NoSuchAlgorithmException | InvalidKeySpecException exception) { + throw new RuntimeException("응답 받은 Apple Public Key로 PublicKey를 생성할 수 없습니다."); + } + } + } + + throw new RuntimeException("Token을 검증할 수 없습니다."); + } } diff --git a/src/main/java/com/twentythree/peech/user/service/UserServiceImpl.java b/src/main/java/com/twentythree/peech/user/service/UserServiceImpl.java index 49dc025..8525240 100644 --- a/src/main/java/com/twentythree/peech/user/service/UserServiceImpl.java +++ b/src/main/java/com/twentythree/peech/user/service/UserServiceImpl.java @@ -99,7 +99,7 @@ public LoginBySocial loginBySocial(String socialToken, AuthorizationServer autho ApplePublicKeyResponseDTO publicKeys = appleLoginClient.getPublicKeys(); - if (identityToken.isVerify(publicKeys.getApplePublicKeys())) { + if (identityToken.isVerify(socialToken, publicKeys.getApplePublicKeyKey(identityToken.getIdentityTokenHeader()))) { userEmail = identityToken.getIdentityTokenPayload().getEmail(); } else { throw new Unauthorized("애플로그인에서 토큰이 유효하지 않습니다."); From 522318a38d9045e296fa4c1ebe36d9f1c9302f45 Mon Sep 17 00:00:00 2001 From: snacktime Date: Wed, 25 Sep 2024 14:17:58 +0900 Subject: [PATCH 3/3] =?UTF-8?q?fix:=20TT-432=20http=20method=20=EC=B6=94?= =?UTF-8?q?=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../peech/common/interceptor/RequestLogInterceptor.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/twentythree/peech/common/interceptor/RequestLogInterceptor.java b/src/main/java/com/twentythree/peech/common/interceptor/RequestLogInterceptor.java index 99103c1..2a197b9 100644 --- a/src/main/java/com/twentythree/peech/common/interceptor/RequestLogInterceptor.java +++ b/src/main/java/com/twentythree/peech/common/interceptor/RequestLogInterceptor.java @@ -27,10 +27,11 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons userId = null; funnel = "not found funnel"; } + String httpMethod = request.getMethod(); String requestURI = request.getRequestURI(); String uuid = UUID.randomUUID().toString(); - logger.info("REQUEST LOG: [ Funnel: {}, User ID: {}, Request URI: {}, UUID: {} ]", funnel, userId, requestURI, uuid); + logger.info("REQUEST LOG: [ Funnel: {}, User ID: {}, Http Method: {}, Request URI: {}, UUID: {} ]", funnel, userId, httpMethod, requestURI, uuid); return true; }